Landon Gilbert-Bland
2014-Aug-07 18:42 UTC
[libvirt-users] File permissions on VNC unix sockets
I am using kvm libvirt/qemu, and am trying to get VNC working with unix sockets. I'm using the following in my XML: <graphics type='vnc' socket='/tmp/kvmtest'/> This works, it creates the unix socket and I can use it for VNC. But it creates the socket with 755 permissions, and owned by libvirt-qemu:kvm. Ideally, I would like it to be 770 root:libvirtd, but could also work with 775 libvirt-qemu:kvm. Basically, I would like the group to be read/write/execute, so that anyone in this group can use virt-manager (or whatever) to get into the vm with vnc. I haven't found a way to change this in the settins. It doesn't seem to be honoring the unix socket settings in /etc/libvirt/libvirdd.conf (it looks like those are only for libvirt-sock and libvirt-sock-ro), and I haven't been able to find any documentation about changing these permissions in the XML. I can manually chmod/chown the socket after it is created (manually or with a cron), but that is far from an ideal solution. I don't suppose anyone has run across a configuration option for this that I have missed? I have only tested this in ubuntu 14.04.1 and debian testing, for what it's worth. Thanks, --landon