2023-05-16 06:06:22 +00:00
|
|
|
From 7c7ec6e6c20675a99abe8685c715dc95e7e8dbff Mon Sep 17 00:00:00 2001
|
|
|
|
Message-Id: <7c7ec6e6c20675a99abe8685c715dc95e7e8dbff@dist-git>
|
2023-01-12 08:28:16 +00:00
|
|
|
From: Michal Privoznik <mprivozn@redhat.com>
|
|
|
|
Date: Tue, 6 Sep 2022 13:37:23 +0200
|
|
|
|
Subject: [PATCH] qemu_namespace: Tolerate missing ACLs when creating a path in
|
|
|
|
namespace
|
|
|
|
|
|
|
|
When creating a path in a domain's mount namespace we try to set
|
|
|
|
ACLs on it, so that it's a verbatim copy of the path in parent's
|
|
|
|
namespace. The ACLs are queried upfront (by
|
|
|
|
qemuNamespaceMknodItemInit()) but this is fault tolerant so the
|
|
|
|
pointer to ACLs might be NULL (meaning no ACLs were queried, for
|
|
|
|
instance because the underlying filesystem does not support
|
|
|
|
them). But then we take this NULL and pass it to virFileSetACLs()
|
|
|
|
which immediately returns an error because NULL is invalid value.
|
|
|
|
|
|
|
|
Mimic what we do with SELinux label - only set ACLs if they are
|
|
|
|
non-NULL which includes symlinks.
|
|
|
|
|
|
|
|
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
|
|
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
|
|
|
|
(cherry picked from commit 687374959e160dc566bd4b6d43c7bf1beb470c59)
|
2023-05-16 06:06:22 +00:00
|
|
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2123196
|
2023-01-12 08:28:16 +00:00
|
|
|
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
|
|
---
|
|
|
|
src/qemu/qemu_namespace.c | 3 +--
|
|
|
|
1 file changed, 1 insertion(+), 2 deletions(-)
|
|
|
|
|
|
|
|
diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
|
|
|
|
index 94453033f5..4bff325a2c 100644
|
|
|
|
--- a/src/qemu/qemu_namespace.c
|
|
|
|
+++ b/src/qemu/qemu_namespace.c
|
|
|
|
@@ -1023,8 +1023,7 @@ qemuNamespaceMknodOne(qemuNamespaceMknodItem *data)
|
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
|
|
|
- /* Symlinks don't have ACLs. */
|
|
|
|
- if (!isLink &&
|
|
|
|
+ if (data->acl &&
|
|
|
|
virFileSetACLs(data->file, data->acl) < 0 &&
|
|
|
|
errno != ENOTSUP) {
|
|
|
|
virReportSystemError(errno,
|
|
|
|
--
|
2023-05-16 06:06:22 +00:00
|
|
|
2.38.0
|
2023-01-12 08:28:16 +00:00
|
|
|
|