Blame SOURCES/libvirt-qemu_namespace-Tolerate-missing-ACLs-when-creating-a-path-in-namespace.patch

639072
From a3fac9a9faf966abd77d63d064eef9d29337fd20 Mon Sep 17 00:00:00 2001
639072
Message-Id: <a3fac9a9faf966abd77d63d064eef9d29337fd20@dist-git>
639072
From: Michal Privoznik <mprivozn@redhat.com>
639072
Date: Tue, 6 Sep 2022 13:37:23 +0200
639072
Subject: [PATCH] qemu_namespace: Tolerate missing ACLs when creating a path in
639072
 namespace
639072
639072
When creating a path in a domain's mount namespace we try to set
639072
ACLs on it, so that it's a verbatim copy of the path in parent's
639072
namespace. The ACLs are queried upfront (by
639072
qemuNamespaceMknodItemInit()) but this is fault tolerant so the
639072
pointer to ACLs might be NULL (meaning no ACLs were queried, for
639072
instance because the underlying filesystem does not support
639072
them). But then we take this NULL and pass it to virFileSetACLs()
639072
which immediately returns an error because NULL is invalid value.
639072
639072
Mimic what we do with SELinux label - only set ACLs if they are
639072
non-NULL which includes symlinks.
639072
639072
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
639072
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
639072
(cherry picked from commit 687374959e160dc566bd4b6d43c7bf1beb470c59)
639072
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2132176
639072
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
639072
---
639072
 src/qemu/qemu_namespace.c | 3 +--
639072
 1 file changed, 1 insertion(+), 2 deletions(-)
639072
639072
diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
639072
index 94453033f5..4bff325a2c 100644
639072
--- a/src/qemu/qemu_namespace.c
639072
+++ b/src/qemu/qemu_namespace.c
639072
@@ -1023,8 +1023,7 @@ qemuNamespaceMknodOne(qemuNamespaceMknodItem *data)
639072
         goto cleanup;
639072
     }
639072
 
639072
-    /* Symlinks don't have ACLs. */
639072
-    if (!isLink &&
639072
+    if (data->acl &&
639072
         virFileSetACLs(data->file, data->acl) < 0 &&
639072
         errno != ENOTSUP) {
639072
         virReportSystemError(errno,
639072
-- 
639072
2.38.1
639072