[libvirt] [PATCH] security: also parse user/group names instead of just IDs for DAC labels
Eric Blake
eblake at redhat.com
Thu Sep 20 17:43:34 UTC 2012
On 09/20/2012 08:46 AM, Daniel P. Berrange wrote:
>> You still didn't answer my bigger question - when migrating, do we care
>> about the case where the same user name has different uid on the two
>> machines, and if so, do we make it possible for the user to choose
>> between migrating with constant uid vs. migrating with constant name?
>> If we always parse names into uids up front, then we are preventing the
>> user from migration by name.
>
> You can't migrate between different user IDs, because the target will
> not be able to open the disk images - they will be labelled with the
> user id of the source host and won't be changed.
Not if the two hosts are both accessing the same storage via NFS, and
NFS id mapping is in play; there, it is the username that is important
(because the name mapping converts the common username, even with
different ids on the source and destination machines, over to the real
uid on the NFS server).
--
Eric Blake eblake at redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 617 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20120920/a0faefa2/attachment-0001.sig>
More information about the libvir-list
mailing list