Re: [libvirt] [PATCH v2] sanlock: Introduce 'user' and 'group' conf variables

On 10/29/2012 04:18 PM, Michal Privoznik wrote: > through which user set under what permissions does sanlock > daemon run so libvirt will set the same permissions for > files exposed to it. > --- > > diff to v1: > -update spec file so sanlock dir is installed with root:sanlock > iff group sanlock exists > > docs/locking.html.in | 22 +++++++++ > libvirt.spec.in | 7 +++ > src/locking/libvirt_sanlock.aug | 2 + > src/locking/lock_driver_sanlock.c | 76 ++++++++++++++++++++++++++++++- > src/locking/sanlock.conf | 11 ++++- > src/locking/test_libvirt_sanlock.aug.in | 2 + > 6 files changed, 118 insertions(+), 2 deletions(-) > > diff --git a/docs/locking.html.in b/docs/locking.html.in > index 6d7b517..19dd6a3 100644 > --- a/docs/locking.html.in > +++ b/docs/locking.html.in > @@ -121,6 +121,28 @@ > </pre> > > <p> > + If your sanlock daemon happen to run under non-root > + privileges, you need to tell this to libvirt so it > + chowns created files correctly. This can be done by > + setting <code>user</code> and/or <code>group</code> > + variables in the configuration file. Accepted values > + range is specified in description to the same > + variables in <code>/etc/libvirt/qemu.conf</code>. For > + example: > + </p> > + > + <pre> > + augtool -s set /files/etc/libvirt/qemu-sanlock.conf/user sanlock > + augtool -s set /files/etc/libvirt/qemu-sanlock.conf/group sanlock > + </pre> > + > + <p> > + But remember, that if this is NFS share, you need a > + no_root_squash-ed one for chown (and chmod possibly) > + to succeed. > + </p> > + > + <p> > In terms of storage requirements, if the filesystem > uses 512 byte sectors, you need to allow for <code>1MB</code> > of storage for each guest disk. So if you have a network > diff --git a/libvirt.spec.in b/libvirt.spec.in > index ebebfab..edc43af 100644 > --- a/libvirt.spec.in > +++ b/libvirt.spec.in > @@ -1568,6 +1568,13 @@ fi > /bin/systemctl try-restart libvirt-guests.service >/dev/null 2>&1 || : > %endif > > +%pre lock-sanlock > +if $(getent group sanlock > /dev/null; echo $?) == 0 > + chmod 0770 %{_localstatedir}/lib/libvirt/sanlock > + chown root:sanlock %{_localstatedir}/lib/libvirt/sanlock > +endif Change this to: %post lock-sanlock if getent group sanlock > /dev/null; then chmod 0770 %{_localstatedir}/lib/libvirt/sanlock chown root:sanlock %{_localstatedir}/lib/libvirt/sanlock fi and you've got my ACK (we should make this working in 1.0.0, Martin