From 2b757b964b5b701b4a55839e5eeef54fd5179ee7 Mon Sep 17 00:00:00 2001 From: Peter Krempa Date: Mon, 16 Oct 2017 14:10:09 +0200 Subject: [PATCH] qemu: domain: Simplify using DAC permissions of top of backing chain qemuDomainGetImageIds and qemuDomainStorageFileInit are helpful when trying to access a virStorageSource from the qemu driver since they figure out the correct uid and gid for the image. When accessing members of a backing chain the permissions for the top level would be used. To allow using specific permissions per backing chain level but still allow inheritance from the parent of the chain we need to add a new parameter to the image ID APIs. --- src/qemu/qemu_domain.c | 13 ++++++++++--- src/qemu/qemu_domain.h | 3 ++- src/qemu/qemu_driver.c | 6 +++--- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 13e77eedcd..d89b032ac0 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -5931,6 +5931,7 @@ static void qemuDomainGetImageIds(virQEMUDriverConfigPtr cfg, virDomainObjPtr vm, virStorageSourcePtr src, + virStorageSourcePtr parentSrc, uid_t *uid, gid_t *gid) { virSecurityLabelDefPtr vmlabel; @@ -5953,6 +5954,11 @@ qemuDomainGetImageIds(virQEMUDriverConfigPtr cfg, vmlabel->label) virParseOwnershipIds(vmlabel->label, uid, gid); + if (parentSrc && + (disklabel = virStorageSourceGetSecurityLabelDef(parentSrc, "dac")) && + disklabel->label) + virParseOwnershipIds(disklabel->label, uid, gid); + if ((disklabel = virStorageSourceGetSecurityLabelDef(src, "dac")) && disklabel->label) virParseOwnershipIds(disklabel->label, uid, gid); @@ -5962,14 +5968,15 @@ qemuDomainGetImageIds(virQEMUDriverConfigPtr cfg, int qemuDomainStorageFileInit(virQEMUDriverPtr driver, virDomainObjPtr vm, - virStorageSourcePtr src) + virStorageSourcePtr src, + virStorageSourcePtr parent) { virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver); uid_t uid; gid_t gid; int ret = -1; - qemuDomainGetImageIds(cfg, vm, src, &uid, &gid); + qemuDomainGetImageIds(cfg, vm, src, parent, &uid, &gid); if (virStorageFileInitAs(src, uid, gid) < 0) goto cleanup; @@ -6019,7 +6026,7 @@ qemuDomainDetermineDiskChain(virQEMUDriverPtr driver, goto cleanup; } - qemuDomainGetImageIds(cfg, vm, disk->src, &uid, &gid); + qemuDomainGetImageIds(cfg, vm, disk->src, NULL, &uid, &gid); if (virStorageFileGetMetadata(disk->src, uid, gid, diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index ff5328277c..5c4c6a0a0a 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -679,7 +679,8 @@ bool qemuDomainDiskChangeSupported(virDomainDiskDefPtr disk, int qemuDomainStorageFileInit(virQEMUDriverPtr driver, virDomainObjPtr vm, - virStorageSourcePtr src); + virStorageSourcePtr src, + virStorageSourcePtr parent); char *qemuDomainStorageAlias(const char *device, int depth); void qemuDomainDiskChainElementRevoke(virQEMUDriverPtr driver, diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 1dff53441b..6c5ec5f558 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -11520,7 +11520,7 @@ qemuDomainBlockPeek(virDomainPtr dom, goto cleanup; } - if (qemuDomainStorageFileInit(driver, vm, disk->src) < 0) + if (qemuDomainStorageFileInit(driver, vm, disk->src, NULL) < 0) goto cleanup; if ((nread = virStorageFileRead(disk->src, offset, size, &tmpbuf)) < 0) @@ -14437,7 +14437,7 @@ qemuDomainSnapshotDiskDataCollect(virQEMUDriverPtr driver, if (virStorageSourceInitChainElement(dd->src, dd->disk->src, false) < 0) goto error; - if (qemuDomainStorageFileInit(driver, vm, dd->src) < 0) + if (qemuDomainStorageFileInit(driver, vm, dd->src, NULL) < 0) goto error; dd->initialized = true; @@ -17112,7 +17112,7 @@ qemuDomainBlockCopyCommon(virDomainObjPtr vm, goto endjob; } - if (qemuDomainStorageFileInit(driver, vm, mirror) < 0) + if (qemuDomainStorageFileInit(driver, vm, mirror, NULL) < 0) goto endjob; if (qemuDomainBlockCopyValidateMirror(mirror, disk->dst, &reuse) < 0) -- GitLab