[PATCH 0/2] virSecurityManagerMetadataLock: Ignore RO filesystem
See 2/2 for explanation. Michal Prívozník (2): virSecurityManagerMetadataLock: Clarify directory locking comment virSecurityManagerMetadataLock: Ignore RO filesystem src/security/security_manager.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) -- 2.26.2
In the light of recent commit of 9d83281382 fix the comment that says directories can't be locked. Well, in general they can, but not in our case. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/security/security_manager.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/security/security_manager.c b/src/security/security_manager.c index ad1938caeb..d26d3a0527 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -1353,7 +1353,8 @@ virSecurityManagerMetadataLock(virSecurityManagerPtr mgr G_GNUC_UNUSED, continue; if (S_ISDIR(sb.st_mode)) { - /* Directories can't be locked */ + /* We need to open the path for writing because we need exclusive + * (write) lock. But directories can't be opened for writing. */ continue; } -- 2.26.2
When locking files for metadata change, we open() them for R/W access. The write access is needed because we want to acquire exclusive (write) lock (to mutually exclude with other daemons trying to modify XATTRs on the same file). Anyway, the open() might fail if the file lives on a RO filesystem. Well, if that's the case, ignore the error and continue with the next file on the list. We won't change any seclabel on the file anyway - there is nothing to remember then. Reported-by: Olaf Hering <olaf@aepfle.de> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/security/security_manager.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/security/security_manager.c b/src/security/security_manager.c index d26d3a0527..252cfefcff 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -1359,6 +1359,11 @@ virSecurityManagerMetadataLock(virSecurityManagerPtr mgr G_GNUC_UNUSED, } if ((fd = open(p, O_RDWR)) < 0) { + if (errno == EROFS) { + /* There is nothing we can do for RO filesystem. */ + continue; + } + #ifndef WIN32 if (S_ISSOCK(sb.st_mode)) { /* Sockets can be opened only if there exists the -- 2.26.2
On a Friday in 2020, Michal Privoznik wrote:
See 2/2 for explanation.
Michal Prívozník (2): virSecurityManagerMetadataLock: Clarify directory locking comment virSecurityManagerMetadataLock: Ignore RO filesystem
src/security/security_manager.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
participants (2)
-
Ján Tomko -
Michal Privoznik