On 02/07/2017 11:57 AM, Martin Kletzander wrote:
> On Fri, Jan 20, 2017 at 10:42:49AM +0100, Michal Privoznik wrote:
>> Similarly to one of the previous commits, we need to deal
>> properly with symlinks in hotplug case too.
>>
>> Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
>> ---
>> src/qemu/qemu_domain.c | 120
>> ++++++++++++++++++++++++++++++++++++++-----------
>> 1 file changed, 94 insertions(+), 26 deletions(-)
>>
>
> ACK to this, but ...
>
>> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
>> index 448583313..bcfb2446f 100644
>> --- a/src/qemu/qemu_domain.c
>> +++ b/src/qemu/qemu_domain.c
>> @@ -7701,17 +7763,22 @@ qemuDomainAttachDeviceMknod(virQEMUDriverPtr
>> driver,
>> }
>> #endif
>>
>> - if (virSecurityManagerPreFork(driver->securityManager) < 0)
>> - goto cleanup;
>> + if (STRPREFIX(file, DEVPREFIX)) {
>> + if (virSecurityManagerPreFork(driver->securityManager) < 0)
>> + goto cleanup;
>>
>> - if (virProcessRunInMountNamespace(vm->pid,
>> - qemuDomainAttachDeviceMknodHelper,
>> - &data) < 0) {
>> + if (virProcessRunInMountNamespace(vm->pid,
>> +
>> qemuDomainAttachDeviceMknodHelper,
>> + &data) < 0) {
>
> ... I'm sure you have patches for this somewhere that are not posted or
> something =D However now we actually fork for every level of the
> symlink. Even when everyone is scared of every single fork(). Can't we
> use transactions for this as well? If not, could we enhance them so
> that we can use them?
Transactions are security driver specific. But we can imitate them here
too. Instead of direct fork() we would have a list to which we append
all the symlinks we want to create and then fork() once and execute the
list. Good point. I will work on that.
Michal
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
