[libvirt] [PATCH] Add '+' to uid/gid printing for label processing
John Ferlan
jferlan at redhat.com
Tue Oct 29 21:18:17 UTC 2013
On 10/29/2013 04:13 PM, Eric Blake wrote:
> On 10/29/2013 12:52 PM, John Ferlan wrote:
>> To ensure proper processing by virGetUserID() and virGetGroupID()
>> of a uid/gid add a "+" prior to the uid/gid to denote it's really
>> a uid/gid for the label.
>>
>> Signed-off-by: John Ferlan <jferlan at redhat.com>
>> ---
>> src/security/security_dac.c | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> ACK. Although unlikely, it is possible to have a system with a username
> that is purely digits, and where those digits don't match the underlying
> uid, so it is indeed nice that when we know we have a uid that we force
> the parser to skip a name lookup (which harmlessly fails on 99.99% of
> the systems, but which could potentially get wrong credentials on the
> rare system with odd usernames). Worth including in 1.1.4.
>
Thanks - this is now pushed.
John
It's also notable that without the patch, messages would be sent to
/var/log/messages such as:
Oct 19 10:13:21 myhost libvirtd[4055]: User record for user '1000'
was not found: No such file or directory
Oct 19 10:13:21 myhost libvirtd[4055]: Group record for user '1000'
was not found: No such file or directory
More information about the libvir-list
mailing list