[libvirt] [PATCHv4 2/2] qemu: eliminate "Ignoring open failure" when using root-squash NFS

Eric Blake eblake at redhat.com
Fri Feb 3 20:45:40 UTC 2012


On 02/01/2012 11:36 PM, Laine Stump wrote:
> This eliminates the warning message reported in:
> 
>  https://bugzilla.redhat.com/show_bug.cgi?id=624447
> 
> It was caused by a failure to open an image file that is not
> accessible by root (the uid libvirtd is running as) because it's on a
> root-squash NFS share, owned by a different user, with permissions of
> 660 (or maybe 600).
> 
> The solution is to use virFileOpenAs() rather than open(). The
> codepath that generates the error is during qemuSetupDiskCGroup(), but
> the actual open() is in a lower-level generic function called from
> many places (virDomainDiskDefForeachPath), so some other pieces of the
> code were touched just to add dummy (or possibly useful) uid and gid
> arguments.
> 
> Eliminating this warning message has the nice side effect that the
> requested operation may even succeed (which in this case isn't
> necessary, but shouldn't hurt anything either).
> ---
>  src/conf/domain_conf.c          |    8 ++++----
>  src/conf/domain_conf.h          |    1 +
>  src/qemu/qemu_cgroup.c          |    2 ++
>  src/security/security_dac.c     |    1 +
>  src/security/security_selinux.c |    7 +++++++
>  src/security/virt-aa-helper.c   |    6 +++++-
>  6 files changed, 20 insertions(+), 5 deletions(-)

After all that churn on 1/2, this one has just been patiently waiting,
unchanged.  That shows that once we get a good interface, using it is
easier.

ACK.

> +++ b/src/security/security_selinux.c
> @@ -671,9 +671,16 @@ SELinuxSetSecurityImageLabel(virSecurityManagerPtr mgr,
>      if (disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
>          return 0;
>  
> +    /* XXX On one hand, it would be nice to have the driver's uid:gid
> +     * here so we could retry opens with it. On the other hand, it
> +     * probably doesn't matter because in practice that's only useful
> +     * for files on root-squashed NFS shares, and NFS doesn't properly
> +     * support selinux anyway.

Too true.

-- 
Eric Blake   eblake at redhat.com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20120203/802e26ce/attachment-0001.sig>


More information about the libvir-list mailing list