util: virfile: Only setuid for virFileRemove if on NFS

NFS with root-squash is the only reason we need to do setuid/setgid
crazyness in virFileRemove, so limit that behavior to the NFS case.

diff --git a/src/util/virfile.c b/src/util/virfile.c
index a9139038c86ab091ecd103460b3b6b5658ca8d74..0bba85020344b70b7975e5d6d1b275d2e9513f2e 100644 (file)
--- a/src/util/virfile.c
+++ b/src/util/virfile.c
@@ -2315,6 +2315,7 @@ virFileOpenAs(const char *path, int openflags, mode_t mode,
 
 
 /* virFileRemoveNeedsSetuid:
+ * @path: file we plan to remove
  * @uid: file uid to check
  * @gid: file gid to check
  *
@@ -2322,7 +2323,7 @@ virFileOpenAs(const char *path, int openflags, mode_t mode,
  * owned by the passed uid/gid pair. Needed for NFS with root-squash
  */
 static bool
-virFileRemoveNeedsSetuid(uid_t uid, gid_t gid)
+virFileRemoveNeedsSetuid(const char *path, uid_t uid, gid_t gid)
 {
     /* If running unprivileged, setuid isn't going to work */
     if (geteuid() != 0)
@@ -2336,6 +2337,12 @@ virFileRemoveNeedsSetuid(uid_t uid, gid_t gid)
     if (uid == geteuid() && gid == getegid())
         return false;
 
+    /* Only perform the setuid stuff for NFS, which is the only case
+       that may actually need it. This can error, but just be safe and
+       only check for a clear negative result. */
+    if (virFileIsSharedFSType(path, VIR_FILE_SHFS_NFS) == 0)
+        return false;
+
     return true;
 }
 
@@ -2361,7 +2368,7 @@ virFileRemove(const char *path,
     gid_t *groups;
     int ngroups;
 
-    if (!virFileRemoveNeedsSetuid(uid, gid)) {
+    if (!virFileRemoveNeedsSetuid(path, uid, gid)) {
         if (virFileIsDir(path))
             return rmdir(path);
         else