On Mon, Dec 05, 2016 at 02:56:12PM +0100, Michal Privoznik wrote:
On 05.12.2016 13:36, Daniel P. Berrange wrote:
On Thu, Nov 24, 2016 at 03:47:54PM +0100, Michal Privoznik wrote:
Namely, virFileGetACLs, virFileSetACLs, virFileFreeACLs and virFileCopyACLs. These functions are going to be required when we are creating /dev for qemu. We have copy anything that's in host's /dev exactly as is. Including ACLs.
Do we really ?
IIUC, udev uses ACLs on /dev in order to grant end users in the desktop session permission on certain device nodes, without chowning the whole device.
The device nodes in our private /dev only need to be accessible to the QEMU process we're about to run.
So neither existing ownership, group, permissions, nor ACLs matter at all. Our security driver code will chown/grp the device to grant QEMU access and that's all that's needed AFAICT.
What am I missing that requires us to preserve ACLs ?
Admins may set ACLs on say /dev/sdb to grant access to some users and then use relabel='no' in domain XMLs so that libvirt doesn't mess it up. If we want to honour no-relabel flag we must create the device exactly as is.
Ah ha. I totally forgot about the no-relabel case. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|