qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] A different way to ask for readonly drive

From: Markus Armbruster
Subject: Re: [Qemu-devel] [PATCH] A different way to ask for readonly drive
Date: Thu, 17 Dec 2009 15:31:39 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1 (gnu/linux) 
Jamie Lokier <address@hidden> writes:

> Christoph Hellwig wrote:
>> On Tue, Dec 15, 2009 at 06:45:01PM +0000, Jamie Lokier wrote:
>> > access=rw
>> > access=ro
>> > access=auto  (default)
>> 
>> Yes, that sounds like the least clumsy one.  I still think the current
>> implementation is a very bad default, though.
>
> Without agreeing or disagreeing over whether it's a bad default :), a
> usability problem occurs with the current implementation when you
> deliberately "chmod 444" an image to have high confidence that it's
> opened read only: When running as root, file permissions are ignored
> (except sometimes on NFS).
>
> For that reason I use "chattr +i" on all my read-only image files, to
> really make sure that no qemu invocation mistake could accidentally
> corrupt valuable images.  That works, but it's not very convenient.
>
> If the "auto" method is kept, I think it would be an improvement if it
> checks the file permission itself, and does not even try to open a
> file O_RDWR if there are no writable permission bits - so that "chmod
> 444" has the same "open as read only" effect when qemu is invoked as root.

"Improving" on the kernel's permission checking easily ends in tears.

And if we change the the current "auto" behavior in incompatible ways
anyway, then my preferred change would be to just drop it.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]