Daniel P. Berrangé <berrange@xxxxxxxxxx> [2018-10-25, 06:32PM +0100]: > On Thu, Oct 25, 2018 at 01:47:26PM +0200, Bjoern Walk wrote: > > Daniel P. Berrangé <berrange@xxxxxxxxxx> [2018-10-24, 10:43PM +0100]: > > > We could optimize this by jcalling virFileAccessibleAs > > > once and storing the result in a global. Then just do a > > > plain stat() call in process to check the st_ctime field > > > for changes. We only need re-run the heavy virFileAccessibleAs > > > check if st_ctime has changed (indicating a owner/group/acl > > > change). > > > > But can't access permission change outside of changing the actual device > > file (e.g. cgroups or other OS capabilities)? Isn't that the whole > > purpose of the virFileAccessibleAs gymnastics? > > Yes, cgroups could restrict access to /dev/kvm, but virFileAccessibleAs > does not use cgroups, it only cares about using the correct user + group > membership. Sorry, but then I don't understand the purpose of this function at all. Why would you EVER check permissions like that? A simple stat(2) call should give you the exact same information, no? -- IBM Systems Linux on Z & Virtualization Development -------------------------------------------------- IBM Deutschland Research & Development GmbH Schönaicher Str. 220, 71032 Böblingen Phone: +49 7031 16 1819 -------------------------------------------------- Vorsitzende des Aufsichtsrats: Martina Koederitz Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294
Attachment:
signature.asc
Description: PGP signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
