On 6/17/19 3:29 PM, Daniel P. Berrangé wrote:
On Thu, Apr 25, 2019 at 10:19:54AM +0200, Michal Privoznik wrote:
This effectively reverts d7420430ce6 and adds new code.
Here is the problem: Imagine a file X that is to be shared
between two domains as a disk. Let the first domain (vm1) have
seclabel remembering turned on and the other (vm2) has it turned
off. Assume that both domains will run under the same user, but
the original owner of X is different (i.e. trying to access X
without relabelling leads to EPERM).
How do we get into this situation ? Is this the case when we
have a guest which was running before libvirt was upgraded, and
then a new guest is launched ?
Yes, that's one of the possible scenarios. Another possible scenario
would be (and this won't happen yet in reality beacuse NFS still does
not implement XATTRs, but once they do we might hit it): two daemons and
one shared NFS mount. One of the daemons has the feature enabled, the
other has it disabled. But as I say, this won't happen with NFS today.
But maybe there are some other shared filesystems which do implement XATTRs?
Based on Wiki [1], OCFS2 does support it (even though I don't think
there's anybody using it).
1: https://en.wikipedia.org/wiki/Extended_file_attributes
Michal
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
