virStorageFileGetMetadata bug?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I'm looking into why virt-aa-helper isn't adding allow rules for
backing stores nested deeper than 1.  So if I do

qemu-img create -f qcow2 l1.img 10G
qemu-img create -f qcow2 -b l1.img l2.img

and use l2.img in a domain, then virt-aa-helper will add allow
rules for the domain to access both l1.img and l2.img.  But if I

qemu-img create -f qcow2 -b l2.img l3.img

and use l3.img in the domain, then l3.img will not get an allow rule.

Looking at src/security/virt-aa-helper.c:get_files(), it is doing:

if (!disk->src->backingStore) {
    bool probe = ctl->allowDiskFormatProbing;
    virStorageFileGetMetadata(disk->src, -1, -1, probe, false);
}

if (virDomainDiskDefForeachPath(disk, true, add_file_path, &buf) < 0)
    goto cleanup;

and virStorageFileGetMetadata in turn calls virStorageFileGetMetadataRecurse().
So it seems like l3.img *should* be geting hit in virDomainDiskDefForeachPath,
but it's not.  Am I misunderstanding something in how these helpers should be
used?

thanks,
-serge

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]