Re: [PATCH 07/15] qemu: replace exec hook with virCommandSetUID/GID in storage_backend

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 02/07/2013 02:37 PM, Laine Stump wrote:
> ---
>  src/storage/storage_backend.c | 28 ++++++----------------------
>  1 file changed, 6 insertions(+), 22 deletions(-)
> 

> @@ -576,7 +558,9 @@ static int virStorageBackendCreateExecCommand(virStoragePoolObjPtr pool,
>          }
>      }
>  
> -    data.skip = true;
> +    /* don't change uid/gid if we retry */
> +    virCommandSetUID(cmd, 0);
> +    virCommandSetGID(cmd, 0);

Hmm, so you are reusing an existing virCommand, but want to change it to
no longer attempt uid/gid change (that is, inherit the uid/gid of the
current libvirtd).  If you refactor things in earlier patches to use -1
as the no-op, and allow an attempt to change to id 0, then this needs
alteration to -1.

And per the man page of setfsuid, there really are reasons why one would
attempt to change uid to 0, even when already executing as uid 0 - it
forces Linux to resync the fsuid back to 0.  True, not much code plays
with fsuid, and it is rare to have a program where fsuid differs from
uid, but I'd rather our wrapper lets us expose full kernel/glibc rules
on id setting, than to accidentally short-circuit away something that
has important side-effects in odd corner cases.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]