1 Upstream patch fixed in Grizzly 2013.1.5, Havana 2013.2.2, Icehouse |
|
2 |
|
3 commit 9bd7fff8c0160057643cfc37c5e2b1cd3337d6aa |
|
4 Author: Xavier Queralt <[email protected]> |
|
5 Date: Wed Nov 27 20:44:36 2013 +0100 |
|
6 |
|
7 Enforce permissions in snapshots temporary dir |
|
8 |
|
9 Live snapshots creates a temporary directory where libvirt driver |
|
10 creates a new image from the instance's disk using blockRebase. |
|
11 Currently this directory is created with 777 permissions making this |
|
12 directory accessible by all the users in the system. |
|
13 |
|
14 This patch changes the tempdir permissions so they have the o+x |
|
15 flag set, which is what libvirt needs to be able to write in it and |
|
16 |
|
17 Closes-Bug: #1227027 |
|
18 Change-Id: I767ff5247b4452821727e92b668276004fc0f84d |
|
19 (cherry picked from commit 8a34fc3d48c467aa196f65eed444ccdc7c02f19f) |
|
20 |
|
21 diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py |
|
22 index 6b977cb..4cc85f1 100755 |
|
23 --- a/nova/virt/libvirt/driver.py |
|
24 +++ b/nova/virt/libvirt/driver.py |
|
25 @@ -1191,9 +1191,8 @@ class LibvirtDriver(driver.ComputeDriver): |
|
26 try: |
|
27 out_path = os.path.join(tmpdir, snapshot_name) |
|
28 if live_snapshot: |
|
29 - # NOTE (rmk): libvirt needs to be able to write to the |
|
30 - # temp directory, which is owned nova. |
|
31 - utils.execute('chmod', '777', tmpdir, run_as_root=True) |
|
32 + # NOTE(xqueralt): libvirt needs o+x in the temp directory |
|
33 + os.chmod(tmpdir, 0o701) |
|
34 self._live_snapshot(virt_dom, disk_path, out_path, |
|
35 image_format) |
|
36 else: |
|