On 30.10.2012 10:00, Martin Kletzander wrote:
> On 10/29/2012 04:18 PM, Michal Privoznik wrote:
>> through which user set under what permissions does sanlock
>> daemon run so libvirt will set the same permissions for
>> files exposed to it.
>> ---
>>
>> diff to v1:
>> -update spec file so sanlock dir is installed with root:sanlock
>> iff group sanlock exists
>>
>> docs/locking.html.in | 22 +++++++++
>> libvirt.spec.in | 7 +++
>> src/locking/libvirt_sanlock.aug | 2 +
>> src/locking/lock_driver_sanlock.c | 76 ++++++++++++++++++++++++++++++-
>> src/locking/sanlock.conf | 11 ++++-
>> src/locking/test_libvirt_sanlock.aug.in | 2 +
>> 6 files changed, 118 insertions(+), 2 deletions(-)
>>
>> diff --git a/docs/locking.html.in b/docs/locking.html.in
>> index 6d7b517..19dd6a3 100644
>> --- a/docs/locking.html.in
>> +++ b/docs/locking.html.in
>> @@ -121,6 +121,28 @@
>> </pre>
>>
>> <p>
>> + If your sanlock daemon happen to run under non-root
>> + privileges, you need to tell this to libvirt so it
>> + chowns created files correctly. This can be done by
>> + setting <code>user</code> and/or <code>group</code>
>> + variables in the configuration file. Accepted values
>> + range is specified in description to the same
>> + variables in <code>/etc/libvirt/qemu.conf</code>. For
>> + example:
>> + </p>
>> +
>> + <pre>
>> + augtool -s set /files/etc/libvirt/qemu-sanlock.conf/user sanlock
>> + augtool -s set /files/etc/libvirt/qemu-sanlock.conf/group sanlock
>> + </pre>
>> +
>> + <p>
>> + But remember, that if this is NFS share, you need a
>> + no_root_squash-ed one for chown (and chmod possibly)
>> + to succeed.
>> + </p>
>> +
>> + <p>
>> In terms of storage requirements, if the filesystem
>> uses 512 byte sectors, you need to allow for <code>1MB</code>
>> of storage for each guest disk. So if you have a network
>> diff --git a/libvirt.spec.in b/libvirt.spec.in
>> index ebebfab..edc43af 100644
>> --- a/libvirt.spec.in
>> +++ b/libvirt.spec.in
>> @@ -1568,6 +1568,13 @@ fi
>> /bin/systemctl try-restart libvirt-guests.service >/dev/null 2>&1 || :
>> %endif
>>
>> +%pre lock-sanlock
>> +if $(getent group sanlock > /dev/null; echo $?) == 0
>> + chmod 0770 %{_localstatedir}/lib/libvirt/sanlock
>> + chown root:sanlock %{_localstatedir}/lib/libvirt/sanlock
>> +endif
>
> Change this to:
>
> %post lock-sanlock
> if getent group sanlock > /dev/null; then
> chmod 0770 %{_localstatedir}/lib/libvirt/sanlock
> chown root:sanlock %{_localstatedir}/lib/libvirt/sanlock
> fi
>
> and you've got my ACK (we should make this working in 1.0.0,
>
> Martin
>
Changed and pushed. Thanks.
Michal
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list