2008/4/21, Daniel Veillard <veillard@redhat.com>:
On Mon, Apr 21, 2008 at 01:06:02PM +0400, Anton Protopopov wrote:
> 2008/4/17, Daniel Veillard <veillard@redhat.com>:
> >
> > On Mon, Apr 14, 2008 at 07:37:56PM +0400, Anton Protopopov wrote:
> > > Hi,
> > >
> > > Non-root can't use /var/run/libvirt/libvirt-sock even in the case
> > > "unix_sock_group" and "unix_sock_rw_perms" are set properly.
> > >
> > > The reason:
> > >    # ls -l /var/run /var/run/libvirt | grep libvirt | grep -v pid
> > >    drwx------ 2 root root   4096 Apr 14 19:14 libvirt
> > >    srwxrwx--- 1 root libvirt 0 Apr 14 19:14 libvirt-sock
> > >    srwxrwxrwx 1 root libvirt 0 Apr 14 19:14 libvirt-sock-ro
> > >
> > > i.e., bad permissions on /var/run/libvirt
> >
> >
> >   Hum, how did you get this ? Maybe this is more a packaging problem than
> > anything else
>
>
> Yes, it was, sorry...


  So do you think the patch really make sense in a more general
way. Except for the group from the configuration this looks like
the wrong way to fix this.

  Do you agree ? If yes what about making a subset of the patch just
for the socket group rights ?


Daniel

Well, I think that there were two decisions:

First one is to change the permissions of /var/run/libvirt to 0750 (by spcifying it in spec) and then change the group ownership of this directory in main(), right after the call to remoteReadConfigFile(). That must be done in main() because one can set "unix_sock_group" to non-root and then remove config file.

The other (simple) one is to leave it as is :)

If you want, I can make patch to fix the first case

A.

--
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard      | virtualization library  http://libvirt.org/
veillard@redhat.com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine  http://rpmfind.net/