To use virtio-serial device, unix socket created for communication with
default umask(022) has insufficient permissions.
e.g.
1. Setup a virtual machine with a virtio-serial device:
# virsh edit myvm
(...)
    <channel type='unix'>
      <source mode='bind' path='/tmp/somefile.sock'/>
      <target type='virtio' name='com.suse.sometest'/>
      <address type='virtio-serial' controller='0' bus='0' port='1'/>
    </channel>
(...)
    <controller type='virtio-serial' index='0'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x06'
function='0x0'/>
    </controller>

2. Start this virtual machine:
# virsh start myvm

3. Check permissions for the socket file that has been created in the
host to enable communication through virtual serial ports in the guest:
# ls -l /tmp/somefile.sock
srwxr-xr-x 1 qemu qemu 0 21. Jul 14:19 /tmp/somefile.sock

Other users in the qemu group (like real user, test engines, etc) cannot
write to this socket.

Problem reported here:
https://sourceware.org/bugzilla/show_bug.cgi?id=13078#c11
https://bugzilla.novell.com/show_bug.cgi?id=888166

This patch tries to pass a 'umask' option to '-chardev' when
building qemu command line in above configuration case. In
qemu side, there is another patch to handle the 'umask' option
to overwrite default umask(022). With these changes, unix
socket created for virtio-serial device can have expected
permissions.

Signed-off-by: Chunyan Liu <cy...@suse.com> 
---
This is patch for libvirt.

 src/qemu/qemu_command.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index beb8ca8..11eee44 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -8509,6 +8509,18 @@ qemuBuildCommandLine(virConnectPtr conn,
                                                       channel->info.alias,
                                                       qemuCaps)))
                     goto error;
+                /* use umask(002) instead of default umask(022) to create
+                 * a unix socket, so that virtio-serial device has sufficient
+                 * permissions for correct usage.
+                 */
+                if (channel->source.type == VIR_DOMAIN_CHR_TYPE_UNIX) {
+                    char *tmpstr = NULL;
+                    if (virAsprintf(&tmpstr, "%s,umask=0x002", devstr) < 0)
+                        goto error;
+                    VIR_FREE(devstr);
+                    devstr = tmpstr;
+                }
+
                 virCommandAddArg(cmd, devstr);
                 VIR_FREE(devstr);
             }
-- 
1.8.4.5


Reply via email to