The qemu driver creates a bunch of directories at startup, example /var/lib/libvirt/qemu/*. The initial mode mask on these directories is almost always specified as 0777, which leaves it up to umask to lock things down. As a result, if running from git, directories are usually created 0755 which seems overly permissive for a system daemon. This doesn't have much effect from RPM users at least, since the spec file pre-creates most of these directories with more limited permissions. This series syncs the code to match what we already specify in the spec file. Code is simplified first, and some missing dirs are added to the spec at the end. Cole Robinson (6): qemu: driver: split out qemuStateInitializeDirs qemu: driver: streamline dir creation qemu: driver: don't chown() dirname(cfg->channelTargetDir) qemu: driver: sync dir creation permissions with RPM spec qemu: driver: adjust mode mask for rdpStateDir qemu: driver: adjust mode mask for channelTargetDir libvirt.spec.in | 2 + src/qemu/qemu_driver.c | 249 ++++++++++++----------------------------- 2 files changed, 74 insertions(+), 177 deletions(-) -- 2.53.0