Enforce permissions in snapshots temporary dir
Live snapshots creates a temporary directory where libvirt driver
creates a new image from the instance's disk using blockRebase.
Currently this directory is created with 777 permissions making this
directory accessible by all the users in the system.
This patch changes the tempdir permissions so they have the o+x
flag set, which is what libvirt needs to be able to write in it and
Closes-Bug: #1227027
Change-Id: I767ff5247b4452821727e92b668276004fc0f84d
(cherry picked from commit 8a34fc3d48
)
This commit is contained in:
parent
afc9e4e233
commit
75be5abd6b
|
@ -1390,9 +1390,8 @@ class LibvirtDriver(driver.ComputeDriver):
|
|||
try:
|
||||
out_path = os.path.join(tmpdir, snapshot_name)
|
||||
if live_snapshot:
|
||||
# NOTE (rmk): libvirt needs to be able to write to the
|
||||
# temp directory, which is owned nova.
|
||||
utils.execute('chmod', '777', tmpdir, run_as_root=True)
|
||||
# NOTE(xqueralt): libvirt needs o+x in the temp directory
|
||||
os.chmod(tmpdir, 0o701)
|
||||
self._live_snapshot(virt_dom, disk_path, out_path,
|
||||
image_format)
|
||||
else:
|
||||
|
|
Loading…
Reference in New Issue