On Mon, Jul 23, 2012 at 11:02:41AM +0100, Richard W.M. Jones wrote:
On Mon, Jul 23, 2012 at 10:45:21AM +0100, Daniel P. Berrange wrote:
> On Sat, Jul 21, 2012 at 09:43:45PM +0100, Richard W.M. Jones wrote:
> > On Sat, Jul 21, 2012 at 08:20:45PM +0100, Richard W.M. Jones wrote:
> > > Some questions:
> >
> > Another question ...
> >
> > > <channel type="unix">
> > > <source mode="connect"
path="/home/rjones/d/libguestfs/libguestfsSSg3Kl/guestfsd.sock"/>
> > > <target type="virtio"
name="org.libguestfs.channel.0"/>
> > > </channel>
> >
> > This clause doesn't work when libguestfs/qemu runs as root. As far as
> > I can tell there are a combination of three factors working against it:
> >
> > (1) libvirt (when run as root) runs qemu as qemu.qemu. Since this
> > user didn't have write access to the socket, it fails. I fixed this
> > by chowning the socket.
>
> What libvirt URI are you using ? If libguest is running as non-root,
> then I expect you'd want to use qemu:///session.
It's using NULL and expecting libvirt to choose the appropriate
connection URI, which does appear to work.
Apps should only rely on NULL, if they are able to work with any
possible hypervisor. If you have specific requirements for QEMU
you should always request QEMU explicitly. A local sysadmin may
well have set a different default URI using an env variable or
$HOME/.libvirt/libvirt.conf which will give you an unexpected
choice.
> Thus all files would be owned by the matching user ID, and
I'd
> sugest $HOME/.libguestfs/qemu for the directory to store the sockets
> in.
>
> If libguestfs is running as root, then use qemu:///system and a socket
> under /var/lib/libguestfs/qemu/
This is fairly sucky. We already make a temporary directory (a
randomly named subdirectory of $TMPDIR) and that seems the appropriate
place for small temporary files like sockets, especially since the
temp cleaner will clean them up properly if we don't.
> You could either use the same directory that libvirt uses for the
> main QEMU monitor socket, or preferrably define standard directories
> for libguestfs and have them added to the SELinux policy
So just so I'm completely clear about what's happening:
(1) SELinux labels are chosen based on the parent directory.
Yep
(2) By having a standard named parent directory (even
$HOME/.libguestfs)
SELinux will assign the right label to a socket in this directory,
even if libguestfs is not running as root.
Yep, if that dir is listed in the policy.
(3) libguestfs should not be setting labels on anything itself.
Yes & no, see next answer
(4) If a non-root user has never run libguestfs before, then merely
the act of libguestfs doing mkdir("$HOME/.libguestfs") [as non-root]
will ensure that any sockets in this directory are labelled correctly.
For directories outside $HOME, the correct context is normally expected
to be set by RPM during install. For $HOME I think you need to invoke
"restorecon $HOME/.libguestfs" after creation, although IIRC this is
no longer needed on rawhide.
Daniel
--
|:
http://berrange.com -o-
http://www.flickr.com/photos/dberrange/ :|
|:
http://libvirt.org -o-
http://virt-manager.org :|
|:
http://autobuild.org -o-
http://search.cpan.org/~danberr/ :|
|:
http://entangle-photo.org -o-
http://live.gnome.org/gtk-vnc :|