From nobody Mon Feb 9 16:02:29 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=huawei.com Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1631543433781736.903102588489; Mon, 13 Sep 2021 07:30:33 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-181-lFZjOxFrN9-MCReySszh-Q-1; Mon, 13 Sep 2021 10:30:31 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id ED0ED1006AA4; Mon, 13 Sep 2021 14:30:25 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CF44F60871; Mon, 13 Sep 2021 14:30:25 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 842864EA2A; Mon, 13 Sep 2021 14:30:25 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 18DEUMqr019525 for ; Mon, 13 Sep 2021 10:30:22 -0400 Received: by smtp.corp.redhat.com (Postfix) id 6414D1111C94; Mon, 13 Sep 2021 14:30:22 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5E8D41111C92 for ; Mon, 13 Sep 2021 14:30:15 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 7165B8934FB for ; Mon, 13 Sep 2021 14:30:15 +0000 (UTC) Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-383-aUxnDzkkMQaTw68DELze_g-1; Mon, 13 Sep 2021 10:30:12 -0400 Received: from dggemv703-chm.china.huawei.com (unknown [172.30.72.56]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4H7TL45d9SzbmVJ for ; Mon, 13 Sep 2021 22:26:04 +0800 (CST) Received: from dggema765-chm.china.huawei.com (10.1.198.207) by dggemv703-chm.china.huawei.com (10.3.19.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.2308.8; Mon, 13 Sep 2021 22:30:09 +0800 Received: from localhost.localdomain (10.175.101.6) by dggema765-chm.china.huawei.com (10.1.198.207) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2308.8; Mon, 13 Sep 2021 22:30:09 +0800 X-MC-Unique: lFZjOxFrN9-MCReySszh-Q-1 X-MC-Unique: aUxnDzkkMQaTw68DELze_g-1 From: Peng Liang To: Subject: [PATCH v3 1/2] qemu: move temp file of screenshot and memorypeek to per-domain dir Date: Mon, 13 Sep 2021 22:23:46 +0800 Message-ID: <20210913142347.3023720-2-liangpeng10@huawei.com> In-Reply-To: <20210913142347.3023720-1-liangpeng10@huawei.com> References: <20210913142347.3023720-1-liangpeng10@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.175.101.6] X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To dggema765-chm.china.huawei.com (10.1.198.207) X-CFilter-Loop: Reflected X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 18DEUMqr019525 X-loop: libvir-list@redhat.com Cc: yubihong@huawei.com, liangpeng10@huawei.com, xiexiangyou@huawei.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1631543434833100001 Content-Type: text/plain; charset="utf-8" The temp files of screenshot and memory peek, which are created by QEMU, are put in the cache directory. However, the caches of domain capabilities, which are created and used by libvirtd, are also put in the cache directory. In order to make the cache directory more secure, move the temp files of screenshot and memory peek to per-domain directory. Since the temp files are just temporary files and are only used by libvirtd (libvirtd will delete them after use), the use of screenshot and memory peek will be affected. Signed-off-by: Peng Liang --- src/qemu/qemu_driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index dfc27572c461..7ffe5f1e3856 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -3431,7 +3431,7 @@ qemuDomainScreenshot(virDomainPtr dom, } } =20 - tmp =3D g_strdup_printf("%s/qemu.screendump.XXXXXX", cfg->cacheDir); + tmp =3D g_strdup_printf("%s/qemu.screendump.XXXXXX", priv->libDir); =20 if ((tmp_fd =3D g_mkstemp_full(tmp, O_RDWR | O_CLOEXEC, S_IRUSR | S_IW= USR)) =3D=3D -1) { virReportSystemError(errno, _("g_mkstemp(\"%s\") failed"), tmp); @@ -10675,6 +10675,7 @@ qemuDomainMemoryPeek(virDomainPtr dom, if (!(vm =3D qemuDomainObjFromDomain(dom))) goto cleanup; =20 + priv =3D vm->privateData; cfg =3D virQEMUDriverGetConfig(driver); =20 if (virDomainMemoryPeekEnsureACL(dom->conn, vm->def) < 0) @@ -10692,7 +10693,7 @@ qemuDomainMemoryPeek(virDomainPtr dom, if (virDomainObjCheckActive(vm) < 0) goto endjob; =20 - tmp =3D g_strdup_printf("%s/qemu.mem.XXXXXX", cfg->cacheDir); + tmp =3D g_strdup_printf("%s/qemu.mem.XXXXXX", priv->libDir); =20 /* Create a temporary filename. */ if ((fd =3D g_mkstemp_full(tmp, O_RDWR | O_CLOEXEC, S_IRUSR | S_IWUSR)= ) =3D=3D -1) { @@ -10703,7 +10704,6 @@ qemuDomainMemoryPeek(virDomainPtr dom, =20 qemuSecurityDomainSetPathLabel(driver, vm, tmp, false); =20 - priv =3D vm->privateData; qemuDomainObjEnterMonitor(driver, vm); if (flags =3D=3D VIR_MEMORY_VIRTUAL) { if (qemuMonitorSaveVirtualMemory(priv->mon, offset, size, tmp) < 0= ) { --=20 2.31.1