[libvirt] [RFC] security_dac: don't chown iso file

[Daniel P. Berrange]

On Tue, Oct 04, 2011 at 12:49:03PM -0500, Serge E. Hallyn wrote:
> Quoting Serge E. Hallyn (serge.hallyn at canonical.com):
> > isos are read-only, so libvirt doesn't need to chown them.  In one of
> > our testing setups, libvirt uses mirrorred isos.  Since libvirt chowns
> > the files, (and especially does not chown them back) the mirror refuses
> > to update the iso.
> > 
> > This patch prevents libvirt from chowning files.
> > 
> > Does this seem reasonable?
> 
> any feedback on this?  Does it seem ok?

Unfortunately while this would fix the use case you describe, it would
also break other use cases.

What we really need todo with the DAC driver is replace all the
chown() code, with code that sets ACLs instead. Well actually we
would need to keep the chown code as a fallback for filesystems
which don't support ACLs, but as long as we prefer ACLs by default
that'd be OK.

Of course when we have ACLs, we'd only need to grant 'r' to the
file for CDROMs which would be better than what we do now.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|