[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCHv8 01/11] storage: let format probing work on root-squash NFS



On 10/22/2012 09:18 AM, Peter Krempa wrote:
> On 10/20/12 23:47, Eric Blake wrote:
>> Yet another instance of where using plain open() mishandles files
>> that live on root-squash NFS, and where improving the API can
>> improve the chance of a successful probe.
>>
>> * src/util/storage_file.h (virStorageFileProbeFormat): Alter
>> signature.
>> * src/util/storage_file.c (virStorageFileProbeFormat): Use better
>> method for opening file.
>> * src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Update caller.
>> * src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
>> Likewise.
>> ---
>>
>> v8: new patch
>>

> I know it's late now, and this patch has been pushed, but we will
> probably need a followup patch that changes this part to values set in
> the DAC seclabels in the domain configuration. The DAC driver gives us
> the ability to specify the user and group of the machine separately, so
> we should use that information to access the images.

In that case, qemu_driver.c:qemuOpenFile() also needs to be fixed to
honor VM DAC labeling, as it also passes driver->user and driver->group
down to virFileOpenAs.  That is, if I'm understanding your complaint,
the new DAC labeling allows us to run a single qemu guest process under
a different uid:gid than the defaults specified in qemu.conf, and if we
have that turned on, then we should be favoring per-guest user and group
over the driver user/group default.  Sounds like we need a helper
function, which when given the qemu driver and the vm definition,
returns the appropriate user:group id to use for that vm.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]