qemu: Use qemuDomainOpenFile() in qemuPrepareNVRAM()

Previously, nvram file was created with user/group owner as 'root', rather than specifications defined in libvirtd.conf. The solution is to call qemuDomainOpenFile(), which creates file with defined permissions and qemuSecurityDomainSetPathLabel() to set security label for created nvram file. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1783255 Signed-off-by: Kristina Hanicova <khanicov@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-07-30 13:37:17 +00:00 · 2021-05-21 13:41:29 +02:00 · 2021-05-21 13:41:29 +02:00 · bcdaa91a27
commit bcdaa91a27
parent 483e943884
1 changed files with 11 additions and 10 deletions
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@ -4499,9 +4499,10 @@ qemuProcessUpdateCPU(virQEMUDriver *driver,


 static int
-qemuPrepareNVRAM(virQEMUDriverConfig *cfg,
+qemuPrepareNVRAM(virQEMUDriver *driver,
                 virDomainObj *vm)
 {
+    g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
    int ret = -1;
    int srcFD = -1;
    int dstFD = -1;
@ -4538,17 +4539,17 @@ qemuPrepareNVRAM(virQEMUDriverConfig *cfg,
                             master_nvram_path);
        goto cleanup;
    }
-    if ((dstFD = virFileOpenAs(loader->nvram,
-                               O_WRONLY | O_CREAT | O_EXCL,
-                               S_IRUSR | S_IWUSR,
-                               cfg->user, cfg->group, 0)) < 0) {
-        virReportSystemError(-dstFD,
-                             _("Failed to create file '%s'"),
-                             loader->nvram);
+
+    if ((dstFD = qemuDomainOpenFile(driver, vm, loader->nvram,
+                                    O_WRONLY | O_CREAT | O_EXCL,
+                                    NULL)) < 0)
        goto cleanup;
-    }
+
    created = true;

+    if (qemuSecurityDomainSetPathLabel(driver, vm, loader->nvram, false) < 0)
+        goto cleanup;
+
    do {
        char buf[1024];

@ -6723,7 +6724,7 @@ qemuProcessPrepareHost(virQEMUDriver *driver,
    qemuDomainObjPrivate *priv = vm->privateData;
    g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);

-    if (qemuPrepareNVRAM(cfg, vm) < 0)
+    if (qemuPrepareNVRAM(driver, vm) < 0)
        return -1;

    if (vm->def->vsock) {