[libvirt] [PATCH v2 4/4] security_dac: Favour ACLs over chown()

Michal Privoznik mprivozn at redhat.com
Wed Mar 6 14:05:56 UTC 2013 

On filesystems supporting ACLs we don't need to do a chown but we
can just set ACLs to gain access for qemu. However, since we are
setting these on too low level, where we don't know if disk is
just a read only or read write, we set read write access
unconditionally.
---
 src/security/security_dac.c | 32 +++++++++++++++++++++++++++-----
 1 file changed, 27 insertions(+), 5 deletions(-)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 76a1dc6..8805a5b 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -329,12 +329,12 @@ virSecurityDACGetRememberedLabel(const char *path,
             goto cleanup;
         ret = refCount;
     } else {
-        if (virFileGetAttr(path, SECURITY_DAC_XATTR_OLD_OWNER, &oldOwner) < 0 ||
-            !oldOwner)
-            return ret;
+        if (!virFileGetAttr(path, SECURITY_DAC_XATTR_OLD_OWNER, &oldOwner) &&
+            oldOwner) {
 
-        if (parseIds(oldOwner, user, group) < 0)
-            goto cleanup;
+            if (parseIds(oldOwner, user, group) < 0)
+                goto cleanup;
+        }
 
         virFileRemoveAttr(path, SECURITY_DAC_XATTR_REFCOUNT);
         virFileRemoveAttr(path, SECURITY_DAC_XATTR_OLD_OWNER);
@@ -384,6 +384,9 @@ virSecurityDACSetOwnership(const char *path,
                            gid_t gid,
                            bool remember)
 {
+    virErrorPtr err;
+    int rv;
+
     VIR_INFO("Setting DAC user and group on '%s' to '%ld:%ld'",
              path, (long) uid, (long) gid);
 
@@ -391,6 +394,25 @@ virSecurityDACSetOwnership(const char *path,
         virSecurityDACRememberLabel(path) < 0)
         return -1;
 
+    if (remember) {
+        if ((rv = virFileSetACL(path, uid, S_IRUSR | S_IWUSR)) == 0) {
+            /* No chown is necessary, so remove oldOwner xattr. */
+            virFileRemoveAttr(path, SECURITY_DAC_XATTR_OLD_OWNER);
+        }
+    } else {
+        rv = virFileRemoveACL(path, uid);
+    }
+
+    if (rv < 0) {
+        err = virGetLastError();
+        /* If we obtained an error other than ENOSYS (=ACLs are not supported)
+         * report it. Otherwise fall back to chown(). */
+        if (err && err->code != VIR_ERR_SYSTEM_ERROR && err->int1 != ENOSYS)
+            return rv;
+    } else {
+        return rv;
+    }
+
     if (chown(path, uid, gid) < 0) {
         struct stat sb;
         int chown_errno = errno;
-- 
1.8.1.5

More information about the libvir-list mailing list