From nobody Sat May 4 06:45:37 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1582145533; cv=none; d=zohomail.com; s=zohoarc; b=QqDeTRpp6whYc21RsDrO/YnWRIHEPDAhSyv476gC4VIoFc8Iw1PkbUBuJMgSpyjnaMoDZFpzUvfIsls04pC6+84tC/cWNXqgJJA8UESxKeYiBACRCkSi+ljhN+aNJrj32yp1Oz7gmPHHwTpNdpRd+mfeOALWEr9hYqTjAPvniz0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1582145533; h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=1Cl9FbnWgw+1dfANpEDKqo6id5PPlZAZXP2ky5wwg7c=; b=jCuDnA92SLJrMMb3BXDGi4TpolokmahBtekfYZEqM8RokNxBbpVt6ANKVzGU/V8rPV1rcL7HBuIf0vDEf7FMg9E9S3SO5NLj8yfeLg8prmdfO3EAsW+KtlrfYzlCjH0Y5nVCaY9YloJWNNf7pXxsNduBVE3dQnzJiBI9o6b8HNc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by mx.zohomail.com with SMTPS id 1582145533479990.7542407799659; Wed, 19 Feb 2020 12:52:13 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-155-gDUgFZVyNLSS7YJemPpwww-1; Wed, 19 Feb 2020 15:52:10 -0500 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id DF88E107ACC5; Wed, 19 Feb 2020 20:52:03 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EEF6548; Wed, 19 Feb 2020 20:52:00 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 162CB35B0D; Wed, 19 Feb 2020 20:51:56 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 01JKptjt000821 for ; Wed, 19 Feb 2020 15:51:55 -0500 Received: by smtp.corp.redhat.com (Postfix) id 37B79F8A1D; Wed, 19 Feb 2020 20:51:55 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast06.extmail.prod.ext.rdu2.redhat.com [10.11.55.22]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 32553F9AA0 for ; Wed, 19 Feb 2020 20:51:53 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 5D50E185A790 for ; Wed, 19 Feb 2020 20:51:53 +0000 (UTC) Received: from mail-qk1-f196.google.com (mail-qk1-f196.google.com [209.85.222.196]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-328-lo02G8SePz2dURz74TaidA-1; Wed, 19 Feb 2020 15:51:50 -0500 Received: by mail-qk1-f196.google.com with SMTP id v2so1525460qkj.2 for ; Wed, 19 Feb 2020 12:51:50 -0800 (PST) Received: from localhost.localdomain ([2804:431:c7ca:175:48dd:f724:6e31:ecae]) by smtp.gmail.com with ESMTPSA id x131sm467947qka.1.2020.02.19.12.51.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 19 Feb 2020 12:51:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1582145532; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=1Cl9FbnWgw+1dfANpEDKqo6id5PPlZAZXP2ky5wwg7c=; b=SEVYMU9fuiBeaoPpcLQEdW1g+OrG/AItUFr37tvgKawMNU896bJ8NU8To9M2aze42V/15c g1LBFnaFCrv9Ql5MJLj9IEFrjTfI+SeO3er05xvj52zy78grk+6m864Yfs+Qrqm2141xRu 4nda3ZaPehVkEYEPNkqDlAKiEOEopcQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=RbQ9RNtrptvMdE3eLU+vYaMYcs0Oc101FpbmxMpxtdc=; b=oRxnEoZxkuVsAgXE/M83VM4G8G7vLxv7eUsEmgkFpgRmVfFNWA2+FnOGMyEf7goZ/C b1weW2PM5LnR1HYWMQdvWRfPNNorHOHqy8dJmo+cJ1yM7wyBz8D2kkOY1Xuj/47X26gv kXoRvqCjNWMl9CqJAJ+bxc/RGJWcQBYeq6gPj0ibzxgvMita6h7pnCGioTkjxYlMbMqH 6qSeU+RRtrlzcWoWiXdx5LSVb9XDak78hVMvehtieDsah8XkeS6d1Rlh8Rlr8cjZAnrw nUle0ihhZEpQlrfbCaey/1BoCqgyzPwSlYujnFWedc7T5C5XKm74h8UWGo+0qK7/sTz8 kBJg== X-Gm-Message-State: APjAAAWd9Ax9dcT+wWFIEltli08IxGgyteiGfHSeEUBHivfzU/s13WHE 8O+NuApGoJv52r5HEQYf6lntJjmK X-Google-Smtp-Source: APXvYqyUW4kfIf2W2QY6HkL4s4xxBfSGTV3185zh+ZQdPW6tDrtJbY65Dz0TzPrkZfrEPOuWj+Xnqw== X-Received: by 2002:a37:9c17:: with SMTP id f23mr25816524qke.401.1582145509783; Wed, 19 Feb 2020 12:51:49 -0800 (PST) From: Julio Faracco To: libvir-list@redhat.com Subject: [PATCH] storage: Add support to set{uid,gid} and sticky bit Date: Wed, 19 Feb 2020 17:51:44 -0300 Message-Id: <20200219205144.22549-1-jcfaracco@gmail.com> MIME-Version: 1.0 X-MC-Unique: lo02G8SePz2dURz74TaidA-1 X-MC-Unique: gDUgFZVyNLSS7YJemPpwww-1 X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 01JKptjt000821 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" This commit add more features to storages that supports setuid, setgid and sticky bit. This extend some permission levels of volumes when you run an hypervisor using a specific user that can run but cannot delete volumes for instance. Additionally, when you create a directory without `pool-build` command, you cannot import those extra permissions. Example: # mkdir /var/lib/libvirt/images/ # chmod 0755 /var/lib/libvirt/images/ # chmod u+s /var/lib/libvirt/images/ # pool-start default # pool-dumpxml default No setuid from `0755`. Output should expect `4755`. Signed-off-by: Julio Faracco --- src/conf/storage_conf.c | 11 ++++++++--- src/storage/storage_util.c | 12 ++++++++---- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/src/conf/storage_conf.c b/src/conf/storage_conf.c index 252d28cbfb..54e4a60ded 100644 --- a/src/conf/storage_conf.c +++ b/src/conf/storage_conf.c @@ -746,7 +746,7 @@ virStorageDefParsePerms(xmlXPathContextPtr ctxt, if ((mode =3D virXPathString("string(./mode)", ctxt))) { int tmp; =20 - if (virStrToLong_i(mode, NULL, 8, &tmp) < 0 || (tmp & ~0777)) { + if (virStrToLong_i(mode, NULL, 8, &tmp) < 0 || (tmp & ~07777)) { virReportError(VIR_ERR_XML_ERROR, "%s", _("malformed octal mode")); goto error; @@ -1187,9 +1187,14 @@ virStoragePoolDefFormatBuf(virBufferPtr buf, def->target.perms.label) { virBufferAddLit(buf, "\n"); virBufferAdjustIndent(buf, 2); - if (def->target.perms.mode !=3D (mode_t) -1) - virBufferAsprintf(buf, "0%o\n", + if (def->target.perms.mode !=3D (mode_t) -1) { + if (def->target.perms.mode & (S_ISUID | S_ISGID | S_ISVTX)) + virBufferAsprintf(buf, "%4o\n", def->target.perms.mode); + else + virBufferAsprintf(buf, "0%o\n", + def->target.perms.mode); + } if (def->target.perms.uid !=3D (uid_t) -1) virBufferAsprintf(buf, "%d\n", (int) def->target.perms.uid); diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c index c2754dbb93..5352ab9120 100644 --- a/src/storage/storage_util.c +++ b/src/storage/storage_util.c @@ -82,6 +82,10 @@ VIR_LOG_INIT("storage.storage_util"); # define S_IRWXUGO (S_IRWXU | S_IRWXG | S_IRWXO) #endif =20 +#ifndef S_IALLUGO +# define S_IALLUGO (S_ISUID | S_ISGID | S_ISVTX | S_IRWXUGO) +#endif + /* virStorageBackendNamespaceInit: * @poolType: virStoragePoolType * @xmlns: Storage Pool specific namespace callback methods @@ -512,7 +516,7 @@ virStorageBackendCreateExecCommand(virStoragePoolObjPtr= pool, =20 virCommandSetUID(cmd, vol->target.perms->uid); virCommandSetGID(cmd, vol->target.perms->gid); - virCommandSetUmask(cmd, S_IRWXUGO ^ mode); + virCommandSetUmask(cmd, S_IALLUGO ^ mode); =20 if (virCommandRun(cmd, NULL) =3D=3D 0) { /* command was successfully run, check if the file was created= */ @@ -523,7 +527,7 @@ virStorageBackendCreateExecCommand(virStoragePoolObjPtr= pool, * If that doesn't match what we expect, then let's try to * re-open the file and attempt to force the mode change. */ - if (mode !=3D (st.st_mode & S_IRWXUGO)) { + if (mode !=3D (st.st_mode & S_IALLUGO)) { VIR_AUTOCLOSE fd =3D -1; int flags =3D VIR_FILE_OPEN_FORK | VIR_FILE_OPEN_FORCE= _MODE; =20 @@ -569,7 +573,7 @@ virStorageBackendCreateExecCommand(virStoragePoolObjPtr= pool, goto cleanup; } =20 - if (mode !=3D (st.st_mode & S_IRWXUGO) && + if (mode !=3D (st.st_mode & S_IALLUGO) && chmod(vol->target.path, mode) < 0) { virReportSystemError(errno, _("cannot set mode of '%s' to %04o"), @@ -1825,7 +1829,7 @@ virStorageBackendUpdateVolTargetInfoFD(virStorageSour= cePtr target, =20 if (!target->perms && VIR_ALLOC(target->perms) < 0) return -1; - target->perms->mode =3D sb->st_mode & S_IRWXUGO; + target->perms->mode =3D sb->st_mode & S_IALLUGO; target->perms->uid =3D sb->st_uid; target->perms->gid =3D sb->st_gid; =20 --=20 2.20.1