On Thu, Dec 04, 2025 at 08:05:59PM +0000, Chaney, Ben wrote:
> > Considering unix socket itself doesn't really have a UID attached to it,
> > it's only the unix path that needs a chmod(), meanwhile the mgmt of course
> > knows both the right UID (as specified in -run-with) and the path, would it
> > make sense if the mgmt chmod() after it starts dest QEMU? That'll reduce
> > the scope of impact to minimum.
>
>
> I like this solution, but it runs into the issue that the main channel socket
> is not
> created ahead of time, so there isn't an opportunity for the management layer
> to change it's permissions. The CPR socket is created ahead of time, so we
> could
> use this solution there. I'm not familiar with the history here. Do you know
> why
> the sockets are created at different times?
IIUC the cpr channel isn't created ahead of time either, it's still created
a while after QEMU process start to run. It's just that I believe CPR
needs to synchronously wait for the client to connect first and send data,
before it can reach other part of QEMU logic to further create the main
channel.
It should look like this:
qemu_init
cpr_state_load
cpr_transfer_input
qio_net_listener_wait_client [1]
qmp_x_exit_preconfig
qmp_migrate_incoming [2]
os_setup_post
change_process_uid [3]
So IIUC you're looking for [2] creating the other unix socket.
Maybe you can stick with -incoming defer, then it'll be after step [3],
which will inherit the modified uid, and mgmt doesn't need to bother
monitoring.
Thanks,
--
Peter Xu
