From nobody Sun Feb 8 14:59:27 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623926713; cv=none; d=zohomail.com; s=zohoarc; b=QWRN0yrPk8LXBviJ6/K2Mcw/r0Yvv45AEEXEUm27FdRDPr6vvWAZSXUJwmC55RsRnp/rbxReXXdJ5Fa9U2or2HyrvaIxo4Hxg7noueV6Po/fjs04ze/sk78DAJ0jpBVZlfPV6YaAneeMRqNI3sTB6fHe5m1NyW/12dZmIMmBSL8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623926713; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=ldcI8+cGXYx/TpGQscxJXGys7f2EpGs9kXXoG5EQJoc=; b=g+qKknEyEtyxeFGD/+9USmxuPcB/Txe+vevNRy9GSSoX7q06izg1w7wNG7PoZ4wQTGUnDJOG+Bg0TsvlHoQFJFI1rOG8Kkgdrxs2Ug8M+u8Jh5p++5Al/iqV38UL5AzTZscfVpD54HEWXwLbcEH9oLBp03wyF7kiMoaWpZExphA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1623926713225723.0052973347173; Thu, 17 Jun 2021 03:45:13 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-441-6nx4TUaQOxe8QtNat0fRQQ-1; Thu, 17 Jun 2021 06:45:10 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id ED902818707; Thu, 17 Jun 2021 10:45:04 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C134619D61; Thu, 17 Jun 2021 10:45:04 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 8048546F64; Thu, 17 Jun 2021 10:45:04 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 15HAgKci018946 for ; Thu, 17 Jun 2021 06:42:20 -0400 Received: by smtp.corp.redhat.com (Postfix) id 87E2E19D7D; Thu, 17 Jun 2021 10:42:20 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.194.183]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0B73A19D61 for ; Thu, 17 Jun 2021 10:42:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623926712; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=ldcI8+cGXYx/TpGQscxJXGys7f2EpGs9kXXoG5EQJoc=; b=NB4+JWWwLocg2rgnIDT7Gljcs3+i38RzYlpeVmYncDAbTllE1dfgKNVWJmkiLvyORv+QpC qmcGRlSqc3G7HsbkpAybBQuLYpw6HA1Fr62hisIQf7VZ6Uw5QQutpdSuGxxFjsCm4wqY7P 8JMFbfOpmwqziyB/l03wZYEGfJd+P2k= X-MC-Unique: 6nx4TUaQOxe8QtNat0fRQQ-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 8/8] qemu: Deduplicate code in qemuSecurityChownCallback() Date: Thu, 17 Jun 2021 12:42:08 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" The DAC security driver has an option to register a callback that is called instead of chown(). So far QEMU is the only user of this feature and it's used to set labels on non-local disks (like gluster), where exists notion of owners but regular chown() can't be used. However, this callback (if set) is called always, even for local disks. And thus the QEMU's implementation duplicated parts of the DAC driver to deal with chown(). If the DAC driver would call the callback only for non-local disks then the QEMU's callback can be shorter. Signed-off-by: Michal Privoznik --- src/qemu/qemu_driver.c | 22 ++-------------------- src/security/security_dac.c | 6 ++++-- src/security/security_manager.h | 13 ++++++++++--- 3 files changed, 16 insertions(+), 25 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 1ee0e7ebc0..235f575901 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -228,31 +228,13 @@ qemuSecurityChownCallback(const virStorageSource *src, uid_t uid, gid_t gid) { - struct stat sb; int save_errno =3D 0; int ret =3D -1; int rv; g_autoptr(virStorageSource) cpy =3D NULL; =20 - if (virStorageSourceIsLocalStorage(src)) { - /* use direct chown for local files so that the file doesn't - * need to be initialized */ - if (!src->path) - return 0; - - if (stat(src->path, &sb) >=3D 0) { - if (sb.st_uid =3D=3D uid && - sb.st_gid =3D=3D gid) { - /* It's alright, there's nothing to change anyway. */ - return 0; - } - } - - if (chown(src->path, uid, gid) < 0) - return -1; - - return 0; - } + if (virStorageSourceIsLocalStorage(src)) + return -3; =20 if ((rv =3D virStorageSourceSupportsSecurityDriver(src)) <=3D 0) return rv; diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 7ba367755a..4909107fcc 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -672,7 +672,7 @@ virSecurityDACSetOwnershipInternal(const virSecurityDAC= Data *priv, uid_t uid, gid_t gid) { - int rc; + int rc =3D 0; =20 /* Be aware that this function might run in a separate process. * Therefore, any driver state changes would be thrown away. */ @@ -683,7 +683,9 @@ virSecurityDACSetOwnershipInternal(const virSecurityDAC= Data *priv, /* on -2 returned an error was already reported */ if (rc =3D=3D -2) return -1; - } else { + } + + if (rc =3D=3D 0 || rc =3D=3D -3) { struct stat sb; =20 if (!path) diff --git a/src/security/security_manager.h b/src/security/security_manage= r.h index b5c81e9d98..57047ccb13 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -53,9 +53,16 @@ int virSecurityManagerStackAddNested(virSecurityManager = *stack, * @uid: target uid * @gid: target gid * - * A function callback to chown image files described by the disk source s= truct - * @src. The callback shall return 0 on success, -1 on error and errno set= (no - * libvirt error reported) OR -2 and a libvirt error reported. */ + * A function callback to chown image files described by the disk + * source struct @src. The callback can decide to skip given @src + * and thus let DAC driver chown the file instead (signalled by + * returning -3). + * + * Returns: 0 on success, + * -1 on error and errno set (no libvirt error reported), + * -2 and a libvirt error reported. + * -3 if callback did not handle chown + */ typedef int (*virSecurityManagerDACChownCallback)(const virStorageSource *src, uid_t uid, --=20 2.31.1