Re: [libvirt] [PATCHv8 01/11] storage: let format probing work on root-squash NFS
On 10/22/2012 09:18 AM, Peter Krempa wrote:
On 10/20/12 23:47, Eric Blake wrote:
> Yet another instance of where using plain open() mishandles files
> that live on root-squash NFS, and where improving the API can
> improve the chance of a successful probe.
>
> * src/util/storage_file.h (virStorageFileProbeFormat): Alter
> signature.
> * src/util/storage_file.c (virStorageFileProbeFormat): Use better
> method for opening file.
> * src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Update caller.
> * src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
> Likewise.
> ---
>
> v8: new patch
>
I know it's late now, and this patch has been pushed, but we
will
probably need a followup patch that changes this part to values set in
the DAC seclabels in the domain configuration. The DAC driver gives us
the ability to specify the user and group of the machine separately, so
we should use that information to access the images.
In that case, qemu_driver.c:qemuOpenFile() also needs to be fixed to
honor VM DAC labeling, as it also passes driver->user and driver->group
down to virFileOpenAs. That is, if I'm understanding your complaint,
the new DAC labeling allows us to run a single qemu guest process under
a different uid:gid than the defaults specified in qemu.conf, and if we
have that turned on, then we should be favoring per-guest user and group
over the driver user/group default. Sounds like we need a helper
function, which when given the qemu driver and the vm definition,
returns the appropriate user:group id to use for that vm.
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 617 bytes)