On 05/24/2013 10:25 PM, Martin Kletzander wrote: > There were some places in the code, where files were being opened with > uid:gid of the daemon instead of the qemu process related to the file. > > First patch exposes the parseIds() function in order for it to be used > somewhere else in the code than in the DAC security driver. The next > patch fixes how the files are opened and the last one fixes occurences > of open() that should use different uid:gid for opening files. > > There maybe should be a check for whether the file being opened is an > image and whether the label used to open the file should be imagelabel > or not. But, the QEMU process opening the file is running as the > label (not imagelabel) and accessing the files as such. > > Martin Kletzander (3): > Expose ownership ID parsing > Make qemuOpenFile aware of per-VM DAC seclabel. > Use qemuOpenFile in qemu_driver.c > > src/libvirt_private.syms | 1 + > src/qemu/qemu_driver.c | 87 +++++++++++++++++++++++++++++++-------------- > src/security/security_dac.c | 51 ++------------------------ > src/util/virutil.c | 56 +++++++++++++++++++++++++++++ > src/util/virutil.h | 2 ++ > 5 files changed, 122 insertions(+), 75 deletions(-) > Ping? -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list