[libvirt] [RFC] security_dac: don't chown iso file
Laine Stump
laine at laine.org
Wed Oct 5 14:29:09 UTC 2011
On 10/05/2011 06:33 AM, Daniel P. Berrange wrote:
> On Tue, Oct 04, 2011 at 12:49:03PM -0500, Serge E. Hallyn wrote:
>> Quoting Serge E. Hallyn (serge.hallyn at canonical.com):
>>> isos are read-only, so libvirt doesn't need to chown them. In one of
>>> our testing setups, libvirt uses mirrorred isos. Since libvirt chowns
>>> the files, (and especially does not chown them back) the mirror refuses
>>> to update the iso.
>>>
>>> This patch prevents libvirt from chowning files.
>>>
>>> Does this seem reasonable?
>> any feedback on this? Does it seem ok?
> Unfortunately while this would fix the use case you describe, it would
> also break other use cases.
>
> What we really need todo with the DAC driver is replace all the
> chown() code, with code that sets ACLs instead. Well actually we
> would need to keep the chown code as a fallback for filesystems
> which don't support ACLs, but as long as we prefer ACLs by default
> that'd be OK.
>
> Of course when we have ACLs, we'd only need to grant 'r' to the
> file for CDROMs which would be better than what we do now.
In the meantime, I think you can solve the problem with your mirror by
mounting the share read-only. When the filesystem is read-only, libvirt
will attempt the chown/chgrp and fail, but notice the failure is due to
a r/o (or root-squash) filesystem, and ignore the failure.
More information about the libvir-list
mailing list