GlusterFS: Set permissions for qcow2 snapshot files

Bug #1286376 reported by Eric Harney on 2014-02-28
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Eric Harney

Bug Description

For libgfapi attaches of volumes with snapshots to work correctly, qcow2 snapshot files need to be set with the same permissions as base volume files are. This is a medium-term fix until I either introduce config options to set user/group ownership of all GlusterFS driver files to what qemu/libvirt expects, or libvirt is fixed to handle libgfapi permissions the same way it handles FUSE-based GlusterFS permissions.

It does not worsen anything in the meantime though, as the volume files themselves are currently handled this way.

(Related: Bug 1260679)

Changed in cinder:
status: New → In Progress
Eric Harney (eharney) wrote :
Changed in cinder:
milestone: none → icehouse-3

Submitter: Jenkins
Branch: master

commit 186f23998fcead5992ef95e33b01ed40f4ecaa5f
Author: Eric Harney <email address hidden>
Date: Thu Feb 20 11:48:41 2014 -0500

    GlusterFS: Set permissions on qcow2 snapshot files

    The GlusterFS driver sets specific permissions on the
    volume file when volumes are created. Setting them on the
    snapshot files at snapshot creation time is also required,
    otherwise volume attaches will fail for volumes with snapshots
    when using QEMU's libgfapi functionality.

    This does not weaken the current security model in any
    significant way, as it only lines up the permissions used
    for snapshot files with those already used for volume files.

    This will eventually be addressed by functionality in libvirt:

    Closes-Bug: #1286376

    Change-Id: I93944724c557c907eb3821a061e7434f09ff20bc

Changed in cinder:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2014-03-05
Changed in cinder:
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2014-04-17
Changed in cinder:
milestone: icehouse-3 → 2014.1
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.