[libvirt] [RFC] security_dac: don't chown iso file

Serge E. Hallyn serge.hallyn at canonical.com
Wed Oct 5 10:44:54 UTC 2011


Quoting Daniel P. Berrange (berrange at redhat.com):
> On Tue, Oct 04, 2011 at 12:49:03PM -0500, Serge E. Hallyn wrote:
> > Quoting Serge E. Hallyn (serge.hallyn at canonical.com):
> > > isos are read-only, so libvirt doesn't need to chown them.  In one of
> > > our testing setups, libvirt uses mirrorred isos.  Since libvirt chowns
> > > the files, (and especially does not chown them back) the mirror refuses
> > > to update the iso.
> > > 
> > > This patch prevents libvirt from chowning files.
> > > 
> > > Does this seem reasonable?
> > 
> > any feedback on this?  Does it seem ok?
> 
> Unfortunately while this would fix the use case you describe, it would
> also break other use cases.
> 
> What we really need todo with the DAC driver is replace all the
> chown() code, with code that sets ACLs instead. Well actually we
> would need to keep the chown code as a fallback for filesystems
> which don't support ACLs, but as long as we prefer ACLs by default
> that'd be OK.
> 
> Of course when we have ACLs, we'd only need to grant 'r' to the
> file for CDROMs which would be better than what we do now.

Thanks, Daniel, that makes sense.

-serge




More information about the libvir-list mailing list