This reverts commit fc3990c7e64be1da1631952d3ec384ebef50e125.
Now that all the reported bugs are fixed let's turn the feature
back on.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
---
docs/news.xml | 13 +++++++++++++
src/qemu/libvirtd_qemu.aug | 1 +
src/qemu/qemu.conf | 5 +++++
src/qemu/qemu_conf.c | 4 ++++
src/qemu/test_libvirtd_qemu.aug.in | 1 +
5 files changed, 24 insertions(+)
diff --git a/docs/news.xml b/docs/news.xml
index e0cab23c49..95b78942ce 100644
--- a/docs/news.xml
+++ b/docs/news.xml
@@ -25,6 +25,19 @@
<section title="New features">
</section>
<section title="Improvements">
+ <change>
+ <summary>
+ Remember original owners and SELinux labels of files
+ </summary>
+ <description>
+ When a domain is starting up libvirt changes DAC and
+ SELinux labels so that domain can access it. However,
+ it never remembered the original labels and therefore
+ the file was returned back to <code>root:root</code>.
+ With this release, the original labels are remembered
+ and restored properly.
+ </description>
+ </change>
</section>
<section title="Bug fixes">
</section>
diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index b311f02da6..868f7b313c 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -72,6 +72,7 @@ module Libvirtd_qemu =
| str_entry "user"
| str_entry "group"
| bool_entry "dynamic_ownership"
+ | bool_entry "remember_owner"
| str_array_entry "cgroup_controllers"
| str_array_entry "cgroup_device_acl"
| int_entry "seccomp_sandbox"
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 334b4cd4ee..12357461c4 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -456,6 +456,11 @@
# Set to 0 to disable file ownership changes.
#dynamic_ownership = 1
+# Whether libvirt should remember and restore the original
+# ownership over files it is relabeling. Defaults to 1, set
+# to 0 to disable the feature.
+#remember_owner = 1
+
# What cgroup controllers to make use of with QEMU guests
#
# - 'cpu' - use for scheduler tunables
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index daea11dacb..b418d33c61 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -145,6 +145,7 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)
cfg->group = (gid_t)-1;
}
cfg->dynamicOwnership = privileged;
+ cfg->rememberOwner = privileged;
cfg->cgroupControllers = -1; /* -1 == auto-detect */
@@ -908,6 +909,9 @@ virQEMUDriverConfigLoadSecurityEntry(virQEMUDriverConfigPtr cfg,
if (virConfGetValueBool(conf, "dynamic_ownership", &cfg->dynamicOwnership) < 0)
return -1;
+ if (virConfGetValueBool(conf, "remember_owner", &cfg->rememberOwner) < 0)
+ return -1;
+
if (virConfGetValueStringList(conf, "cgroup_controllers", false,
&controllers) < 0)
return -1;
diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in
index fea1d308b7..f95496ce4d 100644
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -44,6 +44,7 @@ module Test_libvirtd_qemu =
{ "user" = "root" }
{ "group" = "root" }
{ "dynamic_ownership" = "1" }
+{ "remember_owner" = "1" }
{ "cgroup_controllers"
{ "1" = "cpu" }
{ "2" = "devices" }
--
2.21.0
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list