Re: [libvirt] [PATCH] qemu: Use correct permissions when determining the image chain

On 02/07/2014 10:53 AM, Peter Krempa wrote: > The code took into account only the global permissions. The domains now > support per-vm DAC lables and per-image DAC labels. Use the most s/lables/labels/ > specific label available. > --- > src/qemu/qemu_domain.c | 35 +++++++++++++++++++++++++++++++++-- > src/qemu/qemu_domain.h | 1 + > src/qemu/qemu_driver.c | 8 ++++---- > src/qemu/qemu_hotplug.c | 2 +- > src/qemu/qemu_process.c | 2 +- > 5 files changed, 40 insertions(+), 8 deletions(-) > +static void > +qemuDomainGetImageIds(virQEMUDriverConfigPtr cfg, > + virDomainObjPtr vm, > + virDomainDiskDefPtr disk, > + uid_t *uid, gid_t *gid) > +{ > + virSecurityLabelDefPtr vmlabel; > + virSecurityDeviceLabelDefPtr disklabel; Here, I'd add: if (uid) *uid = -1; if (gid) *gid = -1;

> + > + if (cfg) { > + if (uid) > + *uid = cfg->user; > + > + if (gid) > + *gid = cfg->group; > + } > + > + if (vm && (vmlabel = virDomainDefGetSecurityLabelDef(vm->def, "dac"))) > + virParseOwnershipIds(vmlabel->label, uid, gid); > + > + if ((disklabel = virDomainDiskDefGetSecurityLabelDef(disk, "dac"))) > + virParseOwnershipIds(disklabel->label, uid, gid); since all three of these more-specific overrides could all be missing, but ideally, you want to guarantee that we picked the best-possible uid/gid by the end of this method. ACK with that fixed - it means that all disks are now being opened by the same credentials as what we tell qemu to open with.