Re: [libvirt] [PATCH 6/6] storage: fs: Only force directory permissions if required
On 04/28/2015 09:54 PM, Cole Robinson wrote:
On 04/28/2015 09:36 AM, Peter Krempa wrote:
On Mon, Apr 27, 2015 at 16:48:44 -0400, Cole Robinson wrote:
Only set directory permissions at pool build time, if:
- User explicitly requested a mode via the XML
- The directory needs to be created
- We need to do the crazy NFS root-squash workaround
This allows qemu:///session to call build on an existing directory
like /tmp.
---
src/storage/storage_backend_fs.c | 16 +++-
src/util/virfile.c | 2 +-
2 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/src/storage/storage_backend_fs.c
b/src/storage/storage_backend_fs.c
index 344ee4c..e11c240 100644
--- a/src/storage/storage_backend_fs.c
+++ b/src/storage/storage_backend_fs.c
@@ -769,6 +769,8 @@ virStorageBackendFileSystemBuild(virConnectPtr conn
ATTRIBUTE_UNUSED,
int err, ret = -1;
char *parent = NULL;
char *p = NULL;
+mode_t mode;
+bool needs_create_as_uid;
virCheckFlags(VIR_STORAGE_POOL_BUILD_OVERWRITE |
VIR_STORAGE_POOL_BUILD_NO_OVERWRITE, ret);
@@ -802,19 +804,23 @@ virStorageBackendFileSystemBuild(virConnectPtr conn
ATTRIBUTE_UNUSED,
}
}
+needs_create_as_uid = (pool-def-type == VIR_STORAGE_POOL_NETFS);
+mode = pool-def-target.perms.mode;
+if (mode == (mode_t) -1
+(needs_create_as_uid || !virFileExists(pool-def-target.path)))
+mode = VIR_STORAGE_DEFAULT_POOL_PERM_MODE;
+
/* Now create the final dir in the path with the uid/gid/mode
* requested in the config. If the dir already exists, just set
* the perms. */
if ((err = virDirCreate(pool-def-target.path,
-(pool-def-target.perms.mode == (mode_t) -1 ?
- VIR_STORAGE_DEFAULT_POOL_PERM_MODE :
- pool-def-target.perms.mode),
+mode,
pool-def-target.perms.uid,
pool-def-target.perms.gid,
VIR_DIR_CREATE_FORCE_PERMS |
VIR_DIR_CREATE_ALLOW_EXIST |
-(pool-def-type == VIR_STORAGE_POOL_NETFS
-? VIR_DIR_CREATE_AS_UID : 0))) 0) {
+(needs_create_as_uid ? VIR_DIR_CREATE_AS_UID :
0)
+)) 0) {
Closing parentheses on a separate line are ugly. I'd rather see
violating the 80 cols rule rather than damaging readability of the code.
goto error;
}
diff --git a/src/util/virfile.c b/src/util/virfile.c
index 676e7b4..7e49f39 100644
--- a/src/util/virfile.c
+++ b/src/util/virfile.c
@@ -2311,7 +2311,7 @@ virDirCreateNoFork(const char *path,
path, (unsigned int) uid, (unsigned int) gid);
goto error;
}
-if ((flags VIR_DIR_CREATE_FORCE_PERMS)
+if (((flags VIR_DIR_CREATE_FORCE_PERMS) mode != (mode_t) -1)
This is a usage error of the function. Using mode == -1 and requesting
it to be set doesn't make much sense.
And to clarify, I'll push patches 1-4 when the new release opens, since they
had minor changes. Then I'll post a new series with 5-6 + additional patches
Pushed patches 1-4 now.
Thanks,
Cole
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 6/6] storage: fs: Only force directory permissions if required
On Mon, Apr 27, 2015 at 16:48:44 -0400, Cole Robinson wrote:
Only set directory permissions at pool build time, if:
- User explicitly requested a mode via the XML
- The directory needs to be created
- We need to do the crazy NFS root-squash workaround
This allows qemu:///session to call build on an existing directory
like /tmp.
---
src/storage/storage_backend_fs.c | 16 +++-
src/util/virfile.c | 2 +-
2 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/src/storage/storage_backend_fs.c
b/src/storage/storage_backend_fs.c
index 344ee4c..e11c240 100644
--- a/src/storage/storage_backend_fs.c
+++ b/src/storage/storage_backend_fs.c
@@ -769,6 +769,8 @@ virStorageBackendFileSystemBuild(virConnectPtr conn
ATTRIBUTE_UNUSED,
int err, ret = -1;
char *parent = NULL;
char *p = NULL;
+mode_t mode;
+bool needs_create_as_uid;
virCheckFlags(VIR_STORAGE_POOL_BUILD_OVERWRITE |
VIR_STORAGE_POOL_BUILD_NO_OVERWRITE, ret);
@@ -802,19 +804,23 @@ virStorageBackendFileSystemBuild(virConnectPtr conn
ATTRIBUTE_UNUSED,
}
}
+needs_create_as_uid = (pool-def-type == VIR_STORAGE_POOL_NETFS);
+mode = pool-def-target.perms.mode;
+if (mode == (mode_t) -1
+(needs_create_as_uid || !virFileExists(pool-def-target.path)))
+mode = VIR_STORAGE_DEFAULT_POOL_PERM_MODE;
+
/* Now create the final dir in the path with the uid/gid/mode
* requested in the config. If the dir already exists, just set
* the perms. */
if ((err = virDirCreate(pool-def-target.path,
-(pool-def-target.perms.mode == (mode_t) -1 ?
- VIR_STORAGE_DEFAULT_POOL_PERM_MODE :
- pool-def-target.perms.mode),
+mode,
pool-def-target.perms.uid,
pool-def-target.perms.gid,
VIR_DIR_CREATE_FORCE_PERMS |
VIR_DIR_CREATE_ALLOW_EXIST |
-(pool-def-type == VIR_STORAGE_POOL_NETFS
-? VIR_DIR_CREATE_AS_UID : 0))) 0) {
+(needs_create_as_uid ? VIR_DIR_CREATE_AS_UID : 0)
+)) 0) {
Closing parentheses on a separate line are ugly. I'd rather see
violating the 80 cols rule rather than damaging readability of the code.
goto error;
}
diff --git a/src/util/virfile.c b/src/util/virfile.c
index 676e7b4..7e49f39 100644
--- a/src/util/virfile.c
+++ b/src/util/virfile.c
@@ -2311,7 +2311,7 @@ virDirCreateNoFork(const char *path,
path, (unsigned int) uid, (unsigned int) gid);
goto error;
}
-if ((flags VIR_DIR_CREATE_FORCE_PERMS)
+if (((flags VIR_DIR_CREATE_FORCE_PERMS) mode != (mode_t) -1)
This is a usage error of the function. Using mode == -1 and requesting
it to be set doesn't make much sense.
(chmod(path, mode) 0)) {
ret = -errno;
virReportSystemError(errno,
ACK.
Peter
signature.asc
Description: Digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 6/6] storage: fs: Only force directory permissions if required
On 04/28/2015 09:36 AM, Peter Krempa wrote:
On Mon, Apr 27, 2015 at 16:48:44 -0400, Cole Robinson wrote:
Only set directory permissions at pool build time, if:
- User explicitly requested a mode via the XML
- The directory needs to be created
- We need to do the crazy NFS root-squash workaround
This allows qemu:///session to call build on an existing directory
like /tmp.
---
src/storage/storage_backend_fs.c | 16 +++-
src/util/virfile.c | 2 +-
2 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/src/storage/storage_backend_fs.c
b/src/storage/storage_backend_fs.c
index 344ee4c..e11c240 100644
--- a/src/storage/storage_backend_fs.c
+++ b/src/storage/storage_backend_fs.c
@@ -769,6 +769,8 @@ virStorageBackendFileSystemBuild(virConnectPtr conn
ATTRIBUTE_UNUSED,
int err, ret = -1;
char *parent = NULL;
char *p = NULL;
+mode_t mode;
+bool needs_create_as_uid;
virCheckFlags(VIR_STORAGE_POOL_BUILD_OVERWRITE |
VIR_STORAGE_POOL_BUILD_NO_OVERWRITE, ret);
@@ -802,19 +804,23 @@ virStorageBackendFileSystemBuild(virConnectPtr conn
ATTRIBUTE_UNUSED,
}
}
+needs_create_as_uid = (pool-def-type == VIR_STORAGE_POOL_NETFS);
+mode = pool-def-target.perms.mode;
+if (mode == (mode_t) -1
+(needs_create_as_uid || !virFileExists(pool-def-target.path)))
+mode = VIR_STORAGE_DEFAULT_POOL_PERM_MODE;
+
/* Now create the final dir in the path with the uid/gid/mode
* requested in the config. If the dir already exists, just set
* the perms. */
if ((err = virDirCreate(pool-def-target.path,
-(pool-def-target.perms.mode == (mode_t) -1 ?
- VIR_STORAGE_DEFAULT_POOL_PERM_MODE :
- pool-def-target.perms.mode),
+mode,
pool-def-target.perms.uid,
pool-def-target.perms.gid,
VIR_DIR_CREATE_FORCE_PERMS |
VIR_DIR_CREATE_ALLOW_EXIST |
-(pool-def-type == VIR_STORAGE_POOL_NETFS
-? VIR_DIR_CREATE_AS_UID : 0))) 0) {
+(needs_create_as_uid ? VIR_DIR_CREATE_AS_UID :
0)
+)) 0) {
Closing parentheses on a separate line are ugly. I'd rather see
violating the 80 cols rule rather than damaging readability of the code.
goto error;
}
diff --git a/src/util/virfile.c b/src/util/virfile.c
index 676e7b4..7e49f39 100644
--- a/src/util/virfile.c
+++ b/src/util/virfile.c
@@ -2311,7 +2311,7 @@ virDirCreateNoFork(const char *path,
path, (unsigned int) uid, (unsigned int) gid);
goto error;
}
-if ((flags VIR_DIR_CREATE_FORCE_PERMS)
+if (((flags VIR_DIR_CREATE_FORCE_PERMS) mode != (mode_t) -1)
This is a usage error of the function. Using mode == -1 and requesting
it to be set doesn't make much sense.
And to clarify, I'll push patches 1-4 when the new release opens, since they
had minor changes. Then I'll post a new series with 5-6 + additional patches
- Cole
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 6/6] storage: fs: Only force directory permissions if required
On 04/28/2015 09:36 AM, Peter Krempa wrote:
On Mon, Apr 27, 2015 at 16:48:44 -0400, Cole Robinson wrote:
Only set directory permissions at pool build time, if:
- User explicitly requested a mode via the XML
- The directory needs to be created
- We need to do the crazy NFS root-squash workaround
This allows qemu:///session to call build on an existing directory
like /tmp.
---
src/storage/storage_backend_fs.c | 16 +++-
src/util/virfile.c | 2 +-
2 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/src/storage/storage_backend_fs.c
b/src/storage/storage_backend_fs.c
index 344ee4c..e11c240 100644
--- a/src/storage/storage_backend_fs.c
+++ b/src/storage/storage_backend_fs.c
@@ -769,6 +769,8 @@ virStorageBackendFileSystemBuild(virConnectPtr conn
ATTRIBUTE_UNUSED,
int err, ret = -1;
char *parent = NULL;
char *p = NULL;
+mode_t mode;
+bool needs_create_as_uid;
virCheckFlags(VIR_STORAGE_POOL_BUILD_OVERWRITE |
VIR_STORAGE_POOL_BUILD_NO_OVERWRITE, ret);
@@ -802,19 +804,23 @@ virStorageBackendFileSystemBuild(virConnectPtr conn
ATTRIBUTE_UNUSED,
}
}
+needs_create_as_uid = (pool-def-type == VIR_STORAGE_POOL_NETFS);
+mode = pool-def-target.perms.mode;
+if (mode == (mode_t) -1
+(needs_create_as_uid || !virFileExists(pool-def-target.path)))
+mode = VIR_STORAGE_DEFAULT_POOL_PERM_MODE;
+
/* Now create the final dir in the path with the uid/gid/mode
* requested in the config. If the dir already exists, just set
* the perms. */
if ((err = virDirCreate(pool-def-target.path,
-(pool-def-target.perms.mode == (mode_t) -1 ?
- VIR_STORAGE_DEFAULT_POOL_PERM_MODE :
- pool-def-target.perms.mode),
+mode,
pool-def-target.perms.uid,
pool-def-target.perms.gid,
VIR_DIR_CREATE_FORCE_PERMS |
VIR_DIR_CREATE_ALLOW_EXIST |
-(pool-def-type == VIR_STORAGE_POOL_NETFS
-? VIR_DIR_CREATE_AS_UID : 0))) 0) {
+(needs_create_as_uid ? VIR_DIR_CREATE_AS_UID :
0)
+)) 0) {
Closing parentheses on a separate line are ugly. I'd rather see
violating the 80 cols rule rather than damaging readability of the code.
Will do
goto error;
}
diff --git a/src/util/virfile.c b/src/util/virfile.c
index 676e7b4..7e49f39 100644
--- a/src/util/virfile.c
+++ b/src/util/virfile.c
@@ -2311,7 +2311,7 @@ virDirCreateNoFork(const char *path,
path, (unsigned int) uid, (unsigned int) gid);
goto error;
}
-if ((flags VIR_DIR_CREATE_FORCE_PERMS)
+if (((flags VIR_DIR_CREATE_FORCE_PERMS) mode != (mode_t) -1)
This is a usage error of the function. Using mode == -1 and requesting
it to be set doesn't make much sense.
Hmm, I think instead I'll add an additional patch to drop FORCE_PERMS
entirely.. it's used by every virDirCreate caller. We can just key the chmod
off of whether mode != -1
(chmod(path, mode) 0)) {
ret = -errno;
virReportSystemError(errno,
ACK.
Peter
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 6/6] storage: fs: Only force directory permissions if required
Only set directory permissions at pool build time, if:
- User explicitly requested a mode via the XML
- The directory needs to be created
- We need to do the crazy NFS root-squash workaround
This allows qemu:///session to call build on an existing directory
like /tmp.
---
src/storage/storage_backend_fs.c | 16 +++-
src/util/virfile.c | 2 +-
2 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/src/storage/storage_backend_fs.c b/src/storage/storage_backend_fs.c
index 344ee4c..e11c240 100644
--- a/src/storage/storage_backend_fs.c
+++ b/src/storage/storage_backend_fs.c
@@ -769,6 +769,8 @@ virStorageBackendFileSystemBuild(virConnectPtr conn
ATTRIBUTE_UNUSED,
int err, ret = -1;
char *parent = NULL;
char *p = NULL;
+mode_t mode;
+bool needs_create_as_uid;
virCheckFlags(VIR_STORAGE_POOL_BUILD_OVERWRITE |
VIR_STORAGE_POOL_BUILD_NO_OVERWRITE, ret);
@@ -802,19 +804,23 @@ virStorageBackendFileSystemBuild(virConnectPtr conn
ATTRIBUTE_UNUSED,
}
}
+needs_create_as_uid = (pool-def-type == VIR_STORAGE_POOL_NETFS);
+mode = pool-def-target.perms.mode;
+if (mode == (mode_t) -1
+(needs_create_as_uid || !virFileExists(pool-def-target.path)))
+mode = VIR_STORAGE_DEFAULT_POOL_PERM_MODE;
+
/* Now create the final dir in the path with the uid/gid/mode
* requested in the config. If the dir already exists, just set
* the perms. */
if ((err = virDirCreate(pool-def-target.path,
-(pool-def-target.perms.mode == (mode_t) -1 ?
- VIR_STORAGE_DEFAULT_POOL_PERM_MODE :
- pool-def-target.perms.mode),
+mode,
pool-def-target.perms.uid,
pool-def-target.perms.gid,
VIR_DIR_CREATE_FORCE_PERMS |
VIR_DIR_CREATE_ALLOW_EXIST |
-(pool-def-type == VIR_STORAGE_POOL_NETFS
-? VIR_DIR_CREATE_AS_UID : 0))) 0) {
+(needs_create_as_uid ? VIR_DIR_CREATE_AS_UID : 0)
+)) 0) {
goto error;
}
diff --git a/src/util/virfile.c b/src/util/virfile.c
index 676e7b4..7e49f39 100644
--- a/src/util/virfile.c
+++ b/src/util/virfile.c
@@ -2311,7 +2311,7 @@ virDirCreateNoFork(const char *path,
path, (unsigned int) uid, (unsigned int) gid);
goto error;
}
-if ((flags VIR_DIR_CREATE_FORCE_PERMS)
+if (((flags VIR_DIR_CREATE_FORCE_PERMS) mode != (mode_t) -1)
(chmod(path, mode) 0)) {
ret = -errno;
virReportSystemError(errno,
--
2.3.6
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
