Re: [libvirt] PATCH: Remove all getuid==0 checks from code

This patch is preparing the way for future work on allowing the libvirtd daemon to run as a less-privileged user ID. The idea is that we will switch from 'root' to 'libvirtd', but use Linux capabilties to keep the handful of higher privileges we need for our work. Thus any code which does a check of 'getuid() == 0' is guarenteed to break [1]. The way this patch approaches this problem, is to change the driver initialization function virStateInitialize() to have it be passed in a 'int privileged' flag from the libvirtd daemon. Each driver is updated to record this flag, and use it for checks where needed. The only real exception is the Xen driver, where we simply check access(2) against the file we need to open.

diff -r 5e3b5d1f91c2 qemud/qemud.c

@@ -2871,7 +2870,7 @@ int main(int argc, char **argv) { sigaction(SIGPIPE, &sig_action, NULL); /* Ensure the rundir exists (on tmpfs on some systems) */ - if (geteuid () == 0) { + if (getuid() == 0) {

diff -r 5e3b5d1f91c2 src/qemu_driver.c --- a/src/qemu_driver.c Thu May 21 16:21:20 2009 +0100 +++ b/src/qemu_driver.c Thu May 21 16:27:16 2009 +0100 @@ -130,24 +130,26 @@ static struct qemud_driver *qemu_driver static int -qemudLogFD(virConnectPtr conn, const char* logDir, const char* name) +qemudLogFD(virConnectPtr conn, struct qemud_driver *driver, const char* name) { char logfile[PATH_MAX]; mode_t logmode; - uid_t uid = geteuid(); int ret, fd = -1; - if ((ret = snprintf(logfile, sizeof(logfile), "%s/%s.log", logDir, name)) + if ((ret = snprintf(logfile, sizeof(logfile), "%s/%s.log", + driver->logDir, name)) < 0 || ret >= sizeof(logfile)) { virReportOOMError(conn); return -1; } logmode = O_CREAT | O_WRONLY; - if (uid != 0) + /* Only logrotate files in /var/log, so only append if running privileged */ + if (driver->privileged) + logmode |= O_APPEND; + else logmode |= O_TRUNC; - else - logmode |= O_APPEND;