提交 28c547ed 编写于 作者: C Cole Robinson

storage: fs: Don't try to chown directory unless user requested

Currently we try to chown any directory passed to virDirCreate,
even if the user didn't request any explicit owner/group via the
pool/vol XML.

This causes issues with qemu:///session: try to build a pool of
a root owned directory like /tmp, and it fails trying to chown the
directory to the session user. Instead it should just leave things
as they are, unless the user requests changing permissions via
the pool XML.

Similarly this is annoying if creating a storage pool via system
libvirtd of an existing directory in user $HOME, it's now owned
by root.

The virDirCreate function is pretty convoluted, since it needs to
fork off in certain specific cases. Try to document that, to make
it clear where exactly we are changing behavior.
上级 262b3c05
...@@ -2303,7 +2303,8 @@ virDirCreateNoFork(const char *path, ...@@ -2303,7 +2303,8 @@ virDirCreateNoFork(const char *path,
virReportSystemError(errno, _("stat of '%s' failed"), path); virReportSystemError(errno, _("stat of '%s' failed"), path);
goto error; goto error;
} }
if (((st.st_uid != uid) || (st.st_gid != gid)) if (((uid != (uid_t) -1 && st.st_uid != uid) ||
(gid != (gid_t) -1 && st.st_gid != gid))
&& (chown(path, uid, gid) < 0)) { && (chown(path, uid, gid) < 0)) {
ret = -errno; ret = -errno;
virReportSystemError(errno, _("cannot chown '%s' to (%u, %u)"), virReportSystemError(errno, _("cannot chown '%s' to (%u, %u)"),
...@@ -2335,19 +2336,32 @@ virDirCreate(const char *path, ...@@ -2335,19 +2336,32 @@ virDirCreate(const char *path,
gid_t *groups; gid_t *groups;
int ngroups; int ngroups;
/* allow using -1 to mean "current value" */ /* Everything after this check is crazyness to allow setting uid/gid
if (uid == (uid_t) -1) * on directories that are on root-squash NFS shares. We only want
uid = geteuid(); * to go that route if the follow conditions are true:
if (gid == (gid_t) -1) *
gid = getegid(); * 1) VIR_DIR_CREATE_AS_UID was passed, currently only used when
* directory is being created for a NETFS pool
* 2) We are running as root, since that's when the root-squash
* workaround is required.
* 3) An explicit uid/gid was requested
* 4) The directory doesn't already exist and the ALLOW_EXIST flag
* wasn't passed.
*
* If any of those conditions are _not_ met, ignore the fork crazyness
*/
if ((!(flags & VIR_DIR_CREATE_AS_UID)) if ((!(flags & VIR_DIR_CREATE_AS_UID))
|| (geteuid() != 0) || (geteuid() != 0)
|| ((uid == 0) && (gid == 0)) || ((uid == (uid_t) -1) && (gid == (gid_t) -1))
|| ((flags & VIR_DIR_CREATE_ALLOW_EXIST) && (stat(path, &st) >= 0))) { || ((flags & VIR_DIR_CREATE_ALLOW_EXIST) && virFileExists(path))) {
return virDirCreateNoFork(path, mode, uid, gid, flags); return virDirCreateNoFork(path, mode, uid, gid, flags);
} }
if (uid == (uid_t) -1)
uid = geteuid();
if (gid == (gid_t) -1)
gid = getegid();
ngroups = virGetGroupList(uid, gid, &groups); ngroups = virGetGroupList(uid, gid, &groups);
if (ngroups < 0) if (ngroups < 0)
return -errno; return -errno;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册