|
From: | wangjie (P) |
Subject: | [Qemu-devel] question:about pr-helper unlink sock file fail |
Date: | Mon, 17 Jun 2019 12:10:32 +0800 |
User-agent: | Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.0 |
Hi, I found there is a bug in pr-helper:We run pr-helper process in root, and drop all capabilities expect CAP_SYS_RAWIO.
But the sock file which connect from qemu is owned by qemu group, when pr-helper exit,
it will call “close_server_socket -> object_unref(OBJECT(server_ioc)) -> qio_channel_socket_finalize -> socket_listen_cleanup” ,
unlink sock file will fail and output “Failed to unlink socket xxx, Permission denied”.
I tried to add capability CAP_DAC_OVERRIDE in pr-helper, it will unlink sock success, but I think capability CAP_DAC_OVERRIDE is too dangerous.
[Prev in Thread] | Current Thread | [Next in Thread] |