virSecurityManagerMetadataLock: Ignore RO filesystem

When locking files for metadata change, we open() them for R/W access. The write access is needed because we want to acquire exclusive (write) lock (to mutually exclude with other daemons trying to modify XATTRs on the same file). Anyway, the open() might fail if the file lives on a RO filesystem. Well, if that's the case, ignore the error and continue with the next file on the list. We won't change any seclabel on the file anyway - there is nothing to remember then. Reported-by: Olaf Hering <olaf@aepfle.de> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-07-31 05:57:16 +00:00 · 2020-07-10 10:48:01 +02:00 · 2020-07-10 10:48:01 +02:00 · c531f42755
commit c531f42755
parent 0a145de970
1 changed files with 5 additions and 0 deletions
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@ -1359,6 +1359,11 @@ virSecurityManagerMetadataLock(virSecurityManagerPtr mgr G_GNUC_UNUSED,
        }

        if ((fd = open(p, O_RDWR)) < 0) {
+            if (errno == EROFS) {
+                /* There is nothing we can do for RO filesystem. */
+                continue;
+            }
+
 #ifndef WIN32
            if (S_ISSOCK(sb.st_mode)) {
                /* Sockets can be opened only if there exists the