Re: [libvirt] [PATCH 10/12] Add configuration option to turn off dynamic permissions management
On Wed, Jan 20, 2010 at 03:15:07PM +0000, Daniel P. Berrange wrote:
Add the ability to turn off dynamic management of file permissions
for libvirt guests.
* qemu/libvirtd_qemu.aug: Support 'dynamic_ownership' flag
* qemu/qemu.conf: Document 'dynamic_ownership' flag.
* qemu/qemu_conf.c: Load 'dynamic_ownership' flag
* qemu/test_libvirtd_qemu.aug: Test 'dynamic_ownership' flag
---
src/qemu/libvirtd_qemu.aug | 1 +
src/qemu/qemu.conf | 5 +++++
src/qemu/qemu_conf.c | 13 ++++++++++---
src/qemu/test_libvirtd_qemu.aug | 4 ++++
4 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index f0b2a5e..b71e4cf 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -32,6 +32,7 @@ module Libvirtd_qemu =
| str_entry "security_driver"
| str_entry "user"
| str_entry "group"
+ | bool_entry "dynamic_ownership"
| str_array_entry "cgroup_controllers"
| str_array_entry "cgroup_device_acl"
| str_entry "save_image_format"
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 2129bae..c662893 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -96,6 +96,11 @@
# The group ID for QEMU processes run by the system instance
#group = "root"
+# Whether libvirt should dynamically change file ownership
+# to match the configured user/group above. Defaults to 1.
+# Set to 0 to disable file ownership changes.
+#dynamic_ownership = 1
+
# What cgroup controllers to make use of with QEMU guests
#
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 2cefa6a..34c6fdb 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -102,7 +102,9 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
char *group;
int i;
- /* Setup 2 critical defaults */
+ /* Setup critical defaults */
+ driver->dynamicOwnership = 1;
+
if (!(driver->vncListen = strdup("127.0.0.1"))) {
virReportOOMError(NULL);
return -1;
@@ -224,6 +226,7 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
}
VIR_FREE(user);
+
p = virConfGetValue (conf, "group");
CHECK_TYPE ("group", VIR_CONF_STRING);
if (!(group = strdup(p && p->str ? p->str : QEMU_GROUP))) {
@@ -231,8 +234,6 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
virConfFree(conf);
return -1;
}
-
-
if (virGetGroupID(NULL, group, &driver->group) < 0) {
VIR_FREE(group);
virConfFree(conf);
@@ -240,6 +241,12 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
}
VIR_FREE(group);
+
+ p = virConfGetValue (conf, "dynamic_ownership");
+ CHECK_TYPE ("dynamic_ownership", VIR_CONF_LONG);
+ if (p) driver->dynamicOwnership = p->l;
+
Hum, I was wondering about the value space for dynamicOwnership, it's
defined as an int but so far we just use the !driver->dynamicOwnership
test. So that looks fine, but I wonder if in the future we may not
extend this to take more values for example depending on the type of
devices.
ACK
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/