render / rpms / libvirt

Forked from rpms/libvirt 9 months ago
Clone
edecca
From 94ba115a0dc13cedaf652513ac6cacd419672627 Mon Sep 17 00:00:00 2001
edecca
Message-Id: <94ba115a0dc13cedaf652513ac6cacd419672627@dist-git>
edecca
From: Michal Privoznik <mprivozn@redhat.com>
edecca
Date: Wed, 25 Jul 2018 08:27:10 +0200
edecca
Subject: [PATCH] qemuDomainSaveMemory: Don't enforce dynamicOwnership
edecca
MIME-Version: 1.0
edecca
Content-Type: text/plain; charset=UTF-8
edecca
Content-Transfer-Encoding: 8bit
edecca
edecca
https://bugzilla.redhat.com/show_bug.cgi?id=1589115
edecca
edecca
When doing a memory snapshot qemuOpenFile() is used. This means
edecca
that the file where memory is saved is firstly attempted to be
edecca
created under root:root (because that's what libvirtd is running
edecca
under) and if this fails the second attempt is done under
edecca
domain's uid:gid. This does not make much sense - qemu is given
edecca
opened FD so it does not need to access the file. Moreover, if
edecca
dynamicOwnership is set in qemu.conf and the file lives on a
edecca
squashed NFS this is deadly combination and very likely to fail.
edecca
edecca
The fix consists of using:
edecca
edecca
  qemuOpenFileAs(fallback_uid = cfg->user,
edecca
                 fallback_gid = cfg->group,
edecca
                 dynamicOwnership = false)
edecca
edecca
In other words, dynamicOwnership is turned off for memory
edecca
snapshot (chown() will still be attempted if the file does not
edecca
live on NFS) and instead of using domain DAC label, configured
edecca
user:group is set as fallback.
edecca
edecca
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
edecca
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
edecca
(cherry picked from commit 8c8c32339ae965fa6991462e98be1f5890ac7499)
edecca
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
edecca
Reviewed-by: Ján Tomko <jtomko@redhat.com>
edecca
---
edecca
 src/qemu/qemu_driver.c | 15 +++++++++------
edecca
 1 file changed, 9 insertions(+), 6 deletions(-)
edecca
edecca
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
edecca
index e8a595f17e..f85248e3c7 100644
edecca
--- a/src/qemu/qemu_driver.c
edecca
+++ b/src/qemu/qemu_driver.c
edecca
@@ -3185,6 +3185,7 @@ qemuDomainSaveMemory(virQEMUDriverPtr driver,
edecca
                      unsigned int flags,
edecca
                      qemuDomainAsyncJob asyncJob)
edecca
 {
edecca
+    virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
edecca
     bool needUnlink = false;
edecca
     int ret = -1;
edecca
     int fd = -1;
edecca
@@ -3202,9 +3203,10 @@ qemuDomainSaveMemory(virQEMUDriverPtr driver,
edecca
             goto cleanup;
edecca
         }
edecca
     }
edecca
-    fd = qemuOpenFile(driver, vm, path,
edecca
-                      O_WRONLY | O_TRUNC | O_CREAT | directFlag,
edecca
-                      &needUnlink);
edecca
+
edecca
+    fd = qemuOpenFileAs(cfg->user, cfg->group, false, path,
edecca
+                        O_WRONLY | O_TRUNC | O_CREAT | directFlag,
edecca
+                        &needUnlink);
edecca
     if (fd < 0)
edecca
         goto cleanup;
edecca
 
edecca
@@ -3244,6 +3246,7 @@ qemuDomainSaveMemory(virQEMUDriverPtr driver,
edecca
  cleanup:
edecca
     VIR_FORCE_CLOSE(fd);
edecca
     virFileWrapperFdFree(wrapperFd);
edecca
+    virObjectUnref(cfg);
edecca
 
edecca
     if (ret < 0 && needUnlink)
edecca
         unlink(path);
edecca
@@ -3793,9 +3796,9 @@ doCoreDump(virQEMUDriverPtr driver,
edecca
     /* Core dumps usually imply last-ditch analysis efforts are
edecca
      * desired, so we intentionally do not unlink even if a file was
edecca
      * created.  */
edecca
-    if ((fd = qemuOpenFile(driver, vm, path,
edecca
-                           O_CREAT | O_TRUNC | O_WRONLY | directFlag,
edecca
-                           NULL)) < 0)
edecca
+    if ((fd = qemuOpenFileAs(cfg->user, cfg->group, false, path,
edecca
+                             O_CREAT | O_TRUNC | O_WRONLY | directFlag,
edecca
+                             NULL)) < 0)
edecca
         goto cleanup;
edecca
 
edecca
     if (!(wrapperFd = virFileWrapperFdNew(&fd, path, flags)))
edecca
-- 
edecca
2.18.0
edecca