[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH] avoid chowning domain devices if higer-level mgmt does it for us



this is particularily important if said device is a file sitting on a
root_squashing nfs export.
---
 src/qemu/qemu.conf     |    4 ++++
 src/qemu/qemu_conf.c   |    3 +++
 src/qemu/qemu_conf.h   |    1 +
 src/qemu/qemu_driver.c |    2 +-
 4 files changed, 9 insertions(+), 1 deletions(-)

diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index bca858a..892a50b 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -96,6 +96,10 @@
 # The group ID for QEMU processes run by the system instance
 #group = "root"
 
+# should libvirt assume that devices are accessible to the above user:group.
+# by default, libvirt tries to chown devices before starting up a domain and
+# restore ownership to root when domain comes down.
+#assume_devices_accessible = 0
 
 # What cgroup controllers to make use of with QEMU guests
 #
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index b1b9e5f..520a395 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -232,6 +232,9 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
         return -1;
     }
 
+    p = virConfGetValue (conf, "assume_devices_accessible");
+    CHECK_TYPE ("assume_devices_accessible", VIR_CONF_LONG);
+    if (p) driver->avoid_dev_chown = p->l;
 
     if (virGetGroupID(NULL, group, &driver->group) < 0) {
         VIR_FREE(group);
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index 675c636..3a9da73 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -87,6 +87,7 @@ struct qemud_driver {
 
     uid_t user;
     gid_t group;
+    int avoid_dev_chown;
 
     unsigned int qemuVersion;
     int nextvmid;
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 2f273eb..4c5de80 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -1968,7 +1968,7 @@ static int qemuDomainSetDeviceOwnership(virConnectPtr conn,
     uid_t uid;
     gid_t gid;
 
-    if (!driver->privileged)
+    if (!driver->privileged || driver->avoid_dev_chown)
         return 0;
 
     /* short circuit case of root:root */
-- 
1.6.5.2


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]