storage: Change virStorageBackendVolOpen to use virFileOpenAs

https://bugzilla.redhat.com/show_bug.cgi?id=1282288 Rather than using just open on the path, allow for the possibility that the path to be opened resides on an NFS root-squash target and was created under a different uid/gid. Without using virFileOpenAs an attempt to get the volume size data may fail if the current user doesn't have permissions to read the volume, such as would be the case if mode wasn't supplied in the volume XML and the default VIR_STORAGE_DEFAULT_VOL_PERM_MODE (e.g. 0600) was used. Under this scenario the owner/group is not root:root, thus this path run under root would fail to open/read the volume. NB: The virFileOpenAs code using OPEN_FORK will only work when the failure is not EACESS/EPERM and the path resolves to a shared file system.

storage: Change virStorageBackendVolOpen to use virFileOpenAs
https://bugzilla.redhat.com/show_bug.cgi?id=1282288 Rather than using just open on the path, allow for the possibility that the path to be opened resides on an NFS root-squash target and was created under a different uid/gid. Without using virFileOpenAs an attempt to get the volume size data may fail if the current user doesn't have permissions to read the volume, such as would be the case if mode wasn't supplied in the volume XML and the default VIR_STORAGE_DEFAULT_VOL_PERM_MODE (e.g. 0600) was used. Under this scenario the owner/group is not root:root, thus this path run under root would fail to open/read the volume. NB: The virFileOpenAs code using OPEN_FORK will only work when the failure is not EACESS/EPERM and the path resolves to a shared file system.
5e3ad0b7 · John Ferlan · ce6506b0 · 5e3ad0b7
隐藏空白更改
内联并排

Showing with 12 addition and 3 deletion

src/storage/storage_backend.c src/storage/storage_backend.c +12 -3

未找到文件。
--- a/src/storage/storage_backend.c
+++ b/src/storage/storage_backend.c
@@ -1484,9 +1484,18 @@ virStorageBackendVolOpen(const char *path, struct stat *sb,
     * sockets, which we already filtered; but using it prevents a
     * TOCTTOU race.  However, later on we will want to read() the
     * header from this fd, and virFileRead* routines require a
-     * blocking fd, so fix it up after verifying we avoided a
-     * race.  */
-    if ((fd = open(path, O_RDONLY|O_NONBLOCK|O_NOCTTY)) < 0) {
+     * blocking fd, so fix it up after verifying we avoided a race.
+     *
+     * Use of virFileOpenAs allows this path to open a file using
+     * the uid and gid as it was created in order to open. Since this
+     * path is not using O_CREAT or O_TMPFILE, mode is meaningless.
+     * Opening under user/group is especially important in an NFS
+     * root-squash environment. If the target path isn't on shared
+     * file system, the open will fail in the OPEN_FORK path.
+     */
+    if ((fd = virFileOpenAs(path, O_RDONLY|O_NONBLOCK|O_NOCTTY,
+                            0, sb->st_uid, sb->st_gid,
+                            VIR_FILE_OPEN_NOFORK|VIR_FILE_OPEN_FORK)) < 0) {
        if ((errno == ENOENT || errno == ELOOP) &&
            S_ISLNK(sb->st_mode) && noerror) {
            VIR_WARN("ignoring dangling symlink '%s'", path);