From 7c7ec6e6c20675a99abe8685c715dc95e7e8dbff Mon Sep 17 00:00:00 2001 Message-Id: <7c7ec6e6c20675a99abe8685c715dc95e7e8dbff@dist-git> From: Michal Privoznik Date: Tue, 6 Sep 2022 13:37:23 +0200 Subject: [PATCH] qemu_namespace: Tolerate missing ACLs when creating a path in namespace When creating a path in a domain's mount namespace we try to set ACLs on it, so that it's a verbatim copy of the path in parent's namespace. The ACLs are queried upfront (by qemuNamespaceMknodItemInit()) but this is fault tolerant so the pointer to ACLs might be NULL (meaning no ACLs were queried, for instance because the underlying filesystem does not support them). But then we take this NULL and pass it to virFileSetACLs() which immediately returns an error because NULL is invalid value. Mimic what we do with SELinux label - only set ACLs if they are non-NULL which includes symlinks. Signed-off-by: Michal Privoznik Reviewed-by: Martin Kletzander (cherry picked from commit 687374959e160dc566bd4b6d43c7bf1beb470c59) Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2123196 Signed-off-by: Michal Privoznik --- src/qemu/qemu_namespace.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c index 94453033f5..4bff325a2c 100644 --- a/src/qemu/qemu_namespace.c +++ b/src/qemu/qemu_namespace.c @@ -1023,8 +1023,7 @@ qemuNamespaceMknodOne(qemuNamespaceMknodItem *data) goto cleanup; } - /* Symlinks don't have ACLs. */ - if (!isLink && + if (data->acl && virFileSetACLs(data->file, data->acl) < 0 && errno != ENOTSUP) { virReportSystemError(errno, -- 2.38.0