On 06/04/2012 06:56 AM, Royce Lv wrote: > vdsm failed to connect to libvirt because of can't access > /var/run/libvirt,caused by libvirt create this dir with umask(077) > change the create umask to 022: > https://bugzilla.redhat.com/show_bug.cgi?id=828073 > > Signed-off-by: lvroyce <lvroyce(a)linux.vnet.ibm.com&gt; > --- > daemon/libvirtd.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c > index c74cd43..6095072 100644 > --- a/daemon/libvirtd.c > +++ b/daemon/libvirtd.c > @@ -293,7 +293,7 @@ daemonUnixSocketPaths(struct daemonConfig *config, > if (!(rundir = virGetUserRuntimeDirectory())) > goto error; > > - old_umask = umask(077); > + old_umask = umask(022); Are you sure there are no other reasons to restrict group and world read/search access to this directory? Opening up the permissions may be the right fix, but I'd feel more comfortable if we had more justification in the commit message describing why we are not introducing a security breach by adding more access.