Blob Blame History Raw
From 1f0a6e441617da6a95e2188408ad1ed2dd4665e4 Mon Sep 17 00:00:00 2001
Message-Id: <1f0a6e441617da6a95e2188408ad1ed2dd4665e4@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 6 Sep 2022 13:37:23 +0200
Subject: [PATCH] qemu_namespace: Tolerate missing ACLs when creating a path in
 namespace

When creating a path in a domain's mount namespace we try to set
ACLs on it, so that it's a verbatim copy of the path in parent's
namespace. The ACLs are queried upfront (by
qemuNamespaceMknodItemInit()) but this is fault tolerant so the
pointer to ACLs might be NULL (meaning no ACLs were queried, for
instance because the underlying filesystem does not support
them). But then we take this NULL and pass it to virFileSetACLs()
which immediately returns an error because NULL is invalid value.

Mimic what we do with SELinux label - only set ACLs if they are
non-NULL which includes symlinks.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit 687374959e160dc566bd4b6d43c7bf1beb470c59)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2152083
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/qemu/qemu_namespace.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
index 98cd794666..71e3366ca5 100644
--- a/src/qemu/qemu_namespace.c
+++ b/src/qemu/qemu_namespace.c
@@ -1040,8 +1040,7 @@ qemuNamespaceMknodOne(qemuNamespaceMknodItem *data)
         goto cleanup;
     }
 
-    /* Symlinks don't have ACLs. */
-    if (!isLink &&
+    if (data->acl &&
         virFileSetACLs(data->file, data->acl) < 0 &&
         errno != ENOTSUP) {
         virReportSystemError(errno,
-- 
2.39.0