On Wed, Jan 20, 2010 at 03:14:57PM +0000, Daniel P. Berrange wrote: > This patch series does some work on te security drivers, and the QEMU code > for managing DAC permissions on files. > > The core goal is to turn the QEMU driver DAC file management code into a > security driver. Instead of QEMU calling into the SELinux/AppArmour drivers > directly, a stacked driver module is introduced. This delegates all operations > to first the QEMU DAC driver, and then the main SELinux/AppArmour driver. > The end result is that all the permissions management code is removed from > the QEMU driver, and we're left with just simple security driver calls. > > In the process of this a number of flaws in the current hotplug code were > found, and code was generally tidied up with a view to making it easier to > manage. > > Finally, we add the ability to turn off the QEMU DAC file managment code, > and also deal gracefully with failures to change ownership (eg on NFS with > root squash, or readonly FS). Thanks for this series. However, it seems that we still have a problem when trying to save domain to a root-squashing nfs export. When using qemu directly, as a user with write permissions to that export, there is no problem. When using libvirt, libvirt tries to write its own state to the target file. I would not want to pre-create the target file as world redable. How about performing open(path, O_CREAT|O_TRUNC|O_WRONLY, S_IRUSR|S_IWUSR)) with the euid of the qemu process? Dan. -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list