File 0e1a1a8c-qemu-ensure-sane-umask-for-qemu-proces... of Package libvirt.1263

Overview Repositories Revisions Requests Users Attributes Meta

File 0e1a1a8c-qemu-ensure-sane-umask-for-qemu-process.patch of Package libvirt.1263

From 0e1a1a8c47e443c68bd13555f27a0437c02e1170 Mon Sep 17 00:00:00 2001
From: Chunyan Liu <cyliu@suse.com>
Date: Wed, 3 Sep 2014 14:18:07 +0800
Subject: [PATCH] qemu: ensure sane umask for qemu process

Add umask to _virCommand, allow user to set umask to command.
Set umask(002) to qemu process to overwrite the default umask
of 022 set by many distros, so that unix sockets created for
virtio-serial has expected permissions.

Fix problem reported here:
https://sourceware.org/bugzilla/show_bug.cgi?id=13078#c11
https://bugzilla.novell.com/show_bug.cgi?id=888166

To use virtio-serial device, unix socket created for chardev with
default umask(022) has insufficient permissions.
e.g.:
-device virtio-serial \
-chardev socket,path=/tmp/foo,server,nowait,id=foo \
-device virtserialport,chardev=foo,name=org.fedoraproject.port.0

srwxr-xr-x 1 qemu qemu 0 21. Jul 14:19 /tmp/somefile.sock

Other users in the same group (like real user, test engines, etc)
cannot write to this socket.

Signed-off-by: Chunyan Liu <cyliu@suse.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
---
 src/libvirt_private.syms |  1 +
 src/qemu/qemu_process.c  |  1 +
 src/util/vircommand.c    | 11 +++++++++++
 src/util/vircommand.h    |  1 +
 4 files changed, 14 insertions(+)

Index: libvirt-1.2.5/src/libvirt_private.syms
===================================================================
--- libvirt-1.2.5.orig/src/libvirt_private.syms
+++ libvirt-1.2.5/src/libvirt_private.syms
@@ -1139,6 +1139,7 @@ virCommandSetPidFile;
 virCommandSetPreExecHook;
 virCommandSetSELinuxLabel;
 virCommandSetUID;
+virCommandSetUmask;
 virCommandSetWorkingDirectory;
 virCommandToString;
 virCommandWait;
Index: libvirt-1.2.5/src/qemu/qemu_process.c
===================================================================
--- libvirt-1.2.5.orig/src/qemu/qemu_process.c
+++ libvirt-1.2.5/src/qemu/qemu_process.c
@@ -3980,6 +3980,7 @@ int qemuProcessStart(virConnectPtr conn,
     virCommandSetPreExecHook(cmd, qemuProcessHook, &hookData);
     virCommandSetMaxProcesses(cmd, cfg->maxProcesses);
     virCommandSetMaxFiles(cmd, cfg->maxFiles);
+    virCommandSetUmask(cmd, 0x002);
 
     VIR_DEBUG("Setting up security labelling");
     if (virSecurityManagerSetChildProcessLabel(driver->securityManager,
Index: libvirt-1.2.5/src/util/vircommand.c
===================================================================
--- libvirt-1.2.5.orig/src/util/vircommand.c
+++ libvirt-1.2.5/src/util/vircommand.c
@@ -132,6 +132,7 @@ struct _virCommand {
 #if defined(WITH_SECDRIVER_APPARMOR)
     char *appArmorProfile;
 #endif
+    int umask;
 };
 
 /* See virCommandSetDryRun for description for this variable */
@@ -509,6 +510,8 @@ virExec(virCommandPtr cmd)
 
     /* child */
 
+    if (cmd->umask)
+        umask(cmd->umask);
     ret = EXIT_CANCELED;
     openmax = sysconf(_SC_OPEN_MAX);
     if (openmax < 0) {
@@ -983,6 +986,14 @@ virCommandSetMaxFiles(virCommandPtr cmd,
     cmd->maxFiles = files;
 }
 
+void virCommandSetUmask(virCommandPtr cmd, int umask)
+{
+    if (!cmd || cmd->has_error)
+        return;
+
+    cmd->umask = umask;
+}
+
 /**
  * virCommandClearCaps:
  * @cmd: the command to modify
Index: libvirt-1.2.5/src/util/vircommand.h
===================================================================
--- libvirt-1.2.5.orig/src/util/vircommand.h
+++ libvirt-1.2.5/src/util/vircommand.h
@@ -70,6 +70,7 @@ void virCommandSetUID(virCommandPtr cmd,
 void virCommandSetMaxMemLock(virCommandPtr cmd, unsigned long long bytes);
 void virCommandSetMaxProcesses(virCommandPtr cmd, unsigned int procs);
 void virCommandSetMaxFiles(virCommandPtr cmd, unsigned int files);
+void virCommandSetUmask(virCommandPtr cmd, int umask);
 
 void virCommandClearCaps(virCommandPtr cmd);

Places

File 0e1a1a8c-qemu-ensure-sane-umask-for-qemu-process.patch of Package libvirt.1263

Places