External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-22 11:22:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemu: Label master key file

Browse Source 
When creating the master key, we used mode 0600 (which we should) but
because we were creating it as root, the file is not readable by any
qemu running as non-root.  Fortunately, it's just a matter of labelling
the file.  We are generating the file path few times already, so let's
label it in the same function that has access to the path already.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
This commit is contained in:
Martin Kletzander 2016-04-13 17:17:35 +02:00 committed by Cole Robinson
parent 00307b5d82
commit 744d74fafd
3 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/qemu/qemu_domain.c
View File

@ -504,11 +504,13 @@ qemuDomainGetMasterKeyFilePath(const char *libDir)
* Returns 0 on success, -1 on failure with error message indicating failure * Returns 0 on success, -1 on failure with error message indicating failure
*/ */
static int static int
qemuDomainWriteMasterKeyFile(qemuDomainObjPrivatePtr priv) qemuDomainWriteMasterKeyFile(virQEMUDriverPtr driver,
virDomainObjPtr vm)
{ {
char *path; char *path;
int fd = -1; int fd = -1;
int ret = -1; int ret = -1;
qemuDomainObjPrivatePtr priv = vm->privateData;
if (!(path = qemuDomainGetMasterKeyFilePath(priv->libDir))) if (!(path = qemuDomainGetMasterKeyFilePath(priv->libDir)))
return -1; return -1;
@ -525,6 +527,10 @@ qemuDomainWriteMasterKeyFile(qemuDomainObjPrivatePtr priv)
goto cleanup; goto cleanup;
} }
if (virSecurityManagerDomainSetDirLabel(driver->securityManager,
vm->def, path) < 0)
goto cleanup;
ret = 0; ret = 0;
cleanup: cleanup:
@ -697,8 +703,11 @@ qemuDomainMasterKeyRemove(qemuDomainObjPrivatePtr priv)
* Returns: 0 on success, -1 w/ error message on failure * Returns: 0 on success, -1 w/ error message on failure
*/ */
int int
qemuDomainMasterKeyCreate(qemuDomainObjPrivatePtr priv) qemuDomainMasterKeyCreate(virQEMUDriverPtr driver,
virDomainObjPtr vm)
{ {
qemuDomainObjPrivatePtr priv = vm->privateData;
/* If we don't have the capability, then do nothing. */ /* If we don't have the capability, then do nothing. */
if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET)) if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET))
return 0; return 0;
@ -709,7 +718,7 @@ qemuDomainMasterKeyCreate(qemuDomainObjPrivatePtr priv)
priv->masterKeyLen = QEMU_DOMAIN_MASTER_KEY_LEN; priv->masterKeyLen = QEMU_DOMAIN_MASTER_KEY_LEN;
if (qemuDomainWriteMasterKeyFile(priv) < 0) if (qemuDomainWriteMasterKeyFile(driver, vm) < 0)
goto error; goto error;
return 0; return 0;

3
src/qemu/qemu_domain.h
View File

@ -584,7 +584,8 @@ char *qemuDomainGetMasterKeyFilePath(const char *libDir);
int qemuDomainMasterKeyReadFile(qemuDomainObjPrivatePtr priv); int qemuDomainMasterKeyReadFile(qemuDomainObjPrivatePtr priv);
int qemuDomainMasterKeyCreate(qemuDomainObjPrivatePtr priv); int qemuDomainMasterKeyCreate(virQEMUDriverPtr driver,
virDomainObjPtr vm);
void qemuDomainMasterKeyRemove(qemuDomainObjPrivatePtr priv); void qemuDomainMasterKeyRemove(qemuDomainObjPrivatePtr priv);

2
src/qemu/qemu_process.c
View File

@ -5213,7 +5213,7 @@ qemuProcessPrepareHost(virQEMUDriverPtr driver,
goto cleanup; goto cleanup;
VIR_DEBUG("Create domain masterKey"); VIR_DEBUG("Create domain masterKey");
if (qemuDomainMasterKeyCreate(priv) < 0) if (qemuDomainMasterKeyCreate(driver, vm) < 0)
goto cleanup; goto cleanup;
ret = 0; ret = 0;