From nobody Sat Apr 20 10:02:48 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.37 as permitted sender) client-ip=209.132.183.37; envelope-from=libvir-list-bounces@redhat.com; helo=mx5-phx2.redhat.com; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.37 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; Return-Path: Received: from mx5-phx2.redhat.com (mx5-phx2.redhat.com [209.132.183.37]) by mx.zohomail.com with SMTPS id 1487086630460149.2225623910142; Tue, 14 Feb 2017 07:37:10 -0800 (PST) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by mx5-phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1EFXK1i007994; Tue, 14 Feb 2017 10:33:20 -0500 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v1EFXHbw026460 for ; Tue, 14 Feb 2017 10:33:17 -0500 Received: from inaba.usersys.redhat.com ([10.34.129.229]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1EFXEXn023418 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 14 Feb 2017 10:33:16 -0500 From: Andrea Bolognani To: libvir-list@redhat.com Date: Tue, 14 Feb 2017 16:33:08 +0100 Message-Id: <1487086391-970-2-git-send-email-abologna@redhat.com> In-Reply-To: <1487086391-970-1-git-send-email-abologna@redhat.com> References: <1487086391-970-1-git-send-email-abologna@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 1/4] configure: Move ACL checks to a separate file X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" --- configure.ac | 12 +++--------- m4/virt-acl.m4 | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 9 deletions(-) create mode 100644 m4/virt-acl.m4 diff --git a/configure.ac b/configure.ac index a995a05..ed49daa 100644 --- a/configure.ac +++ b/configure.ac @@ -271,6 +271,7 @@ LIBVIRT_ARG_VIRTUALPORT LIBVIRT_ARG_WIRESHARK LIBVIRT_ARG_YAJL =20 +LIBVIRT_CHECK_ACL LIBVIRT_CHECK_APPARMOR LIBVIRT_CHECK_ATOMIC LIBVIRT_CHECK_ATTR @@ -325,19 +326,11 @@ dnl Availability of various common headers (non-fatal= if missing). AC_CHECK_HEADERS([pwd.h regex.h sys/un.h \ sys/poll.h syslog.h mntent.h net/ethernet.h linux/magic.h \ sys/un.h sys/syscall.h sys/sysctl.h netinet/tcp.h ifaddrs.h \ - libtasn1.h sys/ucred.h sys/mount.h sys/acl.h]) + libtasn1.h sys/ucred.h sys/mount.h]) dnl Check whether endian provides handy macros. AC_CHECK_DECLS([htole64], [], [], [[#include ]]) AC_CHECK_FUNCS([stat stat64 __xstat __xstat64 lstat lstat64 __lxstat __lxs= tat64]) =20 -ACL_CFLAGS=3D"" -ACL_LIBS=3D"" -if test "x$ac_cv_header_sys_acl_h:x$with_linux" =3D "xyes:xyes" ; then - ACL_LIBS=3D"-lacl" -fi -AC_SUBST([ACL_CFLAGS]) -AC_SUBST([ACL_LIBS]) - AC_CHECK_TYPE([struct ifreq], [AC_DEFINE([HAVE_STRUCT_IFREQ],[1], [Defined if struct ifreq exists in net/if.h])], @@ -951,6 +944,7 @@ LIBVIRT_RESULT_DRIVER_MODULES AC_MSG_NOTICE([]) AC_MSG_NOTICE([Libraries]) AC_MSG_NOTICE([]) +LIBVIRT_RESULT_ACL LIBVIRT_RESULT_APPARMOR LIBVIRT_RESULT_ATTR LIBVIRT_RESULT_AUDIT diff --git a/m4/virt-acl.m4 b/m4/virt-acl.m4 new file mode 100644 index 0000000..f7d1c6d --- /dev/null +++ b/m4/virt-acl.m4 @@ -0,0 +1,35 @@ +dnl ACL support +dnl +dnl Copyright (C) 2017 Red Hat, Inc. +dnl +dnl This library is free software; you can redistribute it and/or +dnl modify it under the terms of the GNU Lesser General Public +dnl License as published by the Free Software Foundation; either +dnl version 2.1 of the License, or (at your option) any later version. +dnl +dnl This library is distributed in the hope that it will be useful, +dnl but WITHOUT ANY WARRANTY; without even the implied warranty of +dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +dnl Lesser General Public License for more details. +dnl +dnl You should have received a copy of the GNU Lesser General Public +dnl License along with this library. If not, see +dnl . +dnl + +AC_DEFUN([LIBVIRT_CHECK_ACL], [ + + AC_CHECK_HEADERS([sys/acl.h]) + + ACL_CFLAGS=3D"" + ACL_LIBS=3D"" + if test "x$ac_cv_header_sys_acl_h:x$with_linux" =3D "xyes:xyes"; then + ACL_LIBS=3D"-lacl" + fi + AC_SUBST([ACL_CFLAGS]) + AC_SUBST([ACL_LIBS]) +]) + +AC_DEFUN([LIBVIRT_RESULT_ACL], [ + LIBVIRT_RESULT_LIB([ACL]) +]) --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 20 10:02:48 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.37 as permitted sender) client-ip=209.132.183.37; envelope-from=libvir-list-bounces@redhat.com; helo=mx5-phx2.redhat.com; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.37 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; Return-Path: Received: from mx5-phx2.redhat.com (mx5-phx2.redhat.com [209.132.183.37]) by mx.zohomail.com with SMTPS id 1487086681106764.6905211576601; Tue, 14 Feb 2017 07:38:01 -0800 (PST) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by mx5-phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1EFXKj9007997; Tue, 14 Feb 2017 10:33:20 -0500 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v1EFXI6E026469 for ; Tue, 14 Feb 2017 10:33:18 -0500 Received: from inaba.usersys.redhat.com ([10.34.129.229]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1EFXEXo023418 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 14 Feb 2017 10:33:17 -0500 From: Andrea Bolognani To: libvir-list@redhat.com Date: Tue, 14 Feb 2017 16:33:09 +0100 Message-Id: <1487086391-970-3-git-send-email-abologna@redhat.com> In-Reply-To: <1487086391-970-1-git-send-email-abologna@redhat.com> References: <1487086391-970-1-git-send-email-abologna@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 2/4] configure: Make ACL mandatory when building the QEMU driver X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" When we're building a private /dev for the isolated QEMU process, we want to be able to replicate the contents of the original /dev as closely as possible, including ACLs. To ensure that's always possible, make ACL support mandatory when the QEMU driver is enabled. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=3D1421036 --- m4/virt-acl.m4 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/m4/virt-acl.m4 b/m4/virt-acl.m4 index f7d1c6d..7a8b8e5 100644 --- a/m4/virt-acl.m4 +++ b/m4/virt-acl.m4 @@ -21,6 +21,10 @@ AC_DEFUN([LIBVIRT_CHECK_ACL], [ =20 AC_CHECK_HEADERS([sys/acl.h]) =20 + if test "x$ac_cv_header_sys_acl_h:x$with_qemu" =3D "xno:xyes"; then + AC_MSG_ERROR([Unable to find , required by qemu driver]) + fi + ACL_CFLAGS=3D"" ACL_LIBS=3D"" if test "x$ac_cv_header_sys_acl_h:x$with_linux" =3D "xyes:xyes"; then --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 20 10:02:48 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.37 as permitted sender) client-ip=209.132.183.37; envelope-from=libvir-list-bounces@redhat.com; helo=mx5-phx2.redhat.com; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.37 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; Return-Path: Received: from mx5-phx2.redhat.com (mx5-phx2.redhat.com [209.132.183.37]) by mx.zohomail.com with SMTPS id 1487086649444615.7480203511029; Tue, 14 Feb 2017 07:37:29 -0800 (PST) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by mx5-phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1EFXYpw008027; Tue, 14 Feb 2017 10:33:34 -0500 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v1EFXJCd026476 for ; Tue, 14 Feb 2017 10:33:19 -0500 Received: from inaba.usersys.redhat.com ([10.34.129.229]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1EFXEXp023418 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 14 Feb 2017 10:33:18 -0500 From: Andrea Bolognani To: libvir-list@redhat.com Date: Tue, 14 Feb 2017 16:33:10 +0100 Message-Id: <1487086391-970-4-git-send-email-abologna@redhat.com> In-Reply-To: <1487086391-970-1-git-send-email-abologna@redhat.com> References: <1487086391-970-1-git-send-email-abologna@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 3/4] spec: Require libacl and its headers X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Now that they're required by configure, we should make sure they are available when building the rpm and when installing it. --- libvirt.spec.in | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libvirt.spec.in b/libvirt.spec.in index e8c272b..ca569e3 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -340,6 +340,8 @@ BuildRequires: polkit-devel >=3D 0.93 # For mount/umount in FS driver BuildRequires: util-linux %if %{with_qemu} +# For managing ACLs +BuildRequires: libacl-devel # From QEMU RPMs BuildRequires: /usr/bin/qemu-img %else @@ -645,6 +647,8 @@ Requires: xz %if 0%{?fedora} >=3D 24 Requires: systemd-container %endif +# For managing ACLs +Requires: libacl =20 %description daemon-driver-qemu The qemu driver plugin for the libvirtd daemon, providing --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 20 10:02:48 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.25 as permitted sender) client-ip=209.132.183.25; envelope-from=libvir-list-bounces@redhat.com; helo=mx4-phx2.redhat.com; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.25 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; Return-Path: Received: from mx4-phx2.redhat.com (mx4-phx2.redhat.com [209.132.183.25]) by mx.zohomail.com with SMTPS id 1487086720447704.1276651294719; Tue, 14 Feb 2017 07:38:40 -0800 (PST) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by mx4-phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v1EFXYW7024987; Tue, 14 Feb 2017 10:33:34 -0500 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v1EFXJFi026481 for ; Tue, 14 Feb 2017 10:33:19 -0500 Received: from inaba.usersys.redhat.com ([10.34.129.229]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1EFXEXq023418 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 14 Feb 2017 10:33:19 -0500 From: Andrea Bolognani To: libvir-list@redhat.com Date: Tue, 14 Feb 2017 16:33:11 +0100 Message-Id: <1487086391-970-5-git-send-email-abologna@redhat.com> In-Reply-To: <1487086391-970-1-git-send-email-abologna@redhat.com> References: <1487086391-970-1-git-send-email-abologna@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 4/4] qemu: Call chmod() after mknod() X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" mknod() is affected my the current umask, so we're not guaranteed the newly-created device node will have the right permissions. Call chmod(), which is not affected by the current umask, immediately afterwards to solve the issue. --- src/qemu/qemu_domain.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index f62bf8f..3adec5c 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -7152,6 +7152,16 @@ qemuDomainCreateDeviceRecursive(const char *device, } goto cleanup; } + + /* Set the file permissions again: mknod() is affected by the + * current umask, and as such might not have set them correctly */ + if (create && + chmod(devicePath, sb.st_mode) < 0) { + virReportSystemError(errno, + _("Failed to set permissions for device %= s"), + devicePath); + goto cleanup; + } } =20 if (!create) { --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list