From: Laine Stump <laine@laine.org>
Date: Wed, 24 Aug 2011 08:50:49 +0000 (-0400)
Subject: util: only fchown newly created files in virFileOpenAs
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=b1643dc15c5de886fefe56ad18608d65f1325a2c;p=libvirt.git

util: only fchown newly created files in virFileOpenAs

virFileOpenAs takes desired uid:gid as arguments, and not only uses
them for a fork/setuid/setgid when retrying failed open operations,
but additionally always forces the opened file to be owned by the
given uid:gid.

One example of the problems this causes is that, when restoring a
domain from a file that is owned by the qemu user, opening the file
chowns it to root. if dynamic_ownership=1 this is coincidentally
expected, but if dynamic_ownership=0, no existing file should ever
have its ownership changed.

This patch adds an extra check before calling fchown() - it only does
it if O_CREAT was passed to virFileOpenAs() in the openflags.
---

diff --git a/src/util/util.c b/src/util/util.c
index b278165a32..9556bdb8e3 100644
--- a/src/util/util.c
+++ b/src/util/util.c
@@ -697,6 +697,7 @@ virFileOpenAsNoFork(const char *path, int openflags, mode_t mode,
             goto error;
         }
         if (((st.st_uid != uid) || (st.st_gid != gid))
+            && (openflags & O_CREAT)
             && (fchown(fd, uid, gid) < 0)) {
             ret = -errno;
             virReportSystemError(errno, _("cannot chown '%s' to (%u, %u)"),