render / rpms / libvirt

Forked from rpms/libvirt 10 months ago
Clone
edecca
From 863827760fc7550b9b454fadf1377bea616fdcfd Mon Sep 17 00:00:00 2001
edecca
Message-Id: <863827760fc7550b9b454fadf1377bea616fdcfd@dist-git>
edecca
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
edecca
Date: Wed, 3 Oct 2018 16:58:18 +0200
edecca
Subject: [PATCH] qemu: fix up permissions for pre-created UNIX sockets
edecca
MIME-Version: 1.0
edecca
Content-Type: text/plain; charset=UTF-8
edecca
Content-Transfer-Encoding: 8bit
edecca
edecca
My commit d6b8838 fixed the uid:gid for the pre-created UNIX sockets
edecca
but did not account for the different umask of libvirtd and QEMU.
edecca
Since commit 0e1a1a8c we set umask to '0002' for the QEMU process.
edecca
Manually tune-up the permissions to match what we would have gotten
edecca
if QEMU had created the socket.
edecca
edecca
https://bugzilla.redhat.com/show_bug.cgi?id=1633389
edecca
edecca
Signed-off-by: Ján Tomko <jtomko@redhat.com>
edecca
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
edecca
(cherry picked from commit 8ba65c4d95712b54362fd81c34bae99f51d45a0b)
edecca
Signed-off-by: Ján Tomko <jtomko@redhat.com>
edecca
edecca
RHEL 7.6.z: https://bugzilla.redhat.com/show_bug.cgi?id=1635228
edecca
RHEL 8.0: https://bugzilla.redhat.com/show_bug.cgi?id=1634775
edecca
edecca
Reviewed-by: Erik Skultety <eskultet@redhat.com>
edecca
---
edecca
 src/qemu/qemu_command.c | 6 ++++++
edecca
 1 file changed, 6 insertions(+)
edecca
edecca
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
edecca
index 5c71abab96..028f48310b 100644
edecca
--- a/src/qemu/qemu_command.c
edecca
+++ b/src/qemu/qemu_command.c
edecca
@@ -4933,6 +4933,12 @@ qemuOpenChrChardevUNIXSocket(const virDomainChrSourceDef *dev)
edecca
         goto error;
edecca
     }
edecca
 
edecca
+    /* We run QEMU with umask 0002. Compensate for the umask
edecca
+     * libvirtd might be running under to get the same permission
edecca
+     * QEMU would have. */
edecca
+    if (virFileUpdatePerm(dev->data.nix.path, 0002, 0664) < 0)
edecca
+        goto error;
edecca
+
edecca
     return fd;
edecca
 
edecca
  error:
edecca
-- 
edecca
2.19.1
edecca