External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-23 03:42:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemu: Use correct permissions when determining the image chain

Browse Source 
The code took into account only the global permissions. The domains now
support per-vm DAC labels and per-image DAC labels. Use the most
specific label available.
This commit is contained in:
Peter Krempa 2014-02-07 18:42:27 +01:00
parent e209c07760
commit 9bf629ab60
5 changed files with 45 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
src/qemu/qemu_domain.c
View File

@ -2210,7 +2210,7 @@ qemuDomainCheckDiskPresence(virQEMUDriverPtr driver,
if (!disk->src) if (!disk->src)
continue; continue;
if (qemuDomainDetermineDiskChain(driver, disk, false) >= 0 && if (qemuDomainDetermineDiskChain(driver, vm, disk, false) >= 0 &&
qemuDiskChainCheckBroken(disk) >= 0) qemuDiskChainCheckBroken(disk) >= 0)
continue; continue;
@ -2319,13 +2319,46 @@ qemuDiskChainCheckBroken(virDomainDiskDefPtr disk)
return 0; return 0;
} }
static void
qemuDomainGetImageIds(virQEMUDriverConfigPtr cfg,
virDomainObjPtr vm,
virDomainDiskDefPtr disk,
uid_t *uid, gid_t *gid)
{
virSecurityLabelDefPtr vmlabel;
virSecurityDeviceLabelDefPtr disklabel;
if (uid)
*uid = -1;
if (gid)
*gid = -1;
if (cfg) {
if (uid)
*uid = cfg->user;
if (gid)
*gid = cfg->group;
}
if (vm && (vmlabel = virDomainDefGetSecurityLabelDef(vm->def, "dac")))
virParseOwnershipIds(vmlabel->label, uid, gid);
if ((disklabel = virDomainDiskDefGetSecurityLabelDef(disk, "dac")))
virParseOwnershipIds(disklabel->label, uid, gid);
}
int int
qemuDomainDetermineDiskChain(virQEMUDriverPtr driver, qemuDomainDetermineDiskChain(virQEMUDriverPtr driver,
virDomainObjPtr vm,
virDomainDiskDefPtr disk, virDomainDiskDefPtr disk,
bool force) bool force)
{ {
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver); virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
int ret = 0; int ret = 0;
uid_t uid;
gid_t gid;
if (!disk->src || if (!disk->src ||
disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK || disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK ||
@ -2340,8 +2373,11 @@ qemuDomainDetermineDiskChain(virQEMUDriverPtr driver,
goto cleanup; goto cleanup;
} }
} }
qemuDomainGetImageIds(cfg, vm, disk, &uid, &gid);
disk->backingChain = virStorageFileGetMetadata(disk->src, disk->format, disk->backingChain = virStorageFileGetMetadata(disk->src, disk->format,
cfg->user, cfg->group, uid, gid,
cfg->allowDiskFormatProbing); cfg->allowDiskFormatProbing);
if (!disk->backingChain) if (!disk->backingChain)
ret = -1; ret = -1;

1
src/qemu/qemu_domain.h
View File

@ -353,6 +353,7 @@ int qemuDomainCheckDiskPresence(virQEMUDriverPtr driver,
int qemuDiskChainCheckBroken(virDomainDiskDefPtr disk); int qemuDiskChainCheckBroken(virDomainDiskDefPtr disk);
int qemuDomainDetermineDiskChain(virQEMUDriverPtr driver, int qemuDomainDetermineDiskChain(virQEMUDriverPtr driver,
virDomainObjPtr vm,
virDomainDiskDefPtr disk, virDomainDiskDefPtr disk,
bool force); bool force);

8
src/qemu/qemu_driver.c
View File

@ -6499,7 +6499,7 @@ qemuDomainChangeDiskMediaLive(virConnectPtr conn,
if (qemuTranslateDiskSourcePool(conn, disk) < 0) if (qemuTranslateDiskSourcePool(conn, disk) < 0)
goto end; goto end;
if (qemuDomainDetermineDiskChain(driver, disk, false) < 0) if (qemuDomainDetermineDiskChain(driver, vm, disk, false) < 0)
goto end; goto end;
if (qemuSetupDiskCgroup(vm, disk) < 0) if (qemuSetupDiskCgroup(vm, disk) < 0)
@ -14632,7 +14632,7 @@ qemuDomainBlockPivot(virConnectPtr conn,
disk->src = disk->mirror; disk->src = disk->mirror;
disk->format = disk->mirrorFormat; disk->format = disk->mirrorFormat;
disk->backingChain = NULL; disk->backingChain = NULL;
if (qemuDomainDetermineDiskChain(driver, disk, false) < 0) { if (qemuDomainDetermineDiskChain(driver, vm, disk, false) < 0) {
disk->src = oldsrc; disk->src = oldsrc;
disk->format = oldformat; disk->format = oldformat;
disk->backingChain = oldchain; disk->backingChain = oldchain;
@ -14983,7 +14983,7 @@ qemuDomainBlockCopy(virDomainObjPtr vm,
goto endjob; goto endjob;
} }
if (qemuDomainDetermineDiskChain(driver, disk, false) < 0) if (qemuDomainDetermineDiskChain(driver, vm, disk, false) < 0)
goto endjob; goto endjob;
if ((flags & VIR_DOMAIN_BLOCK_REBASE_SHALLOW) && if ((flags & VIR_DOMAIN_BLOCK_REBASE_SHALLOW) &&
@ -15190,7 +15190,7 @@ qemuDomainBlockCommit(virDomainPtr dom, const char *path, const char *base,
disk->dst); disk->dst);
goto endjob; goto endjob;
} }
if (qemuDomainDetermineDiskChain(driver, disk, false) < 0) if (qemuDomainDetermineDiskChain(driver, vm, disk, false) < 0)
goto endjob; goto endjob;
if (!top) { if (!top) {

2
src/qemu/qemu_hotplug.c
View File

@ -719,7 +719,7 @@ qemuDomainAttachDeviceDiskLive(virConnectPtr conn,
if (qemuSetUnprivSGIO(dev) < 0) if (qemuSetUnprivSGIO(dev) < 0)
goto end; goto end;
if (qemuDomainDetermineDiskChain(driver, disk, false) < 0) if (qemuDomainDetermineDiskChain(driver, vm, disk, false) < 0)
goto end; goto end;
if (qemuSetupDiskCgroup(vm, disk) < 0) if (qemuSetupDiskCgroup(vm, disk) < 0)

2
src/qemu/qemu_process.c
View File

@ -997,7 +997,7 @@ qemuProcessHandleBlockJob(qemuMonitorPtr mon ATTRIBUTE_UNUSED,
if ((type == VIR_DOMAIN_BLOCK_JOB_TYPE_PULL || if ((type == VIR_DOMAIN_BLOCK_JOB_TYPE_PULL ||
type == VIR_DOMAIN_BLOCK_JOB_TYPE_COMMIT) && type == VIR_DOMAIN_BLOCK_JOB_TYPE_COMMIT) &&
status == VIR_DOMAIN_BLOCK_JOB_COMPLETED) status == VIR_DOMAIN_BLOCK_JOB_COMPLETED)
qemuDomainDetermineDiskChain(driver, disk, true); qemuDomainDetermineDiskChain(driver, vm, disk, true);
if (disk->mirror && type == VIR_DOMAIN_BLOCK_JOB_TYPE_COPY && if (disk->mirror && type == VIR_DOMAIN_BLOCK_JOB_TYPE_COPY &&
status == VIR_DOMAIN_BLOCK_JOB_READY) status == VIR_DOMAIN_BLOCK_JOB_READY)
disk->mirroring = true; disk->mirroring = true;