This is just a resurrection of my previous patchset. As of atomicity problem, I just realized there is none. The qemuProcessHook (which is responsible for locking the files) is called prior virSecurityManagerSetAllLabel (responsible for chown()-ing). Anyway, even if there's still one and it's pre-existing, it shouldn't block this set, should it? Michal Privoznik (3): virFile: Add APIs for extended attributes handling virfile: Introduce internal API for managing ACL security_dac: Favour ACLs over chown() configure.ac | 2 + libvirt.spec.in | 1 + m4/virt-acl.m4 | 9 ++ src/Makefile.am | 4 +- src/libvirt_private.syms | 6 + src/security/security_dac.c | 297 ++++++++++++++++++++++++++++++++++++++----- src/util/virfile.c | 301 ++++++++++++++++++++++++++++++++++++++++++++ src/util/virfile.h | 28 +++++ 8 files changed, 617 insertions(+), 31 deletions(-) create mode 100644 m4/virt-acl.m4 -- 1.8.1.5 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list