On Mon, Sep 12, 2022 at 03:46:38PM +0200, Michal Privoznik wrote:
>When creating a path in a domain's mount namespace we try to set
>ACLs on it, so that it's a verbatim copy of the path in parent's
>namespace. The ACLs are queried upfront (by
>qemuNamespaceMknodItemInit()) but this is fault tolerant so the
>pointer to ACLs might be NULL (meaning no ACLs were queried, for
>instance because the underlying filesystem does not support
>them). But then we take this NULL and pass it to virFileSetACLs()
>which immediately returns an error because NULL is invalid value.
>
>Mimic what we do with SELinux label - just set it if we queried
>it successfully before.
>
It would be less confusing if you just said something along the lines
of:
Only set ACLs if they are non-NULL which includes symlinks.
>Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
>---
> src/qemu/qemu_namespace.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
>diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
>index 98cd794666..71e3366ca5 100644
>--- a/src/qemu/qemu_namespace.c
>+++ b/src/qemu/qemu_namespace.c
>@@ -1040,8 +1040,7 @@ qemuNamespaceMknodOne(qemuNamespaceMknodItem *data)
> goto cleanup;
> }
>
>- /* Symlinks don't have ACLs. */
>- if (!isLink &&
>+ if (data->acl &&
> virFileSetACLs(data->file, data->acl) < 0 &&
> errno != ENOTSUP) {
> virReportSystemError(errno,
>--
>2.35.1
>