mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-23 21:34:54 +03:00
qemu: domain: Simplify using DAC permissions of top of backing chain
qemuDomainGetImageIds and qemuDomainStorageFileInit are helpful when trying to access a virStorageSource from the qemu driver since they figure out the correct uid and gid for the image. When accessing members of a backing chain the permissions for the top level would be used. To allow using specific permissions per backing chain level but still allow inheritance from the parent of the chain we need to add a new parameter to the image ID APIs.
This commit is contained in:
parent
cc16fa2a85
commit
2b757b964b
@ -5931,6 +5931,7 @@ static void
|
||||
qemuDomainGetImageIds(virQEMUDriverConfigPtr cfg,
|
||||
virDomainObjPtr vm,
|
||||
virStorageSourcePtr src,
|
||||
virStorageSourcePtr parentSrc,
|
||||
uid_t *uid, gid_t *gid)
|
||||
{
|
||||
virSecurityLabelDefPtr vmlabel;
|
||||
@ -5953,6 +5954,11 @@ qemuDomainGetImageIds(virQEMUDriverConfigPtr cfg,
|
||||
vmlabel->label)
|
||||
virParseOwnershipIds(vmlabel->label, uid, gid);
|
||||
|
||||
if (parentSrc &&
|
||||
(disklabel = virStorageSourceGetSecurityLabelDef(parentSrc, "dac")) &&
|
||||
disklabel->label)
|
||||
virParseOwnershipIds(disklabel->label, uid, gid);
|
||||
|
||||
if ((disklabel = virStorageSourceGetSecurityLabelDef(src, "dac")) &&
|
||||
disklabel->label)
|
||||
virParseOwnershipIds(disklabel->label, uid, gid);
|
||||
@ -5962,14 +5968,15 @@ qemuDomainGetImageIds(virQEMUDriverConfigPtr cfg,
|
||||
int
|
||||
qemuDomainStorageFileInit(virQEMUDriverPtr driver,
|
||||
virDomainObjPtr vm,
|
||||
virStorageSourcePtr src)
|
||||
virStorageSourcePtr src,
|
||||
virStorageSourcePtr parent)
|
||||
{
|
||||
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
|
||||
uid_t uid;
|
||||
gid_t gid;
|
||||
int ret = -1;
|
||||
|
||||
qemuDomainGetImageIds(cfg, vm, src, &uid, &gid);
|
||||
qemuDomainGetImageIds(cfg, vm, src, parent, &uid, &gid);
|
||||
|
||||
if (virStorageFileInitAs(src, uid, gid) < 0)
|
||||
goto cleanup;
|
||||
@ -6019,7 +6026,7 @@ qemuDomainDetermineDiskChain(virQEMUDriverPtr driver,
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
qemuDomainGetImageIds(cfg, vm, disk->src, &uid, &gid);
|
||||
qemuDomainGetImageIds(cfg, vm, disk->src, NULL, &uid, &gid);
|
||||
|
||||
if (virStorageFileGetMetadata(disk->src,
|
||||
uid, gid,
|
||||
|
@ -679,7 +679,8 @@ bool qemuDomainDiskChangeSupported(virDomainDiskDefPtr disk,
|
||||
|
||||
int qemuDomainStorageFileInit(virQEMUDriverPtr driver,
|
||||
virDomainObjPtr vm,
|
||||
virStorageSourcePtr src);
|
||||
virStorageSourcePtr src,
|
||||
virStorageSourcePtr parent);
|
||||
char *qemuDomainStorageAlias(const char *device, int depth);
|
||||
|
||||
void qemuDomainDiskChainElementRevoke(virQEMUDriverPtr driver,
|
||||
|
@ -11520,7 +11520,7 @@ qemuDomainBlockPeek(virDomainPtr dom,
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (qemuDomainStorageFileInit(driver, vm, disk->src) < 0)
|
||||
if (qemuDomainStorageFileInit(driver, vm, disk->src, NULL) < 0)
|
||||
goto cleanup;
|
||||
|
||||
if ((nread = virStorageFileRead(disk->src, offset, size, &tmpbuf)) < 0)
|
||||
@ -14437,7 +14437,7 @@ qemuDomainSnapshotDiskDataCollect(virQEMUDriverPtr driver,
|
||||
if (virStorageSourceInitChainElement(dd->src, dd->disk->src, false) < 0)
|
||||
goto error;
|
||||
|
||||
if (qemuDomainStorageFileInit(driver, vm, dd->src) < 0)
|
||||
if (qemuDomainStorageFileInit(driver, vm, dd->src, NULL) < 0)
|
||||
goto error;
|
||||
|
||||
dd->initialized = true;
|
||||
@ -17112,7 +17112,7 @@ qemuDomainBlockCopyCommon(virDomainObjPtr vm,
|
||||
goto endjob;
|
||||
}
|
||||
|
||||
if (qemuDomainStorageFileInit(driver, vm, mirror) < 0)
|
||||
if (qemuDomainStorageFileInit(driver, vm, mirror, NULL) < 0)
|
||||
goto endjob;
|
||||
|
||||
if (qemuDomainBlockCopyValidateMirror(mirror, disk->dst, &reuse) < 0)
|
||||
|
Loading…
Reference in New Issue
Block a user