ubuntu-bugcontrol team mailing list archive

[Jorge Sancho Larraz <mp+464752@xxxxxxxxxxxxxxxxxx>]

Jorge Sancho Larraz has proposed merging ~jslarraz/ubuntu-qa-tools:fix-acl into ubuntu-qa-tools:master.

Commit message:
Fix acl permission check 

Requested reviews:
  Ubuntu Bug Control (ubuntu-bugcontrol)

For more details, see:
https://code.launchpad.net/~jslarraz/ubuntu-qa-tools/+git/ubuntu-qa-tools/+merge/464752

When using acl, the `mask` attribute sets the maximum permissions a non-owner user may have. Thus, this field also needs to be check to ensure the `libvirt-qemu` has effective search permissions on the required directories
-- 
Your team Ubuntu Bug Control is requested to review the proposed merge of ~jslarraz/ubuntu-qa-tools:fix-acl into ubuntu-qa-tools:master.

diff --git a/vm-tools/uvt b/vm-tools/uvt
index 2f6eca3..36a3c31 100755
--- a/vm-tools/uvt
+++ b/vm-tools/uvt
@@ -3626,7 +3626,9 @@ def load_uvt_config():
         path = config[d]
         while path != "/":
             rc, out = runcmd(["getfacl", "-e", path])
-            if (not os.stat(path).st_mode & 0o001) and (re.search("user:libvirt-qemu:..x", out) is None):
+            if (not os.stat(path).st_mode & 0o001) and \
+                    ((re.search("user:libvirt-qemu:..x", out) is None) or
+                     (re.search("mask::..x", out) is None)):
 
                 print("Missing permissions found while creating '%s' directory. libvirt-qemu user "
                       "requires search permission all the way up the path, but it seems to be"