Bug 817373 - Remove of a local domain on /tmp fails
Remove of a local domain on /tmp fails
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: vdsm (Show other bugs)
unspecified
Unspecified Linux
high Severity high
: ---
: 3.3.0
Assigned To: Ayal Baron
Haim
storage
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-29 10:10 EDT by Daniel Paikov
Modified: 2016-02-10 11:33 EST (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-01 14:57:07 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Storage
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
scohen: Triaged+


Attachments (Terms of Use)
vdsm.log (356.13 KB, application/x-gzip)
2012-04-29 10:10 EDT, Daniel Paikov
no flags Details

  None (edit)
Description Daniel Paikov 2012-04-29 10:10:53 EDT
Created attachment 581073 [details]
vdsm.log

It is currently possible to create local domains in /tmp (and other world-writeable dirs?). It is then impossible to remove the domains. Creation of domains in /tmp should be blocked.
Comment 2 Ayal Baron 2012-04-29 10:35:38 EDT
I'm not sure we should prevent this (we have a history of preventing things
users later on request the ability to do).
In any event, it is clear that /tmp is just an example, so it's either we need
to blacklist a series of directories (this is bound to fail as there will
always be additional directories to blacklist on one hand and some users
wanting to use blacklisted dirs on the other) or just require the directory
permissions to be explicitly set to vdsm prior to being used (with NFS domains
this was already rejected by users who had problems adding user 36 to nfs
server so set the dirs to world writeable, I wonder if we'd hit something
similar here).
In any event, sounds to me like the 'proper' thing would be to add such a list
in *engine* and simply warn the user but not prevent it.

Andy?
Comment 3 RHEL Product and Program Management 2012-05-04 00:06:29 EDT
Since RHEL 6.3 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.
Comment 4 Dan Kenigsberg 2012-05-21 15:30:53 EDT
Daniel, why is it impossible to remove the storage domain from /tmp?
Comment 5 Daniel Paikov 2012-05-23 05:12:01 EDT
(In reply to comment #4)
> Daniel, why is it impossible to remove the storage domain from /tmp?

It fails on the VDSM side, please refer to the logs I attached:

Thread-5714::INFO::2012-04-29 16:42:40,397::logUtils::37::dispatcher::(wrapper) Run and protect: connectStorageServer(domType=4, spUU
ID='00000000-0000-0000-0000-000000000000', conList=[{'connection': '/tmp', 'iqn': '', 'portal': '', 'user': '', 'password': '******',
 'id': '403ec0a5-795e-4c5e-acc2-6093914ac467', 'port': ''}], options=None)
Thread-5714::ERROR::2012-04-29 16:42:40,397::hsm::1899::Storage.HSM::(connectStorageServer) Could not connect to storageServer
Traceback (most recent call last):
  File "/usr/share/vdsm/storage/hsm.py", line 1896, in connectStorageServer
    conObj.connect()
  File "/usr/share/vdsm/storage/storageServer.py", line 416, in connect
    os.chmod(lnPath, 0775)
OSError: [Errno 1] Operation not permitted: '/rhev/data-center/mnt/_tmp'
Comment 7 RHEL Product and Program Management 2012-12-14 02:44:29 EST
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 10 Itamar Heim 2013-12-01 14:57:07 EST
Closing old bugs. If this issue is still relevant/important in current version, please re-open the bug.

Note You need to log in before you can comment on or make changes to this bug.