[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] Set owner and group for file used for saving domain



On Wed, Nov 11, 2009 at 04:10:37PM +0530, Anoop Vijayan wrote:
> virsh save a domain created by libvirt and it hangs with the log message "sh: /home/newguest: Permission denied".
> 
> ---
>  src/qemu/qemu_driver.c |    5 +++++
>  1 files changed, 5 insertions(+), 0 deletions(-)
> 
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index 30003e6..a2d9534 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -3415,6 +3415,11 @@ static int qemudDomainSave(virDomainPtr dom,
>          goto endjob;
>      }
>  
> +    if (qemuDomainSetFileOwnership(dom->conn, path, driver->user,
> +                                                    driver->group) < 0 ) {
> +        goto endjob;
> +    }
> +
>      if (safewrite(fd, &header, sizeof(header)) != sizeof(header)) {
>          qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
>                           "%s", _("failed to write save header"));

That isn't quit correct because it should not change ownership if libvirtd
is running unprivileged. Also it doesn't take care of SELinux labelling.
I've just posted the more complete fix here

  http://www.redhat.com/archives/libvir-list/2009-November/msg00376.html

Regards,
Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]