On Tue, 2017-02-14 at 11:37 +0100, Michal Privoznik wrote:
> > @@ -7040,6 +7040,7 @@ qemuDomainCreateDeviceRecursive(const char *device,
> > #ifdef WITH_SELINUX
> > char *tcon = NULL;
> > #endif
> > +mode_t oldUmask = umask((mode_t) 0);
> >
> > if (!ttl) {
> >
On 02/13/2017 09:18 PM, Andrea Bolognani wrote:
> When we populate the private /dev that's going to be used by
> an isolated QEMU process, we take care all metadata matches
> what's in the top-level namespace: in particular, we copy the
> file permissions directly.
>
> However, since the
When we populate the private /dev that's going to be used by
an isolated QEMU process, we take care all metadata matches
what's in the top-level namespace: in particular, we copy the
file permissions directly.
However, since the permissions passed to mknod() are still
affected by the active