qemu: Label master key file

When creating the master key, we used mode 0600 (which we should) but
because we were creating it as root, the file is not readable by any
qemu running as non-root.  Fortunately, it's just a matter of labelling
the file.  We are generating the file path few times already, so let's
label it in the same function that has access to the path already.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
This commit is contained in:
Martin Kletzander 2016-04-13 17:17:35 +02:00 committed by Cole Robinson
parent 00307b5d82
commit 744d74fafd
3 changed files with 15 additions and 5 deletions

View File

@ -504,11 +504,13 @@ qemuDomainGetMasterKeyFilePath(const char *libDir)
* Returns 0 on success, -1 on failure with error message indicating failure
*/
static int
qemuDomainWriteMasterKeyFile(qemuDomainObjPrivatePtr priv)
qemuDomainWriteMasterKeyFile(virQEMUDriverPtr driver,
virDomainObjPtr vm)
{
char *path;
int fd = -1;
int ret = -1;
qemuDomainObjPrivatePtr priv = vm->privateData;
if (!(path = qemuDomainGetMasterKeyFilePath(priv->libDir)))
return -1;
@ -525,6 +527,10 @@ qemuDomainWriteMasterKeyFile(qemuDomainObjPrivatePtr priv)
goto cleanup;
}
if (virSecurityManagerDomainSetDirLabel(driver->securityManager,
vm->def, path) < 0)
goto cleanup;
ret = 0;
cleanup:
@ -697,8 +703,11 @@ qemuDomainMasterKeyRemove(qemuDomainObjPrivatePtr priv)
* Returns: 0 on success, -1 w/ error message on failure
*/
int
qemuDomainMasterKeyCreate(qemuDomainObjPrivatePtr priv)
qemuDomainMasterKeyCreate(virQEMUDriverPtr driver,
virDomainObjPtr vm)
{
qemuDomainObjPrivatePtr priv = vm->privateData;
/* If we don't have the capability, then do nothing. */
if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET))
return 0;
@ -709,7 +718,7 @@ qemuDomainMasterKeyCreate(qemuDomainObjPrivatePtr priv)
priv->masterKeyLen = QEMU_DOMAIN_MASTER_KEY_LEN;
if (qemuDomainWriteMasterKeyFile(priv) < 0)
if (qemuDomainWriteMasterKeyFile(driver, vm) < 0)
goto error;
return 0;

View File

@ -584,7 +584,8 @@ char *qemuDomainGetMasterKeyFilePath(const char *libDir);
int qemuDomainMasterKeyReadFile(qemuDomainObjPrivatePtr priv);
int qemuDomainMasterKeyCreate(qemuDomainObjPrivatePtr priv);
int qemuDomainMasterKeyCreate(virQEMUDriverPtr driver,
virDomainObjPtr vm);
void qemuDomainMasterKeyRemove(qemuDomainObjPrivatePtr priv);

View File

@ -5213,7 +5213,7 @@ qemuProcessPrepareHost(virQEMUDriverPtr driver,
goto cleanup;
VIR_DEBUG("Create domain masterKey");
if (qemuDomainMasterKeyCreate(priv) < 0)
if (qemuDomainMasterKeyCreate(driver, vm) < 0)
goto cleanup;
ret = 0;