Bug 817373

Summary: Remove of a local domain on /tmp fails
Product: Red Hat Enterprise Virtualization Manager Reporter: Daniel Paikov <dpaikov>
Component: vdsmAssignee: Ayal Baron <abaron>
Status: CLOSED WONTFIX QA Contact: Haim <hateya>
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: abaron, amureini, bazulay, hateya, iheim, jkt, lpeer, scohen, yeylon
Target Milestone: ---Flags: scohen: Triaged+
Target Release: 3.3.0   
Hardware: Unspecified   
OS: Linux   
Whiteboard: storage
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-01 19:57:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Storage RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
vdsm.log none

Description Daniel Paikov 2012-04-29 14:10:53 UTC 
Created attachment 581073 [details]
vdsm.log

It is currently possible to create local domains in /tmp (and other world-writeable dirs?). It is then impossible to remove the domains. Creation of domains in /tmp should be blocked.
Comment 2 Ayal Baron 2012-04-29 14:35:38 UTC 
I'm not sure we should prevent this (we have a history of preventing things
users later on request the ability to do).
In any event, it is clear that /tmp is just an example, so it's either we need
to blacklist a series of directories (this is bound to fail as there will
always be additional directories to blacklist on one hand and some users
wanting to use blacklisted dirs on the other) or just require the directory
permissions to be explicitly set to vdsm prior to being used (with NFS domains
this was already rejected by users who had problems adding user 36 to nfs
server so set the dirs to world writeable, I wonder if we'd hit something
similar here).
In any event, sounds to me like the 'proper' thing would be to add such a list
in *engine* and simply warn the user but not prevent it.

Andy?
Comment 3 RHEL Program Management 2012-05-04 04:06:29 UTC 
Since RHEL 6.3 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.
Comment 4 Dan Kenigsberg 2012-05-21 19:30:53 UTC 
Daniel, why is it impossible to remove the storage domain from /tmp?
Comment 5 Daniel Paikov 2012-05-23 09:12:01 UTC 
(In reply to comment #4)
> Daniel, why is it impossible to remove the storage domain from /tmp?

It fails on the VDSM side, please refer to the logs I attached:

Thread-5714::INFO::2012-04-29 16:42:40,397::logUtils::37::dispatcher::(wrapper) Run and protect: connectStorageServer(domType=4, spUU
ID='00000000-0000-0000-0000-000000000000', conList=[{'connection': '/tmp', 'iqn': '', 'portal': '', 'user': '', 'password': '******',
 'id': '403ec0a5-795e-4c5e-acc2-6093914ac467', 'port': ''}], options=None)
Thread-5714::ERROR::2012-04-29 16:42:40,397::hsm::1899::Storage.HSM::(connectStorageServer) Could not connect to storageServer
Traceback (most recent call last):
  File "/usr/share/vdsm/storage/hsm.py", line 1896, in connectStorageServer
    conObj.connect()
  File "/usr/share/vdsm/storage/storageServer.py", line 416, in connect
    os.chmod(lnPath, 0775)
OSError: [Errno 1] Operation not permitted: '/rhev/data-center/mnt/_tmp'
Comment 7 RHEL Program Management 2012-12-14 07:44:29 UTC 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 10 Itamar Heim 2013-12-01 19:57:07 UTC 
Closing old bugs. If this issue is still relevant/important in current version, please re-open the bug.