[libvirt] [PATCH 0/4] Remove open coding virProcessWait for root-squash

Michal Privoznik mprivozn at redhat.com
Mon Sep 21 10:43:13 UTC 2015 

On 18.09.2015 20:20, John Ferlan wrote:
> A followup of sorts to recently pushed patches regarding NFS root-squash.
> During libvirt-security list review it was pointed out that the new code
> was essentially open coding what virProcessWait does. However, since the
> model being used also was open coded and there was a time element, the
> change was allowed as is with the expectation that a cleanup patch would
> follow.  Which is what leads into this series....
> 
> The series started out purely as removing the open code and replacing
> with the call to virProcessWait, but during that exercise I also realized
> that it was possible to create a 'netdir' in a NFS root-squash environment
> (eg, virDirCreate); however, the corrollary to remove the directory using
> a fork/exec didn't exist - in fact all that was called was rmdir, which
> failed to delete in the NFS root-squash environment.  Rather than having
> a whole new interface, the first patch reworks virFileUnlink to check
> whether the target is a directory or a file and either call rmdir or
> unlink appropriately.
> 
> The one common thread amongst the 3 API's changed here is they each looked
> to return an errno value, while typically virProcessWait consumers only
> return -1 and errno. Determining which failure in virProcessWait returns
> -1 is possible because one exit path uses virReportSystemError to report
> the error that caused the waitpid() to fail, while the other error path
> either receives the errno from the child process or if not present had
> already "assumed" EACCES, so these changes follow that model, except that
> if it's determined the waitpid failed, EINTR is returned similar to how
> virFileAccessibleAs sets errno and returns -1.
> 
> John Ferlan (4):
>   storage: Use virFileUnlink instead of rmdir
>   virfile: Use virProcessWait in virFileOpenForked
>   virfile: Use virProcessWait in virFileUnlink
>   virfile: Use virProcessWait in virDirCreate
> 
>  src/storage/storage_backend_fs.c |  20 +++--
>  src/util/virfile.c               | 153 ++++++++++++++++-----------------------
>  2 files changed, 71 insertions(+), 102 deletions(-)
> 

ACK series. Looking forward to the follow up patch.

Michal

More information about the libvir-list mailing list