[libvirt] [PATCHv4 2/2] qemu: eliminate "Ignoring open failure" when using root-squash NFS
Eric Blake
eblake at redhat.com
Fri Feb 3 20:45:40 UTC 2012
On 02/01/2012 11:36 PM, Laine Stump wrote:
> This eliminates the warning message reported in:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=624447
>
> It was caused by a failure to open an image file that is not
> accessible by root (the uid libvirtd is running as) because it's on a
> root-squash NFS share, owned by a different user, with permissions of
> 660 (or maybe 600).
>
> The solution is to use virFileOpenAs() rather than open(). The
> codepath that generates the error is during qemuSetupDiskCGroup(), but
> the actual open() is in a lower-level generic function called from
> many places (virDomainDiskDefForeachPath), so some other pieces of the
> code were touched just to add dummy (or possibly useful) uid and gid
> arguments.
>
> Eliminating this warning message has the nice side effect that the
> requested operation may even succeed (which in this case isn't
> necessary, but shouldn't hurt anything either).
> ---
> src/conf/domain_conf.c | 8 ++++----
> src/conf/domain_conf.h | 1 +
> src/qemu/qemu_cgroup.c | 2 ++
> src/security/security_dac.c | 1 +
> src/security/security_selinux.c | 7 +++++++
> src/security/virt-aa-helper.c | 6 +++++-
> 6 files changed, 20 insertions(+), 5 deletions(-)
After all that churn on 1/2, this one has just been patiently waiting,
unchanged. That shows that once we get a good interface, using it is
easier.
ACK.
> +++ b/src/security/security_selinux.c
> @@ -671,9 +671,16 @@ SELinuxSetSecurityImageLabel(virSecurityManagerPtr mgr,
> if (disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
> return 0;
>
> + /* XXX On one hand, it would be nice to have the driver's uid:gid
> + * here so we could retry opens with it. On the other hand, it
> + * probably doesn't matter because in practice that's only useful
> + * for files on root-squashed NFS shares, and NFS doesn't properly
> + * support selinux anyway.
Too true.
--
Eric Blake eblake at redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20120203/802e26ce/attachment-0001.sig>
More information about the libvir-list
mailing list