On 07/22/2014 03:20 AM, Peter Krempa wrote: > When restoring security labels in the dac driver the code would resolve > the file path and use the resolved one to be chown-ed. The setting code > doesn't do that. Remove the unnecessary code. chown() on a symlink changes the underlying file, not the link itself; you need the BSD extension lchown() to change the owner of a symlink (and even then, changing the owner of a symlink seldom has any noticeable impact - per 'man 7 symlink' on Linux, "The only time that the ownership of a symbolic link matters is when the link is being removed or renamed in a directory that has the sticky bit set"). So resolving a symlink before chown()ing it is pointless, since chown() will resolve it anyways, and we really don't need to care about lchown(). Likewise, on Linux, chmod() cannot alter a symlink to anything other than a pointless 0777 access mode. BSD is a bit different - there, lchown() coupled with chmod() can be used to alter whether a user can resolve through the symlink in pathname resolution, depending on the mount parameters of the current file system. But this is still a seldom used extension to POSIX. > --- > src/security/security_dac.c | 19 +------------------ > 1 file changed, 1 insertion(+), 18 deletions(-) ACK. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list