Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
libvirt
提交
e1f43991
L
libvirt
项目概览
openeuler
/
libvirt
通知
3
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
L
libvirt
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
e1f43991
编写于
9月 19, 2007
作者:
D
Daniel P. Berrange
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Added config params to customize UNIX sock perms & ownership
上级
8f4e48ed
变更
4
显示空白变更内容
内联
并排
Showing
4 changed file
with
104 addition
and
4 deletion
+104
-4
ChangeLog
ChangeLog
+7
-0
docs/libvir.html
docs/libvir.html
+28
-0
docs/remote.html
docs/remote.html
+19
-0
qemud/qemud.c
qemud/qemud.c
+50
-4
未找到文件。
ChangeLog
浏览文件 @
e1f43991
Tue Sep 18 22:22:00 EST 2007 Daniel P. Berrange <berrange@redhat.com>
* qemud/qemud.c: Allow customization of UNIX socket permissions
and group ownership from config file
* docs/libvir.html: Added docs on UNIX socket perms & group owner
config parameters
Tue Sep 18 21:34:00 EST 2007 Daniel P. Berrange <berrange@redhat.com>
* configure.in: Added checks for locating Avahi.
...
...
docs/libvir.html
浏览文件 @
e1f43991
...
...
@@ -2210,6 +2210,34 @@ Blank lines and comments beginning with <code>#</code> are ignored.
</td>
</tr>
<tr>
<td>
unix_sock_group
<i>
"groupname"
</i>
</td>
<td>
"root"
</td>
<td>
The UNIX group to own the UNIX domain socket. If the socket permissions allow
group access, then applications running under matching group can access the
socket. Only valid if running as root
</td>
</tr>
<tr>
<td>
unix_sock_ro_perms
<i>
"octal-perms"
</i>
</td>
<td>
"0777"
</td>
<td>
The permissions for the UNIX domain socket for read-only client connections.
The default allows any user to monitor domains.
</td>
</tr>
<tr>
<td>
unix_sock_rw_perms
<i>
"octal-perms"
</i>
</td>
<td>
"0700"
</td>
<td>
The permissions for the UNIX domain socket for read-write client connections.
The default allows only root to manage domains.
</td>
</tr>
<tr>
<td>
tls_no_verify_certificate
<i>
[0|1]
</i>
</td>
<td>
0 (certificates are verified)
</td>
...
...
docs/remote.html
浏览文件 @
e1f43991
...
...
@@ -484,6 +484,25 @@ Blank lines and comments beginning with <code>#</code> are ignored.
includes the machine's short hostname. This must be unique to the
local LAN segment.
</td>
</tr><tr><td>
unix_sock_group
<i>
"groupname"
</i>
</td>
<td>
"root"
</td>
<td>
The UNIX group to own the UNIX domain socket. If the socket permissions allow
group access, then applications running under matching group can access the
socket. Only valid if running as root
</td>
</tr><tr><td>
unix_sock_ro_perms
<i>
"octal-perms"
</i>
</td>
<td>
"0777"
</td>
<td>
The permissions for the UNIX domain socket for read-only client connections.
The default allows any user to monitor domains.
</td>
</tr><tr><td>
unix_sock_rw_perms
<i>
"octal-perms"
</i>
</td>
<td>
"0700"
</td>
<td>
The permissions for the UNIX domain socket for read-write client connections.
The default allows only root to manage domains.
</td>
</tr><tr><td>
tls_no_verify_certificate
<i>
[0|1]
</i>
</td>
<td>
0 (certificates are verified)
</td>
<td>
...
...
qemud/qemud.c
浏览文件 @
e1f43991
...
...
@@ -48,6 +48,7 @@
#include <getopt.h>
#include <assert.h>
#include <fnmatch.h>
#include <grp.h>
#include <libvirt/virterror.h>
...
...
@@ -72,6 +73,10 @@ static int listen_tcp = 0;
static
const
char
*
tls_port
=
LIBVIRTD_TLS_PORT
;
static
const
char
*
tcp_port
=
LIBVIRTD_TCP_PORT
;
static
gid_t
unix_sock_gid
=
0
;
/* Only root by default */
static
int
unix_sock_rw_perms
=
0700
;
/* Allow user only */
static
int
unix_sock_ro_perms
=
0777
;
/* Allow world */
#ifdef HAVE_AVAHI
static
int
mdns_adv
=
1
;
static
const
char
*
mdns_name
=
NULL
;
...
...
@@ -449,6 +454,7 @@ static int qemudListenUnix(struct qemud_server *server,
struct
qemud_socket
*
sock
=
calloc
(
1
,
sizeof
(
struct
qemud_socket
));
struct
sockaddr_un
addr
;
mode_t
oldmask
;
gid_t
oldgrp
;
if
(
!
sock
)
{
qemudLog
(
QEMUD_ERR
,
"Failed to allocate memory for struct qemud_socket"
);
...
...
@@ -475,16 +481,19 @@ static int qemudListenUnix(struct qemud_server *server,
addr
.
sun_path
[
0
]
=
'\0'
;
if
(
readonly
)
oldmask
=
umask
(
~
(
S_IRUSR
|
S_IWUSR
|
S_IRGRP
|
S_IWGRP
|
S_IROTH
|
S_IWOTH
));
else
oldmask
=
umask
(
~
(
S_IRUSR
|
S_IWUSR
));
oldgrp
=
getgid
();
oldmask
=
umask
(
readonly
?
~
unix_sock_ro_perms
:
~
unix_sock_rw_perms
);
if
(
getuid
()
==
0
)
setgid
(
unix_sock_gid
);
if
(
bind
(
sock
->
fd
,
(
struct
sockaddr
*
)
&
addr
,
sizeof
(
addr
))
<
0
)
{
qemudLog
(
QEMUD_ERR
,
"Failed to bind socket to '%s': %s"
,
path
,
strerror
(
errno
));
goto
cleanup
;
}
umask
(
oldmask
);
if
(
getuid
()
==
0
)
setgid
(
oldgrp
);
if
(
listen
(
sock
->
fd
,
30
)
<
0
)
{
qemudLog
(
QEMUD_ERR
,
"Failed to listen for connections on '%s': %s"
,
...
...
@@ -1556,6 +1565,43 @@ remoteReadConfigFile (const char *filename)
CHECK_TYPE
(
"tcp_port"
,
VIR_CONF_STRING
);
tcp_port
=
p
?
strdup
(
p
->
str
)
:
tcp_port
;
p
=
virConfGetValue
(
conf
,
"unix_sock_group"
);
CHECK_TYPE
(
"unix_sock_group"
,
VIR_CONF_STRING
);
if
(
p
&&
p
->
str
)
{
if
(
getuid
()
!=
0
)
{
qemudLog
(
QEMUD_WARN
,
"Cannot set group when not running as root"
);
}
else
{
struct
group
*
grp
=
getgrnam
(
p
->
str
);
if
(
!
grp
)
{
qemudLog
(
QEMUD_ERR
,
"Failed to lookup group '%s'"
,
p
->
str
);
return
-
1
;
}
unix_sock_gid
=
grp
->
gr_gid
;
}
}
p
=
virConfGetValue
(
conf
,
"unix_sock_ro_perms"
);
CHECK_TYPE
(
"unix_sock_ro_perms"
,
VIR_CONF_STRING
);
if
(
p
&&
p
->
str
)
{
char
*
tmp
=
NULL
;
unix_sock_ro_perms
=
strtol
(
p
->
str
,
&
tmp
,
8
);
if
(
*
tmp
)
{
qemudLog
(
QEMUD_ERR
,
"Failed to parse mode '%s'"
,
p
->
str
);
return
-
1
;
}
}
p
=
virConfGetValue
(
conf
,
"unix_sock_rw_perms"
);
CHECK_TYPE
(
"unix_sock_rw_perms"
,
VIR_CONF_STRING
);
if
(
p
&&
p
->
str
)
{
char
*
tmp
=
NULL
;
unix_sock_rw_perms
=
strtol
(
p
->
str
,
&
tmp
,
8
);
if
(
*
tmp
)
{
qemudLog
(
QEMUD_ERR
,
"Failed to parse mode '%s'"
,
p
->
str
);
return
-
1
;
}
}
#ifdef HAVE_AVAHI
p
=
virConfGetValue
(
conf
,
"mdns_adv"
);
CHECK_TYPE
(
"mdns_adv"
,
VIR_CONF_LONG
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录