浏览代码

Enforce permissions in snapshots temporary dir

Live snapshots creates a temporary directory where libvirt driver
creates a new image from the instance's disk using blockRebase.
Currently this directory is created with 777 permissions making this
directory accessible by all the users in the system.

This patch changes the tempdir permissions so they have the o+x
flag set, which is what libvirt needs to be able to write in it and

Closes-Bug: #1227027
Change-Id: I767ff5247b4452821727e92b668276004fc0f84d
tags/2014.1.b2
Xavier Queralt 6 年前
父节点
当前提交
8a34fc3d48
共有 1 个文件被更改,包括 2 次插入3 次删除
  1. +2
    -3
      nova/virt/libvirt/driver.py

+ 2
- 3
nova/virt/libvirt/driver.py 查看文件

@@ -1488,9 +1488,8 @@ class LibvirtDriver(driver.ComputeDriver):
try:
out_path = os.path.join(tmpdir, snapshot_name)
if live_snapshot:
# NOTE (rmk): libvirt needs to be able to write to the
# temp directory, which is owned nova.
utils.execute('chmod', '777', tmpdir, run_as_root=True)
# NOTE(xqueralt): libvirt needs o+x in the temp directory
os.chmod(tmpdir, 0o701)
self._live_snapshot(virt_dom, disk_path, out_path,
image_format)
else:


正在加载...
取消
保存