Re: [libvirt] [PATCH] Set owner and group for file used for saving domain

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Nov 11, 2009 at 04:10:37PM +0530, Anoop Vijayan wrote:
> virsh save a domain created by libvirt and it hangs with the log message "sh: /home/newguest: Permission denied".
> 
> ---
>  src/qemu/qemu_driver.c |    5 +++++
>  1 files changed, 5 insertions(+), 0 deletions(-)
> 
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index 30003e6..a2d9534 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -3415,6 +3415,11 @@ static int qemudDomainSave(virDomainPtr dom,
>          goto endjob;
>      }
>  
> +    if (qemuDomainSetFileOwnership(dom->conn, path, driver->user,
> +                                                    driver->group) < 0 ) {
> +        goto endjob;
> +    }
> +
>      if (safewrite(fd, &header, sizeof(header)) != sizeof(header)) {
>          qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
>                           "%s", _("failed to write save header"));

That isn't quit correct because it should not change ownership if libvirtd
is running unprivileged. Also it doesn't take care of SELinux labelling.
I've just posted the more complete fix here

  http://www.redhat.com/archives/libvir-list/2009-November/msg00376.html

Regards,
Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]