From 4f9e2b4b36fda208d25acf4126abbf4fee37f0b5 Mon Sep 17 00:00:00 2001

Message-Id: <4f9e2b4b36fda208d25acf4126abbf4fee37f0b5@dist-git>

From: Michal Privoznik <mprivozn@redhat.com>

Date: Tue, 25 Feb 2020 11:24:52 +0100

Subject: [PATCH] security: Don't fail if locking a file on NFS mount fails

The way that our file locking works is that we open() the file we

want to lock and then use fcntl(fd, F_SETLKW, ...) to lock it.

The problem is, we are doing all of these as root which doesn't

work if the file lives on root squashed NFS, because if it does

then the open() fails. The way to resolve this is to make this a

non fatal error and leave callers deal with this (i.e. disable

remembering) - implemented in the previous commit.

https://bugzilla.redhat.com/show_bug.cgi?id=1804672

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

Reviewed-by: Peter Krempa <pkrempa@redhat.com>

(cherry picked from commit f16663d58f7aab6bf800fcffd34f83f522927897)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

Message-Id: <d3cb3d3214cf3e67bd357fa9781ce55f8dc8c751.1582626185.git.mprivozn@redhat.com>

Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

---

 src/security/security_manager.c | 5 +++++

 1 file changed, 5 insertions(+)

diff --git a/src/security/security_manager.c b/src/security/security_manager.c

index 9d06316a99..23ed6a127c 100644

--- a/src/security/security_manager.c

+++ b/src/security/security_manager.c

@@ -1343,6 +1343,11 @@ virSecurityManagerMetadataLock(virSecurityManagerPtr mgr G_GNUC_UNUSED,

                 continue;

             }

+            if (virFileIsSharedFS(p)) {

+                /* Probably a root squashed NFS. */

+                continue;

+            }

+

             virReportSystemError(errno,

                                  _("unable to open %s"),

                                  p);

-- 

2.25.1