On 02/01/2012 11:36 PM, Laine Stump wrote: > This eliminates the warning message reported in: > > https://bugzilla.redhat.com/show_bug.cgi?id=624447 > > It was caused by a failure to open an image file that is not > accessible by root (the uid libvirtd is running as) because it's on a > root-squash NFS share, owned by a different user, with permissions of > 660 (or maybe 600). > > The solution is to use virFileOpenAs() rather than open(). The > codepath that generates the error is during qemuSetupDiskCGroup(), but > the actual open() is in a lower-level generic function called from > many places (virDomainDiskDefForeachPath), so some other pieces of the > code were touched just to add dummy (or possibly useful) uid and gid > arguments. > > Eliminating this warning message has the nice side effect that the > requested operation may even succeed (which in this case isn't > necessary, but shouldn't hurt anything either). > --- > src/conf/domain_conf.c | 8 ++++---- > src/conf/domain_conf.h | 1 + > src/qemu/qemu_cgroup.c | 2 ++ > src/security/security_dac.c | 1 + > src/security/security_selinux.c | 7 +++++++ > src/security/virt-aa-helper.c | 6 +++++- > 6 files changed, 20 insertions(+), 5 deletions(-) After all that churn on 1/2, this one has just been patiently waiting, unchanged. That shows that once we get a good interface, using it is easier. ACK. > +++ b/src/security/security_selinux.c > @@ -671,9 +671,16 @@ SELinuxSetSecurityImageLabel(virSecurityManagerPtr mgr, > if (disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK) > return 0; > > + /* XXX On one hand, it would be nice to have the driver's uid:gid > + * here so we could retry opens with it. On the other hand, it > + * probably doesn't matter because in practice that's only useful > + * for files on root-squashed NFS shares, and NFS doesn't properly > + * support selinux anyway. Too true. -- Eric Blake eblake@xxxxxxxxxx +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list