External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-24 13:35:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemu: Use qemuDomainOpenFile() in qemuPrepareNVRAM()

Browse Source 
Previously, nvram file was created with user/group owner as
'root', rather than specifications defined in libvirtd.conf. The
solution is to call qemuDomainOpenFile(), which creates file with
defined permissions and qemuSecurityDomainSetPathLabel() to set
security label for created nvram file.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1783255

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
Kristina Hanicova 2021-05-21 13:41:29 +02:00 committed by Michal Privoznik
parent 483e943884
commit bcdaa91a27
1 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/qemu/qemu_process.c
View File

@ -4499,9 +4499,10 @@ qemuProcessUpdateCPU(virQEMUDriver *driver,
static int static int
qemuPrepareNVRAM(virQEMUDriverConfig *cfg, qemuPrepareNVRAM(virQEMUDriver *driver,
virDomainObj *vm) virDomainObj *vm)
{ {
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
int ret = -1; int ret = -1;
int srcFD = -1; int srcFD = -1;
int dstFD = -1; int dstFD = -1;
@ -4538,17 +4539,17 @@ qemuPrepareNVRAM(virQEMUDriverConfig *cfg,
master_nvram_path); master_nvram_path);
goto cleanup; goto cleanup;
} }
if ((dstFD = virFileOpenAs(loader->nvram,
O_WRONLY | O_CREAT | O_EXCL, if ((dstFD = qemuDomainOpenFile(driver, vm, loader->nvram,
S_IRUSR | S_IWUSR, O_WRONLY | O_CREAT | O_EXCL,
cfg->user, cfg->group, 0)) < 0) { NULL)) < 0)
virReportSystemError(-dstFD,
_("Failed to create file '%s'"),
loader->nvram);
goto cleanup; goto cleanup;
}
created = true; created = true;
if (qemuSecurityDomainSetPathLabel(driver, vm, loader->nvram, false) < 0)
goto cleanup;
do { do {
char buf[1024]; char buf[1024];
@ -6723,7 +6724,7 @@ qemuProcessPrepareHost(virQEMUDriver *driver,
qemuDomainObjPrivate *priv = vm->privateData; qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver); g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
if (qemuPrepareNVRAM(cfg, vm) < 0) if (qemuPrepareNVRAM(driver, vm) < 0)
return -1; return -1;
if (vm->def->vsock) { if (vm->def->vsock) {