On Mon, Sep 12, 2022 at 03:46:38PM +0200, Michal Privoznik wrote:
When creating a path in a domain's mount namespace we try to set ACLs on it, so that it's a verbatim copy of the path in parent's namespace. The ACLs are queried upfront (by qemuNamespaceMknodItemInit()) but this is fault tolerant so the pointer to ACLs might be NULL (meaning no ACLs were queried, for instance because the underlying filesystem does not support them). But then we take this NULL and pass it to virFileSetACLs() which immediately returns an error because NULL is invalid value.Mimic what we do with SELinux label - just set it if we queried it successfully before.
It would be less confusing if you just said something along the lines of: Only set ACLs if they are non-NULL which includes symlinks.
Signed-off-by: Michal Privoznik <mpriv...@redhat.com>
Reviewed-by: Martin Kletzander <mklet...@redhat.com>
---
src/qemu/qemu_namespace.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
index 98cd794666..71e3366ca5 100644
--- a/src/qemu/qemu_namespace.c
+++ b/src/qemu/qemu_namespace.c
@@ -1040,8 +1040,7 @@ qemuNamespaceMknodOne(qemuNamespaceMknodItem *data)
goto cleanup;
}
- /* Symlinks don't have ACLs. */
- if (!isLink &&
+ if (data->acl &&
virFileSetACLs(data->file, data->acl) < 0 &&
errno != ENOTSUP) {
virReportSystemError(errno,
--
2.35.1
signature.asc
Description: PGP signature
