Re: [RFC] security_dac: don't chown iso file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Quoting Serge E. Hallyn (serge.hallyn@xxxxxxxxxxxxx):
> isos are read-only, so libvirt doesn't need to chown them.  In one of
> our testing setups, libvirt uses mirrorred isos.  Since libvirt chowns
> the files, (and especially does not chown them back) the mirror refuses
> to update the iso.
> 
> This patch prevents libvirt from chowning files.
> 
> Does this seem reasonable?

Hi,

any feedback on this?  Does it seem ok?

thanks,
-serge

> Signed-off-by: Serge Hallyn <serge.hallyn@xxxxxxxxxxxxx>
> ---
>  src/security/security_dac.c |    2 ++
>  1 files changed, 2 insertions(+), 0 deletions(-)
> 
> diff --git a/src/security/security_dac.c b/src/security/security_dac.c
> index af02236..e7db324 100644
> --- a/src/security/security_dac.c
> +++ b/src/security/security_dac.c
> @@ -555,6 +555,8 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr,
>          /* XXX fixme - we need to recursively label the entire tree :-( */
>          if (vm->def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_DIR)
>              continue;
> +	if (vm->def->disks[i]->device == VIR_DOMAIN_DISK_DEVICE_CDROM)
> +	    continue;
>          if (virSecurityDACSetSecurityImageLabel(mgr,
>                                                  vm,
>                                                  vm->def->disks[i]) < 0)
> -- 
> 1.7.5.4
> 
> --
> libvir-list mailing list
> libvir-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/libvir-list

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]