On 18.09.2015 20:20, John Ferlan wrote:
A followup of sorts to recently pushed patches regarding NFS
root-squash.
During libvirt-security list review it was pointed out that the new code
was essentially open coding what virProcessWait does. However, since the
model being used also was open coded and there was a time element, the
change was allowed as is with the expectation that a cleanup patch would
follow. Which is what leads into this series....
The series started out purely as removing the open code and replacing
with the call to virProcessWait, but during that exercise I also realized
that it was possible to create a 'netdir' in a NFS root-squash environment
(eg, virDirCreate); however, the corrollary to remove the directory using
a fork/exec didn't exist - in fact all that was called was rmdir, which
failed to delete in the NFS root-squash environment. Rather than having
a whole new interface, the first patch reworks virFileUnlink to check
whether the target is a directory or a file and either call rmdir or
unlink appropriately.
The one common thread amongst the 3 API's changed here is they each looked
to return an errno value, while typically virProcessWait consumers only
return -1 and errno. Determining which failure in virProcessWait returns
-1 is possible because one exit path uses virReportSystemError to report
the error that caused the waitpid() to fail, while the other error path
either receives the errno from the child process or if not present had
already "assumed" EACCES, so these changes follow that model, except that
if it's determined the waitpid failed, EINTR is returned similar to how
virFileAccessibleAs sets errno and returns -1.
John Ferlan (4):
storage: Use virFileUnlink instead of rmdir
virfile: Use virProcessWait in virFileOpenForked
virfile: Use virProcessWait in virFileUnlink
virfile: Use virProcessWait in virDirCreate
src/storage/storage_backend_fs.c | 20 +++--
src/util/virfile.c | 153 ++++++++++++++++-----------------------
2 files changed, 71 insertions(+), 102 deletions(-)
ACK series. Looking forward to the follow up patch.
Michal