From: Eric Harney Date: Thu, 20 Feb 2014 16:48:41 +0000 (-0500) Subject: GlusterFS: Set permissions on qcow2 snapshot files X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=186f23998fcead5992ef95e33b01ed40f4ecaa5f;p=openstack-build%2Fcinder-build.git GlusterFS: Set permissions on qcow2 snapshot files The GlusterFS driver sets specific permissions on the volume file when volumes are created. Setting them on the snapshot files at snapshot creation time is also required, otherwise volume attaches will fail for volumes with snapshots when using QEMU's libgfapi functionality. This does not weaken the current security model in any significant way, as it only lines up the permissions used for snapshot files with those already used for volume files. This will eventually be addressed by functionality in libvirt: https://bugzilla.redhat.com/show_bug.cgi?id=1052014 Closes-Bug: #1286376 Change-Id: I93944724c557c907eb3821a061e7434f09ff20bc --- diff --git a/cinder/volume/drivers/glusterfs.py b/cinder/volume/drivers/glusterfs.py index 01238d9d3..78eb0317b 100644 --- a/cinder/volume/drivers/glusterfs.py +++ b/cinder/volume/drivers/glusterfs.py @@ -501,6 +501,8 @@ class GlusterfsDriver(nfs.RemoteFsDriver): new_snap_path] self._execute(*command, run_as_root=True) + self._set_rw_permissions_for_all(new_snap_path) + def _create_snapshot_offline(self, snapshot, path_to_disk): """Create snapshot (offline case)."""