Skip to content

Commit

Permalink
GlusterFS: Set permissions on qcow2 snapshot files
Browse files Browse the repository at this point in the history 
The GlusterFS driver sets specific permissions on the
volume file when volumes are created.  Setting them on the
snapshot files at snapshot creation time is also required,
otherwise volume attaches will fail for volumes with snapshots
when using QEMU's libgfapi functionality.

This does not weaken the current security model in any
significant way, as it only lines up the permissions used
for snapshot files with those already used for volume files.

This will eventually be addressed by functionality in libvirt:
https://bugzilla.redhat.com/show_bug.cgi?id=1052014

Closes-Bug: #1286376

Change-Id: I93944724c557c907eb3821a061e7434f09ff20bc
  • Loading branch information
@eharney
eharney committed Feb 28, 2014
1 parent 97c7c7f commit 186f239
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions cinder/volume/drivers/glusterfs.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -501,6 +501,8 @@ def _create_qcow2_snap_file(self, snapshot, backing_filename,
new_snap_path]
self._execute(*command, run_as_root=True)

self._set_rw_permissions_for_all(new_snap_path)

def _create_snapshot_offline(self, snapshot, path_to_disk):
"""Create snapshot (offline case)."""

Expand Down

0 comments on commit 186f239

Please sign in to comment.