|
|
a5a3f0 |
From cebb6519a3a4b65bf89d7f5ea7bf390f2303f5ee Mon Sep 17 00:00:00 2001
|
|
|
a5a3f0 |
Message-Id: <cebb6519a3a4b65bf89d7f5ea7bf390f2303f5ee@dist-git>
|
|
|
a5a3f0 |
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
|
|
|
a5a3f0 |
Date: Wed, 3 Oct 2018 16:58:18 +0200
|
|
|
a5a3f0 |
Subject: [PATCH] qemu: fix up permissions for pre-created UNIX sockets
|
|
|
a5a3f0 |
MIME-Version: 1.0
|
|
|
a5a3f0 |
Content-Type: text/plain; charset=UTF-8
|
|
|
a5a3f0 |
Content-Transfer-Encoding: 8bit
|
|
|
a5a3f0 |
|
|
|
a5a3f0 |
My commit d6b8838 fixed the uid:gid for the pre-created UNIX sockets
|
|
|
a5a3f0 |
but did not account for the different umask of libvirtd and QEMU.
|
|
|
a5a3f0 |
Since commit 0e1a1a8c we set umask to '0002' for the QEMU process.
|
|
|
a5a3f0 |
Manually tune-up the permissions to match what we would have gotten
|
|
|
a5a3f0 |
if QEMU had created the socket.
|
|
|
a5a3f0 |
|
|
|
a5a3f0 |
https://bugzilla.redhat.com/show_bug.cgi?id=1633389
|
|
|
a5a3f0 |
|
|
|
a5a3f0 |
Signed-off-by: Ján Tomko <jtomko@redhat.com>
|
|
|
a5a3f0 |
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
|
|
|
a5a3f0 |
(cherry picked from commit 8ba65c4d95712b54362fd81c34bae99f51d45a0b)
|
|
|
a5a3f0 |
Signed-off-by: Ján Tomko <jtomko@redhat.com>
|
|
|
a5a3f0 |
|
|
|
a5a3f0 |
RHEL 7.6.z: https://bugzilla.redhat.com/show_bug.cgi?id=1635228
|
|
|
a5a3f0 |
RHEL 8.0: https://bugzilla.redhat.com/show_bug.cgi?id=1634775
|
|
|
a5a3f0 |
|
|
|
a5a3f0 |
Reviewed-by: Erik Skultety <eskultet@redhat.com>
|
|
|
a5a3f0 |
---
|
|
|
a5a3f0 |
src/qemu/qemu_command.c | 6 ++++++
|
|
|
a5a3f0 |
1 file changed, 6 insertions(+)
|
|
|
a5a3f0 |
|
|
|
a5a3f0 |
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
|
|
|
a5a3f0 |
index f2b64ed720..98b554627e 100644
|
|
|
a5a3f0 |
--- a/src/qemu/qemu_command.c
|
|
|
a5a3f0 |
+++ b/src/qemu/qemu_command.c
|
|
|
a5a3f0 |
@@ -4933,6 +4933,12 @@ qemuOpenChrChardevUNIXSocket(const virDomainChrSourceDef *dev)
|
|
|
a5a3f0 |
goto error;
|
|
|
a5a3f0 |
}
|
|
|
a5a3f0 |
|
|
|
a5a3f0 |
+ /* We run QEMU with umask 0002. Compensate for the umask
|
|
|
a5a3f0 |
+ * libvirtd might be running under to get the same permission
|
|
|
a5a3f0 |
+ * QEMU would have. */
|
|
|
a5a3f0 |
+ if (virFileUpdatePerm(dev->data.nix.path, 0002, 0664) < 0)
|
|
|
a5a3f0 |
+ goto error;
|
|
|
a5a3f0 |
+
|
|
|
a5a3f0 |
return fd;
|
|
|
a5a3f0 |
|
|
|
a5a3f0 |
error:
|
|
|
a5a3f0 |
--
|
|
|
a5a3f0 |
2.19.0
|
|
|
a5a3f0 |
|