Re: [libvirt] [PATCH 6/6] storage: fs: Only force directory permissions if required
On 04/28/2015 09:54 PM, Cole Robinson wrote:
> On 04/28/2015 09:36 AM, Peter Krempa wrote:
>> On Mon, Apr 27, 2015 at 16:48:44 -0400, Cole Robinson wrote:
>>> Only set directory permissions at pool build time, if:
>>>
>>> - User explicitly requested a mode via the XML
>>> - The directory needs to be created
>>> - We need to do the crazy NFS root-squash workaround
>>>
>>> This allows qemu:///session to call build on an existing directory
>>> like /tmp.
>>> ---
>>> src/storage/storage_backend_fs.c | 16 +++-
>>> src/util/virfile.c | 2 +-
>>> 2 files changed, 12 insertions(+), 6 deletions(-)
>>>
>>> diff --git a/src/storage/storage_backend_fs.c
>>> b/src/storage/storage_backend_fs.c
>>> index 344ee4c..e11c240 100644
>>> --- a/src/storage/storage_backend_fs.c
>>> +++ b/src/storage/storage_backend_fs.c
>>> @@ -769,6 +769,8 @@ virStorageBackendFileSystemBuild(virConnectPtr conn
>>> ATTRIBUTE_UNUSED,
>>> int err, ret = -1;
>>> char *parent = NULL;
>>> char *p = NULL;
>>> +mode_t mode;
>>> +bool needs_create_as_uid;
>>>
>>> virCheckFlags(VIR_STORAGE_POOL_BUILD_OVERWRITE |
>>>VIR_STORAGE_POOL_BUILD_NO_OVERWRITE, ret);
>>> @@ -802,19 +804,23 @@ virStorageBackendFileSystemBuild(virConnectPtr conn
>>> ATTRIBUTE_UNUSED,
>>> }
>>> }
>>>
>>> +needs_create_as_uid = (pool->def->type == VIR_STORAGE_POOL_NETFS);
>>> +mode = pool->def->target.perms.mode;
>>> +if (mode == (mode_t) -1 &&
>>> +(needs_create_as_uid || !virFileExists(pool->def->target.path)))
>>> +mode = VIR_STORAGE_DEFAULT_POOL_PERM_MODE;
>>> +
>>> /* Now create the final dir in the path with the uid/gid/mode
>>> * requested in the config. If the dir already exists, just set
>>> * the perms. */
>>> if ((err = virDirCreate(pool->def->target.path,
>>> -(pool->def->target.perms.mode == (mode_t) -1 ?
>>> - VIR_STORAGE_DEFAULT_POOL_PERM_MODE :
>>> - pool->def->target.perms.mode),
>>> +mode,
>>> pool->def->target.perms.uid,
>>> pool->def->target.perms.gid,
>>> VIR_DIR_CREATE_FORCE_PERMS |
>>> VIR_DIR_CREATE_ALLOW_EXIST |
>>> -(pool->def->type == VIR_STORAGE_POOL_NETFS
>>> -? VIR_DIR_CREATE_AS_UID : 0))) < 0) {
>>> +(needs_create_as_uid ? VIR_DIR_CREATE_AS_UID :
>>> 0)
>>> +)) < 0) {
>>
>> Closing parentheses on a separate line are ugly. I'd rather see
>> violating the 80 cols rule rather than damaging readability of the code.
>>
>>> goto error;
>>> }
>>>
>>> diff --git a/src/util/virfile.c b/src/util/virfile.c
>>> index 676e7b4..7e49f39 100644
>>> --- a/src/util/virfile.c
>>> +++ b/src/util/virfile.c
>>> @@ -2311,7 +2311,7 @@ virDirCreateNoFork(const char *path,
>>> path, (unsigned int) uid, (unsigned int) gid);
>>> goto error;
>>> }
>>> -if ((flags & VIR_DIR_CREATE_FORCE_PERMS)
>>> +if (((flags & VIR_DIR_CREATE_FORCE_PERMS) && mode != (mode_t) -1)
>>
>> This is a usage error of the function. Using mode == -1 and requesting
>> it to be set doesn't make much sense.
>>
>
> And to clarify, I'll push patches 1-4 when the new release opens, since they
> had minor changes. Then I'll post a new series with 5-6 + additional patches
>
Pushed patches 1-4 now.
Thanks,
Cole
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 6/6] storage: fs: Only force directory permissions if required
On 04/28/2015 09:36 AM, Peter Krempa wrote:
> On Mon, Apr 27, 2015 at 16:48:44 -0400, Cole Robinson wrote:
>> Only set directory permissions at pool build time, if:
>>
>> - User explicitly requested a mode via the XML
>> - The directory needs to be created
>> - We need to do the crazy NFS root-squash workaround
>>
>> This allows qemu:///session to call build on an existing directory
>> like /tmp.
>> ---
>> src/storage/storage_backend_fs.c | 16 +++-
>> src/util/virfile.c | 2 +-
>> 2 files changed, 12 insertions(+), 6 deletions(-)
>>
>> diff --git a/src/storage/storage_backend_fs.c
>> b/src/storage/storage_backend_fs.c
>> index 344ee4c..e11c240 100644
>> --- a/src/storage/storage_backend_fs.c
>> +++ b/src/storage/storage_backend_fs.c
>> @@ -769,6 +769,8 @@ virStorageBackendFileSystemBuild(virConnectPtr conn
>> ATTRIBUTE_UNUSED,
>> int err, ret = -1;
>> char *parent = NULL;
>> char *p = NULL;
>> +mode_t mode;
>> +bool needs_create_as_uid;
>>
>> virCheckFlags(VIR_STORAGE_POOL_BUILD_OVERWRITE |
>>VIR_STORAGE_POOL_BUILD_NO_OVERWRITE, ret);
>> @@ -802,19 +804,23 @@ virStorageBackendFileSystemBuild(virConnectPtr conn
>> ATTRIBUTE_UNUSED,
>> }
>> }
>>
>> +needs_create_as_uid = (pool->def->type == VIR_STORAGE_POOL_NETFS);
>> +mode = pool->def->target.perms.mode;
>> +if (mode == (mode_t) -1 &&
>> +(needs_create_as_uid || !virFileExists(pool->def->target.path)))
>> +mode = VIR_STORAGE_DEFAULT_POOL_PERM_MODE;
>> +
>> /* Now create the final dir in the path with the uid/gid/mode
>> * requested in the config. If the dir already exists, just set
>> * the perms. */
>> if ((err = virDirCreate(pool->def->target.path,
>> -(pool->def->target.perms.mode == (mode_t) -1 ?
>> - VIR_STORAGE_DEFAULT_POOL_PERM_MODE :
>> - pool->def->target.perms.mode),
>> +mode,
>> pool->def->target.perms.uid,
>> pool->def->target.perms.gid,
>> VIR_DIR_CREATE_FORCE_PERMS |
>> VIR_DIR_CREATE_ALLOW_EXIST |
>> -(pool->def->type == VIR_STORAGE_POOL_NETFS
>> -? VIR_DIR_CREATE_AS_UID : 0))) < 0) {
>> +(needs_create_as_uid ? VIR_DIR_CREATE_AS_UID :
>> 0)
>> +)) < 0) {
>
> Closing parentheses on a separate line are ugly. I'd rather see
> violating the 80 cols rule rather than damaging readability of the code.
>
>> goto error;
>> }
>>
>> diff --git a/src/util/virfile.c b/src/util/virfile.c
>> index 676e7b4..7e49f39 100644
>> --- a/src/util/virfile.c
>> +++ b/src/util/virfile.c
>> @@ -2311,7 +2311,7 @@ virDirCreateNoFork(const char *path,
>> path, (unsigned int) uid, (unsigned int) gid);
>> goto error;
>> }
>> -if ((flags & VIR_DIR_CREATE_FORCE_PERMS)
>> +if (((flags & VIR_DIR_CREATE_FORCE_PERMS) && mode != (mode_t) -1)
>
> This is a usage error of the function. Using mode == -1 and requesting
> it to be set doesn't make much sense.
>
And to clarify, I'll push patches 1-4 when the new release opens, since they
had minor changes. Then I'll post a new series with 5-6 + additional patches
- Cole
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 6/6] storage: fs: Only force directory permissions if required
On 04/28/2015 09:36 AM, Peter Krempa wrote:
> On Mon, Apr 27, 2015 at 16:48:44 -0400, Cole Robinson wrote:
>> Only set directory permissions at pool build time, if:
>>
>> - User explicitly requested a mode via the XML
>> - The directory needs to be created
>> - We need to do the crazy NFS root-squash workaround
>>
>> This allows qemu:///session to call build on an existing directory
>> like /tmp.
>> ---
>> src/storage/storage_backend_fs.c | 16 +++-
>> src/util/virfile.c | 2 +-
>> 2 files changed, 12 insertions(+), 6 deletions(-)
>>
>> diff --git a/src/storage/storage_backend_fs.c
>> b/src/storage/storage_backend_fs.c
>> index 344ee4c..e11c240 100644
>> --- a/src/storage/storage_backend_fs.c
>> +++ b/src/storage/storage_backend_fs.c
>> @@ -769,6 +769,8 @@ virStorageBackendFileSystemBuild(virConnectPtr conn
>> ATTRIBUTE_UNUSED,
>> int err, ret = -1;
>> char *parent = NULL;
>> char *p = NULL;
>> +mode_t mode;
>> +bool needs_create_as_uid;
>>
>> virCheckFlags(VIR_STORAGE_POOL_BUILD_OVERWRITE |
>>VIR_STORAGE_POOL_BUILD_NO_OVERWRITE, ret);
>> @@ -802,19 +804,23 @@ virStorageBackendFileSystemBuild(virConnectPtr conn
>> ATTRIBUTE_UNUSED,
>> }
>> }
>>
>> +needs_create_as_uid = (pool->def->type == VIR_STORAGE_POOL_NETFS);
>> +mode = pool->def->target.perms.mode;
>> +if (mode == (mode_t) -1 &&
>> +(needs_create_as_uid || !virFileExists(pool->def->target.path)))
>> +mode = VIR_STORAGE_DEFAULT_POOL_PERM_MODE;
>> +
>> /* Now create the final dir in the path with the uid/gid/mode
>> * requested in the config. If the dir already exists, just set
>> * the perms. */
>> if ((err = virDirCreate(pool->def->target.path,
>> -(pool->def->target.perms.mode == (mode_t) -1 ?
>> - VIR_STORAGE_DEFAULT_POOL_PERM_MODE :
>> - pool->def->target.perms.mode),
>> +mode,
>> pool->def->target.perms.uid,
>> pool->def->target.perms.gid,
>> VIR_DIR_CREATE_FORCE_PERMS |
>> VIR_DIR_CREATE_ALLOW_EXIST |
>> -(pool->def->type == VIR_STORAGE_POOL_NETFS
>> -? VIR_DIR_CREATE_AS_UID : 0))) < 0) {
>> +(needs_create_as_uid ? VIR_DIR_CREATE_AS_UID :
>> 0)
>> +)) < 0) {
>
> Closing parentheses on a separate line are ugly. I'd rather see
> violating the 80 cols rule rather than damaging readability of the code.
>
Will do
>> goto error;
>> }
>>
>> diff --git a/src/util/virfile.c b/src/util/virfile.c
>> index 676e7b4..7e49f39 100644
>> --- a/src/util/virfile.c
>> +++ b/src/util/virfile.c
>> @@ -2311,7 +2311,7 @@ virDirCreateNoFork(const char *path,
>> path, (unsigned int) uid, (unsigned int) gid);
>> goto error;
>> }
>> -if ((flags & VIR_DIR_CREATE_FORCE_PERMS)
>> +if (((flags & VIR_DIR_CREATE_FORCE_PERMS) && mode != (mode_t) -1)
>
> This is a usage error of the function. Using mode == -1 and requesting
> it to be set doesn't make much sense.
>
Hmm, I think instead I'll add an additional patch to drop FORCE_PERMS
entirely.. it's used by every virDirCreate caller. We can just key the chmod
off of whether mode != -1
>> && (chmod(path, mode) < 0)) {
>> ret = -errno;
>> virReportSystemError(errno,
>
> ACK.
>
> Peter
>
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 6/6] storage: fs: Only force directory permissions if required
On Mon, Apr 27, 2015 at 16:48:44 -0400, Cole Robinson wrote:
> Only set directory permissions at pool build time, if:
>
> - User explicitly requested a mode via the XML
> - The directory needs to be created
> - We need to do the crazy NFS root-squash workaround
>
> This allows qemu:///session to call build on an existing directory
> like /tmp.
> ---
> src/storage/storage_backend_fs.c | 16 +++-
> src/util/virfile.c | 2 +-
> 2 files changed, 12 insertions(+), 6 deletions(-)
>
> diff --git a/src/storage/storage_backend_fs.c
> b/src/storage/storage_backend_fs.c
> index 344ee4c..e11c240 100644
> --- a/src/storage/storage_backend_fs.c
> +++ b/src/storage/storage_backend_fs.c
> @@ -769,6 +769,8 @@ virStorageBackendFileSystemBuild(virConnectPtr conn
> ATTRIBUTE_UNUSED,
> int err, ret = -1;
> char *parent = NULL;
> char *p = NULL;
> +mode_t mode;
> +bool needs_create_as_uid;
>
> virCheckFlags(VIR_STORAGE_POOL_BUILD_OVERWRITE |
>VIR_STORAGE_POOL_BUILD_NO_OVERWRITE, ret);
> @@ -802,19 +804,23 @@ virStorageBackendFileSystemBuild(virConnectPtr conn
> ATTRIBUTE_UNUSED,
> }
> }
>
> +needs_create_as_uid = (pool->def->type == VIR_STORAGE_POOL_NETFS);
> +mode = pool->def->target.perms.mode;
> +if (mode == (mode_t) -1 &&
> +(needs_create_as_uid || !virFileExists(pool->def->target.path)))
> +mode = VIR_STORAGE_DEFAULT_POOL_PERM_MODE;
> +
> /* Now create the final dir in the path with the uid/gid/mode
> * requested in the config. If the dir already exists, just set
> * the perms. */
> if ((err = virDirCreate(pool->def->target.path,
> -(pool->def->target.perms.mode == (mode_t) -1 ?
> - VIR_STORAGE_DEFAULT_POOL_PERM_MODE :
> - pool->def->target.perms.mode),
> +mode,
> pool->def->target.perms.uid,
> pool->def->target.perms.gid,
> VIR_DIR_CREATE_FORCE_PERMS |
> VIR_DIR_CREATE_ALLOW_EXIST |
> -(pool->def->type == VIR_STORAGE_POOL_NETFS
> -? VIR_DIR_CREATE_AS_UID : 0))) < 0) {
> +(needs_create_as_uid ? VIR_DIR_CREATE_AS_UID : 0)
> +)) < 0) {
Closing parentheses on a separate line are ugly. I'd rather see
violating the 80 cols rule rather than damaging readability of the code.
> goto error;
> }
>
> diff --git a/src/util/virfile.c b/src/util/virfile.c
> index 676e7b4..7e49f39 100644
> --- a/src/util/virfile.c
> +++ b/src/util/virfile.c
> @@ -2311,7 +2311,7 @@ virDirCreateNoFork(const char *path,
> path, (unsigned int) uid, (unsigned int) gid);
> goto error;
> }
> -if ((flags & VIR_DIR_CREATE_FORCE_PERMS)
> +if (((flags & VIR_DIR_CREATE_FORCE_PERMS) && mode != (mode_t) -1)
This is a usage error of the function. Using mode == -1 and requesting
it to be set doesn't make much sense.
> && (chmod(path, mode) < 0)) {
> ret = -errno;
> virReportSystemError(errno,
ACK.
Peter
signature.asc
Description: Digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 6/6] storage: fs: Only force directory permissions if required
Only set directory permissions at pool build time, if:
- User explicitly requested a mode via the XML
- The directory needs to be created
- We need to do the crazy NFS root-squash workaround
This allows qemu:///session to call build on an existing directory
like /tmp.
---
src/storage/storage_backend_fs.c | 16 +++-
src/util/virfile.c | 2 +-
2 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/src/storage/storage_backend_fs.c b/src/storage/storage_backend_fs.c
index 344ee4c..e11c240 100644
--- a/src/storage/storage_backend_fs.c
+++ b/src/storage/storage_backend_fs.c
@@ -769,6 +769,8 @@ virStorageBackendFileSystemBuild(virConnectPtr conn
ATTRIBUTE_UNUSED,
int err, ret = -1;
char *parent = NULL;
char *p = NULL;
+mode_t mode;
+bool needs_create_as_uid;
virCheckFlags(VIR_STORAGE_POOL_BUILD_OVERWRITE |
VIR_STORAGE_POOL_BUILD_NO_OVERWRITE, ret);
@@ -802,19 +804,23 @@ virStorageBackendFileSystemBuild(virConnectPtr conn
ATTRIBUTE_UNUSED,
}
}
+needs_create_as_uid = (pool->def->type == VIR_STORAGE_POOL_NETFS);
+mode = pool->def->target.perms.mode;
+if (mode == (mode_t) -1 &&
+(needs_create_as_uid || !virFileExists(pool->def->target.path)))
+mode = VIR_STORAGE_DEFAULT_POOL_PERM_MODE;
+
/* Now create the final dir in the path with the uid/gid/mode
* requested in the config. If the dir already exists, just set
* the perms. */
if ((err = virDirCreate(pool->def->target.path,
-(pool->def->target.perms.mode == (mode_t) -1 ?
- VIR_STORAGE_DEFAULT_POOL_PERM_MODE :
- pool->def->target.perms.mode),
+mode,
pool->def->target.perms.uid,
pool->def->target.perms.gid,
VIR_DIR_CREATE_FORCE_PERMS |
VIR_DIR_CREATE_ALLOW_EXIST |
-(pool->def->type == VIR_STORAGE_POOL_NETFS
-? VIR_DIR_CREATE_AS_UID : 0))) < 0) {
+(needs_create_as_uid ? VIR_DIR_CREATE_AS_UID : 0)
+)) < 0) {
goto error;
}
diff --git a/src/util/virfile.c b/src/util/virfile.c
index 676e7b4..7e49f39 100644
--- a/src/util/virfile.c
+++ b/src/util/virfile.c
@@ -2311,7 +2311,7 @@ virDirCreateNoFork(const char *path,
path, (unsigned int) uid, (unsigned int) gid);
goto error;
}
-if ((flags & VIR_DIR_CREATE_FORCE_PERMS)
+if (((flags & VIR_DIR_CREATE_FORCE_PERMS) && mode != (mode_t) -1)
&& (chmod(path, mode) < 0)) {
ret = -errno;
virReportSystemError(errno,
--
2.3.6
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
