From nobody Tue Feb 10 15:01:23 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 216.205.24.124 as permitted sender) client-ip=216.205.24.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1621597339; cv=none;
	d=zohomail.com; s=zohoarc;
	b=JMsgtAMQlw+EJLjvcxbeRIC/qWnAVECLolm02JtoMXupjUCj19YQoEJ2yZA5yBt4B4CanKTcvG9alf7lwZgfDBQV84hFGviX4ztOLWQvwuv03lpL1t3VNtaYMgeuocGCYyRbVkRc0Da5M3yEQS7Dl4O6Q5eWELFIsXVYOBBuDYc=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1621597339;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=6k7pQxnNf4vSm2s8klSIje0SXgm+upqRVRMSp3MBTyM=;
	b=ihhuNm2Ztqa7EvnQ0nv+sz032YibobtkmYv/dTFLkriJf98oLsctkaw/Ke8VWRyMbUO+J++L3mK0U4+PAwxbeFPhrErrP7rJDhg97uSbO6z2X0WaqNjYfpiyL31U7aDSHSprIV35Ef6SgA8w2wxw+lzdS2RUR+e5E2L9zqxlcOw=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<khanicov@redhat.com> (p=none dis=none)
 header.from=<khanicov@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
	with SMTPS id 1621597339447438.2874490075601;
 Fri, 21 May 2021 04:42:19 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-403-_JBVRAfQOlG70f1y1-LVHQ-1; Fri, 21 May 2021 07:42:16 -0400
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7B68D8005AD;
	Fri, 21 May 2021 11:42:10 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 5848D5C5FC;
	Fri, 21 May 2021 11:42:10 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id F0DF21801028;
	Fri, 21 May 2021 11:42:09 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
	[10.5.11.23])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 14LBfi6s023901 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 21 May 2021 07:41:44 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id D3523E141; Fri, 21 May 2021 11:41:44 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.40.193.232])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 31B2B19C45
	for <libvir-list@redhat.com>; Fri, 21 May 2021 11:41:44 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1621597338;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=6k7pQxnNf4vSm2s8klSIje0SXgm+upqRVRMSp3MBTyM=;
	b=P86j9hFiZVH7fMBfkFNptaXrPh0rl2xBHLsQ3YhYr53aj1rmVy19aW7JlAm6qKtwYgw1NI
	2UkKg1nP+xaGk+Q5qOI6WwwFhzYZclUL+RKS9vQvqE1ve4nTz9uPBtkPpmHifoSPjBvWcN
	LpIAJ7cFn+AHjS8T9tx6NGD+LAcyZJ4=
X-MC-Unique: _JBVRAfQOlG70f1y1-LVHQ-1
From: Kristina Hanicova <khanicov@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH 1/2] qemu: Use qemuDomainOpenFile() in qemuPrepareNVRAM()
Date: Fri, 21 May 2021 13:41:29 +0200
Message-Id: 
 <b8097e82a27d024fa585d702c64d262a19b211a7.1621597192.git.khanicov@redhat.com>
In-Reply-To: <cover.1621597192.git.khanicov@redhat.com>
References: <cover.1621597192.git.khanicov@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
Content-Type: text/plain; charset="utf-8"

Previously, nvram file was created with user/group owner as
'root', rather than specifications defined in libvirtd.conf. The
solution is to call qemuDomainOpenFile(), which creates file with
defined permissions and qemuSecurityDomainSetPathLabel() to set
security label for created nvram file.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=3D1783255

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
---
 src/qemu/qemu_process.c | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 35213f81ec..2aa4574d94 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -4499,9 +4499,10 @@ qemuProcessUpdateCPU(virQEMUDriver *driver,
=20
=20
 static int
-qemuPrepareNVRAM(virQEMUDriverConfig *cfg,
+qemuPrepareNVRAM(virQEMUDriver *driver,
                  virDomainObj *vm)
 {
+    g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver);
     int ret =3D -1;
     int srcFD =3D -1;
     int dstFD =3D -1;
@@ -4538,17 +4539,17 @@ qemuPrepareNVRAM(virQEMUDriverConfig *cfg,
                              master_nvram_path);
         goto cleanup;
     }
-    if ((dstFD =3D virFileOpenAs(loader->nvram,
-                               O_WRONLY | O_CREAT | O_EXCL,
-                               S_IRUSR | S_IWUSR,
-                               cfg->user, cfg->group, 0)) < 0) {
-        virReportSystemError(-dstFD,
-                             _("Failed to create file '%s'"),
-                             loader->nvram);
+
+    if ((dstFD =3D qemuDomainOpenFile(driver, vm, loader->nvram,
+                                    O_WRONLY | O_CREAT | O_EXCL,
+                                    NULL)) < 0)
         goto cleanup;
-    }
+
     created =3D true;
=20
+    if (qemuSecurityDomainSetPathLabel(driver, vm, loader->nvram, false) <=
 0)
+        goto cleanup;
+
     do {
         char buf[1024];
=20
@@ -6723,7 +6724,7 @@ qemuProcessPrepareHost(virQEMUDriver *driver,
     qemuDomainObjPrivate *priv =3D vm->privateData;
     g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver);
=20
-    if (qemuPrepareNVRAM(cfg, vm) < 0)
+    if (qemuPrepareNVRAM(driver, vm) < 0)
         return -1;
=20
     if (vm->def->vsock) {
--=20
2.31.1