qemuProcessPrepareHost: Create domain private dirs as early as possible

[PATCH] qemuProcessPrepareHost: Create domain private dirs as early as possible

Posted by Michal Privoznik 2 years, 4 months ago

As of ff024b60cc3 we are opening chardevs before starting QEMU.
However, we also doing that before domain private directories are
created. This leaves us impossible to create guest agent socket
which lives under priv->channelTargetDir.

While creating the dirs can be moved just before
qemuProcessPrepareHostBackendChardev() it's better to do it as
the very first step so that this kind of error is prevented in
future.

Fixes: ff024b60cc39d5d41b1e68728a00a47e103ec4dd
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/qemu/qemu_process.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 4963ce383f..82d0af5549 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -7024,6 +7024,14 @@ qemuProcessPrepareHost(virQEMUDriver *driver,
     qemuDomainObjPrivate *priv = vm->privateData;
     g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
 
+    /*
+     * Create all per-domain directories in order to make sure domain
+     * with any possible seclabels can access it.
+     */
+    if (qemuProcessMakeDir(driver, vm, priv->libDir) < 0 ||
+        qemuProcessMakeDir(driver, vm, priv->channelTargetDir) < 0)
+        return -1;
+
     if (qemuPrepareNVRAM(driver, vm) < 0)
         return -1;
 
@@ -7085,14 +7093,6 @@ qemuProcessPrepareHost(virQEMUDriver *driver,
         return -1;
     }
 
-    /*
-     * Create all per-domain directories in order to make sure domain
-     * with any possible seclabels can access it.
-     */
-    if (qemuProcessMakeDir(driver, vm, priv->libDir) < 0 ||
-        qemuProcessMakeDir(driver, vm, priv->channelTargetDir) < 0)
-        return -1;
-
     VIR_DEBUG("Write domain masterKey");
     if (qemuDomainWriteMasterKeyFile(driver, vm) < 0)
         return -1;
-- 
2.32.0

Re: [PATCH] qemuProcessPrepareHost: Create domain private dirs as early as possible

Posted by Martin Kletzander 2 years, 4 months ago

On Mon, Dec 13, 2021 at 12:21:16PM +0100, Michal Privoznik wrote:
>As of ff024b60cc3 we are opening chardevs before starting QEMU.
>However, we also doing that before domain private directories are
>created. This leaves us impossible to create guest agent socket
>which lives under priv->channelTargetDir.
>
>While creating the dirs can be moved just before
>qemuProcessPrepareHostBackendChardev() it's better to do it as
>the very first step so that this kind of error is prevented in
>future.
>
>Fixes: ff024b60cc39d5d41b1e68728a00a47e103ec4dd
>Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

Reviewed-by: Martin Kletzander <mkletzan@redhat.com>

>---
> src/qemu/qemu_process.c | 16 ++++++++--------
> 1 file changed, 8 insertions(+), 8 deletions(-)
>
>diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
>index 4963ce383f..82d0af5549 100644
>--- a/src/qemu/qemu_process.c
>+++ b/src/qemu/qemu_process.c
>@@ -7024,6 +7024,14 @@ qemuProcessPrepareHost(virQEMUDriver *driver,
>     qemuDomainObjPrivate *priv = vm->privateData;
>     g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
>
>+    /*
>+     * Create all per-domain directories in order to make sure domain
>+     * with any possible seclabels can access it.
>+     */
>+    if (qemuProcessMakeDir(driver, vm, priv->libDir) < 0 ||
>+        qemuProcessMakeDir(driver, vm, priv->channelTargetDir) < 0)
>+        return -1;
>+
>     if (qemuPrepareNVRAM(driver, vm) < 0)
>         return -1;
>
>@@ -7085,14 +7093,6 @@ qemuProcessPrepareHost(virQEMUDriver *driver,
>         return -1;
>     }
>
>-    /*
>-     * Create all per-domain directories in order to make sure domain
>-     * with any possible seclabels can access it.
>-     */
>-    if (qemuProcessMakeDir(driver, vm, priv->libDir) < 0 ||
>-        qemuProcessMakeDir(driver, vm, priv->channelTargetDir) < 0)
>-        return -1;
>-
>     VIR_DEBUG("Write domain masterKey");
>     if (qemuDomainWriteMasterKeyFile(driver, vm) < 0)
>         return -1;
>-- 
>2.32.0
>

Re: [PATCH] qemuProcessPrepareHost: Create domain private dirs as early as possible

Posted by Peter Krempa 2 years, 4 months ago

On Mon, Dec 13, 2021 at 12:21:16 +0100, Michal Privoznik wrote:
> As of ff024b60cc3 we are opening chardevs before starting QEMU.
> However, we also doing that before domain private directories are
> created. This leaves us impossible to create guest agent socket
> which lives under priv->channelTargetDir.
> 
> While creating the dirs can be moved just before
> qemuProcessPrepareHostBackendChardev() it's better to do it as
> the very first step so that this kind of error is prevented in
> future.
> 
> Fixes: ff024b60cc39d5d41b1e68728a00a47e103ec4dd
> Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
> ---
>  src/qemu/qemu_process.c | 16 ++++++++--------
>  1 file changed, 8 insertions(+), 8 deletions(-)

Oops, thanks for fixing this for me ;)

Re: [PATCH] qemuProcessPrepareHost: Create domain private dirs as early as possible

Posted by Ján Tomko 2 years, 4 months ago

On a Monday in 2021, Michal Privoznik wrote:
>As of ff024b60cc3 we are opening chardevs before starting QEMU.
>However, we also doing that before domain private directories are

*we are

>created. This leaves us impossible to create guest agent socket

leaves us unable
   or
makes it impossible

>which lives under priv->channelTargetDir.
>
>While creating the dirs can be moved just before
>qemuProcessPrepareHostBackendChardev() it's better to do it as
>the very first step so that this kind of error is prevented in
>future.
>
>Fixes: ff024b60cc39d5d41b1e68728a00a47e103ec4dd
>Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
>---
> src/qemu/qemu_process.c | 16 ++++++++--------
> 1 file changed, 8 insertions(+), 8 deletions(-)
>

Reviewed-by: Ján Tomko <jtomko@redhat.com>

Jano