[libvirt] [PATCHv1.5 3/8] security: DAC: Remove superfluous link resolution
Eric Blake
eblake at redhat.com
Wed Jul 23 19:22:42 UTC 2014
On 07/22/2014 03:20 AM, Peter Krempa wrote:
> When restoring security labels in the dac driver the code would resolve
> the file path and use the resolved one to be chown-ed. The setting code
> doesn't do that. Remove the unnecessary code.
chown() on a symlink changes the underlying file, not the link itself;
you need the BSD extension lchown() to change the owner of a symlink
(and even then, changing the owner of a symlink seldom has any
noticeable impact - per 'man 7 symlink' on Linux, "The only time that
the ownership of a symbolic link matters is when the link is being
removed or renamed in a directory that has the sticky bit set"). So
resolving a symlink before chown()ing it is pointless, since chown()
will resolve it anyways, and we really don't need to care about
lchown(). Likewise, on Linux, chmod() cannot alter a symlink to
anything other than a pointless 0777 access mode.
BSD is a bit different - there, lchown() coupled with chmod() can be
used to alter whether a user can resolve through the symlink in pathname
resolution, depending on the mount parameters of the current file
system. But this is still a seldom used extension to POSIX.
> ---
> src/security/security_dac.c | 19 +------------------
> 1 file changed, 1 insertion(+), 18 deletions(-)
ACK.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 604 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20140723/f1086c27/attachment-0001.sig>
More information about the libvir-list
mailing list