[libvirt] [PATCH 3/3] security_dac: Favour ACLs over chown()

Michal Privoznik mprivozn at redhat.com
Fri Sep 6 07:50:25 UTC 2013 

On 05.09.2013 16:14, Daniel P. Berrange wrote:
> On Wed, Aug 28, 2013 at 12:27:40PM +0200, Michal Privoznik wrote:
>> On filesystems supporting ACLs we don't need to do a chown but we
>> can just set ACLs to gain access for qemu. However, since we are
>> setting these on too low level, where we don't know if disk is
>> just a read only or read write, we set read write access
>> unconditionally.
>>
>> >From implementation POV, a reference counter is introduced, so ACL is
>> restored only on the last restore attempt in order to not cut off other
>> domains. And since a file may had an ACL for a user already set, we need
>> to keep this as well. Both these, the reference counter and original ACL
>> are stored as extended attributes named trusted.libvirt.dac.refCount and
>> trusted.libvirt.dac.oldACL respectively.
>>
>> However, some filesystems doesn't support ACLs, XATTRs, or both. So the
>> code is made to favour ACLs among with tracking the reference count. If
>> this fails, we fall back to chown()  with best effort to remember the
>> original owner of file.
>>
>> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
>> ---
>>  src/security/security_dac.c | 297 +++++++++++++++++++++++++++++++++++++++-----
>>  1 file changed, 268 insertions(+), 29 deletions(-)
>>
>> diff --git a/src/security/security_dac.c b/src/security/security_dac.c
>> index 8cbb083..913b68e 100644
>> --- a/src/security/security_dac.c
>> +++ b/src/security/security_dac.c
>> @@ -37,6 +37,9 @@
>>  
>>  #define VIR_FROM_THIS VIR_FROM_SECURITY
>>  #define SECURITY_DAC_NAME "dac"
>> +#define SECURITY_DAC_XATTR_OLD_ACL "trusted.libvirt.dac.oldACL"
>> +#define SECURITY_DAC_XATTR_OLD_OWNER "trusted.libvirt.dac.oldOwner"
>> +#define SECURITY_DAC_XATTR_REFCOUNT "trusted.libvirt.dac.refCount"
> 
> Use of "trusted." is non-portable, per the long mail thread last
> time this was posted[1]. The discussion there was never resolved in
> any way, so NACK to this patch as is.
> 
> Daniel
> 
> [1] https://www.redhat.com/archives/libvir-list/2013-March/msg01610.html
> 

Okay then, consider this squashed in:

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 47af4e8..acc80c4 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -37,9 +37,9 @@

 #define VIR_FROM_THIS VIR_FROM_SECURITY
 #define SECURITY_DAC_NAME "dac"
-#define SECURITY_DAC_XATTR_OLD_ACL "trusted.libvirt.dac.oldACL"
-#define SECURITY_DAC_XATTR_OLD_OWNER "trusted.libvirt.dac.oldOwner"
-#define SECURITY_DAC_XATTR_REFCOUNT "trusted.libvirt.dac.refCount"
+#define SECURITY_DAC_XATTR_OLD_ACL "user.libvirt.dac.oldACL"
+#define SECURITY_DAC_XATTR_OLD_OWNER "user.libvirt.dac.oldOwner"
+#define SECURITY_DAC_XATTR_REFCOUNT "user.libvirt.dac.refCount"

 typedef struct _virSecurityDACData virSecurityDACData;
 typedef virSecurityDACData *virSecurityDACDataPtr;

Michal

More information about the libvir-list mailing list