
9 Mar
2019
9 Mar
'19
3:32 p.m.
On 3/9/19 1:14 PM, Peter Crowther wrote:
Use a tiny setuid C program that reads the relevant file and writes it to a known UNIX-domain socket that has more liberal permissions?
Indeed this is a possibility, but I was hoping for a cleaner solution that fit in with libvirt's existing authentication mechanisms.
I wouldn't expect this to end up being supported in libvirt, though there's nothing to stop you creating your own patched version.
That's a shame, but it's certainly not the end of the world. I may end up running my daemon as root, forking before dropping privileges, and using the child to open the files and pass them to the parent using SCM_RIGHTS or something. Thanks, Shawn