46 lines
1.7 KiB
Diff
46 lines
1.7 KiB
Diff
From 1f0a6e441617da6a95e2188408ad1ed2dd4665e4 Mon Sep 17 00:00:00 2001
|
|
Message-Id: <1f0a6e441617da6a95e2188408ad1ed2dd4665e4@dist-git>
|
|
From: Michal Privoznik <mprivozn@redhat.com>
|
|
Date: Tue, 6 Sep 2022 13:37:23 +0200
|
|
Subject: [PATCH] qemu_namespace: Tolerate missing ACLs when creating a path in
|
|
namespace
|
|
|
|
When creating a path in a domain's mount namespace we try to set
|
|
ACLs on it, so that it's a verbatim copy of the path in parent's
|
|
namespace. The ACLs are queried upfront (by
|
|
qemuNamespaceMknodItemInit()) but this is fault tolerant so the
|
|
pointer to ACLs might be NULL (meaning no ACLs were queried, for
|
|
instance because the underlying filesystem does not support
|
|
them). But then we take this NULL and pass it to virFileSetACLs()
|
|
which immediately returns an error because NULL is invalid value.
|
|
|
|
Mimic what we do with SELinux label - only set ACLs if they are
|
|
non-NULL which includes symlinks.
|
|
|
|
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
|
|
(cherry picked from commit 687374959e160dc566bd4b6d43c7bf1beb470c59)
|
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2152083
|
|
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
---
|
|
src/qemu/qemu_namespace.c | 3 +--
|
|
1 file changed, 1 insertion(+), 2 deletions(-)
|
|
|
|
diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
|
|
index 98cd794666..71e3366ca5 100644
|
|
--- a/src/qemu/qemu_namespace.c
|
|
+++ b/src/qemu/qemu_namespace.c
|
|
@@ -1040,8 +1040,7 @@ qemuNamespaceMknodOne(qemuNamespaceMknodItem *data)
|
|
goto cleanup;
|
|
}
|
|
|
|
- /* Symlinks don't have ACLs. */
|
|
- if (!isLink &&
|
|
+ if (data->acl &&
|
|
virFileSetACLs(data->file, data->acl) < 0 &&
|
|
errno != ENOTSUP) {
|
|
virReportSystemError(errno,
|
|
--
|
|
2.39.0
|
|
|