From nobody Fri Apr 26 14:07:51 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=huawei.com Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1631531880004399.63626842159783; Mon, 13 Sep 2021 04:18:00 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-297-mAbnNYK8PDKh6-A9vsDRNg-1; Mon, 13 Sep 2021 07:17:57 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3DFECBBEE5; Mon, 13 Sep 2021 11:17:52 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E2B8D1972E; Mon, 13 Sep 2021 11:17:51 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 6D27A1805986; Mon, 13 Sep 2021 11:17:51 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 18DBHZYF001188 for ; Mon, 13 Sep 2021 07:17:36 -0400 Received: by smtp.corp.redhat.com (Postfix) id D9F3A200B671; Mon, 13 Sep 2021 11:17:35 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D4E502022EC7 for ; Mon, 13 Sep 2021 11:17:33 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E55BE8934E0 for ; Mon, 13 Sep 2021 11:17:32 +0000 (UTC) Received: from szxga03-in.huawei.com (szxga03-in.huawei.com [45.249.212.189]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-173-arWcSPUOP0qXh58ZeSsf6g-1; Mon, 13 Sep 2021 07:17:31 -0400 Received: from dggemv704-chm.china.huawei.com (unknown [172.30.72.53]) by szxga03-in.huawei.com (SkyGuard) with ESMTP id 4H7P7n05mqz8t4s for ; Mon, 13 Sep 2021 19:16:53 +0800 (CST) Received: from dggema765-chm.china.huawei.com (10.1.198.207) by dggemv704-chm.china.huawei.com (10.3.19.47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.2308.8; Mon, 13 Sep 2021 19:17:28 +0800 Received: from localhost.localdomain (10.175.101.6) by dggema765-chm.china.huawei.com (10.1.198.207) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2308.8; Mon, 13 Sep 2021 19:17:27 +0800 X-MC-Unique: mAbnNYK8PDKh6-A9vsDRNg-1 X-MC-Unique: arWcSPUOP0qXh58ZeSsf6g-1 From: Peng Liang To: Subject: [PATH v2 1/2] qemu: move temp file of screenshot and memorypeek to autoDumpPath Date: Mon, 13 Sep 2021 19:11:04 +0800 Message-ID: <20210913111105.2941917-2-liangpeng10@huawei.com> In-Reply-To: <20210913111105.2941917-1-liangpeng10@huawei.com> References: <20210913111105.2941917-1-liangpeng10@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.175.101.6] X-ClientProxiedBy: dggems701-chm.china.huawei.com (10.3.19.178) To dggema765-chm.china.huawei.com (10.1.198.207) X-CFilter-Loop: Reflected X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 18DBHZYF001188 X-loop: libvir-list@redhat.com Cc: yubihong@huawei.com, liangpeng10@huawei.com, xiexiangyou@huawei.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1631531880978100001 Content-Type: text/plain; charset="utf-8" The temp files of screenshot and memory peek, which are created by QEMU, are put in the cache directory. However, the caches of domain capabilities, which are created and used by libvirtd, are also put in the cache directory. In order to make the cache directory more secure, move the temp files of screenshot and memory peek to autoDumpPath. Since the temp files are just temporary files and are only used by libvirtd (libvirtd will delete them after use), the use of screenshot and memory peek will be affected. Signed-off-by: Peng Liang --- src/qemu/qemu_driver.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index dfc27572c461..e929e950e848 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -3431,7 +3431,7 @@ qemuDomainScreenshot(virDomainPtr dom, } } =20 - tmp =3D g_strdup_printf("%s/qemu.screendump.XXXXXX", cfg->cacheDir); + tmp =3D g_strdup_printf("%s/qemu.screendump.XXXXXX", cfg->autoDumpPath= ); =20 if ((tmp_fd =3D g_mkstemp_full(tmp, O_RDWR | O_CLOEXEC, S_IRUSR | S_IW= USR)) =3D=3D -1) { virReportSystemError(errno, _("g_mkstemp(\"%s\") failed"), tmp); @@ -10692,7 +10692,7 @@ qemuDomainMemoryPeek(virDomainPtr dom, if (virDomainObjCheckActive(vm) < 0) goto endjob; =20 - tmp =3D g_strdup_printf("%s/qemu.mem.XXXXXX", cfg->cacheDir); + tmp =3D g_strdup_printf("%s/qemu.mem.XXXXXX", cfg->autoDumpPath); =20 /* Create a temporary filename. */ if ((fd =3D g_mkstemp_full(tmp, O_RDWR | O_CLOEXEC, S_IRUSR | S_IWUSR)= ) =3D=3D -1) { --=20 2.31.1 From nobody Fri Apr 26 14:07:51 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=huawei.com Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1631531885235997.5546741427391; Mon, 13 Sep 2021 04:18:05 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-282-pd57INSdMpqMKIQtOL579w-1; Mon, 13 Sep 2021 07:18:01 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id F3875802936; Mon, 13 Sep 2021 11:17:55 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D2BB35C1D1; Mon, 13 Sep 2021 11:17:55 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9F3604E58E; Mon, 13 Sep 2021 11:17:55 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 18DBHcTs001212 for ; Mon, 13 Sep 2021 07:17:38 -0400 Received: by smtp.corp.redhat.com (Postfix) id 322345CC0C; Mon, 13 Sep 2021 11:17:38 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2C69750177 for ; Mon, 13 Sep 2021 11:17:35 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 0D6058934E1 for ; Mon, 13 Sep 2021 11:17:35 +0000 (UTC) Received: from szxga08-in.huawei.com (szxga08-in.huawei.com [45.249.212.255]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-465-p39b3e1iNDKq9yhZQ6egcQ-1; Mon, 13 Sep 2021 07:17:32 -0400 Received: from dggemv703-chm.china.huawei.com (unknown [172.30.72.53]) by szxga08-in.huawei.com (SkyGuard) with ESMTP id 4H7P7M2kpfz1DGrc for ; Mon, 13 Sep 2021 19:16:31 +0800 (CST) Received: from dggema765-chm.china.huawei.com (10.1.198.207) by dggemv703-chm.china.huawei.com (10.3.19.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.2308.8; Mon, 13 Sep 2021 19:17:29 +0800 Received: from localhost.localdomain (10.175.101.6) by dggema765-chm.china.huawei.com (10.1.198.207) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2308.8; Mon, 13 Sep 2021 19:17:29 +0800 X-MC-Unique: pd57INSdMpqMKIQtOL579w-1 X-MC-Unique: p39b3e1iNDKq9yhZQ6egcQ-1 From: Peng Liang To: Subject: [PATH v2 2/2] qemu: don't change ownership of cache directory Date: Mon, 13 Sep 2021 19:11:05 +0800 Message-ID: <20210913111105.2941917-3-liangpeng10@huawei.com> In-Reply-To: <20210913111105.2941917-1-liangpeng10@huawei.com> References: <20210913111105.2941917-1-liangpeng10@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.175.101.6] X-ClientProxiedBy: dggems701-chm.china.huawei.com (10.3.19.178) To dggema765-chm.china.huawei.com (10.1.198.207) X-CFilter-Loop: Reflected X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 18DBHcTs001212 X-loop: libvir-list@redhat.com Cc: yubihong@huawei.com, liangpeng10@huawei.com, xiexiangyou@huawei.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1631531886401100001 Content-Type: text/plain; charset="utf-8" Commit 6bcf25017bc6 ("virDomainMemoryPeek API") introduced memory peek and commit 9936aecfd1b4 ("qemu: Implement the driver methods") introduced screenshot. Both of them will put temporary files in /var/cache/libvirt/qemu, and the temporary files are created by QEMU. Therefore, the ownership of /var/cache/libvirt/qemu should be changed to user and group configured in qemu.conf to make sure that QEMU process can create and write files in the cache directory. Libvirt will only put the temporary files in /var/cache/libvirt/qemu until commit cbde35899b90 ("Cache result of QEMU capabilities extraction"), which will put the cache of QEMU capabilities in 'capabilities' subdir of the cache directory. Because the capabilities is used by libvirt, the ownership of both 'capabilities' subdir and capabilitie files are root. However, when QEMU process runs as a regular user (e.g. qemu user), the ownership of /var/cache/libvirt/qemu will be changed to qemu:qemu while that of /var/cache/libvirt/qemu/capabilities will be still root:root. Then the regular user could spoof different capabilities, which maybe lead to denial of service. Since the previous patch has move the temp files of screenshot and memory peek to autoDumpPath, no one except domain capabilities uses cacheDir currently. And since domain capabilities are used by libvirtd instead of QEMU, no need to change the ownership of cacheDir to qemu:qemu explicitly. Signed-off-by: Peng Liang --- src/qemu/qemu_driver.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index e929e950e848..8a6fd5767893 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -748,13 +748,6 @@ qemuStateInitialize(bool privileged, (int)cfg->group); goto error; } - if (chown(cfg->cacheDir, cfg->user, cfg->group) < 0) { - virReportSystemError(errno, - _("unable to set ownership of '%s' to %d:= %d"), - cfg->cacheDir, (int)cfg->user, - (int)cfg->group); - goto error; - } if (chown(cfg->saveDir, cfg->user, cfg->group) < 0) { virReportSystemError(errno, _("unable to set ownership of '%s' to %d:= %d"), --=20 2.31.1