qemu: let qemu group look below /var/lib/libvirt/qemu/

Vdsm needs to communicate with its guest agent via unix domain socket,
which qemu creates due to the following domain xml device:

    <channel type='unix'>
      <target type='virtio' name='com.redhat.rhevm.vdsm'/>
      <source mode='bind' path='/var/lib/libvirt/qemu/channels/fcp-xp-1.com.redhat.rhevm.vdsm'/>
    </channel>

The location of the socket below /var/lib/libvirt/qemu/channels makes
sense, to humans and selinux policy alike. However, that socket should
be accessible to vdsm, too.

Due to other (storage) reasons, vdsm is to join the "qemu" group. With
this patch, vdsm can look below /var/lib/libvirt/qemu and connect to the
socket.

The socket itself should be chmod'ed to allow qemu group read/write, but
that's for another project.

BZ#643407

diff --git a/libvirt.spec.in b/libvirt.spec.in
index e8126b484dc9f09913d3dee038e3669e7d230eff..55e368e6c22c3b1be06d945c73a1520a895f78df 100644 (file)
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -782,8 +782,8 @@ fi
 
 %if %{with_qemu}
 %dir %attr(0700, root, root) %{_localstatedir}/run/libvirt/qemu/
-%dir %attr(0700, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/
-%dir %attr(0700, %{qemu_user}, %{qemu_group}) %{_localstatedir}/cache/libvirt/qemu/
+%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/
+%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/cache/libvirt/qemu/
 %endif
 %if %{with_lxc}
 %dir %{_localstatedir}/run/libvirt/lxc/