On Wed 24 Jul 2013 10:56:56 AM CEST, Michal Privoznik wrote: > On 24.05.2013 22:25, Martin Kletzander wrote: >> There were some places in the code, where files were being opened with >> uid:gid of the daemon instead of the qemu process related to the file. >> >> First patch exposes the parseIds() function in order for it to be used >> somewhere else in the code than in the DAC security driver. The next >> patch fixes how the files are opened and the last one fixes occurences >> of open() that should use different uid:gid for opening files. >> >> There maybe should be a check for whether the file being opened is an >> image and whether the label used to open the file should be imagelabel >> or not. But, the QEMU process opening the file is running as the >> label (not imagelabel) and accessing the files as such. >> >> Martin Kletzander (3): >> Expose ownership ID parsing >> Make qemuOpenFile aware of per-VM DAC seclabel. >> Use qemuOpenFile in qemu_driver.c >> >> src/libvirt_private.syms | 1 + >> src/qemu/qemu_driver.c | 87 +++++++++++++++++++++++++++++++-------------- >> src/security/security_dac.c | 51 ++------------------------ >> src/util/virutil.c | 56 +++++++++++++++++++++++++++++ >> src/util/virutil.h | 2 ++ >> 5 files changed, 122 insertions(+), 75 deletions(-) >> >> -- >> 1.8.2.1 >> > > ACK series, Thanks, pushed. Martin -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list