On 02/07/2017 11:57 AM, Martin Kletzander wrote:
On Fri, Jan 20, 2017 at 10:42:49AM +0100, Michal Privoznik wrote:
Similarly to one of the previous commits, we need to deal properly with symlinks in hotplug case too.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_domain.c | 120 ++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 94 insertions(+), 26 deletions(-)
ACK to this, but ...
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 448583313..bcfb2446f 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -7701,17 +7763,22 @@ qemuDomainAttachDeviceMknod(virQEMUDriverPtr driver, } #endif
- if (virSecurityManagerPreFork(driver->securityManager) < 0) - goto cleanup; + if (STRPREFIX(file, DEVPREFIX)) { + if (virSecurityManagerPreFork(driver->securityManager) < 0) + goto cleanup;
- if (virProcessRunInMountNamespace(vm->pid, - qemuDomainAttachDeviceMknodHelper, - &data) < 0) { + if (virProcessRunInMountNamespace(vm->pid, + qemuDomainAttachDeviceMknodHelper, + &data) < 0) {
... I'm sure you have patches for this somewhere that are not posted or something =D However now we actually fork for every level of the symlink. Even when everyone is scared of every single fork(). Can't we use transactions for this as well? If not, could we enhance them so that we can use them?
Transactions are security driver specific. But we can imitate them here too. Instead of direct fork() we would have a list to which we append all the symlinks we want to create and then fork() once and execute the list. Good point. I will work on that. Michal