|
|
639072 |
From a3fac9a9faf966abd77d63d064eef9d29337fd20 Mon Sep 17 00:00:00 2001
|
|
|
639072 |
Message-Id: <a3fac9a9faf966abd77d63d064eef9d29337fd20@dist-git>
|
|
|
639072 |
From: Michal Privoznik <mprivozn@redhat.com>
|
|
|
639072 |
Date: Tue, 6 Sep 2022 13:37:23 +0200
|
|
|
639072 |
Subject: [PATCH] qemu_namespace: Tolerate missing ACLs when creating a path in
|
|
|
639072 |
namespace
|
|
|
639072 |
|
|
|
639072 |
When creating a path in a domain's mount namespace we try to set
|
|
|
639072 |
ACLs on it, so that it's a verbatim copy of the path in parent's
|
|
|
639072 |
namespace. The ACLs are queried upfront (by
|
|
|
639072 |
qemuNamespaceMknodItemInit()) but this is fault tolerant so the
|
|
|
639072 |
pointer to ACLs might be NULL (meaning no ACLs were queried, for
|
|
|
639072 |
instance because the underlying filesystem does not support
|
|
|
639072 |
them). But then we take this NULL and pass it to virFileSetACLs()
|
|
|
639072 |
which immediately returns an error because NULL is invalid value.
|
|
|
639072 |
|
|
|
639072 |
Mimic what we do with SELinux label - only set ACLs if they are
|
|
|
639072 |
non-NULL which includes symlinks.
|
|
|
639072 |
|
|
|
639072 |
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
|
639072 |
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
|
|
|
639072 |
(cherry picked from commit 687374959e160dc566bd4b6d43c7bf1beb470c59)
|
|
|
639072 |
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2132176
|
|
|
639072 |
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
|
639072 |
---
|
|
|
639072 |
src/qemu/qemu_namespace.c | 3 +--
|
|
|
639072 |
1 file changed, 1 insertion(+), 2 deletions(-)
|
|
|
639072 |
|
|
|
639072 |
diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
|
|
|
639072 |
index 94453033f5..4bff325a2c 100644
|
|
|
639072 |
--- a/src/qemu/qemu_namespace.c
|
|
|
639072 |
+++ b/src/qemu/qemu_namespace.c
|
|
|
639072 |
@@ -1023,8 +1023,7 @@ qemuNamespaceMknodOne(qemuNamespaceMknodItem *data)
|
|
|
639072 |
goto cleanup;
|
|
|
639072 |
}
|
|
|
639072 |
|
|
|
639072 |
- /* Symlinks don't have ACLs. */
|
|
|
639072 |
- if (!isLink &&
|
|
|
639072 |
+ if (data->acl &&
|
|
|
639072 |
virFileSetACLs(data->file, data->acl) < 0 &&
|
|
|
639072 |
errno != ENOTSUP) {
|
|
|
639072 |
virReportSystemError(errno,
|
|
|
639072 |
--
|
|
|
639072 |
2.38.1
|
|
|
639072 |
|