From 5b6782f9417eb53f1ee3fa709b651fdb50984391 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Wed, 13 Jan 2010 17:41:36 +0000 Subject: [PATCH] Add configuration option to turn off dynamic permissions management Add the ability to turn off dynamic management of file permissions for libvirt guests. * qemu/libvirtd_qemu.aug: Support 'dynamic_ownership' flag * qemu/qemu.conf: Document 'dynamic_ownership' flag. * qemu/qemu_conf.c: Load 'dynamic_ownership' flag * qemu/test_libvirtd_qemu.aug: Test 'dynamic_ownership' flag --- src/qemu/libvirtd_qemu.aug | 1 + src/qemu/qemu.conf | 5 +++++ src/qemu/qemu_conf.c | 13 ++++++++++--- src/qemu/test_libvirtd_qemu.aug | 4 ++++ 4 files changed, 20 insertions(+), 3 deletions(-) diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug index ef75421909..5bd60b3629 100644 --- a/src/qemu/libvirtd_qemu.aug +++ b/src/qemu/libvirtd_qemu.aug @@ -32,6 +32,7 @@ module Libvirtd_qemu = | str_entry "security_driver" | str_entry "user" | str_entry "group" + | bool_entry "dynamic_ownership" | str_array_entry "cgroup_controllers" | str_array_entry "cgroup_device_acl" | str_entry "save_image_format" diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index 1078963c08..3da332fc86 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -96,6 +96,11 @@ # The group ID for QEMU processes run by the system instance #group = "root" +# Whether libvirt should dynamically change file ownership +# to match the configured user/group above. Defaults to 1. +# Set to 0 to disable file ownership changes. +#dynamic_ownership = 1 + # What cgroup controllers to make use of with QEMU guests # diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index ba31cccc6f..3cdb0dfd93 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -102,7 +102,9 @@ int qemudLoadDriverConfig(struct qemud_driver *driver, char *group; int i; - /* Setup 2 critical defaults */ + /* Setup critical defaults */ + driver->dynamicOwnership = 1; + if (!(driver->vncListen = strdup("127.0.0.1"))) { virReportOOMError(NULL); return -1; @@ -224,6 +226,7 @@ int qemudLoadDriverConfig(struct qemud_driver *driver, } VIR_FREE(user); + p = virConfGetValue (conf, "group"); CHECK_TYPE ("group", VIR_CONF_STRING); if (!(group = strdup(p && p->str ? p->str : QEMU_GROUP))) { @@ -231,8 +234,6 @@ int qemudLoadDriverConfig(struct qemud_driver *driver, virConfFree(conf); return -1; } - - if (virGetGroupID(NULL, group, &driver->group) < 0) { VIR_FREE(group); virConfFree(conf); @@ -240,6 +241,12 @@ int qemudLoadDriverConfig(struct qemud_driver *driver, } VIR_FREE(group); + + p = virConfGetValue (conf, "dynamic_ownership"); + CHECK_TYPE ("dynamic_ownership", VIR_CONF_LONG); + if (p) driver->dynamicOwnership = p->l; + + p = virConfGetValue (conf, "cgroup_controllers"); CHECK_TYPE ("cgroup_controllers", VIR_CONF_LIST); if (p) { diff --git a/src/qemu/test_libvirtd_qemu.aug b/src/qemu/test_libvirtd_qemu.aug index e9abbb41e0..2feedc05cf 100644 --- a/src/qemu/test_libvirtd_qemu.aug +++ b/src/qemu/test_libvirtd_qemu.aug @@ -86,6 +86,8 @@ user = \"root\" group = \"root\" +dynamic_ownership = 1 + cgroup_controllers = [ \"cpu\", \"devices\" ] cgroup_device_acl = [ \"/dev/null\", \"/dev/full\", \"/dev/zero\" ] @@ -184,6 +186,8 @@ relaxed_acs_check = 1 { "#empty" } { "group" = "root" } { "#empty" } +{ "dynamic_ownership" = "1" } +{ "#empty" } { "cgroup_controllers" { "1" = "cpu" } { "2" = "devices" } -- GitLab