Re: [libvirt] [PATCHv1.5 3/8] security: DAC: Remove superfluous link resolution

On 07/22/2014 03:20 AM, Peter Krempa wrote: chown() on a symlink changes the underlying file, not the link itself; you need the BSD extension lchown() to change the owner of a symlink (and even then, changing the owner of a symlink seldom has any noticeable impact - per 'man 7 symlink' on Linux, "The only time that the ownership of a symbolic link matters is when the link is being removed or renamed in a directory that has the sticky bit set"). So resolving a symlink before chown()ing it is pointless, since chown() will resolve it anyways, and we really don't need to care about lchown(). Likewise, on Linux, chmod() cannot alter a symlink to anything other than a pointless 0777 access mode. BSD is a bit different - there, lchown() coupled with chmod() can be used to alter whether a user can resolve through the symlink in pathname resolution, depending on the mount parameters of the current file system. But this is still a seldom used extension to POSIX. ACK. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org