Re: [libvir] [PATCH] Bad permissions on /var/run/libvirt/

2008/4/21, Daniel Veillard <veillard(a)redhat.com&gt;: > > On Mon, Apr 21, 2008 at 01:06:02PM +0400, Anton Protopopov wrote: > > 2008/4/17, Daniel Veillard <veillard(a)redhat.com&gt;: > > > > > > On Mon, Apr 14, 2008 at 07:37:56PM +0400, Anton Protopopov wrote: > > > > Hi, > > > > > > > > Non-root can't use /var/run/libvirt/libvirt-sock even in the case > > > > "unix_sock_group" and "unix_sock_rw_perms" are set properly. > > > > > > > > The reason: > > > > # ls -l /var/run /var/run/libvirt | grep libvirt | grep -v pid > > > > drwx------ 2 root root 4096 Apr 14 19:14 libvirt > > > > srwxrwx--- 1 root libvirt 0 Apr 14 19:14 libvirt-sock > > > > srwxrwxrwx 1 root libvirt 0 Apr 14 19:14 libvirt-sock-ro > > > > > > > > i.e., bad permissions on /var/run/libvirt > > > > > > > > > Hum, how did you get this ? Maybe this is more a packaging problem > than > > > anything else > > > > > > Yes, it was, sorry... > > > So do you think the patch really make sense in a more general > way. Except for the group from the configuration this looks like > the wrong way to fix this. > > Do you agree ? If yes what about making a subset of the patch just > for the socket group rights ? > > > Daniel Well, I think that there were two decisions: First one is to change the permissions of /var/run/libvirt to 0750 (by spcifying it in spec) and then change the group ownership of this directory in main(), right after the call to remoteReadConfigFile(). That must be done in main() because one can set "unix_sock_group" to non-root and then remove config file. The other (simple) one is to leave it as is :) If you want, I can make patch to fix the first case