From nobody Fri Dec 19 04:35:07 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1729063470189874.9597249203644;
 Wed, 16 Oct 2024 00:24:30 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 326A01724; Wed, 16 Oct 2024 03:24:29 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id BBF4F18A0;
	Wed, 16 Oct 2024 03:23:22 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id E3F2C1283; Wed, 16 Oct 2024 03:23:14 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 566211421
	for <devel@lists.libvirt.org>; Wed, 16 Oct 2024 03:23:14 -0400 (EDT)
Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com
 [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-518-fVXcYl5fNIG6xINSo0yeWQ-1; Wed, 16 Oct 2024 03:23:12 -0400
Received: by mail-wm1-f72.google.com with SMTP id
 5b1f17b1804b1-431285dd196so24956895e9.0
        for <devel@lists.libvirt.org>; Wed, 16 Oct 2024 00:23:12 -0700 (PDT)
Received: from wheatley.localdomain (nat-pool-brq-t.redhat.com.
 [213.175.37.10])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4313f5698a3sm40849505e9.13.2024.10.16.00.23.10
        for <devel@lists.libvirt.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Oct 2024 00:23:10 -0700 (PDT)
Received: from wheatley.brq.redhat.com (wheatley.k8r.cz [127.0.0.1])
	by wheatley.localdomain (Postfix) with ESMTP id C8D8B3287524
	for <devel@lists.libvirt.org>; Wed, 16 Oct 2024 09:23:09 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.5 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable
	autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1729063394;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=whEMV/8/BodYp9LCmlrLJTnus2NvGcsN9VZ5VfI+ZVQ=;
	b=hLiOWovCWvF7+7at4z6IXJO19Ff0q7dEkgoIibP/VoVjBeUx8pU7ty3ZQlRMD7qtoFisT3
	mMAQfD+8EVT21iFFFqFLRCnIC8mUhTrfCWMo8IReSFH79RJDJ4bpuWUJsz8mbXriugK/RS
	xtf6cpDlV85tUk3NgLMiLtMi5+VCKT0=
X-MC-Unique: fVXcYl5fNIG6xINSo0yeWQ-1
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1729063391; x=1729668191;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=whEMV/8/BodYp9LCmlrLJTnus2NvGcsN9VZ5VfI+ZVQ=;
        b=KmEau1H1VN1j98jZM5PxuhDaAFj4q1i7CwcCfONJxuKGRGJ5QRvEzejr0q1zGX8d7g
         Kna2EonmvmC9XnND5IPe9dvaCH4XuZQeIlnoQA26pxNnPnP7pxTNhMUjTVvfQUrbtOzF
         w3p0DX+fsb5QviDIRky+UbONEJhnVrzZ5x2C39z0pIeDZWqCaQ4W2rd475vNaQXRe0I5
         wAG7KKvWvZRYiVaidrpMlDirrtJHYVUX48D2qK/TZ8LNe/7DoHIu4Vgom8CBVPmGYqFX
         275mSOZhcc4dtLxjnL3KfS9rcJ1cBIsOSmjfrEvCTklFfZOVk0s1//dUdFxXAgTcQXyA
         xR9A==
X-Gm-Message-State: AOJu0YwrZHD1WPUCaxBx8aFv3wkuJjHTgx9ewPDUmJSwh1tLqKi/mibA
	o4CFU7jkrLGxY0i36NaAU1lDbVQWQFM6txb59IoYo3ReY/gJRLcG3pJwzrEn8XMgz2vCahDwyCL
	33vUG4Tb+tQBxwE5EDvxirN6K4cm0+HimBvnXg4fSkdh9XdRuycjdx3SNRAG77BDlcEPsdaTlyk
	bHTOskwwsosGAG8ZbY3QJtlouJhpU4W4cNIu4+Oks=
X-Received: by 2002:a05:600c:1f8c:b0:42c:b220:4778 with SMTP id
 5b1f17b1804b1-4311df5c639mr156288915e9.33.1729063391588;
        Wed, 16 Oct 2024 00:23:11 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IEdzyc1dvYYkeApnWpth10+wJWqlodSoXxL28V9JZ7zXL8lSeDKCCtwEdgUgAaPJNwHqPnIVw==
X-Received: by 2002:a05:600c:1f8c:b0:42c:b220:4778 with SMTP id
 5b1f17b1804b1-4311df5c639mr156288635e9.33.1729063391120;
        Wed, 16 Oct 2024 00:23:11 -0700 (PDT)
From: Martin Kletzander <mkletzan@redhat.com>
To: devel@lists.libvirt.org
Subject: [PATCH 3/3] qemu_namespace: Only replicate labels on created files
Date: Wed, 16 Oct 2024 09:23:07 +0200
Message-ID: 
 <07d50b961bbf0b78844db737b8ee85436b87e9f7.1729062819.git.mkletzan@redhat.com>
X-Mailer: git-send-email 2.47.0
In-Reply-To: <cover.1729062819.git.mkletzan@redhat.com>
References: <cover.1729062819.git.mkletzan@redhat.com>
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: 3XVWNLZUI77YZWIITFZTX25YE5JQJNTL
X-Message-ID-Hash: 3XVWNLZUI77YZWIITFZTX25YE5JQJNTL
X-MailFrom: mkletzan@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/3XVWNLZUI77YZWIITFZTX25YE5JQJNTL/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1729063472110116600
Content-Type: text/plain; charset="utf-8"; x-default="true"

Function qemuNamespaceMknodOne() is trying to replicate a file from the
parent namespace as perfectly as possible, with the same permissions,
labels, ACLs, etc.

If that file already existed it means that the qemu process is probably
using it already and the current setting is probably more correct than
the ones from the parent namespace.

In order to reflect that only replicate the file metadata when it was
(re-)created in this function.

Resolves: https://issues.redhat.com/browse/RHEL-62174
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 src/qemu/qemu_namespace.c | 56 ++++++++++++++++++++-------------------
 1 file changed, 29 insertions(+), 27 deletions(-)

diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
index 33a773917373..6594657bfa3e 100644
--- a/src/qemu/qemu_namespace.c
+++ b/src/qemu/qemu_namespace.c
@@ -1090,43 +1090,45 @@ qemuNamespaceMknodOne(qemuNamespaceMknodItem *data)
         goto cleanup;
     }
=20
-    if (lchown(data->file, data->sb.st_uid, data->sb.st_gid) < 0) {
-        virReportSystemError(errno,
-                             _("Failed to chown device %1$s"),
-                             data->file);
-        goto cleanup;
-    }
+    if (!existed) {
+        if (lchown(data->file, data->sb.st_uid, data->sb.st_gid) < 0) {
+            virReportSystemError(errno,
+                                 _("Failed to chown device %1$s"),
+                                 data->file);
+            goto cleanup;
+        }
=20
-    /* Symlinks don't have mode */
-    if (!isLink &&
-        chmod(data->file, data->sb.st_mode) < 0) {
-        virReportSystemError(errno,
-                             _("Failed to set permissions for device %1$s"=
),
-                             data->file);
-        goto cleanup;
-    }
+        /* Symlinks don't have mode */
+        if (!isLink &&
+            chmod(data->file, data->sb.st_mode) < 0) {
+            virReportSystemError(errno,
+                                 _("Failed to set permissions for device %=
1$s"),
+                                 data->file);
+            goto cleanup;
+        }
=20
-    if (data->acl &&
-        virFileSetACLs(data->file, data->acl) < 0 &&
-        errno !=3D ENOTSUP) {
-        virReportSystemError(errno,
-                             _("Unable to set ACLs on %1$s"), data->file);
-        goto cleanup;
-    }
+        if (data->acl &&
+            virFileSetACLs(data->file, data->acl) < 0 &&
+            errno !=3D ENOTSUP) {
+            virReportSystemError(errno,
+                                 _("Unable to set ACLs on %1$s"), data->fi=
le);
+            goto cleanup;
+        }
=20
 # ifdef WITH_SELINUX
-    if (data->tcon &&
-        lsetfilecon_raw(data->file, (const char *)data->tcon) < 0) {
-        VIR_WARNINGS_NO_WLOGICALOP_EQUAL_EXPR
-        if (errno !=3D EOPNOTSUPP && errno !=3D ENOTSUP) {
-        VIR_WARNINGS_RESET
+        if (data->tcon &&
+            lsetfilecon_raw(data->file, (const char *)data->tcon) < 0) {
+            VIR_WARNINGS_NO_WLOGICALOP_EQUAL_EXPR
+            if (errno !=3D EOPNOTSUPP && errno !=3D ENOTSUP) {
+            VIR_WARNINGS_RESET
             virReportSystemError(errno,
                                  _("Unable to set SELinux label on %1$s"),
                                  data->file);
             goto cleanup;
+            }
         }
-    }
 # endif
+    }
=20
     /* Finish mount process started earlier. */
     if ((isReg || isDir) &&
--=20
2.47.0