From 4f9226a33786ead60eb470f88783d8764a66e35a Mon Sep 17 00:00:00 2001
From: Michal Privoznik <mprivozn@redhat.com>
Date: Fri, 10 Jul 2020 10:48:01 +0200
Subject: [PATCH 007/108] virSecurityManagerMetadataLock: Ignore RO filesystem
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When locking files for metadata change, we open() them for R/W
access. The write access is needed because we want to acquire
exclusive (write) lock (to mutually exclude with other daemons
trying to modify XATTRs on the same file). Anyway, the open()
might fail if the file lives on a RO filesystem. Well, if that's
the case, ignore the error and continue with the next file on the
list. We won't change any seclabel on the file anyway - there is
nothing to remember then.

Reported-by: Olaf Hering <olaf@aepfle.de>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit c531f42755119190888ac73a58f93d79de5afa56)
---
 src/security/security_manager.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 1445291410..5159abd92d 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -1336,6 +1336,11 @@ virSecurityManagerMetadataLock(virSecurityManagerPtr mgr G_GNUC_UNUSED,
         }
 
         if ((fd = open(p, O_RDWR)) < 0) {
+            if (errno == EROFS) {
+                /* There is nothing we can do for RO filesystem. */
+                continue;
+            }
+
 #ifndef WIN32
             if (S_ISSOCK(sb.st_mode)) {
                 /* Sockets can be opened only if there exists the
-- 
2.33.0