blob: 7c9d98aa579b6cc07aa415a9aae183fd629a0793 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
From 9bd7fff8c0160057643cfc37c5e2b1cd3337d6aa Mon Sep 17 00:00:00 2001
From: Xavier Queralt <xqueralt@redhat.com>
Date: Wed, 27 Nov 2013 19:44:36 +0000
Subject: Enforce permissions in snapshots temporary dir
Live snapshots creates a temporary directory where libvirt driver
creates a new image from the instance's disk using blockRebase.
Currently this directory is created with 777 permissions making this
directory accessible by all the users in the system.
This patch changes the tempdir permissions so they have the o+x
flag set, which is what libvirt needs to be able to write in it and
Closes-Bug: #1227027
Change-Id: I767ff5247b4452821727e92b668276004fc0f84d
(cherry picked from commit 8a34fc3d48c467aa196f65eed444ccdc7c02f19f)
---
diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
index 6b977cb..4cc85f1 100755
--- a/nova/virt/libvirt/driver.py
+++ b/nova/virt/libvirt/driver.py
@@ -1191,9 +1191,8 @@ class LibvirtDriver(driver.ComputeDriver):
try:
out_path = os.path.join(tmpdir, snapshot_name)
if live_snapshot:
- # NOTE (rmk): libvirt needs to be able to write to the
- # temp directory, which is owned nova.
- utils.execute('chmod', '777', tmpdir, run_as_root=True)
+ # NOTE(xqueralt): libvirt needs o+x in the temp directory
+ os.chmod(tmpdir, 0o701)
self._live_snapshot(virt_dom, disk_path, out_path,
image_format)
else:
--
cgit v0.9.2
|
GitWeb
