If libguestfs tools run as root, with the 'direct' backend (without libvirt), we'll start as root as well. As guest images might be owned by root, there are valid reasons to use libguestfs tools as root, so be nice to them: open socket and PID files *before* switching to nobody, so that we can still access their paths. Stefano Brivio (8): conf: Don't lecture user about starting us as root tap: Move all-ones initialisation of mac_guest to tap_sock_init() passt, tap: Don't use -1 as uninitialised value for fd_tap_listen tap: Split tap_sock_unix_init() into opening and listening parts util: Rename write_pidfile() to pidfile_write() passt, util: Move opening of PID file to its own function conf, passt, tap: Open socket and PID files before switching UID/GID conf, passt.h: Rename pid_file in struct ctx to pidfile conf.c | 23 +++++++++++++++++++---- passt.c | 17 ++++------------- passt.h | 8 ++++++-- tap.c | 57 +++++++++++++++++++++++++++++++++++---------------------- tap.h | 1 + util.c | 28 +++++++++++++++++++++++++--- util.h | 3 ++- 7 files changed, 92 insertions(+), 45 deletions(-) -- 2.43.0