On 06/24/2013 12:19 PM, Martin Kletzander wrote: > On 05/24/2013 10:25 PM, Martin Kletzander wrote: >> There were some places in the code, where files were being opened with >> uid:gid of the daemon instead of the qemu process related to the file. >> >> First patch exposes the parseIds() function in order for it to be used >> somewhere else in the code than in the DAC security driver. The next >> patch fixes how the files are opened and the last one fixes occurences >> of open() that should use different uid:gid for opening files. >> >> There maybe should be a check for whether the file being opened is an >> image and whether the label used to open the file should be imagelabel >> or not. But, the QEMU process opening the file is running as the >> label (not imagelabel) and accessing the files as such. >> >> Martin Kletzander (3): >> Expose ownership ID parsing >> Make qemuOpenFile aware of per-VM DAC seclabel. >> Use qemuOpenFile in qemu_driver.c >> >> src/libvirt_private.syms | 1 + >> src/qemu/qemu_driver.c | 87 +++++++++++++++++++++++++++++++-------------- >> src/security/security_dac.c | 51 ++------------------------ >> src/util/virutil.c | 56 +++++++++++++++++++++++++++++ >> src/util/virutil.h | 2 ++ >> 5 files changed, 122 insertions(+), 75 deletions(-) >> > > Ping? > Ping? Still applicable on master, fixes at least two bugs... Martin -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list