On Mon, Apr 21, 2008 at 08:47:38PM +0400, Anton Protopopov wrote:
2008/4/21, Daniel Veillard <veillard@redhat.com>:
2008/4/17, Daniel Veillard <veillard@redhat.com>:
On Mon, Apr 14, 2008 at 07:37:56PM +0400, Anton Protopopov wrote:
Hi,
Non-root can't use /var/run/libvirt/libvirt-sock even in the case "unix_sock_group" and "unix_sock_rw_perms" are set properly.
The reason: # ls -l /var/run /var/run/libvirt | grep libvirt | grep -v pid drwx------ 2 root root 4096 Apr 14 19:14 libvirt srwxrwx--- 1 root libvirt 0 Apr 14 19:14 libvirt-sock srwxrwxrwx 1 root libvirt 0 Apr 14 19:14 libvirt-sock-ro
i.e., bad permissions on /var/run/libvirt
Hum, how did you get this ? Maybe this is more a packaging problem
On Mon, Apr 21, 2008 at 01:06:02PM +0400, Anton Protopopov wrote: than
anything else
Yes, it was, sorry...
So do you think the patch really make sense in a more general way. Except for the group from the configuration this looks like the wrong way to fix this.
Do you agree ? If yes what about making a subset of the patch just for the socket group rights ?
Daniel
Well, I think that there were two decisions:
First one is to change the permissions of /var/run/libvirt to 0750 (by spcifying it in spec) and then change the group ownership of this directory in main(), right after the call to remoteReadConfigFile(). That must be done in main() because one can set "unix_sock_group" to non-root and then remove config file.
The other (simple) one is to leave it as is :)
If you want, I can make patch to fix the first case
Okay, I take patches :-) thanks ! Daniel -- Red Hat Virtualization group http://redhat.com/virtualization/ Daniel Veillard | virtualization library http://libvirt.org/ veillard@redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/