[libvirt] [PATCH] set UID and GID according to dynamicOwnership
Jiri Denemark
jdenemar at redhat.com
Thu Nov 19 12:36:51 UTC 2015
On Wed, Nov 18, 2015 at 20:20:38 +0200, Matteo Cafasso wrote:
> When called with dynamicOwnership set, the qemuOpenFileAs function ignores it resulting in files not created with proper permissions.
>
> The issue is reported in:
>
> https://www.redhat.com/archives/libvirt-users/2015-November/msg00039.html
>
> and also mentioned in:
>
> https://www.redhat.com/archives/libvir-list/2015-November/msg00453.html
>
>
> Signed-off-by: Matteo Cafasso <noxdafox at gmail.com>
> ---
> src/qemu/qemu_driver.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index 92a9961..b3b59b6 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -2932,6 +2932,11 @@ qemuOpenFileAs(uid_t fallback_uid, gid_t fallback_gid,
> if (path_shared <= 0 || dynamicOwnership)
> vfoflags |= VIR_FILE_OPEN_FORCE_OWNER;
>
> + if (dynamicOwnership) {
> + uid = fallback_uid;
> + gid = fallback_gid;
> + }
> +
> if (stat(path, &sb) == 0) {
> /* It already exists, we don't want to delete it on error */
> need_unlink = false;
NACK, this is not the right way of fixing the issue (not to mention that
the issue is not completely clear to me, yet; I'd rather clarify it
first in the thread referenced by your commit message). With this patch
we'd never even try creating the file as root. Thus creating a file in a
directory inaccessible (for writing) to fallback_uid:fallback_gid will
always fail.
Jirka
More information about the libvir-list
mailing list