security_dac: compute supplemental groups before fork
authorEric Blake <eblake@redhat.com>
Fri, 12 Jul 2013 20:55:21 +0000 (14:55 -0600)
committerEric Blake <eblake@redhat.com>
Thu, 18 Jul 2013 21:35:30 +0000 (15:35 -0600)
commit29fe5d745fbe207ec2415441d4807ae76be05974
tree5f8f6b288e4f9e89ef96003d0d1672c7ea9ed0eb
parentfdb3bde31ccf8ff172abf00ef5aa974b87af2794
security_dac: compute supplemental groups before fork

Commit 75c1256 states that virGetGroupList must not be called
between fork and exec, then commit ee777e99 promptly violated
that for lxc's use of virSecurityManagerSetProcessLabel.  Hoist
the supplemental group detection to the time that the security
manager needs to fork.  Qemu is safe, as it uses
virSecurityManagerSetChildProcessLabel which in turn uses
virCommand to determine supplemental groups.

This does not fix the fact that virSecurityManagerSetProcessLabel
calls virSecurityDACParseIds calls parseIds which eventually
calls getpwnam_r, which also violates fork/exec async-signal-safe
safety rules, but so far no one has complained of hitting
deadlock in that case.

* src/security/security_dac.c (_virSecurityDACData): Track groups
in private data.
(virSecurityDACPreFork): New function, to set them.
(virSecurityDACClose): Clean up new fields.
(virSecurityDACGetIds): Alter signature.
(virSecurityDACSetSecurityHostdevLabelHelper)
(virSecurityDACSetChardevLabel, virSecurityDACSetProcessLabel)
(virSecurityDACSetChildProcessLabel): Update callers.

Signed-off-by: Eric Blake <eblake@redhat.com>
src/security/security_dac.c