[libvirt] [PATCH] Make domain save work when dynamic_ownership=0
Setting dynamic_ownership=0 in /etc/libvirt/qemu.conf prevents libvirt's DAC security driver from setting uid/gid on disk files when starting/stopping QEMU, allowing the admin to manage this manually. As a side effect it also stopped setting of uid/gid when saving guests to a file, which completely breaks save when QEMU is running non-root. Thus saved state labelling code must ignore the dynamic_ownership parameter * src/qemu/qemu_security_dac.c: Ignore dynamic_ownership=0 when doing save/restore image labelling --- src/qemu/qemu_security_dac.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c index 2d42ce2..364227d 100644 --- a/src/qemu/qemu_security_dac.c +++ b/src/qemu/qemu_security_dac.c @@ -407,7 +407,7 @@ static int qemuSecurityDACSetSavedStateLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED, const char *savefile) { - if (!driver->privileged || !driver->dynamicOwnership) + if (!driver->privileged) return 0; return qemuSecurityDACSetOwnership(savefile, driver->user, driver->group); @@ -418,7 +418,7 @@ static int qemuSecurityDACRestoreSavedStateLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED, const char *savefile) { - if (!driver->privileged || !driver->dynamicOwnership) + if (!driver->privileged) return 0; return qemuSecurityDACRestoreSecurityFileLabel(savefile); -- 1.6.6.1
On Thu, May 13, 2010 at 01:33:11PM -0400, Daniel P. Berrange wrote:
Setting dynamic_ownership=0 in /etc/libvirt/qemu.conf prevents libvirt's DAC security driver from setting uid/gid on disk files when starting/stopping QEMU, allowing the admin to manage this manually. As a side effect it also stopped setting of uid/gid when saving guests to a file, which completely breaks save when QEMU is running non-root. Thus saved state labelling code must ignore the dynamic_ownership parameter
* src/qemu/qemu_security_dac.c: Ignore dynamic_ownership=0 when doing save/restore image labelling --- src/qemu/qemu_security_dac.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c index 2d42ce2..364227d 100644 --- a/src/qemu/qemu_security_dac.c +++ b/src/qemu/qemu_security_dac.c @@ -407,7 +407,7 @@ static int qemuSecurityDACSetSavedStateLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED, const char *savefile) { - if (!driver->privileged || !driver->dynamicOwnership) + if (!driver->privileged) return 0;
return qemuSecurityDACSetOwnership(savefile, driver->user, driver->group); @@ -418,7 +418,7 @@ static int qemuSecurityDACRestoreSavedStateLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED, const char *savefile) { - if (!driver->privileged || !driver->dynamicOwnership) + if (!driver->privileged) return 0;
return qemuSecurityDACRestoreSecurityFileLabel(savefile);
ACK, Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/
participants (2)
-
Daniel P. Berrange -
Daniel Veillard