From nobody Sun May 19 17:42:35 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 216.205.24.124 as permitted sender) client-ip=216.205.24.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1623252013; cv=none;
	d=zohomail.com; s=zohoarc;
	b=W/NxTNf/eoiOFxZKqBhEDV4kvgHZ9vIvopWdc1F5I6EMELB60ZVEtgm1nYIURyk26Wqn6wkAbFqJ/n6HM9/p2mGDztwQUE5xm3FscWyc3bJqD3jSqP9rcEKDcFDSojt/6aeaYnbfyAxMBWS395NArIiwPI7JsMpFBT/bJilNVjY=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1623252013;
 h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To;
	bh=PXPdN+GYVTuaItr3B4cM+vXU52bBSw4AYhT8iIFEyKo=;
	b=AHH6KALLaASdVzKqfpBTIhazAvU++Ig16uYbkQRIUDwv7ELLjN82vTDCabI5sT7CuSULKDIPURYl0tefk9YTrXd8TJCXoiRki7YHc9A3jvIhQJu0ItKUWMfTVjXlm02bbSvtWFmhCYZwpBudU8U5eBteeOPWoCXNT3YpDXtX71g=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mprivozn@redhat.com> (p=none dis=none)
 header.from=<mprivozn@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
	with SMTPS id 1623252013357132.72946853899612;
 Wed, 9 Jun 2021 08:20:13 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-529-dcSNOjshM9WK4w6SqdfpuQ-1; Wed, 09 Jun 2021 11:20:10 -0400
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 128A6100C618;
	Wed,  9 Jun 2021 15:20:02 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id AB52C60853;
	Wed,  9 Jun 2021 15:19:59 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 04E5D1832DAB;
	Wed,  9 Jun 2021 15:19:54 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
	[10.5.11.22])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 159FJrxj013769 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 9 Jun 2021 11:19:53 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id D620110016F4; Wed,  9 Jun 2021 15:19:53 +0000 (UTC)
Received: from localhost.localdomain (unknown [10.40.193.19])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 59FB01001281
	for <libvir-list@redhat.com>; Wed,  9 Jun 2021 15:19:50 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1623252012;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=PXPdN+GYVTuaItr3B4cM+vXU52bBSw4AYhT8iIFEyKo=;
	b=GOiGB9PprMqSdWM/AO10DwkHCC6uv2H650Ts2DgQ3EABwpcYnnur95VkBkyn0TGgmTQXjy
	w0HDiMP1Gw3SiuupWtU8KHYohJ13zAZC+ToNwbHT49rgtAHIHRmf0Q9vEEbObZSBeWOfTN
	zCud+UlaFjpzjYu6KSe5O0Wx/pklTQ8=
X-MC-Unique: dcSNOjshM9WK4w6SqdfpuQ-1
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH] qemu: Don't set NVRAM label when creating it
Date: Wed,  9 Jun 2021 17:19:47 +0200
Message-Id: 
 <9b0fa218dd51c74871207ca9a05fb5f8d73dfdb7.1623251978.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
Content-Type: text/plain; charset="utf-8"

The NVRAM label is set in qemuSecuritySetAllLabel(). There's no
need to set its label upfront. In fact, setting it twice creates
an imbalance because it's unset only once which mangles seclabel
remembering. However, plain removal of the
qemuSecurityDomainSetPathLabel() undoes the fix for the original
bug (when dynamic ownership is off then the NVRAM is not created
with cfg->user and cfg->group but as root:root). Therefore, we
have to switch to virFileOpenAs() and pass cfg->user and
cfg->group and VIR_FILE_OPEN_FORCE_OWNER flag. There's no need to
pass VIR_FILE_OPEN_FORCE_MODE because the file will be created
with the proper mode.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=3D1969347
Fixes: bcdaa91a27b5b2d103535270a6a287efe6cd8bfb
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
---
 src/qemu/qemu_process.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index c37687f249..2b03b0ab98 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -4538,16 +4538,19 @@ qemuPrepareNVRAM(virQEMUDriver *driver,
         goto cleanup;
     }
=20
-    if ((dstFD =3D qemuDomainOpenFile(driver, vm, loader->nvram,
-                                    O_WRONLY | O_CREAT | O_EXCL,
-                                    NULL)) < 0)
+    if ((dstFD =3D virFileOpenAs(loader->nvram,
+                               O_WRONLY | O_CREAT | O_EXCL,
+                               S_IRUSR | S_IWUSR,
+                               cfg->user, cfg->group,
+                               VIR_FILE_OPEN_FORCE_OWNER)) < 0) {
+        virReportSystemError(-dstFD,
+                             _("Failed to create file '%s'"),
+                             loader->nvram);
         goto cleanup;
+    }
=20
     created =3D true;
=20
-    if (qemuSecurityDomainSetPathLabel(driver, vm, loader->nvram, false) <=
 0)
-        goto cleanup;
-
     do {
         char buf[1024];
=20
--=20
2.31.1