[pve-devel] [PATCH manager] d/tmpfiles: fix permission regression for /run/pve directory
Hannes Laimer
h.laimer at proxmox.com
Tue Aug 5 12:10:33 CEST 2025
gave this a quick spin and it did solve the problem, therefore:
Tested-by: Hannes Laimer <h.laimer at proxmox.com>
On 05.08.25 12:05, Fiona Ebner wrote:
> There is a regression regarding the permission for the /run/pve
> directory. In Proxmox VE 8, the directory had root:root 0755
> permissions, being auto-created as the lxc-syscalld runtime directory.
> In Proxmox VE 9, the permissions were restricted to root:root 0750,
> but this leads to an issue with remote migration, when pveproxy tries
> to access the mtunnel socket:
>
> pveproxy[2484]: connect to 'unix/:/run/pve/ct-112.mtunnel' failed: Permission denied
>
> Relax the permissions again by allowing the www-data group
> read-access, so that pveproxy can access the socket.
>
> This aligns the permissions with what /run/pve-cluster has.
>
> Reported-by: Hannes Laimer <h.laimer at proxmox.com>
> Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>
> ---
> debian/tmpfiles | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/debian/tmpfiles b/debian/tmpfiles
> index 98b8fb96..1263300f 100644
> --- a/debian/tmpfiles
> +++ b/debian/tmpfiles
> @@ -1,2 +1,2 @@
> -#Type Path Mode User Group Age Argument
> -d /run/pve 0750 root root - -
> +#Type Path Mode User Group Age Argument
> +d /run/pve 0750 root www-data - -
More information about the pve-devel
mailing list