qemuDomainGetImageIds and qemuDomainStorageFileInit are helpful when
trying to access a virStorageSource from the qemu driver since they
figure out the correct uid and gid for the image.
When accessing members of a backing chain the permissions for the top
level would be used. To allow using specific permissions per backing
chain level but still allow inheritance from the parent of the chain we
need to add a new parameter to the image ID APIs.
---
src/qemu/qemu_domain.c | 13 ++---
src/qemu/qemu_domain.h | 3 ++-
src/qemu/qemu_driver.c | 6 +++---
3 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 00610edf1..24ed61bc2 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -5926,6 +5926,7 @@ static void
qemuDomainGetImageIds(virQEMUDriverConfigPtr cfg,
virDomainObjPtr vm,
virStorageSourcePtr src,
+ virStorageSourcePtr parentSrc,
uid_t *uid, gid_t *gid)
{
virSecurityLabelDefPtr vmlabel;
@@ -5948,6 +5949,11 @@ qemuDomainGetImageIds(virQEMUDriverConfigPtr cfg,
vmlabel->label)
virParseOwnershipIds(vmlabel->label, uid, gid);
+if (parentSrc &&
+(disklabel = virStorageSourceGetSecurityLabelDef(parentSrc, "dac")) &&
+disklabel->label)
+virParseOwnershipIds(disklabel->label, uid, gid);
+
if ((disklabel = virStorageSourceGetSecurityLabelDef(src, "dac")) &&
disklabel->label)
virParseOwnershipIds(disklabel->label, uid, gid);
@@ -5957,14 +5963,15 @@ qemuDomainGetImageIds(virQEMUDriverConfigPtr cfg,
int
qemuDomainStorageFileInit(virQEMUDriverPtr driver,
virDomainObjPtr vm,
- virStorageSourcePtr src)
+ virStorageSourcePtr src,
+ virStorageSourcePtr parent)
{
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
uid_t uid;
gid_t gid;
int ret = -1;
-qemuDomainGetImageIds(cfg, vm, src, &uid, &gid);
+qemuDomainGetImageIds(cfg, vm, src, parent, &uid, &gid);
if (virStorageFileInitAs(src, uid, gid) < 0)
goto cleanup;
@@ -6014,7 +6021,7 @@ qemuDomainDetermineDiskChain(virQEMUDriverPtr driver,
goto cleanup;
}
-qemuDomainGetImageIds(cfg, vm, disk->src, &uid, &gid);
+qemuDomainGetImageIds(cfg, vm, disk->src, NULL, &uid, &gid);
if (virStorageFileGetMetadata(disk->src,
uid, gid,
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index 39cb68b3c..a8ad59d20 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -674,7 +674,8 @@ bool qemuDomainDiskChangeSupported(virDomainDiskDefPtr disk,
int qemuDomainStorageFileInit(virQEMUDriverPtr driver,
virDomainObjPtr vm,
- virStorageSourcePtr src);
+ virStorageSourcePtr src,
+ virStorageSourcePtr parent);
char *qemuDomainStorageAlias(const char *device, int depth);
void qemuDomainDiskChainElementRevoke(virQEMUDriverPtr driver,
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index d56992fbb..23692fedb 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -11495,7 +11495,7 @@ qemuDomainBlockPeek(virDomainPtr dom,
goto cleanup;
}
-if (qemuDomainStorageFileInit(driver, vm, disk->src) < 0)
+if (qemuDomainStorageFileInit(driver, vm, disk->src, NULL) < 0)
goto cleanup;
if ((nread = virStorageFileRead(disk->src, offset, size, &tmpbuf)) < 0)
@@ -14418,7 +14418,7 @@ qemuDomainSnapshotDiskDataCollect(virQEMUDriverPtr
driver,
if (virStorageSourceInitChainElement(dd->src, dd->disk->src, false) <
0)
goto error;
-if (qemuDomainStorageFileInit(driver, vm, dd->src) < 0)
+if (qemuDomainStorageFileInit(driver, vm, dd->src, NULL) < 0)
goto error;
dd->initialized = true;
@@ -17093,7 +17093,7 @@ qemuDomainBlockCopyCommon(virDomainObjPtr vm,
goto endjob;
}
-if (qemuDomainStorageFileInit(driver, vm, mirror) < 0)
+if (qemuDomainStorageFileInit(driver, vm, mirror, NULL) < 0)
goto endjob;
if (qemuDomainBlockCopyValidateMirror(mirror, disk->dst, &reuse) < 0)
--
2.14.1
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
