Change in vdsm[ovirt-3.6]: storage: validate vdsm rwx permissions for file storage

Mon, 24 Aug 2015 11:11:57 -0700 

Hello Nir Soffer,

I'd like you to do a code review.  Please visit

    https://gerrit.ovirt.org/45271

to review the following change.

Change subject: storage: validate vdsm rwx permissions for file storage
......................................................................

storage: validate vdsm rwx permissions for file storage

VDSM needs permission to write to file-based storage.  Presumably the
existing check for qemu permissions or a subsequent failure would throw
an error; however, these errors were not always clear nor did they help
the user (e.g. a general Error 100, such as in the referenced bug).

With an explicit check, we can ensure the failure happens up-front and
gives a meaningful error message to the user.

Change-Id: I8276c36042bef57c80c8920041b1f3446cdfc372
Bug-Url: https://bugzilla.redhat.com/1250752
Signed-off-by: Greg Padgett <[email protected]>
Reviewed-on: https://gerrit.ovirt.org/44442
Continuous-Integration: Jenkins CI
Reviewed-by: Nir Soffer <[email protected]>
---
M vdsm/storage/fileSD.py
1 file changed, 4 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/71/45271/1

diff --git a/vdsm/storage/fileSD.py b/vdsm/storage/fileSD.py
index 2feb6b5..ec46d18 100644
--- a/vdsm/storage/fileSD.py
+++ b/vdsm/storage/fileSD.py
@@ -67,6 +67,10 @@
     try:
         getProcPool().fileUtils.validateAccess(dirPath)
         supervdsm.getProxy().validateAccess(
+            constants.VDSM_USER,
+            (constants.VDSM_GROUP,), dirPath,
+            (os.R_OK | os.W_OK | os.X_OK))
+        supervdsm.getProxy().validateAccess(
             constants.QEMU_PROCESS_USER,
             (constants.DISKIMAGE_GROUP, constants.METADATA_GROUP), dirPath,
             (os.R_OK | os.X_OK))


-- 
To view, visit https://gerrit.ovirt.org/45271
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I8276c36042bef57c80c8920041b1f3446cdfc372
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-3.6
Gerrit-Owner: Greg Padgett <[email protected]>
Gerrit-Reviewer: Nir Soffer <[email protected]>
_______________________________________________
vdsm-patches mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Reply via email to