From a50c473ad6c988a249bf79a30fb7c6dc19733347 Mon Sep 17 00:00:00 2001
From: Peng Liang <liangpeng10@huawei.com>
Date: Mon, 13 Sep 2021 22:23:46 +0800
Subject: [PATCH] qemu: move temp file of screenshot and memorypeek to
 per-domain dir

The temp files of screenshot and memory peek, which are created by QEMU,
are put in the cache directory.  However, the caches of domain
capabilities, which are created and used by libvirtd, are also put in
the cache directory.  In order to make the cache directory more secure,
move the temp files of screenshot and memory peek to per-domain
directory.

Since the temp files are just temporary files and are only used by
libvirtd (libvirtd will delete them after use), the use of screenshot
and memory peek will be affected.

Signed-off-by: Peng Liang <liangpeng10@huawei.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/qemu/qemu_driver.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 6ae678b165..ce3603b313 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -3431,7 +3431,7 @@ qemuDomainScreenshot(virDomainPtr dom,
         }
     }
 
-    tmp = g_strdup_printf("%s/qemu.screendump.XXXXXX", cfg->cacheDir);
+    tmp = g_strdup_printf("%s/qemu.screendump.XXXXXX", priv->libDir);
 
     if ((tmp_fd = g_mkstemp_full(tmp, O_RDWR | O_CLOEXEC, S_IRUSR | S_IWUSR)) == -1) {
         virReportSystemError(errno, _("g_mkstemp(\"%s\") failed"), tmp);
@@ -10676,6 +10676,7 @@ qemuDomainMemoryPeek(virDomainPtr dom,
     if (!(vm = qemuDomainObjFromDomain(dom)))
         goto cleanup;
 
+    priv = vm->privateData;
     cfg = virQEMUDriverGetConfig(driver);
 
     if (virDomainMemoryPeekEnsureACL(dom->conn, vm->def) < 0)
@@ -10693,7 +10694,7 @@ qemuDomainMemoryPeek(virDomainPtr dom,
     if (virDomainObjCheckActive(vm) < 0)
         goto endjob;
 
-    tmp = g_strdup_printf("%s/qemu.mem.XXXXXX", cfg->cacheDir);
+    tmp = g_strdup_printf("%s/qemu.mem.XXXXXX", priv->libDir);
 
     /* Create a temporary filename. */
     if ((fd = g_mkstemp_full(tmp, O_RDWR | O_CLOEXEC, S_IRUSR | S_IWUSR)) == -1) {
@@ -10704,7 +10705,6 @@ qemuDomainMemoryPeek(virDomainPtr dom,
 
     qemuSecurityDomainSetPathLabel(driver, vm, tmp, false);
 
-    priv = vm->privateData;
     qemuDomainObjEnterMonitor(driver, vm);
     if (flags == VIR_MEMORY_VIRTUAL) {
         if (qemuMonitorSaveVirtualMemory(priv->mon, offset, size, tmp) < 0) {