[libvirt] [patch]make libvirt run dir accessable for applications
vdsm failed to connect to libvirt because of can't access /var/run/libvirt,caused by libvirt create this dir with umask(077) change the create umask to 022: https://bugzilla.redhat.com/show_bug.cgi?id=828073 Signed-off-by: lvroyce <lvroyce@linux.vnet.ibm.com> --- daemon/libvirtd.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c index c74cd43..6095072 100644 --- a/daemon/libvirtd.c +++ b/daemon/libvirtd.c @@ -293,7 +293,7 @@ daemonUnixSocketPaths(struct daemonConfig *config, if (!(rundir = virGetUserRuntimeDirectory())) goto error; - old_umask = umask(077); + old_umask = umask(022); if (virFileMakePath(rundir) < 0) { umask(old_umask); goto error; -- 1.7.7.6
On 06/04/2012 06:56 AM, Royce Lv wrote:
vdsm failed to connect to libvirt because of can't access /var/run/libvirt,caused by libvirt create this dir with umask(077) change the create umask to 022: https://bugzilla.redhat.com/show_bug.cgi?id=828073
Signed-off-by: lvroyce <lvroyce@linux.vnet.ibm.com> --- daemon/libvirtd.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c index c74cd43..6095072 100644 --- a/daemon/libvirtd.c +++ b/daemon/libvirtd.c @@ -293,7 +293,7 @@ daemonUnixSocketPaths(struct daemonConfig *config, if (!(rundir = virGetUserRuntimeDirectory())) goto error;
- old_umask = umask(077); + old_umask = umask(022);
Are you sure there are no other reasons to restrict group and world read/search access to this directory? Opening up the permissions may be the right fix, but I'd feel more comfortable if we had more justification in the commit message describing why we are not introducing a security breach by adding more access. -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
On 06/04/2012 01:16 PM, Eric Blake wrote:
On 06/04/2012 06:56 AM, Royce Lv wrote:
vdsm failed to connect to libvirt because of can't access /var/run/libvirt,caused by libvirt create this dir with umask(077) change the create umask to 022: https://bugzilla.redhat.com/show_bug.cgi?id=828073
Signed-off-by: lvroyce <lvroyce@linux.vnet.ibm.com> --- daemon/libvirtd.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c index c74cd43..6095072 100644 --- a/daemon/libvirtd.c +++ b/daemon/libvirtd.c @@ -293,7 +293,7 @@ daemonUnixSocketPaths(struct daemonConfig *config, if (!(rundir = virGetUserRuntimeDirectory())) goto error;
- old_umask = umask(077); + old_umask = umask(022);
Are you sure there are no other reasons to restrict group and world read/search access to this directory? Opening up the permissions may be the right fix, but I'd feel more comfortable if we had more justification in the commit message describing why we are not introducing a security breach by adding more access.
Food for thought when answering this question. Right now, on my F17 box, I see: # ll /var/run/libvirt total 0 srwxrwxrwx. 1 root root 0 Jun 4 05:24 libvirt-sock srwxrwxrwx. 1 root root 0 Jun 4 05:24 libvirt-sock-ro drwxr-xr-x. 2 root root 40 Jun 4 05:24 libxl drwxr-xr-x. 2 root root 60 Jun 4 05:24 network drwxr-xr-x. 2 root root 80 Jun 4 13:18 qemu drwxr-xr-x. 2 root root 40 Jun 4 05:24 uml-guest but then I see this in libvirt.spec.in: %ghost %dir %attr(0700, root, root) %{_localstatedir}/run/libvirt/qemu/ Why is the qemu listed as 755 on my file system, but 700 in the spec file? We've definitely got some explaining to do. -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
participants (2)
-
Eric Blake -
Royce Lv