On 12/23/2010 11:39 AM, Laine Stump wrote:
This patch fixes
https://bugzilla.redhat.com/show_bug.cgi?id=664406
If qemu is run as a different uid, it has been unable to access mode
0660 files that are owned by a different user, but with a group that
the qemu is a member of (aside from the one group listed in the passwd
file), because initgroups() is not being called prior to the
exec. initgroups will change the group membership of the process (and
its children) to match the new uid.
To make this happen, the setregid()/setreuid() code in
qemuSecurityDACSetProcessLabel has been replaced with a call to
virSetUIDGID(), which does both of those, plus calls initgroups.
Similar, but not identical, code in qemudOpenAsUID() has been replaced
with virSetUIDGID(). This not only consolidates the functionality to a
single location, but also potentially fixes some as-yet unreported
bugs.
---
src/qemu/qemu_driver.c | 44 +++++++++++++----------------------------
src/qemu/qemu_security_dac.c | 18 +---------------
2 files changed, 16 insertions(+), 46 deletions(-)
+ if (virSetUIDGID(uid, gid) < 0) {
+ exit_code = errno;
+ goto child_cleanup;
Ah, I see why you needed patch 1 - patch two calls virReportSystemError
in between the setting of errno and the return.
However, one glitch - VIR_FREE(x) does not (yet) guarantee that errno is
preserved (some poorly-written free() implementations can modify errno;
glibc is nicer in trying to avoid that). You'll need to modify 1/3
accordingly.
Which means ACK to this patch as perfect, but the prerequisites aren't
there yet :)
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library
http://libvirt.org