render / rpms / libvirt

Forked from rpms/libvirt 10 months ago
Clone
a5a3f0
From cebb6519a3a4b65bf89d7f5ea7bf390f2303f5ee Mon Sep 17 00:00:00 2001
a5a3f0
Message-Id: <cebb6519a3a4b65bf89d7f5ea7bf390f2303f5ee@dist-git>
a5a3f0
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
a5a3f0
Date: Wed, 3 Oct 2018 16:58:18 +0200
a5a3f0
Subject: [PATCH] qemu: fix up permissions for pre-created UNIX sockets
a5a3f0
MIME-Version: 1.0
a5a3f0
Content-Type: text/plain; charset=UTF-8
a5a3f0
Content-Transfer-Encoding: 8bit
a5a3f0
a5a3f0
My commit d6b8838 fixed the uid:gid for the pre-created UNIX sockets
a5a3f0
but did not account for the different umask of libvirtd and QEMU.
a5a3f0
Since commit 0e1a1a8c we set umask to '0002' for the QEMU process.
a5a3f0
Manually tune-up the permissions to match what we would have gotten
a5a3f0
if QEMU had created the socket.
a5a3f0
a5a3f0
https://bugzilla.redhat.com/show_bug.cgi?id=1633389
a5a3f0
a5a3f0
Signed-off-by: Ján Tomko <jtomko@redhat.com>
a5a3f0
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
a5a3f0
(cherry picked from commit 8ba65c4d95712b54362fd81c34bae99f51d45a0b)
a5a3f0
Signed-off-by: Ján Tomko <jtomko@redhat.com>
a5a3f0
a5a3f0
RHEL 7.6.z: https://bugzilla.redhat.com/show_bug.cgi?id=1635228
a5a3f0
RHEL 8.0: https://bugzilla.redhat.com/show_bug.cgi?id=1634775
a5a3f0
a5a3f0
Reviewed-by: Erik Skultety <eskultet@redhat.com>
a5a3f0
---
a5a3f0
 src/qemu/qemu_command.c | 6 ++++++
a5a3f0
 1 file changed, 6 insertions(+)
a5a3f0
a5a3f0
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
a5a3f0
index f2b64ed720..98b554627e 100644
a5a3f0
--- a/src/qemu/qemu_command.c
a5a3f0
+++ b/src/qemu/qemu_command.c
a5a3f0
@@ -4933,6 +4933,12 @@ qemuOpenChrChardevUNIXSocket(const virDomainChrSourceDef *dev)
a5a3f0
         goto error;
a5a3f0
     }
a5a3f0
 
a5a3f0
+    /* We run QEMU with umask 0002. Compensate for the umask
a5a3f0
+     * libvirtd might be running under to get the same permission
a5a3f0
+     * QEMU would have. */
a5a3f0
+    if (virFileUpdatePerm(dev->data.nix.path, 0002, 0664) < 0)
a5a3f0
+        goto error;
a5a3f0
+
a5a3f0
     return fd;
a5a3f0
 
a5a3f0
  error:
a5a3f0
-- 
a5a3f0
2.19.0
a5a3f0