External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-22 12:35:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

storage: Change virStorageBackendVolOpen to use virFileOpenAs

Browse Source 
https://bugzilla.redhat.com/show_bug.cgi?id=1282288

Rather than using just open on the path, allow for the possibility that
the path to be opened resides on an NFS root-squash target and was created
under a different uid/gid.

Without using virFileOpenAs an attempt to get the volume size data may fail
if the current user doesn't have permissions to read the volume, such as
would be the case if mode wasn't supplied in the volume XML and the default
VIR_STORAGE_DEFAULT_VOL_PERM_MODE (e.g. 0600) was used. Under this scenario
the owner/group is not root:root, thus this path run under root would fail
to open/read the volume.

NB: The virFileOpenAs code using OPEN_FORK will only work when the failure
is not EACESS/EPERM and the path resolves to a shared file system.
This commit is contained in:
John Ferlan 2015-11-17 10:13:43 -05:00
parent ce6506b0bc
commit 5e3ad0b775
1 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/storage/storage_backend.c
View File

@ -1484,9 +1484,18 @@ virStorageBackendVolOpen(const char *path, struct stat *sb,
* sockets, which we already filtered; but using it prevents a
* TOCTTOU race. However, later on we will want to read() the
* header from this fd, and virFileRead* routines require a
* blocking fd, so fix it up after verifying we avoided a
* race. */
if ((fd = open(path, O_RDONLY|O_NONBLOCK|O_NOCTTY)) < 0) {
* blocking fd, so fix it up after verifying we avoided a race.
*
* Use of virFileOpenAs allows this path to open a file using
* the uid and gid as it was created in order to open. Since this
* path is not using O_CREAT or O_TMPFILE, mode is meaningless.
* Opening under user/group is especially important in an NFS
* root-squash environment. If the target path isn't on shared
* file system, the open will fail in the OPEN_FORK path.
*/
if ((fd = virFileOpenAs(path, O_RDONLY|O_NONBLOCK|O_NOCTTY,
0, sb->st_uid, sb->st_gid,
VIR_FILE_OPEN_NOFORK|VIR_FILE_OPEN_FORK)) < 0) {
if ((errno == ENOENT || errno == ELOOP) &&
S_ISLNK(sb->st_mode) && noerror) {
VIR_WARN("ignoring dangling symlink '%s'", path);