From: Chunyan Liu <cyliu@suse.com>
To: qemu-devel@nongnu.org, libvir-list@redhat.com
Cc: Chunyan Liu <cyliu@suse.com>
Subject: [Qemu-devel] [PATCH 2/2] qemu: add umask(002) to virtio-serial chardev commandline
Date: Tue, 2 Sep 2014 15:40:43 +0800 [thread overview]
Message-ID: <1409643643-31589-3-git-send-email-cyliu@suse.com> (raw)
In-Reply-To: <1409643643-31589-1-git-send-email-cyliu@suse.com>
To use virtio-serial device, unix socket created for communication with
default umask(022) has insufficient permissions.
e.g.
1. Setup a virtual machine with a virtio-serial device:
# virsh edit myvm
(...)
<channel type='unix'>
<source mode='bind' path='/tmp/somefile.sock'/>
<target type='virtio' name='com.suse.sometest'/>
<address type='virtio-serial' controller='0' bus='0' port='1'/>
</channel>
(...)
<controller type='virtio-serial' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x06'
function='0x0'/>
</controller>
2. Start this virtual machine:
# virsh start myvm
3. Check permissions for the socket file that has been created in the
host to enable communication through virtual serial ports in the guest:
# ls -l /tmp/somefile.sock
srwxr-xr-x 1 qemu qemu 0 21. Jul 14:19 /tmp/somefile.sock
Other users in the qemu group (like real user, test engines, etc) cannot
write to this socket.
Problem reported here:
https://sourceware.org/bugzilla/show_bug.cgi?id=13078#c11
https://bugzilla.novell.com/show_bug.cgi?id=888166
This patch tries to pass a 'umask' option to '-chardev' when
building qemu command line in above configuration case. In
qemu side, there is another patch to handle the 'umask' option
to overwrite default umask(022). With these changes, unix
socket created for virtio-serial device can have expected
permissions.
Signed-off-by: Chunyan Liu <cyliu@suse.com>
---
This is patch for libvirt.
src/qemu/qemu_command.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index beb8ca8..11eee44 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -8509,6 +8509,18 @@ qemuBuildCommandLine(virConnectPtr conn,
channel->info.alias,
qemuCaps)))
goto error;
+ /* use umask(002) instead of default umask(022) to create
+ * a unix socket, so that virtio-serial device has sufficient
+ * permissions for correct usage.
+ */
+ if (channel->source.type == VIR_DOMAIN_CHR_TYPE_UNIX) {
+ char *tmpstr = NULL;
+ if (virAsprintf(&tmpstr, "%s,umask=0x002", devstr) < 0)
+ goto error;
+ VIR_FREE(devstr);
+ devstr = tmpstr;
+ }
+
virCommandAddArg(cmd, devstr);
VIR_FREE(devstr);
}
--
1.8.4.5
prev parent reply other threads:[~2014-09-02 7:41 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-02 7:40 [Qemu-devel] [PATCH 0/2] fix: unix sockets created for virtio-serail has insufficient permissions Chunyan Liu
2014-09-02 7:40 ` [Qemu-devel] [PATCH 1/2] add 'umask' option to -chardev Chunyan Liu
2014-09-02 8:54 ` Daniel P. Berrange
2014-09-02 9:08 ` Chun Yan Liu
2014-09-02 9:16 ` Daniel P. Berrange
2014-09-02 10:05 ` Chun Yan Liu
2014-09-02 10:53 ` Markus Armbruster
2014-09-02 7:40 ` Chunyan Liu [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1409643643-31589-3-git-send-email-cyliu@suse.com \
--to=cyliu@suse.com \
--cc=libvir-list@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).