Bug 1151762
Summary: | vnc sockets aren't removed when unused and permissions aren't re-set | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Christoph Anton Mitterer <calestyo> |
Component: | libvirt | Assignee: | Libvirt Maintainers <libvirt-maint> |
Status: | CLOSED CANTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | low | Docs Contact: | |
Priority: | unspecified | ||
Version: | 22 | CC: | agedosier, berrange, calestyo, clalancette, crobinso, itamar, jforbes, laine, libvirt-maint, veillard, virt-maint |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-09-20 19:40:23 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Christoph Anton Mitterer
2014-10-11 15:48:32 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle. Changing version to '22'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22 Sent a patch for the permissions issue: https://www.redhat.com/archives/libvir-list/2015-April/msg01485.html We do want to change those permissions, otherwise qemu might not even be able to start. WRT to cleaning up the VNC socket... it probably makes sense to do that if vnc_auto_unix_socket is used, but we would need to be careful not to unlink a socket the user manually specifies if for some reason they want it to stay existing. Either way it's not a big issue since it doesn't seem to be causing problems If you see the thread, I posted some more info. Apparently you can bind to an existing unix socket path, so qemu unlinks the socket first anyways. So changing the permissions ahead of time doesn't do much. My patch was busted anyways :/ There's still some minor issues with VNC sockets outlined in the mail, but the this bug can just be closed I'm a bit unsure what that means, cause even if qemu unliks first, then the socket still seems to have the wrong permissions, while the other sockets don't. So I can't quite believe this is fixed. What is 'wrong' permissions exactly? Is this failing for you somehow? Well as I've said in the original report,... it's strange that you "correct" the (potentially too open) permissions for the other sockets but not for the mentioned ones. So I think these permissions should be re-set as well. (In reply to Christoph Anton Mitterer from comment #6) > Well as I've said in the original report,... it's strange that you "correct" > the (potentially too open) permissions for the other sockets but not for the > mentioned ones. > > So I think these permissions should be re-set as well. Can you please give explicit details about what permissions you expect, and instead what permissions you are seeing? Especially compared to other sockets. Since AFAICT any unix socket passed to qemu should end up with roughly the same permissions after the VM has started: 775 with uid:gid matching the qemu process. (Even though libvirt attempts to change socket permissions for other character devices, that's basically a bug since with qemu it's completely redundant) As mentioned in comment #7, there's really not much more we can do here, so closing |