[libvirt] [RFC] security_dac: don't chown iso file
Serge E. Hallyn
serge.hallyn at canonical.com
Tue Oct 4 17:49:03 UTC 2011
Quoting Serge E. Hallyn (serge.hallyn at canonical.com):
> isos are read-only, so libvirt doesn't need to chown them. In one of
> our testing setups, libvirt uses mirrorred isos. Since libvirt chowns
> the files, (and especially does not chown them back) the mirror refuses
> to update the iso.
>
> This patch prevents libvirt from chowning files.
>
> Does this seem reasonable?
Hi,
any feedback on this? Does it seem ok?
thanks,
-serge
> Signed-off-by: Serge Hallyn <serge.hallyn at canonical.com>
> ---
> src/security/security_dac.c | 2 ++
> 1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/src/security/security_dac.c b/src/security/security_dac.c
> index af02236..e7db324 100644
> --- a/src/security/security_dac.c
> +++ b/src/security/security_dac.c
> @@ -555,6 +555,8 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr,
> /* XXX fixme - we need to recursively label the entire tree :-( */
> if (vm->def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_DIR)
> continue;
> + if (vm->def->disks[i]->device == VIR_DOMAIN_DISK_DEVICE_CDROM)
> + continue;
> if (virSecurityDACSetSecurityImageLabel(mgr,
> vm,
> vm->def->disks[i]) < 0)
> --
> 1.7.5.4
>
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
More information about the libvir-list
mailing list