[libvirt] [PATCH] Make domain save work when dynamic_ownership=0
Daniel Veillard
veillard at redhat.com
Thu May 13 20:07:52 UTC 2010
On Thu, May 13, 2010 at 01:33:11PM -0400, Daniel P. Berrange wrote:
> Setting dynamic_ownership=0 in /etc/libvirt/qemu.conf prevents
> libvirt's DAC security driver from setting uid/gid on disk
> files when starting/stopping QEMU, allowing the admin to manage
> this manually. As a side effect it also stopped setting of
> uid/gid when saving guests to a file, which completely breaks
> save when QEMU is running non-root. Thus saved state labelling
> code must ignore the dynamic_ownership parameter
>
> * src/qemu/qemu_security_dac.c: Ignore dynamic_ownership=0 when
> doing save/restore image labelling
> ---
> src/qemu/qemu_security_dac.c | 4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c
> index 2d42ce2..364227d 100644
> --- a/src/qemu/qemu_security_dac.c
> +++ b/src/qemu/qemu_security_dac.c
> @@ -407,7 +407,7 @@ static int
> qemuSecurityDACSetSavedStateLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
> const char *savefile)
> {
> - if (!driver->privileged || !driver->dynamicOwnership)
> + if (!driver->privileged)
> return 0;
>
> return qemuSecurityDACSetOwnership(savefile, driver->user, driver->group);
> @@ -418,7 +418,7 @@ static int
> qemuSecurityDACRestoreSavedStateLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
> const char *savefile)
> {
> - if (!driver->privileged || !driver->dynamicOwnership)
> + if (!driver->privileged)
> return 0;
>
> return qemuSecurityDACRestoreSecurityFileLabel(savefile);
ACK,
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel at veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
More information about the libvir-list
mailing list