1 Upstream patch fixed in Grizzly 2013.1.5, Havana 2013.2.2, Icehouse

     2 

     3 commit 9bd7fff8c0160057643cfc37c5e2b1cd3337d6aa

     4 Author: Xavier Queralt <[email protected]>

     5 Date:   Wed Nov 27 20:44:36 2013 +0100

     6 

     7     Enforce permissions in snapshots temporary dir

     8     

     9     Live snapshots creates a temporary directory where libvirt driver

    10     creates a new image from the instance's disk using blockRebase.

    11     Currently this directory is created with 777 permissions making this

    12     directory accessible by all the users in the system.

    13     

    14     This patch changes the tempdir permissions so they have the o+x

    15     flag set, which is what libvirt needs to be able to write in it and

    16     

    17     Closes-Bug: #1227027

    18     Change-Id: I767ff5247b4452821727e92b668276004fc0f84d

    19     (cherry picked from commit 8a34fc3d48c467aa196f65eed444ccdc7c02f19f)

    20 

    21 diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py

    22 index 6b977cb..4cc85f1 100755

    23 --- a/nova/virt/libvirt/driver.py

    24 +++ b/nova/virt/libvirt/driver.py

    25 @@ -1191,9 +1191,8 @@ class LibvirtDriver(driver.ComputeDriver):

    26              try:

    27                  out_path = os.path.join(tmpdir, snapshot_name)

    28                  if live_snapshot:

    29 -                    # NOTE (rmk): libvirt needs to be able to write to the

    30 -                    #             temp directory, which is owned nova.

    31 -                    utils.execute('chmod', '777', tmpdir, run_as_root=True)

    32 +                    # NOTE(xqueralt): libvirt needs o+x in the temp directory

    33 +                    os.chmod(tmpdir, 0o701)

    34                      self._live_snapshot(virt_dom, disk_path, out_path,

    35                                          image_format)

    36                  else: