|
 |
99cbc7 |
From 427a75470c813205af2ea6bd81daacb0281ef58a Mon Sep 17 00:00:00 2001
|
|
|
99cbc7 |
Message-Id: <427a75470c813205af2ea6bd81daacb0281ef58a@dist-git>
|
|
|
99cbc7 |
From: Michal Privoznik <mprivozn@redhat.com>
|
|
|
99cbc7 |
Date: Wed, 25 Jul 2018 08:27:10 +0200
|
|
|
99cbc7 |
Subject: [PATCH] qemuDomainSaveMemory: Don't enforce dynamicOwnership
|
|
|
99cbc7 |
MIME-Version: 1.0
|
|
|
99cbc7 |
Content-Type: text/plain; charset=UTF-8
|
|
|
99cbc7 |
Content-Transfer-Encoding: 8bit
|
|
|
99cbc7 |
|
|
|
99cbc7 |
https://bugzilla.redhat.com/show_bug.cgi?id=1589115
|
|
|
99cbc7 |
|
|
|
99cbc7 |
When doing a memory snapshot qemuOpenFile() is used. This means
|
|
|
99cbc7 |
that the file where memory is saved is firstly attempted to be
|
|
|
99cbc7 |
created under root:root (because that's what libvirtd is running
|
|
|
99cbc7 |
under) and if this fails the second attempt is done under
|
|
|
99cbc7 |
domain's uid:gid. This does not make much sense - qemu is given
|
|
|
99cbc7 |
opened FD so it does not need to access the file. Moreover, if
|
|
|
99cbc7 |
dynamicOwnership is set in qemu.conf and the file lives on a
|
|
|
99cbc7 |
squashed NFS this is deadly combination and very likely to fail.
|
|
|
99cbc7 |
|
|
|
99cbc7 |
The fix consists of using:
|
|
|
99cbc7 |
|
|
|
99cbc7 |
qemuOpenFileAs(fallback_uid = cfg->user,
|
|
|
99cbc7 |
fallback_gid = cfg->group,
|
|
|
99cbc7 |
dynamicOwnership = false)
|
|
|
99cbc7 |
|
|
|
99cbc7 |
In other words, dynamicOwnership is turned off for memory
|
|
|
99cbc7 |
snapshot (chown() will still be attempted if the file does not
|
|
|
99cbc7 |
live on NFS) and instead of using domain DAC label, configured
|
|
|
99cbc7 |
user:group is set as fallback.
|
|
|
99cbc7 |
|
|
|
99cbc7 |
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
|
99cbc7 |
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
|
|
|
99cbc7 |
(cherry picked from commit 8c8c32339ae965fa6991462e98be1f5890ac7499)
|
|
|
99cbc7 |
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
|
99cbc7 |
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
|
99cbc7 |
---
|
|
|
99cbc7 |
src/qemu/qemu_driver.c | 15 +++++++++------
|
|
|
99cbc7 |
1 file changed, 9 insertions(+), 6 deletions(-)
|
|
|
99cbc7 |
|
|
|
99cbc7 |
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
|
|
|
99cbc7 |
index efd0a05c90..c7689cc239 100644
|
|
|
99cbc7 |
--- a/src/qemu/qemu_driver.c
|
|
|
99cbc7 |
+++ b/src/qemu/qemu_driver.c
|
|
|
99cbc7 |
@@ -3185,6 +3185,7 @@ qemuDomainSaveMemory(virQEMUDriverPtr driver,
|
|
|
99cbc7 |
unsigned int flags,
|
|
|
99cbc7 |
qemuDomainAsyncJob asyncJob)
|
|
|
99cbc7 |
{
|
|
|
99cbc7 |
+ virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
|
|
|
99cbc7 |
bool needUnlink = false;
|
|
|
99cbc7 |
int ret = -1;
|
|
|
99cbc7 |
int fd = -1;
|
|
|
99cbc7 |
@@ -3202,9 +3203,10 @@ qemuDomainSaveMemory(virQEMUDriverPtr driver,
|
|
|
99cbc7 |
goto cleanup;
|
|
|
99cbc7 |
}
|
|
|
99cbc7 |
}
|
|
|
99cbc7 |
- fd = qemuOpenFile(driver, vm, path,
|
|
|
99cbc7 |
- O_WRONLY | O_TRUNC | O_CREAT | directFlag,
|
|
|
99cbc7 |
- &needUnlink);
|
|
|
99cbc7 |
+
|
|
|
99cbc7 |
+ fd = qemuOpenFileAs(cfg->user, cfg->group, false, path,
|
|
|
99cbc7 |
+ O_WRONLY | O_TRUNC | O_CREAT | directFlag,
|
|
|
99cbc7 |
+ &needUnlink);
|
|
|
99cbc7 |
if (fd < 0)
|
|
|
99cbc7 |
goto cleanup;
|
|
|
99cbc7 |
|
|
|
99cbc7 |
@@ -3244,6 +3246,7 @@ qemuDomainSaveMemory(virQEMUDriverPtr driver,
|
|
|
99cbc7 |
cleanup:
|
|
|
99cbc7 |
VIR_FORCE_CLOSE(fd);
|
|
|
99cbc7 |
virFileWrapperFdFree(wrapperFd);
|
|
|
99cbc7 |
+ virObjectUnref(cfg);
|
|
|
99cbc7 |
|
|
|
99cbc7 |
if (ret < 0 && needUnlink)
|
|
|
99cbc7 |
unlink(path);
|
|
|
99cbc7 |
@@ -3793,9 +3796,9 @@ doCoreDump(virQEMUDriverPtr driver,
|
|
|
99cbc7 |
/* Core dumps usually imply last-ditch analysis efforts are
|
|
|
99cbc7 |
* desired, so we intentionally do not unlink even if a file was
|
|
|
99cbc7 |
* created. */
|
|
|
99cbc7 |
- if ((fd = qemuOpenFile(driver, vm, path,
|
|
|
99cbc7 |
- O_CREAT | O_TRUNC | O_WRONLY | directFlag,
|
|
|
99cbc7 |
- NULL)) < 0)
|
|
|
99cbc7 |
+ if ((fd = qemuOpenFileAs(cfg->user, cfg->group, false, path,
|
|
|
99cbc7 |
+ O_CREAT | O_TRUNC | O_WRONLY | directFlag,
|
|
|
99cbc7 |
+ NULL)) < 0)
|
|
|
99cbc7 |
goto cleanup;
|
|
|
99cbc7 |
|
|
|
99cbc7 |
if (!(wrapperFd = virFileWrapperFdNew(&fd, path, flags)))
|
|
|
99cbc7 |
--
|
|
|
99cbc7 |
2.18.0
|
|
|
99cbc7 |
|