mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-27 06:55:18 +00:00
Make domain save work when dynamic_ownership=0
Setting dynamic_ownership=0 in /etc/libvirt/qemu.conf prevents libvirt's DAC security driver from setting uid/gid on disk files when starting/stopping QEMU, allowing the admin to manage this manually. As a side effect it also stopped setting of uid/gid when saving guests to a file, which completely breaks save when QEMU is running non-root. Thus saved state labelling code must ignore the dynamic_ownership parameter * src/qemu/qemu_security_dac.c: Ignore dynamic_ownership=0 when doing save/restore image labelling
This commit is contained in:
parent
02ddaddfa8
commit
de4d70873a
@ -407,7 +407,7 @@ static int
|
|||||||
qemuSecurityDACSetSavedStateLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
|
qemuSecurityDACSetSavedStateLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
|
||||||
const char *savefile)
|
const char *savefile)
|
||||||
{
|
{
|
||||||
if (!driver->privileged || !driver->dynamicOwnership)
|
if (!driver->privileged)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return qemuSecurityDACSetOwnership(savefile, driver->user, driver->group);
|
return qemuSecurityDACSetOwnership(savefile, driver->user, driver->group);
|
||||||
@ -418,7 +418,7 @@ static int
|
|||||||
qemuSecurityDACRestoreSavedStateLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
|
qemuSecurityDACRestoreSavedStateLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
|
||||||
const char *savefile)
|
const char *savefile)
|
||||||
{
|
{
|
||||||
if (!driver->privileged || !driver->dynamicOwnership)
|
if (!driver->privileged)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return qemuSecurityDACRestoreSecurityFileLabel(savefile);
|
return qemuSecurityDACRestoreSecurityFileLabel(savefile);
|
||||||
|
Loading…
x
Reference in New Issue
Block a user