On 10/29/2013 04:13 PM, Eric Blake wrote:
On 10/29/2013 12:52 PM, John Ferlan wrote:
To ensure proper processing by virGetUserID() and virGetGroupID() of a uid/gid add a "+" prior to the uid/gid to denote it's really a uid/gid for the label.
Signed-off-by: John Ferlan <jferlan@redhat.com> --- src/security/security_dac.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
ACK. Although unlikely, it is possible to have a system with a username that is purely digits, and where those digits don't match the underlying uid, so it is indeed nice that when we know we have a uid that we force the parser to skip a name lookup (which harmlessly fails on 99.99% of the systems, but which could potentially get wrong credentials on the rare system with odd usernames). Worth including in 1.1.4.
Thanks - this is now pushed. John It's also notable that without the patch, messages would be sent to /var/log/messages such as: Oct 19 10:13:21 myhost libvirtd[4055]: User record for user '1000' was not found: No such file or directory Oct 19 10:13:21 myhost libvirtd[4055]: Group record for user '1000' was not found: No such file or directory