Hello Nir Soffer,
I'd like you to do a code review. Please visit
https://gerrit.ovirt.org/45271
to review the following change.
Change subject: storage: validate vdsm rwx permissions for file storage
......................................................................
storage: validate vdsm rwx permissions for file storage
VDSM needs permission to write to file-based storage. Presumably the
existing check for qemu permissions or a subsequent failure would throw
an error; however, these errors were not always clear nor did they help
the user (e.g. a general Error 100, such as in the referenced bug).
With an explicit check, we can ensure the failure happens up-front and
gives a meaningful error message to the user.
Change-Id: I8276c36042bef57c80c8920041b1f3446cdfc372
Bug-Url: https://bugzilla.redhat.com/1250752
Signed-off-by: Greg Padgett <[email protected]>
Reviewed-on: https://gerrit.ovirt.org/44442
Continuous-Integration: Jenkins CI
Reviewed-by: Nir Soffer <[email protected]>
---
M vdsm/storage/fileSD.py
1 file changed, 4 insertions(+), 0 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/71/45271/1
diff --git a/vdsm/storage/fileSD.py b/vdsm/storage/fileSD.py
index 2feb6b5..ec46d18 100644
--- a/vdsm/storage/fileSD.py
+++ b/vdsm/storage/fileSD.py
@@ -67,6 +67,10 @@
try:
getProcPool().fileUtils.validateAccess(dirPath)
supervdsm.getProxy().validateAccess(
+ constants.VDSM_USER,
+ (constants.VDSM_GROUP,), dirPath,
+ (os.R_OK | os.W_OK | os.X_OK))
+ supervdsm.getProxy().validateAccess(
constants.QEMU_PROCESS_USER,
(constants.DISKIMAGE_GROUP, constants.METADATA_GROUP), dirPath,
(os.R_OK | os.X_OK))
--
To view, visit https://gerrit.ovirt.org/45271
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I8276c36042bef57c80c8920041b1f3446cdfc372
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-3.6
Gerrit-Owner: Greg Padgett <[email protected]>
Gerrit-Reviewer: Nir Soffer <[email protected]>
_______________________________________________
vdsm-patches mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches