xenbits.xensource.com Git - libvirt.git/commit

author	Daniel P. Berrange <berrange@redhat.com>
	Tue, 25 Aug 2009 15:49:09 +0000 (16:49 +0100)
committer	Daniel P. Berrange <berrange@redhat.com>
	Thu, 3 Sep 2009 17:10:16 +0000 (18:10 +0100)
commit	182a80b9221ab3ce2f90e08852ef4333de64fd3f
tree	6af2ec0aea50779c05390f688f88a912d607a383	tree
parent	34d22c1ed5dfff7ec41d62fa2704d2123d92d65b	commit \| diff

Move QEMU monitor socket in /var/lib/libvirt/qemu

Separate the guest created QEMU monitor socket location
from the libvirtd create XML / PID data files, to improve
security separation when running QEMU non-root

* libvirt.spec.in: Leave /var/run/libvirt/qemu as root:root
* src/qemu_conf.h: Add libDir and cacheDir directory paths
* src/qemu_driver.c: Move QEMU monitor socket from
  stateDir to libDir to avoid making security critical directory
  accessible to QEMU guests.
* src/util.c: Delay running hook till after damonizing to
  ensure pidfile is still written before changing UID/GID

libvirt.spec.in		diff \| blob \| blame \| history
src/qemu_conf.h		diff \| blob \| blame \| history
src/qemu_driver.c		diff \| blob \| blame \| history
src/util.c		diff \| blob \| blame \| history