From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:42575)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <cyliu@suse.com>) id 1XOiiQ-0000jD-Bw
	for qemu-devel@nongnu.org; Tue, 02 Sep 2014 03:41:27 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <cyliu@suse.com>) id 1XOiiJ-0007Vu-8p
	for qemu-devel@nongnu.org; Tue, 02 Sep 2014 03:41:22 -0400
Received: from victor.provo.novell.com ([137.65.250.26]:36783)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <cyliu@suse.com>) id 1XOiiJ-0007Va-2R
	for qemu-devel@nongnu.org; Tue, 02 Sep 2014 03:41:15 -0400
From: Chunyan Liu <cyliu@suse.com>
Date: Tue,  2 Sep 2014 15:40:43 +0800
Message-Id: <1409643643-31589-3-git-send-email-cyliu@suse.com>
In-Reply-To: <1409643643-31589-1-git-send-email-cyliu@suse.com>
References: <1409643643-31589-1-git-send-email-cyliu@suse.com>
Subject: [Qemu-devel] [PATCH 2/2] qemu: add umask(002) to virtio-serial
	chardev commandline
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org, libvir-list@redhat.com
Cc: Chunyan Liu <cyliu@suse.com>

To use virtio-serial device, unix socket created for communication with
default umask(022) has insufficient permissions.
e.g.
1. Setup a virtual machine with a virtio-serial device:
# virsh edit myvm
(...)
    <channel type='unix'>
      <source mode='bind' path='/tmp/somefile.sock'/>
      <target type='virtio' name='com.suse.sometest'/>
      <address type='virtio-serial' controller='0' bus='0' port='1'/>
    </channel>
(...)
    <controller type='virtio-serial' index='0'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x06'
function='0x0'/>
    </controller>

2. Start this virtual machine:
# virsh start myvm

3. Check permissions for the socket file that has been created in the
host to enable communication through virtual serial ports in the guest:
# ls -l /tmp/somefile.sock
srwxr-xr-x 1 qemu qemu 0 21. Jul 14:19 /tmp/somefile.sock

Other users in the qemu group (like real user, test engines, etc) cannot
write to this socket.

Problem reported here:
https://sourceware.org/bugzilla/show_bug.cgi?id=13078#c11
https://bugzilla.novell.com/show_bug.cgi?id=888166

This patch tries to pass a 'umask' option to '-chardev' when
building qemu command line in above configuration case. In
qemu side, there is another patch to handle the 'umask' option
to overwrite default umask(022). With these changes, unix
socket created for virtio-serial device can have expected
permissions.

Signed-off-by: Chunyan Liu <cyliu@suse.com> 
---
This is patch for libvirt.

 src/qemu/qemu_command.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index beb8ca8..11eee44 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -8509,6 +8509,18 @@ qemuBuildCommandLine(virConnectPtr conn,
                                                       channel->info.alias,
                                                       qemuCaps)))
                     goto error;
+                /* use umask(002) instead of default umask(022) to create
+                 * a unix socket, so that virtio-serial device has sufficient
+                 * permissions for correct usage.
+                 */
+                if (channel->source.type == VIR_DOMAIN_CHR_TYPE_UNIX) {
+                    char *tmpstr = NULL;
+                    if (virAsprintf(&tmpstr, "%s,umask=0x002", devstr) < 0)
+                        goto error;
+                    VIR_FREE(devstr);
+                    devstr = tmpstr;
+                }
+
                 virCommandAddArg(cmd, devstr);
                 VIR_FREE(devstr);
             }
-- 
1.8.4.5