[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [RFC] security_dac: don't chown iso file



Quoting Laine Stump (laine laine org):
> On 10/05/2011 06:33 AM, Daniel P. Berrange wrote:
> >On Tue, Oct 04, 2011 at 12:49:03PM -0500, Serge E. Hallyn wrote:
> >>Quoting Serge E. Hallyn (serge hallyn canonical com):
> >>>isos are read-only, so libvirt doesn't need to chown them.  In one of
> >>>our testing setups, libvirt uses mirrorred isos.  Since libvirt chowns
> >>>the files, (and especially does not chown them back) the mirror refuses
> >>>to update the iso.
> >>>
> >>>This patch prevents libvirt from chowning files.
> >>>
> >>>Does this seem reasonable?
> >>any feedback on this?  Does it seem ok?
> >Unfortunately while this would fix the use case you describe, it would
> >also break other use cases.
> >
> >What we really need todo with the DAC driver is replace all the
> >chown() code, with code that sets ACLs instead. Well actually we
> >would need to keep the chown code as a fallback for filesystems
> >which don't support ACLs, but as long as we prefer ACLs by default
> >that'd be OK.
> >
> >Of course when we have ACLs, we'd only need to grant 'r' to the
> >file for CDROMs which would be better than what we do now.
> 
> 
> In the meantime, I think you can solve the problem with your mirror
> by mounting the share read-only. When the filesystem is read-only,
> libvirt will attempt the chown/chgrp and fail, but notice the
> failure is due to a r/o (or root-squash) filesystem, and ignore the
> failure.

Thanks for the suggestion, Laine.  I suspect the dir they're using needs
to be writeable, but I'll ask if it is feasible to use a read-only bind
mount of the directory.

thanks,
-serge


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]