Bug 839463 - Libvirt get value incorrectly on sticky bit.
Libvirt get value incorrectly on sticky bit.
Status: CLOSED NOTABUG
Product: Virtualization Tools
Classification: Community
Component: libvirt (Show other bugs)
unspecified
x86_64 Linux
medium Severity low
: ---
: ---
Assigned To: Ján Tomko
Virtualization Bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-11 22:59 EDT by lei wang
Modified: 2016-04-26 17:50 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-03-18 03:13:12 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description lei wang 2012-07-11 22:59:19 EDT
Description of problem:
Libvirt get value incorrectly on sticky bit.

Version-Release number of selected component (if applicable):
# rpm -qa |grep libvirt
libvirt-daemon-0.9.13-2.el6.x86_64
libvirt-devel-0.9.13-2.el6.x86_64
libvirt-python-0.9.13-2.el6.x86_64
libvirt-debuginfo-0.9.13-2.el6.x86_64
libvirt-0.9.13-2.el6.x86_64
libvirt-client-0.9.13-2.el6.x86_64
libvirt-docs-0.9.13-2.el6.x86_64


How reproducible:
100%

Steps to Reproduce:

# ll -Z /var/lib/libvirt/images/rhel6q.img
-rw-------. qemu qemu system_u:object_r:svirt_image_t:s0:c675,c890 /var/lib/libvirt/images/rhel6q.img
=====> The permission of image is 600.

# virsh vol-dumpxml /var/lib/libvirt/images/rhel6q.img 
<volume>
  <name>rhel6q.img</name>
  <key>/var/lib/libvirt/images/rhel6q.img</key>
  <source>
  </source>
  <capacity unit='bytes'>8589934592</capacity>
  <allocation unit='bytes'>3345813504</allocation>
  <target>
    <path>/var/lib/libvirt/images/rhel6q.img</path>
    <format type='qcow2'/>
    <permissions>
      <mode>0600</mode>
      <owner>107</owner>
      <group>107</group>
      <label>system_u:object_r:svirt_image_t:s0:c675,c890</label>
    </permissions>
  </target>
</volume>
=====> This is a expected result, the mode under permissions is 0600.


# chmod 677 /var/lib/libvirt/images/rhel6q.img
=====> Change the permission of image to 677.

# virsh vol-dumpxml /var/lib/libvirt/images/rhel6q.img 
<volume>
  <name>rhel6q.img</name>
  <key>/var/lib/libvirt/images/rhel6q.img</key>
  <source>
  </source>
  <capacity unit='bytes'>8589934592</capacity>
  <allocation unit='bytes'>3345813504</allocation>
  <target>
    <path>/var/lib/libvirt/images/rhel6q.img</path>
    <format type='qcow2'/>
    <permissions>
      <mode>0677</mode>
      <owner>107</owner>
      <group>107</group>
      <label>system_u:object_r:svirt_image_t:s0:c675,c890</label>
    </permissions>
  </target>
</volume>
=====> This is a expected result, the mode under permissions have changed to 0677.

# ll -Z /var/lib/libvirt/images/rhel6q.img 
-rw-rwxrwx. qemu qemu system_u:object_r:svirt_image_t:s0:c675,c890 /var/lib/libvirt/images/rhel6q.img
=====> The permission is 677 now.

# chmod 1777 /var/lib/libvirt/images/rhel6q.img 
=====> Change the permission of image to 1777.

# ll -Z /var/lib/libvirt/images/rhel6q.img 
-rwxrwxrwt. qemu qemu system_u:object_r:svirt_image_t:s0:c675,c890 /var/lib/libvirt/images/rhel6q.img
=====> The permission of image have changed to 1777.

# virsh vol-dumpxml /var/lib/libvirt/images/rhel6q.img 
<volume>
  <name>rhel6q.img</name>
  <key>/var/lib/libvirt/images/rhel6q.img</key>
  <source>
  </source>
  <capacity unit='bytes'>8589934592</capacity>
  <allocation unit='bytes'>3345813504</allocation>
  <target>
    <path>/var/lib/libvirt/images/rhel6q.img</path>
    <format type='qcow2'/>
    <permissions>
      <mode>0777</mode>
      <owner>107</owner>
      <group>107</group>
      <label>system_u:object_r:svirt_image_t:s0:c675,c890</label>
    </permissions>
  </target>
</volume>
=====> The permission of image have changed to 0777, not be changed to 1777.

Actual results:
The value of sticky bit incorrectly.

Expected results:
Libvirt could get value of permission correctly.

Additional info:
Comment 2 Osier Yang 2012-07-11 23:52:18 EDT
On morden linux, the sticky bit on a file doesn't do anything. Also meaningless for FreeBSD. 

<quote>
Currently, this behavior is only operative in HP-UX, NetBSD, and UnixWare. Solaris appears to have abandoned this in 2005.[citation needed] The 4.4-Lite release of BSD retained the old sticky bit behavior but it has been subsequently dropped from OpenBSD (as of release 3.7) and FreeBSD (as of release 2.2.1); it remains in NetBSD. No version of Linux has ever supported the traditional behavior.
</quote>

IMO it's not deserved to give a fix, we have the flaw to detect the sticky bit
on a file, but the question is why one want to use the useless bit?
Comment 3 Dave Allan 2012-07-12 08:32:57 EDT
Are setuid/setgid reported correctly?
Comment 4 lei wang 2012-07-12 21:44:06 EDT
(In reply to comment #3)
> Are setuid/setgid reported correctly?

Hi Dave, the same reproduce on setuid and setgid too.

# ll /var/lib/libvirt/images/rhel6q.img
-rw-------. 1 root root 262144 Jul 13 09:40 /var/lib/libvirt/images/rhel6q.img
# chmod 7777 /var/lib/libvirt/images/rhel6q.img
# ll /var/lib/libvirt/images/rhel6q.img
-rwsrwsrwt. 1 root root 262144 Jul 13 09:40 /var/lib/libvirt/images/rhel6q.img
# virsh vol-dumpxml /var/lib/libvirt/images/rhel6q.img 
<volume>
  <name>rhel6q.img</name>
  <key>/var/lib/libvirt/images/rhel6q.img</key>
  <source>
  </source>
  <capacity unit='bytes'>8589934592</capacity>
  <allocation unit='bytes'>139264</allocation>
  <target>
    <path>/var/lib/libvirt/images/rhel6q.img</path>
    <format type='raw'/>
    <permissions>
      <mode>0777</mode>
      <owner>0</owner>
      <group>0</group>
      <label>system_u:object_r:virt_image_t:s0</label>
    </permissions>
  </target>
</volume>
Comment 5 lei wang 2012-07-12 22:09:50 EDT
(In reply to comment #2)
> On morden linux, the sticky bit on a file doesn't do anything. Also
> meaningless for FreeBSD. 
> 
> <quote>
> Currently, this behavior is only operative in HP-UX, NetBSD, and UnixWare.
> Solaris appears to have abandoned this in 2005.[citation needed] The
> 4.4-Lite release of BSD retained the old sticky bit behavior but it has been
> subsequently dropped from OpenBSD (as of release 3.7) and FreeBSD (as of
> release 2.2.1); it remains in NetBSD. No version of Linux has ever supported
> the traditional behavior.
> </quote>
> 
> IMO it's not deserved to give a fix, we have the flaw to detect the sticky
> bit
> on a file, but the question is why one want to use the useless bit?

# chmod 7777 rhel6q.img 
# ll
total 136
-rwsrwsrwt. 1 root root 262144 Jul 13 09:53 rhel6q.img
# cat /tmp/vol.xml 
<volume>
  <name>rhel6q.img</name>
  <key>/var/lib/libvirt/images/rhel6q.img</key>
  <source>
  </source>
  <capacity unit='bytes'>10737418240</capacity>
  <allocation unit='bytes'>139264</allocation>
  <target>
    <path>/var/lib/libvirt/images/rhel6q.img</path>
    <format type='qcow2'/>
    <permissions>
      <mode>7777</mode>
      <owner>0</owner>
      <group>0</group>
      <label>unconfined_u:object_r:virt_image_t:s0</label>
    </permissions>
  </target>
</volume>

# virsh vol-create default /tmp/vol.xml 
error: Failed to create vol from /tmp/vol.xml
error: XML error: malformed octal mode

# 


If modify permission to 7777 on xml file, create vol with xml file, false.

Although we know that it useless, I think that libvirt could get permission correctly on suid/sgid/sticky bit better than without them
Comment 6 Ján Tomko 2012-07-26 04:53:08 EDT
Upstream patch proposed:

https://www.redhat.com/archives/libvir-list/2012-July/msg01453.html
Comment 7 Ján Tomko 2012-08-10 09:23:36 EDT
Another upstream patch proposed:

https://www.redhat.com/archives/libvir-list/2012-August/msg00687.html

Note You need to log in before you can comment on or make changes to this bug.