[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] security: also parse user/group names instead of just IDs for DAC labels

On 09/20/2012 08:46 AM, Daniel P. Berrange wrote:

>> You still didn't answer my bigger question - when migrating, do we care
>> about the case where the same user name has different uid on the two
>> machines, and if so, do we make it possible for the user to choose
>> between migrating with constant uid vs. migrating with constant name?
>> If we always parse names into uids up front, then we are preventing the
>> user from migration by name.
> You can't migrate between different user IDs, because the target will
> not be able to open the disk images - they will be labelled with the
> user id of the source host and won't be changed.

Not if the two hosts are both accessing the same storage via NFS, and
NFS id mapping is in play; there, it is the username that is important
(because the name mapping converts the common username, even with
different ids on the source and destination machines, over to the real
uid on the NFS server).

Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]