On 10/22/2012 09:18 AM, Peter Krempa wrote: > On 10/20/12 23:47, Eric Blake wrote: >> Yet another instance of where using plain open() mishandles files >> that live on root-squash NFS, and where improving the API can >> improve the chance of a successful probe. >> >> * src/util/storage_file.h (virStorageFileProbeFormat): Alter >> signature. >> * src/util/storage_file.c (virStorageFileProbeFormat): Use better >> method for opening file. >> * src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Update caller. >> * src/storage/storage_backend_fs.c (virStorageBackendProbeTarget): >> Likewise. >> --- >> >> v8: new patch >> > I know it's late now, and this patch has been pushed, but we will > probably need a followup patch that changes this part to values set in > the DAC seclabels in the domain configuration. The DAC driver gives us > the ability to specify the user and group of the machine separately, so > we should use that information to access the images. In that case, qemu_driver.c:qemuOpenFile() also needs to be fixed to honor VM DAC labeling, as it also passes driver->user and driver->group down to virFileOpenAs. That is, if I'm understanding your complaint, the new DAC labeling allows us to run a single qemu guest process under a different uid:gid than the defaults specified in qemu.conf, and if we have that turned on, then we should be favoring per-guest user and group over the driver user/group default. Sounds like we need a helper function, which when given the qemu driver and the vm definition, returns the appropriate user:group id to use for that vm. -- Eric Blake eblake@xxxxxxxxxx +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list