openkylin
/
libvirt
mirror of https://gitee.com/openkylin/libvirt.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

qemuDomainSaveMemory: Don't enforce dynamicOwnership 

https://bugzilla.redhat.com/show_bug.cgi?id=1589115

When doing a memory snapshot qemuOpenFile() is used. This means
that the file where memory is saved is firstly attempted to be
created under root:root (because that's what libvirtd is running
under) and if this fails the second attempt is done under
domain's uid:gid. This does not make much sense - qemu is given
opened FD so it does not need to access the file. Moreover, if
dynamicOwnership is set in qemu.conf and the file lives on a
squashed NFS this is deadly combination and very likely to fail.

The fix consists of using:

  qemuOpenFileAs(fallback_uid = cfg->user,
                 fallback_gid = cfg->group,
                 dynamicOwnership = false)

In other words, dynamicOwnership is turned off for memory
snapshot (chown() will still be attempted if the file does not
live on NFS) and instead of using domain DAC label, configured
user:group is set as fallback.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
Michal Privoznik 2018-06-26 15:34:21 +02:00
parent 149f0c4e00
commit 8c8c32339a
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/qemu/qemu_driver.c
View File

@ -3185,6 +3185,7 @@ qemuDomainSaveMemory(virQEMUDriverPtr driver,
unsigned int flags, unsigned int flags,
qemuDomainAsyncJob asyncJob) qemuDomainAsyncJob asyncJob)
{ {
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
bool needUnlink = false; bool needUnlink = false;
int ret = -1; int ret = -1;
int fd = -1; int fd = -1;
@ -3202,9 +3203,10 @@ qemuDomainSaveMemory(virQEMUDriverPtr driver,
goto cleanup; goto cleanup;
} }
} }
fd = qemuOpenFile(driver, vm, path,
O_WRONLY | O_TRUNC | O_CREAT | directFlag, fd = qemuOpenFileAs(cfg->user, cfg->group, false, path,
&needUnlink); O_WRONLY | O_TRUNC | O_CREAT | directFlag,
&needUnlink);
if (fd < 0) if (fd < 0)
goto cleanup; goto cleanup;
@ -3244,6 +3246,7 @@ qemuDomainSaveMemory(virQEMUDriverPtr driver,
cleanup: cleanup:
VIR_FORCE_CLOSE(fd); VIR_FORCE_CLOSE(fd);
virFileWrapperFdFree(wrapperFd); virFileWrapperFdFree(wrapperFd);
virObjectUnref(cfg);
if (ret < 0 && needUnlink) if (ret < 0 && needUnlink)
unlink(path); unlink(path);
@ -3793,9 +3796,9 @@ doCoreDump(virQEMUDriverPtr driver,
/* Core dumps usually imply last-ditch analysis efforts are /* Core dumps usually imply last-ditch analysis efforts are
* desired, so we intentionally do not unlink even if a file was * desired, so we intentionally do not unlink even if a file was
* created. */ * created. */
if ((fd = qemuOpenFile(driver, vm, path, if ((fd = qemuOpenFileAs(cfg->user, cfg->group, false, path,
O_CREAT | O_TRUNC | O_WRONLY | directFlag, O_CREAT | O_TRUNC | O_WRONLY | directFlag,
NULL)) < 0) NULL)) < 0)
goto cleanup; goto cleanup;
if (!(wrapperFd = virFileWrapperFdNew(&fd, path, flags))) if (!(wrapperFd = virFileWrapperFdNew(&fd, path, flags)))