From: Cole Robinson <crobinso@redhat.com>
Date: Wed, 9 Mar 2016 17:20:37 +0000 (-0500)
Subject: util: virfile: Only setuid for virFileRemove if on NFS
X-Git-Tag: v1.3.3-rc1~248
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=adefc561cc4c6a007529769c3df286f2ed461684;p=thirdparty%2Flibvirt.git

util: virfile: Only setuid for virFileRemove if on NFS

NFS with root-squash is the only reason we need to do setuid/setgid
crazyness in virFileRemove, so limit that behavior to the NFS case.
---

diff --git a/src/util/virfile.c b/src/util/virfile.c
index a9139038c8..0bba850203 100644
--- a/src/util/virfile.c
+++ b/src/util/virfile.c
@@ -2315,6 +2315,7 @@ virFileOpenAs(const char *path, int openflags, mode_t mode,
 
 
 /* virFileRemoveNeedsSetuid:
+ * @path: file we plan to remove
  * @uid: file uid to check
  * @gid: file gid to check
  *
@@ -2322,7 +2323,7 @@ virFileOpenAs(const char *path, int openflags, mode_t mode,
  * owned by the passed uid/gid pair. Needed for NFS with root-squash
  */
 static bool
-virFileRemoveNeedsSetuid(uid_t uid, gid_t gid)
+virFileRemoveNeedsSetuid(const char *path, uid_t uid, gid_t gid)
 {
     /* If running unprivileged, setuid isn't going to work */
     if (geteuid() != 0)
@@ -2336,6 +2337,12 @@ virFileRemoveNeedsSetuid(uid_t uid, gid_t gid)
     if (uid == geteuid() && gid == getegid())
         return false;
 
+    /* Only perform the setuid stuff for NFS, which is the only case
+       that may actually need it. This can error, but just be safe and
+       only check for a clear negative result. */
+    if (virFileIsSharedFSType(path, VIR_FILE_SHFS_NFS) == 0)
+        return false;
+
     return true;
 }
 
@@ -2361,7 +2368,7 @@ virFileRemove(const char *path,
     gid_t *groups;
     int ngroups;
 
-    if (!virFileRemoveNeedsSetuid(uid, gid)) {
+    if (!virFileRemoveNeedsSetuid(path, uid, gid)) {
         if (virFileIsDir(path))
             return rmdir(path);
         else