qemu: domain: Simplify using DAC permissions of top of backing chain

qemuDomainGetImageIds and qemuDomainStorageFileInit are helpful when
trying to access a virStorageSource from the qemu driver since they
figure out the correct uid and gid for the image.

When accessing members of a backing chain the permissions for the top
level would be used. To allow using specific permissions per backing
chain level but still allow inheritance from the parent of the chain we
need to add a new parameter to the image ID APIs.

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 13e77eedcd34d490a7cd5004201d3d555a7c7aa1..d89b032ac07cdd99eb53c684f1cd184ab429097e 100644 (file)
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -5931,6 +5931,7 @@ static void
 qemuDomainGetImageIds(virQEMUDriverConfigPtr cfg,
                       virDomainObjPtr vm,
                       virStorageSourcePtr src,
+                      virStorageSourcePtr parentSrc,
                       uid_t *uid, gid_t *gid)
 {
     virSecurityLabelDefPtr vmlabel;
@@ -5953,6 +5954,11 @@ qemuDomainGetImageIds(virQEMUDriverConfigPtr cfg,
         vmlabel->label)
         virParseOwnershipIds(vmlabel->label, uid, gid);
 
+    if (parentSrc &&
+        (disklabel = virStorageSourceGetSecurityLabelDef(parentSrc, "dac")) &&
+        disklabel->label)
+        virParseOwnershipIds(disklabel->label, uid, gid);
+
     if ((disklabel = virStorageSourceGetSecurityLabelDef(src, "dac")) &&
         disklabel->label)
         virParseOwnershipIds(disklabel->label, uid, gid);
@@ -5962,14 +5968,15 @@ qemuDomainGetImageIds(virQEMUDriverConfigPtr cfg,
 int
 qemuDomainStorageFileInit(virQEMUDriverPtr driver,
                           virDomainObjPtr vm,
-                          virStorageSourcePtr src)
+                          virStorageSourcePtr src,
+                          virStorageSourcePtr parent)
 {
     virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
     uid_t uid;
     gid_t gid;
     int ret = -1;
 
-    qemuDomainGetImageIds(cfg, vm, src, &uid, &gid);
+    qemuDomainGetImageIds(cfg, vm, src, parent, &uid, &gid);
 
     if (virStorageFileInitAs(src, uid, gid) < 0)
         goto cleanup;
@@ -6019,7 +6026,7 @@ qemuDomainDetermineDiskChain(virQEMUDriverPtr driver,
             goto cleanup;
     }
 
-    qemuDomainGetImageIds(cfg, vm, disk->src, &uid, &gid);
+    qemuDomainGetImageIds(cfg, vm, disk->src, NULL, &uid, &gid);
 
     if (virStorageFileGetMetadata(disk->src,
                                   uid, gid,

diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index ff5328277c879803f87cc903f9c1faefe5671264..5c4c6a0a0a8e2377b2c6aad4ba19b798b01d703d 100644 (file)
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -679,7 +679,8 @@ bool qemuDomainDiskChangeSupported(virDomainDiskDefPtr disk,
 
 int qemuDomainStorageFileInit(virQEMUDriverPtr driver,
                               virDomainObjPtr vm,
-                              virStorageSourcePtr src);
+                              virStorageSourcePtr src,
+                              virStorageSourcePtr parent);
 char *qemuDomainStorageAlias(const char *device, int depth);
 
 void qemuDomainDiskChainElementRevoke(virQEMUDriverPtr driver,

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 1dff53441b418fa36b15ad00af041e30a38a90be..6c5ec5f558e9b8d87c51e2fe4ef5b327b57ce3b4 100644 (file)
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -11520,7 +11520,7 @@ qemuDomainBlockPeek(virDomainPtr dom,
         goto cleanup;
     }
 
-    if (qemuDomainStorageFileInit(driver, vm, disk->src) < 0)
+    if (qemuDomainStorageFileInit(driver, vm, disk->src, NULL) < 0)
         goto cleanup;
 
     if ((nread = virStorageFileRead(disk->src, offset, size, &tmpbuf)) < 0)
@@ -14437,7 +14437,7 @@ qemuDomainSnapshotDiskDataCollect(virQEMUDriverPtr driver,
         if (virStorageSourceInitChainElement(dd->src, dd->disk->src, false) < 0)
             goto error;
 
-        if (qemuDomainStorageFileInit(driver, vm, dd->src) < 0)
+        if (qemuDomainStorageFileInit(driver, vm, dd->src, NULL) < 0)
             goto error;
 
         dd->initialized = true;
@@ -17112,7 +17112,7 @@ qemuDomainBlockCopyCommon(virDomainObjPtr vm,
         goto endjob;
     }
 
-    if (qemuDomainStorageFileInit(driver, vm, mirror) < 0)
+    if (qemuDomainStorageFileInit(driver, vm, mirror, NULL) < 0)
         goto endjob;
 
     if (qemuDomainBlockCopyValidateMirror(mirror, disk->dst, &reuse) < 0)