[libvirt-users] Libvirt: dynamic ownership did not work

Jonatan Schlag jonatan.schlag at ipfire.org
Fri Aug 5 11:18:02 UTC 2016 


Am Fr, 5. Aug, 2016 um 9:45 schrieb Michal Privoznik 
<mprivozn at redhat.com>:
> On 04.08.2016 20:28, Jonatan Schlag wrote:
>> 
>> 
> 
>>>  Then the other option that comes to my mind is a race with 
>>> somebody else
>>>  on the system. You can attach gdb to the daemon and set breakpoint 
>>> to
>>>  virSecurityDACSetOwnershipInternal(). In the arguments you should 
>>> see
>>>  the path eventually among with uid:gid.
>>> 
>>>  BTW: what's the domain XML?
>> 
>>  What did you need the xml file the domain is called test and the 
>> image
>>  file is /data/hdd1/libvirt/images/test.img
> 
> Well, in the domain XML. there's <seclabel/> section in the domain XML
> that can fine tune relabelling for a domain. Moreover, some devices -
> like disks have the <seclabel/> too. And I was wondering whether you
> don't have those elements in the XML.
> 
> The other reason for me asking domain XML is so that I could try to
> reproduce locally on my system.
> 
>> 
>>  I did together with Michael Tremer some debugging and Michael 
>> posted our
>>  results in the bugtracker. So it seems that the chown function is 
>> not
>>  executed, because a other function return a wrong value.
> 
> Ah, reading the bz transcript, you are not passing the path directly
> into the XML rather than use a volume from a storage pool. This is
> supported but the previous case is more tested. Again, this would help
> me to narrow down the possible causes.
> 
>> 
>>  Maybe the describtion in the bug report hepls to go furhter, when 
>> not
>>  say what you need (logs) to debug the problem.
> Maybe I'm misreading this, but I think I've told you what I need to 
> debug the problem. Moreover, it's usually better to provide as many 
> information as possible when debugging a problem. Even a tiny little 
> thing that user think of as trivial may look crucial in eyes of 
> experienced developer with insight in the project.

Hi,
I am sorry this sentence causes more trouble, then he helps.
First, I posted the domain XML and the storage XML file in Bugzilla.
I could not post this files earlier because I had no time to do this.

I will post what I can to help you and I will not hide any information 
which could help, but at the moment I have really no idea what I can 
provide what can help.
So the intention of this sentence was, to say that I will provide what 
I can to help and not that I provide only the bit what you want.

Regards Jonatan

> 
> Anyway, I'd like to continue the discussion in the BZ.

Ok, I will post now everything in the bugtracker.
> 
> 
> Michal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20160805/a62f2d5e/attachment.htm>

More information about the libvirt-users mailing list