[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [RFC] security_dac: don't chown iso file



On 10/05/2011 06:33 AM, Daniel P. Berrange wrote:
On Tue, Oct 04, 2011 at 12:49:03PM -0500, Serge E. Hallyn wrote:
Quoting Serge E. Hallyn (serge hallyn canonical com):
isos are read-only, so libvirt doesn't need to chown them.  In one of
our testing setups, libvirt uses mirrorred isos.  Since libvirt chowns
the files, (and especially does not chown them back) the mirror refuses
to update the iso.

This patch prevents libvirt from chowning files.

Does this seem reasonable?
any feedback on this?  Does it seem ok?
Unfortunately while this would fix the use case you describe, it would
also break other use cases.

What we really need todo with the DAC driver is replace all the
chown() code, with code that sets ACLs instead. Well actually we
would need to keep the chown code as a fallback for filesystems
which don't support ACLs, but as long as we prefer ACLs by default
that'd be OK.

Of course when we have ACLs, we'd only need to grant 'r' to the
file for CDROMs which would be better than what we do now.


In the meantime, I think you can solve the problem with your mirror by mounting the share read-only. When the filesystem is read-only, libvirt will attempt the chown/chgrp and fail, but notice the failure is due to a r/o (or root-squash) filesystem, and ignore the failure.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]