Add configuration option to turn off dynamic permissions management

Add the ability to turn off dynamic management of file permissions
for libvirt guests.

* qemu/libvirtd_qemu.aug: Support 'dynamic_ownership' flag
* qemu/qemu.conf: Document 'dynamic_ownership' flag.
* qemu/qemu_conf.c: Load 'dynamic_ownership' flag
* qemu/test_libvirtd_qemu.aug: Test 'dynamic_ownership' flag

diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index ef754219094b3a44e9c241231378313ac78c3bca..5bd60b3629963687b28d97b45e0e08a1ca6a5233 100644 (file)
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -32,6 +32,7 @@ module Libvirtd_qemu =
                  | str_entry "security_driver"
                  | str_entry "user"
                  | str_entry "group"
+                | bool_entry "dynamic_ownership"
                  | str_array_entry "cgroup_controllers"
                  | str_array_entry "cgroup_device_acl"
                  | str_entry "save_image_format"

diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 1078963c08e9ee51faac3d3777f2030b1460ecae..3da332fc8641dc98ebc1bed807706fef2060b6a8 100644 (file)
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -96,6 +96,11 @@
 # The group ID for QEMU processes run by the system instance
 #group = "root"
 
+# Whether libvirt should dynamically change file ownership
+# to match the configured user/group above. Defaults to 1.
+# Set to 0 to disable file ownership changes.
+#dynamic_ownership = 1
+
 
 # What cgroup controllers to make use of with QEMU guests
 #

diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index ba31cccc6f3cdc07d1829eac34e50be2e0a69dc7..3cdb0dfd9353389b05fd46f0e80c443f5ce3e0db 100644 (file)
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -102,7 +102,9 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
     char *group;
     int i;
 
-    /* Setup 2 critical defaults */
+    /* Setup critical defaults */
+    driver->dynamicOwnership = 1;
+
     if (!(driver->vncListen = strdup("127.0.0.1"))) {
         virReportOOMError(NULL);
         return -1;
@@ -224,6 +226,7 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
     }
     VIR_FREE(user);
 
+
     p = virConfGetValue (conf, "group");
     CHECK_TYPE ("group", VIR_CONF_STRING);
     if (!(group = strdup(p && p->str ? p->str : QEMU_GROUP))) {
@@ -231,8 +234,6 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
         virConfFree(conf);
         return -1;
     }
-
-
     if (virGetGroupID(NULL, group, &driver->group) < 0) {
         VIR_FREE(group);
         virConfFree(conf);
@@ -240,6 +241,12 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
     }
     VIR_FREE(group);
 
+
+    p = virConfGetValue (conf, "dynamic_ownership");
+    CHECK_TYPE ("dynamic_ownership", VIR_CONF_LONG);
+    if (p) driver->dynamicOwnership = p->l;
+
+
     p = virConfGetValue (conf, "cgroup_controllers");
     CHECK_TYPE ("cgroup_controllers", VIR_CONF_LIST);
     if (p) {

diff --git a/src/qemu/test_libvirtd_qemu.aug b/src/qemu/test_libvirtd_qemu.aug
index e9abbb41e07b722c5c029f43c155b488cb22cbf7..2feedc05cf48749ac960d24e5b3aa5d609acce2a 100644 (file)
--- a/src/qemu/test_libvirtd_qemu.aug
+++ b/src/qemu/test_libvirtd_qemu.aug
@@ -86,6 +86,8 @@ user = \"root\"
 
 group = \"root\"
 
+dynamic_ownership = 1
+
 cgroup_controllers = [ \"cpu\", \"devices\" ]
 
 cgroup_device_acl = [ \"/dev/null\", \"/dev/full\", \"/dev/zero\" ]
@@ -184,6 +186,8 @@ relaxed_acs_check = 1
 { "#empty" }
 { "group" = "root" }
 { "#empty" }
+{ "dynamic_ownership" = "1" }
+{ "#empty" }
 { "cgroup_controllers"
     { "1" = "cpu" }
     { "2" = "devices" }