On Wed, Mar 20, 2024 at 10:19:12 +0100, Andrea Bolognani wrote:
virFileIsSharedFS() is the function that ultimately decides whether a filesystem should be considered shared, but the list of manually configured shared filesystems is part of the QEMU driver's configuration, so we need to pass the information through several layers in order to make use of it.
Note that with this change the list is propagated all the way through, but its contents are still ignored, so the behavior remains the same for now.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- src/lxc/lxc_controller.c | 2 +- src/lxc/lxc_driver.c | 2 +- src/lxc/lxc_process.c | 4 ++-- src/qemu/qemu_domain.c | 2 +- src/qemu/qemu_extdevice.c | 2 +- src/qemu/qemu_migration.c | 12 ++++++++---- src/qemu/qemu_security.c | 14 ++++++++++++-- src/qemu/qemu_tpm.c | 27 ++++++++++++++++++--------- src/qemu/qemu_tpm.h | 8 +++++--- src/security/security_apparmor.c | 2 ++ src/security/security_dac.c | 17 +++++++++++++---- src/security/security_driver.h | 4 ++++ src/security/security_manager.c | 20 ++++++++++++++------ src/security/security_manager.h | 4 ++++ src/security/security_nop.c | 4 ++++ src/security/security_selinux.c | 18 +++++++++++++++--- src/security/security_stack.c | 16 ++++++++++++---- src/util/virfile.c | 5 +++-- src/util/virfile.h | 3 ++- tests/securityselinuxlabeltest.c | 2 +- tests/virfiletest.c | 2 +- 21 files changed, 124 insertions(+), 46 deletions(-)
[...]
@@ -1355,7 +1363,7 @@ virSecurityManagerMetadataLock(virSecurityManager *mgr G_GNUC_UNUSED, } #endif /* !WIN32 */
- if (virFileIsSharedFS(p)) { + if (virFileIsSharedFS(p, NULL)) {
As virSecurityManagerMetadataLock is passed all of the functions that security labelling is happening on it feels weird to have one instance where it's not. Any reason you didn't pass it in? It should not matter as locally the files shouldn't return an error. If you have a reason, explain it in a comment please.
/* Probably a root squashed NFS. */ continue; }
Rest looks good