From nobody Thu May 16 16:37:36 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1621597339; cv=none; d=zohomail.com; s=zohoarc; b=JMsgtAMQlw+EJLjvcxbeRIC/qWnAVECLolm02JtoMXupjUCj19YQoEJ2yZA5yBt4B4CanKTcvG9alf7lwZgfDBQV84hFGviX4ztOLWQvwuv03lpL1t3VNtaYMgeuocGCYyRbVkRc0Da5M3yEQS7Dl4O6Q5eWELFIsXVYOBBuDYc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1621597339; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=6k7pQxnNf4vSm2s8klSIje0SXgm+upqRVRMSp3MBTyM=; b=ihhuNm2Ztqa7EvnQ0nv+sz032YibobtkmYv/dTFLkriJf98oLsctkaw/Ke8VWRyMbUO+J++L3mK0U4+PAwxbeFPhrErrP7rJDhg97uSbO6z2X0WaqNjYfpiyL31U7aDSHSprIV35Ef6SgA8w2wxw+lzdS2RUR+e5E2L9zqxlcOw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1621597339447438.2874490075601; Fri, 21 May 2021 04:42:19 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-403-_JBVRAfQOlG70f1y1-LVHQ-1; Fri, 21 May 2021 07:42:16 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7B68D8005AD; Fri, 21 May 2021 11:42:10 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5848D5C5FC; Fri, 21 May 2021 11:42:10 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id F0DF21801028; Fri, 21 May 2021 11:42:09 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 14LBfi6s023901 for ; Fri, 21 May 2021 07:41:44 -0400 Received: by smtp.corp.redhat.com (Postfix) id D3523E141; Fri, 21 May 2021 11:41:44 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.40.193.232]) by smtp.corp.redhat.com (Postfix) with ESMTP id 31B2B19C45 for ; Fri, 21 May 2021 11:41:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1621597338; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=6k7pQxnNf4vSm2s8klSIje0SXgm+upqRVRMSp3MBTyM=; b=P86j9hFiZVH7fMBfkFNptaXrPh0rl2xBHLsQ3YhYr53aj1rmVy19aW7JlAm6qKtwYgw1NI 2UkKg1nP+xaGk+Q5qOI6WwwFhzYZclUL+RKS9vQvqE1ve4nTz9uPBtkPpmHifoSPjBvWcN LpIAJ7cFn+AHjS8T9tx6NGD+LAcyZJ4= X-MC-Unique: _JBVRAfQOlG70f1y1-LVHQ-1 From: Kristina Hanicova To: libvir-list@redhat.com Subject: [PATCH 1/2] qemu: Use qemuDomainOpenFile() in qemuPrepareNVRAM() Date: Fri, 21 May 2021 13:41:29 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Previously, nvram file was created with user/group owner as 'root', rather than specifications defined in libvirtd.conf. The solution is to call qemuDomainOpenFile(), which creates file with defined permissions and qemuSecurityDomainSetPathLabel() to set security label for created nvram file. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=3D1783255 Signed-off-by: Kristina Hanicova Reviewed-by: Michal Privoznik --- src/qemu/qemu_process.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 35213f81ec..2aa4574d94 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -4499,9 +4499,10 @@ qemuProcessUpdateCPU(virQEMUDriver *driver, =20 =20 static int -qemuPrepareNVRAM(virQEMUDriverConfig *cfg, +qemuPrepareNVRAM(virQEMUDriver *driver, virDomainObj *vm) { + g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver); int ret =3D -1; int srcFD =3D -1; int dstFD =3D -1; @@ -4538,17 +4539,17 @@ qemuPrepareNVRAM(virQEMUDriverConfig *cfg, master_nvram_path); goto cleanup; } - if ((dstFD =3D virFileOpenAs(loader->nvram, - O_WRONLY | O_CREAT | O_EXCL, - S_IRUSR | S_IWUSR, - cfg->user, cfg->group, 0)) < 0) { - virReportSystemError(-dstFD, - _("Failed to create file '%s'"), - loader->nvram); + + if ((dstFD =3D qemuDomainOpenFile(driver, vm, loader->nvram, + O_WRONLY | O_CREAT | O_EXCL, + NULL)) < 0) goto cleanup; - } + created =3D true; =20 + if (qemuSecurityDomainSetPathLabel(driver, vm, loader->nvram, false) <= 0) + goto cleanup; + do { char buf[1024]; =20 @@ -6723,7 +6724,7 @@ qemuProcessPrepareHost(virQEMUDriver *driver, qemuDomainObjPrivate *priv =3D vm->privateData; g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver); =20 - if (qemuPrepareNVRAM(cfg, vm) < 0) + if (qemuPrepareNVRAM(driver, vm) < 0) return -1; =20 if (vm->def->vsock) { --=20 2.31.1 From nobody Thu May 16 16:37:36 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1621597328; cv=none; d=zohomail.com; s=zohoarc; b=AqEs+EdL5OSME5GpRVzab2GZtfZgPLvNroo+vyI/RRQzSAnxx8kBynRJsMwvx24+oxJlgrVuw+M6F+xeF9VHeLar+SIiKOKZzqBvJdoYZnwiKQ1hrQyLNPMlaNqPj4boC/LOVPurgRlQKeBreINI74RzFDID93PyPcLcimYunt4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1621597328; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=NMZ+xZj1wPFkpgjuw3evhJ2OlbxXuHSN03Pxn3/t4sg=; b=mfcm5dBvQRMeUmqItg9XXYwROgfRR0536NEEjU/HbPCteF6B+jZ3TcXqPSUw87NQIKZXT6P2mZnEyXxZZaIR9U0e/gA/FlOp2SNmE2Pf/UKLQzSh5PeG1b/SbArGeNSE8ox02mxdOy02MCcDzGuVyQ1rtKLIQGIcE1wJUW2p4Go= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1621597328253525.7351706755013; Fri, 21 May 2021 04:42:08 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-431-8h_0pGCBOdGlhL_nOUqv9g-1; Fri, 21 May 2021 07:42:05 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B68141854E2B; Fri, 21 May 2021 11:41:59 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 40BF85D9D5; Fri, 21 May 2021 11:41:59 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 688B844A57; Fri, 21 May 2021 11:41:47 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 14LBfjcj023912 for ; Fri, 21 May 2021 07:41:45 -0400 Received: by smtp.corp.redhat.com (Postfix) id D9C9BE154; Fri, 21 May 2021 11:41:45 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.40.193.232]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3C8FB19C45 for ; Fri, 21 May 2021 11:41:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1621597327; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=NMZ+xZj1wPFkpgjuw3evhJ2OlbxXuHSN03Pxn3/t4sg=; b=EsCHXGkYO8gUgVov6QRNTdnjhGzzi3QUJzLzpwXw1Cs69Z4MipGpTZl3WAnyNgnWnF6NjE 8JUT21ZpX04+bKchKrkkdJQQWcarnExXC5LgJDLsAmgQPAOAnaYUoSeE/lUxhnXtR8Bm8X nj0OsXanBnvTEgdkFaaUE6GOQW1/N/8= X-MC-Unique: 8h_0pGCBOdGlhL_nOUqv9g-1 From: Kristina Hanicova To: libvir-list@redhat.com Subject: [PATCH 2/2] qemu: Return -EINVAL to keep qemuDomainOpenFile() consistent Date: Fri, 21 May 2021 13:41:30 +0200 Message-Id: <1c652faa27e79cd1e646cd98abdee983ea9fc2f4.1621597192.git.khanicov@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" The description of the function says that the return value is a file descriptor on success and negative errno on failure which is not true. If the 'if' case with check on security labels fails, the return value is -1 not -errno. The solution is to return '-EINVAL' instead. Signed-off-by: Kristina Hanicova Reviewed-by: Michal Privoznik --- src/qemu/qemu_domain.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 10641846b3..5254552551 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -11509,7 +11509,7 @@ qemuDomainOpenFile(virQEMUDriver *driver, (seclabel =3D virDomainDefGetSecurityLabelDef(vm->def, "dac")) != =3D NULL && seclabel->label !=3D NULL && (virParseOwnershipIds(seclabel->label, &user, &group) < 0)) - return -1; + return -EINVAL; =20 return virQEMUFileOpenAs(user, group, dynamicOwnership, path, oflags, needUnlink); --=20 2.31.1