Hi, I found there is a bug in pr-helper:
We run pr-helper process in root, and drop all capabilities expect
CAP_SYS_RAWIO.
But the sock file which connect from qemu is owned by qemu group,
when pr-helper exit,
it will call “close_server_socket ->
object_unref(OBJECT(server_ioc)) -> qio_channel_socket_finalize ->
socket_listen_cleanup” ,
unlink sock file will fail and output “Failed to unlink socket
xxx, Permission denied”.
I tried to add capability CAP_DAC_OVERRIDE in pr-helper, it will
unlink sock success, but I think capability CAP_DAC_OVERRIDE is too
dangerous.
