/daemon/libvirtd.pod
/daemon/libvirtd.policy
/daemon/libvirtd.service
+/daemon/libvirtd.socket
/daemon/test_libvirtd.aug
/docs/aclperms.htmlinc
/docs/apibuild.py.stamp
libvirtd.policy.in \
libvirtd.sasl \
libvirtd.service.in \
+ libvirtd.socket.in \
libvirtd.sysconf \
libvirtd.sysctl \
libvirtd.aug \
if LIBVIRT_INIT_SCRIPT_SYSTEMD
SYSTEMD_UNIT_DIR = $(prefix)/lib/systemd/system
-BUILT_SOURCES += libvirtd.service
+BUILT_SOURCES += libvirtd.service libvirtd.socket
-install-init-systemd: install-sysconfig libvirtd.service
+install-init-systemd: install-sysconfig libvirtd.service libvirtd.socket
$(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR)
$(INSTALL_DATA) libvirtd.service \
$(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.service
+ $(INSTALL_DATA) libvirtd.socket \
+ $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.socket
uninstall-init-systemd: uninstall-sysconfig
rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.service
+ rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.socket
rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || :
else ! LIBVIRT_INIT_SCRIPT_SYSTEMD
install-init-systemd:
< $< > $@-t && \
mv $@-t $@
+libvirtd.socket: libvirtd.socket.in $(top_builddir)/config.status
+ $(AM_V_GEN)sed \
+ -e 's|[@]runstatedir[@]|$(runstatedir)|g' \
+ < $< > $@-t && \
+ mv $@-t $@
+
check-local: check-augeas
# UNIX socket access controls
#
+# Beware that if you are changing *any* of these options, and you use
+# socket activation with systemd, you need to adjust the settings in
+# the libvirtd.socket file as well since it could impose a security
+# risk if you rely on file permission checking only.
+
# Set the UNIX domain socket group ownership. This can be used to
# allow a 'trusted' set of users access to management capabilities
# without becoming root.
-# NB we don't use socket activation. When libvirtd starts it will
-# spawn any virtual machines registered for autostart. We want this
-# to occur on every boot, regardless of whether any client connects
-# to a socket. Thus socket activation doesn't have any benefit
-
[Unit]
Description=Virtualization daemon
Before=libvirt-guests.service
--- /dev/null
+[Socket]
+ListenStream=@runstatedir@/libvirt/libvirt-sock
+ListenStream=@runstatedir@/libvirt/libvirt-sock-ro
+
+; The following settings must match libvirtd.conf file in order to
+; work as expected because libvirtd can't change them later.
+; SocketMode=0777 is safe only if authentication on the socket is set
+; up. For further information, please see the libvirtd.conf file.
+SocketMode=0777
+SocketUser=root
+SocketGroup=root
%if %{with_systemd}
%if %{with_systemd_macros}
- %systemd_post virtlockd.socket libvirtd.service
+ %systemd_post virtlockd.socket libvirtd.service libvirtd.socket
%else
if [ $1 -eq 1 ] ; then
# Initial installation
- /bin/systemctl enable virtlockd.socket libvirtd.service >/dev/null 2>&1 || :
+ /bin/systemctl enable \
+ virtlockd.socket \
+ libvirtd.service >/dev/null 2>&1 || :
fi
%endif
%else
%preun daemon
%if %{with_systemd}
%if %{with_systemd_macros}
- %systemd_preun libvirtd.service virtlockd.socket virtlockd.service
+ %systemd_preun \
+ libvirtd.socket \
+ libvirtd.service \
+ virtlockd.socket \
+ virtlockd.service
%else
if [ $1 -eq 0 ] ; then
# Package removal, not upgrade
- /bin/systemctl --no-reload disable libvirtd.service virtlockd.socket virtlockd.service > /dev/null 2>&1 || :
- /bin/systemctl stop libvirtd.service virtlockd.socket virtlockd.service > /dev/null 2>&1 || :
+ /bin/systemctl --no-reload disable \
+ libvirtd.socket \
+ libvirtd.service \
+ virtlockd.socket \
+ virtlockd.service > /dev/null 2>&1 || :
+ /bin/systemctl stop \
+ libvirtd.socket \
+ libvirtd.service \
+ virtlockd.socket \
+ virtlockd.service > /dev/null 2>&1 || :
fi
%endif
%else
%if %{with_systemd}
%{_unitdir}/libvirtd.service
+%{_unitdir}/libvirtd.socket
%{_unitdir}/virtlockd.service
%{_unitdir}/virtlockd.socket
%else
projects / people / liuw / libxenctrl-split / libvirt.git / commitdiff