GlusterFS: Set permissions on qcow2 snapshot files

The GlusterFS driver sets specific permissions on the
volume file when volumes are created.  Setting them on the
snapshot files at snapshot creation time is also required,
otherwise volume attaches will fail for volumes with snapshots
when using QEMU's libgfapi functionality.

This does not weaken the current security model in any
significant way, as it only lines up the permissions used
for snapshot files with those already used for volume files.

This will eventually be addressed by functionality in libvirt:
https://bugzilla.redhat.com/show_bug.cgi?id=1052014

Closes-Bug: #1286376

Change-Id: I93944724c557c907eb3821a061e7434f09ff20bc

diff --git a/cinder/volume/drivers/glusterfs.py b/cinder/volume/drivers/glusterfs.py
index 01238d9d3adfd7362861ee47837f6a104e0e6f9f..78eb0317bb3bddc967cfbf680e12a3a25810dc62 100644 (file)
--- a/cinder/volume/drivers/glusterfs.py
+++ b/cinder/volume/drivers/glusterfs.py
@@ -501,6 +501,8 @@ class GlusterfsDriver(nfs.RemoteFsDriver):
                    new_snap_path]
         self._execute(*command, run_as_root=True)
 
+        self._set_rw_permissions_for_all(new_snap_path)
+
     def _create_snapshot_offline(self, snapshot, path_to_disk):
         """Create snapshot (offline case)."""