Don't use O_TRUNC when opening QEMU logfiles

SELinux wants all log files opened with O_APPEND. When running non-root though, libvirtd likes to use O_TRUNC to avoid log files growing in size indefinitely. Instead of using O_TRUNC though, we can use O_APPEND and then call ftruncate() which keeps SELinux happier. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2024-10-08 07:15:46 +00:00 · 2012-09-21 10:37:53 +01:00 · 2012-09-21 10:37:53 +01:00 · 639d5c4966
commit 639d5c4966
parent 7307c3c00c
1 changed files with 17 additions and 0 deletions
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@ -1446,12 +1446,22 @@ qemuDomainOpenLogHelper(struct qemud_driver *driver,
 {
    char *logfile;
    int fd = -1;
+    bool trunc = false;

    if (virAsprintf(&logfile, "%s/%s.log", driver->logDir, vm->def->name) < 0) {
        virReportOOMError();
        return -1;
    }

+    /* To make SELinux happy we always need to open in append mode.
+     * So we fake O_TRUNC by calling ftruncate after open instead
+     */
+    if (oflags & O_TRUNC) {
+        oflags &= ~O_TRUNC;
+        oflags |= O_APPEND;
+        trunc = true;
+    }
+
    if ((fd = open(logfile, oflags, mode)) < 0) {
        virReportSystemError(errno, _("failed to create logfile %s"),
                             logfile);
@ -1463,6 +1473,13 @@ qemuDomainOpenLogHelper(struct qemud_driver *driver,
        VIR_FORCE_CLOSE(fd);
        goto cleanup;
    }
+    if (trunc &&
+        ftruncate(fd, 0) < 0) {
+        virReportSystemError(errno, _("failed to truncate %s"),
+                             logfile);
+        VIR_FORCE_CLOSE(fd);
+        goto cleanup;
+    }

 cleanup:
    VIR_FREE(logfile);