Re: [libvirt] [PATCH 0/12] Improve security driver handling & QEMU DAC management

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 01/24/2010 11:57 AM, Dan Kenigsberg wrote:
Thanks for this series. However, it seems that we still have a problem
when trying to save domain to a root-squashing nfs export.
When using qemu directly, as a user with write permissions to that
export, there is no problem. When using libvirt, libvirt tries to write
its own state to the target file. I would not want to pre-create the
target file as world redable.

How about performing open(path, O_CREAT|O_TRUNC|O_WRONLY,
S_IRUSR|S_IWUSR)) with the euid of the qemu process?



This sounds like what I did to fix storage volume creation on NFS:

https://www.redhat.com/archives/libvir-list/2010-January/msg00612.html

I talked to Dan Berrange about it this morning, and he agrees that something similar can/should be done for domain save. I'm starting work on it now, and should have something you can try out within a day or two.

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]