From nobody Wed Apr 15 07:00:21 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1775513900; cv=none; d=zohomail.com; s=zohoarc; b=G+yhtyZIs/3K8dPHb6ORoCzRaJ0hlJXsIDMTPxzuqvHrRISzLKK58OWJ6GBm2ZFuGBRIYlOii7SH4VWfPXs4tmqB7sF3ajI/JC9ulyD9ceaLWxgaujDXOq0ENNwdatNqjvNRTSxnv+t/3VSSDx1PMe570AdoWm/x5rZHNIeEe8s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1775513900; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id; bh=3V5ryENNKaX3LO3IE3kVAkwYGgbGvC6CPyMu/RjR8OA=; b=D1hhAdpXjMHtUawawdaI7V3+qHJqXsQ5LNpDKRJfDH45YrjzhUF+PwQBS26bchGfVVu1EFi9rIg7bonU9HsICjkhjNEKzysD5V8y3cVrAbrk2GUNJnBzuByvhYW4xdLCBEeoIF0Fvwpg5CoaD6bAAr4VyZ7h/o8s9GmJQldjcGs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1775513900460233.3645461708386; Mon, 6 Apr 2026 15:18:20 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 993) id 1F3654180A; Mon, 6 Apr 2026 18:18:19 -0400 (EDT) Received: from [172.19.199.12] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id 060E54180E; Mon, 6 Apr 2026 18:17:19 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 993) id 4AC4D3F894; Mon, 6 Apr 2026 18:17:14 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id E0F953F308 for ; Mon, 6 Apr 2026 18:17:11 -0400 (EDT) Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-553-6Gv29R4fOkO9o9ECQcU2nQ-1; Mon, 06 Apr 2026 18:17:10 -0400 Received: from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 916FB1956094 for ; Mon, 6 Apr 2026 22:17:09 +0000 (UTC) Received: from colepc.redhat.com (unknown [10.22.88.63]) by mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 13B5919560A6; Mon, 6 Apr 2026 22:17:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HELO_MISC_IP,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1775513831; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3V5ryENNKaX3LO3IE3kVAkwYGgbGvC6CPyMu/RjR8OA=; b=JuDnfXYKU42wtqoFbUUuCWAPq2RdKyG76izwvsqHB6AsmBKjIM0PzJc1N5oQOgVOMSoPno ZUdY5sfncj+AZIWEB1aYwpujrMTiJpLYcRWyWU5pH7qL26LVZXOrTmDpcHTtUDM1dkrdlR xmGDIrZanQRvyUXXescfynjhWQMHGic= X-MC-Unique: 6Gv29R4fOkO9o9ECQcU2nQ-1 X-Mimecast-MFC-AGG-ID: 6Gv29R4fOkO9o9ECQcU2nQ_1775513829 To: devel@lists.libvirt.org Subject: [PATCH 1/6] qemu: driver: split out qemuStateInitializeDirs Date: Mon, 6 Apr 2026 18:16:53 -0400 Message-ID: <7b059e84cc15f8c071591068fa7383af8d08ebc6.1775502787.git.crobinso@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.12 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: PSKfZ_jkkpiGaWX4iK7MXgBlkb8F1LOoQXcLQkmdTKs_1775513829 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: LBUZ4QCDB2NIR5ZX2T4Q6Q7BPAIN77H2 X-Message-ID-Hash: LBUZ4QCDB2NIR5ZX2T4Q6Q7BPAIN77H2 X-MailFrom: crobinso@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Cole Robinson X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Cole Robinson via Devel Reply-To: Cole Robinson X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1775513903789154100 Content-Type: text/plain; charset="utf-8"; x-default="true" Move all all driver directory creation and permission handling from qemuStateInitialize to its own function. This is just code movement Signed-off-by: Cole Robinson Reviewed-by: Peter Krempa --- src/qemu/qemu_driver.c | 299 ++++++++++++++++++++++------------------- 1 file changed, 158 insertions(+), 141 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 861795724a..b9f5e976b2 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -518,68 +518,11 @@ qemuDomainFindMaxID(virDomainObj *vm, } =20 =20 -/** - * qemuStateInitialize: - * - * Initialization function for the QEMU daemon - */ -static virDrvStateInitResult -qemuStateInitialize(bool privileged, - const char *root, - bool monolithic G_GNUC_UNUSED, - virStateInhibitCallback callback, - void *opaque) +static int +qemuStateInitializeDirs(bool privileged, + virQEMUDriverConfig *cfg) { - g_autofree char *driverConf =3D NULL; - virQEMUDriverConfig *cfg; - uid_t run_uid =3D -1; - gid_t run_gid =3D -1; - size_t i; - const char *defsecmodel =3D NULL; - g_autoptr(virIdentity) identity =3D virIdentityGetCurrent(); - virDomainDriverAutoStartConfig autostartCfg; - - qemu_driver =3D g_new0(virQEMUDriver, 1); - - qemu_driver->lockFD =3D -1; - - if (virMutexInit(&qemu_driver->lock) < 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("cannot initialize mutex")); - VIR_FREE(qemu_driver); - return VIR_DRV_STATE_INIT_ERROR; - } - - qemu_driver->privileged =3D privileged; - qemu_driver->hostarch =3D virArchFromHost(); - if (root !=3D NULL) - qemu_driver->embeddedRoot =3D g_strdup(root); - - if (!(qemu_driver->domains =3D virDomainObjListNew())) - goto error; - - /* Init domain events */ - qemu_driver->domainEventState =3D virObjectEventStateNew(); - if (!qemu_driver->domainEventState) - goto error; - - /* read the host sysinfo */ - if (privileged) - qemu_driver->hostsysinfo =3D virSysinfoRead(); - - if (!(qemu_driver->config =3D cfg =3D virQEMUDriverConfigNew(privilege= d, root))) - goto error; - - driverConf =3D g_strdup_printf("%s/qemu.conf", cfg->configBaseDir); - - if (virQEMUDriverConfigLoadFile(cfg, driverConf, privileged) < 0) - goto error; - - if (virQEMUDriverConfigValidate(cfg) < 0) - goto error; - - if (virQEMUDriverConfigSetDefaults(cfg) < 0) - goto error; + int ret =3D -1; =20 if (g_mkdir_with_parents(cfg->stateDir, 0777) < 0) { virReportSystemError(errno, _("Failed to create state dir %1$s"), @@ -659,81 +602,6 @@ qemuStateInitialize(bool privileged, goto error; } =20 - qemu_driver->inhibitor =3D virInhibitorNew( - VIR_INHIBITOR_WHAT_SHUTDOWN, - _("Libvirt QEMU"), - _("QEMU/KVM virtual machines are running"), - VIR_INHIBITOR_MODE_DELAY, - callback, - opaque); - - if ((qemu_driver->lockFD =3D - virPidFileAcquire(cfg->stateDir, "driver", getpid())) < 0) - goto error; - - if (!(qemu_driver->lockManager =3D - virLockManagerPluginNew(cfg->lockManagerName ? - cfg->lockManagerName : "nop", - "qemu", - cfg->configBaseDir, - 0))) - goto error; - - if (cfg->macFilter) { - if (!(qemu_driver->ebtables =3D ebtablesContextNew("qemu"))) { - virReportSystemError(errno, - _("failed to enable mac filter in '%1$s'"= ), - __FILE__); - goto error; - } - - if (ebtablesAddForwardPolicyReject(qemu_driver->ebtables) < 0) - goto error; - } - - /* Allocate bitmap for remote display port reservations. We cannot - * do this before the config is loaded properly, since the port - * numbers are configurable now */ - if ((qemu_driver->remotePorts =3D - virPortAllocatorRangeNew(_("display"), - cfg->remotePortMin, - cfg->remotePortMax)) =3D=3D NULL) - goto error; - - if ((qemu_driver->webSocketPorts =3D - virPortAllocatorRangeNew(_("webSocket"), - cfg->webSocketPortMin, - cfg->webSocketPortMax)) =3D=3D NULL) - goto error; - - if ((qemu_driver->rdpPorts =3D - virPortAllocatorRangeNew(_("rdp"), - cfg->rdpPortMin, - cfg->rdpPortMax)) =3D=3D NULL) - goto error; - - - if ((qemu_driver->migrationPorts =3D - virPortAllocatorRangeNew(_("migration"), - cfg->migrationPortMin, - cfg->migrationPortMax)) =3D=3D NULL) - goto error; - - if ((qemu_driver->backupPorts =3D - virPortAllocatorRangeNew(_("backup"), - cfg->backupPortMin, - cfg->backupPortMax)) =3D=3D NULL) - goto error; - - if (qemuSecurityInit(qemu_driver) < 0) - goto error; - - if (!(qemu_driver->hostdevMgr =3D virHostdevManagerGetDefault())) - goto error; - - if (qemuMigrationDstErrorInit(qemu_driver) < 0) - goto error; - if (privileged) { g_autofree char *channeldir =3D NULL; =20 @@ -830,7 +698,161 @@ qemuStateInitialize(bool privileged, (int)cfg->group); goto error; } + } =20 + if (privileged && + virFileUpdatePerm(cfg->memoryBackingDir, + 0, S_IXGRP | S_IXOTH) < 0) + goto error; + + ret =3D 0; +error: + return ret; +} + + +/** + * qemuStateInitialize: + * + * Initialization function for the QEMU daemon + */ +static virDrvStateInitResult +qemuStateInitialize(bool privileged, + const char *root, + bool monolithic G_GNUC_UNUSED, + virStateInhibitCallback callback, + void *opaque) +{ + g_autofree char *driverConf =3D NULL; + virQEMUDriverConfig *cfg; + uid_t run_uid =3D -1; + gid_t run_gid =3D -1; + size_t i; + const char *defsecmodel =3D NULL; + g_autoptr(virIdentity) identity =3D virIdentityGetCurrent(); + virDomainDriverAutoStartConfig autostartCfg; + + qemu_driver =3D g_new0(virQEMUDriver, 1); + + qemu_driver->lockFD =3D -1; + + if (virMutexInit(&qemu_driver->lock) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("cannot initialize mutex")); + VIR_FREE(qemu_driver); + return VIR_DRV_STATE_INIT_ERROR; + } + + qemu_driver->privileged =3D privileged; + qemu_driver->hostarch =3D virArchFromHost(); + if (root !=3D NULL) + qemu_driver->embeddedRoot =3D g_strdup(root); + + if (!(qemu_driver->domains =3D virDomainObjListNew())) + goto error; + + /* Init domain events */ + qemu_driver->domainEventState =3D virObjectEventStateNew(); + if (!qemu_driver->domainEventState) + goto error; + + /* read the host sysinfo */ + if (privileged) + qemu_driver->hostsysinfo =3D virSysinfoRead(); + + if (!(qemu_driver->config =3D cfg =3D virQEMUDriverConfigNew(privilege= d, root))) + goto error; + + driverConf =3D g_strdup_printf("%s/qemu.conf", cfg->configBaseDir); + + if (virQEMUDriverConfigLoadFile(cfg, driverConf, privileged) < 0) + goto error; + + if (virQEMUDriverConfigValidate(cfg) < 0) + goto error; + + if (virQEMUDriverConfigSetDefaults(cfg) < 0) + goto error; + + if (qemuStateInitializeDirs(privileged, cfg) < 0) + goto error; + + qemu_driver->inhibitor =3D virInhibitorNew( + VIR_INHIBITOR_WHAT_SHUTDOWN, + _("Libvirt QEMU"), + _("QEMU/KVM virtual machines are running"), + VIR_INHIBITOR_MODE_DELAY, + callback, + opaque); + + if ((qemu_driver->lockFD =3D + virPidFileAcquire(cfg->stateDir, "driver", getpid())) < 0) + goto error; + + if (!(qemu_driver->lockManager =3D + virLockManagerPluginNew(cfg->lockManagerName ? + cfg->lockManagerName : "nop", + "qemu", + cfg->configBaseDir, + 0))) + goto error; + + if (cfg->macFilter) { + if (!(qemu_driver->ebtables =3D ebtablesContextNew("qemu"))) { + virReportSystemError(errno, + _("failed to enable mac filter in '%1$s'"= ), + __FILE__); + goto error; + } + + if (ebtablesAddForwardPolicyReject(qemu_driver->ebtables) < 0) + goto error; + } + + /* Allocate bitmap for remote display port reservations. We cannot + * do this before the config is loaded properly, since the port + * numbers are configurable now */ + if ((qemu_driver->remotePorts =3D + virPortAllocatorRangeNew(_("display"), + cfg->remotePortMin, + cfg->remotePortMax)) =3D=3D NULL) + goto error; + + if ((qemu_driver->webSocketPorts =3D + virPortAllocatorRangeNew(_("webSocket"), + cfg->webSocketPortMin, + cfg->webSocketPortMax)) =3D=3D NULL) + goto error; + + if ((qemu_driver->rdpPorts =3D + virPortAllocatorRangeNew(_("rdp"), + cfg->rdpPortMin, + cfg->rdpPortMax)) =3D=3D NULL) + goto error; + + + if ((qemu_driver->migrationPorts =3D + virPortAllocatorRangeNew(_("migration"), + cfg->migrationPortMin, + cfg->migrationPortMax)) =3D=3D NULL) + goto error; + + if ((qemu_driver->backupPorts =3D + virPortAllocatorRangeNew(_("backup"), + cfg->backupPortMin, + cfg->backupPortMax)) =3D=3D NULL) + goto error; + + if (qemuSecurityInit(qemu_driver) < 0) + goto error; + + if (!(qemu_driver->hostdevMgr =3D virHostdevManagerGetDefault())) + goto error; + + if (qemuMigrationDstErrorInit(qemu_driver) < 0) + goto error; + + if (privileged) { run_uid =3D cfg->user; run_gid =3D cfg->group; } @@ -859,11 +881,6 @@ qemuStateInitialize(bool privileged, goto error; } =20 - if (privileged && - virFileUpdatePerm(cfg->memoryBackingDir, - 0, S_IXGRP | S_IXOTH) < 0) - goto error; - /* Get all the running persistent or transient configs first */ if (virDomainObjListLoadAllConfigs(qemu_driver->domains, cfg->stateDir, --=20 2.53.0 From nobody Wed Apr 15 07:00:21 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1775514113; cv=none; d=zohomail.com; s=zohoarc; b=dBMM8ENQf8L2ELe+C6331a0hNiEC/x34Z8EPF3PwdtR5GgE/zxoivUKKpUYhLk+o3gDA1/NOzgEi+i2Tyl6313KzsBaX2iIjrUVmC2Ebc8Em7X5iRbiGnOLmjLzLf7WXhLxlUu8nl1nkeCgz/pym09Ysi0qzlxSGMxoeQjsKpGc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1775514113; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id; bh=gRGP3RvgFfj3kuSZ4urlvD9Y751HqtfaGAYXTCLD9lU=; b=RtNO6n1e9e2/AxsJQP2LwqPXWs/yalc/UDKYgJl4/t0rb/hsN6hHawMkOAPd2Lj6fUdW/TY8OgMp+lBRZbXBM7nQN5PZXZsNXGn0FZXGPrf61WyBgnAR4MZNHIQsJweIK3TOan8LMjsFjX/aYid98GfjA4wMKYxyQOjgkU6mud8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1775514113400454.62573300988845; Mon, 6 Apr 2026 15:21:53 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 993) id E03FD4187D; Mon, 6 Apr 2026 18:21:52 -0400 (EDT) Received: from [172.19.199.12] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id 5F3FE41AE2; Mon, 6 Apr 2026 18:17:27 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 993) id 4B31D3F2F8; Mon, 6 Apr 2026 18:17:15 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id A2E1E3F846 for ; Mon, 6 Apr 2026 18:17:12 -0400 (EDT) Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-561-SXmO4ZfpNAay4Y-QMLV9rQ-1; Mon, 06 Apr 2026 18:17:11 -0400 Received: from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 5D17B19560B2 for ; Mon, 6 Apr 2026 22:17:10 +0000 (UTC) Received: from colepc.redhat.com (unknown [10.22.88.63]) by mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id D516119560A6; Mon, 6 Apr 2026 22:17:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HELO_MISC_IP,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1775513832; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gRGP3RvgFfj3kuSZ4urlvD9Y751HqtfaGAYXTCLD9lU=; b=eMCcXBJLXQ2iA/kJOllxHcFcmZIZ0RDa4sPZEst99211ES63urukgwBv5juxT9eVT7XMcl TgrgeuJfBU7xOlIqG9S5mQozxQiTyb2XioYUc4qZxZbDpc4laX2bK3T08NtAvZFV9i550h N7QxvGZBHbfm2U2GfLBpbbWkTP0UhBc= X-MC-Unique: SXmO4ZfpNAay4Y-QMLV9rQ-1 X-Mimecast-MFC-AGG-ID: SXmO4ZfpNAay4Y-QMLV9rQ_1775513830 To: devel@lists.libvirt.org Subject: [PATCH 2/6] qemu: driver: streamline dir creation Date: Mon, 6 Apr 2026 18:16:54 -0400 Message-ID: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.12 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: JrvuzS7bNknjJW7Csca63w7i-L3akJhiVP6YZQdORcg_1775513830 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: EEXF42FZTXZ4L3RSQPXDLCM5XYXLJIVM X-Message-ID-Hash: EEXF42FZTXZ4L3RSQPXDLCM5XYXLJIVM X-MailFrom: crobinso@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Cole Robinson X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Cole Robinson via Devel Reply-To: Cole Robinson X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1775514114672154100 Content-Type: text/plain; charset="utf-8"; x-default="true" Make it more data driven. This reduces code and makes it easier to see dir mode requests at a glance. Semantics of virDirCreate are subtly different, so keep dbusStateDir separate for now Besides some operation reordering this should behave the same as before Signed-off-by: Cole Robinson Reviewed-by: Peter Krempa --- src/qemu/qemu_driver.c | 224 ++++++++++------------------------------- 1 file changed, 51 insertions(+), 173 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index b9f5e976b2..0cf88b8be9 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -522,192 +522,70 @@ static int qemuStateInitializeDirs(bool privileged, virQEMUDriverConfig *cfg) { - int ret =3D -1; + size_t i; + g_autofree char *channeldir =3D g_path_get_dirname(cfg->channelTargetD= ir); =20 - if (g_mkdir_with_parents(cfg->stateDir, 0777) < 0) { - virReportSystemError(errno, _("Failed to create state dir %1$s"), - cfg->stateDir); - goto error; - } - if (g_mkdir_with_parents(cfg->libDir, 0777) < 0) { - virReportSystemError(errno, _("Failed to create lib dir %1$s"), - cfg->libDir); - goto error; - } - if (g_mkdir_with_parents(cfg->cacheDir, 0777) < 0) { - virReportSystemError(errno, _("Failed to create cache dir %1$s"), - cfg->cacheDir); - goto error; - } - if (g_mkdir_with_parents(cfg->saveDir, 0777) < 0) { - virReportSystemError(errno, _("Failed to create save dir %1$s"), - cfg->saveDir); - goto error; - } - if (g_mkdir_with_parents(cfg->snapshotDir, 0777) < 0) { - virReportSystemError(errno, _("Failed to create snapshot dir %1$s"= ), - cfg->snapshotDir); - goto error; - } - if (g_mkdir_with_parents(cfg->checkpointDir, 0777) < 0) { - virReportSystemError(errno, _("Failed to create checkpoint dir %1$= s"), - cfg->checkpointDir); - goto error; - } - if (g_mkdir_with_parents(cfg->autoDumpPath, 0777) < 0) { - virReportSystemError(errno, _("Failed to create dump dir %1$s"), - cfg->autoDumpPath); - goto error; - } - if (g_mkdir_with_parents(cfg->channelTargetDir, 0777) < 0) { - virReportSystemError(errno, _("Failed to create channel target dir= %1$s"), - cfg->channelTargetDir); - goto error; - } - if (g_mkdir_with_parents(cfg->nvramDir, 0777) < 0) { - virReportSystemError(errno, _("Failed to create nvram dir %1$s"), - cfg->nvramDir); - goto error; - } - if (g_mkdir_with_parents(cfg->varstoreDir, 0777) < 0) { - virReportSystemError(errno, _("Failed to create varstore dir %1$s"= ), - cfg->varstoreDir); - goto error; - } - if (g_mkdir_with_parents(cfg->memoryBackingDir, 0777) < 0) { - virReportSystemError(errno, _("Failed to create memory backing dir= %1$s"), - cfg->memoryBackingDir); - goto error; - } - if (g_mkdir_with_parents(cfg->slirpStateDir, 0777) < 0) { - virReportSystemError(errno, _("Failed to create slirp state dir %1= $s"), - cfg->slirpStateDir); - goto error; - } - if (g_mkdir_with_parents(cfg->passtStateDir, 0777) < 0) { - virReportSystemError(errno, _("Failed to create passt state dir %1= $s"), - cfg->passtStateDir); - goto error; + struct dirperms { + const char *dir; + int mode; + uid_t user; + gid_t group; + }; + struct dirperms dirs[] =3D { + /* example: /var/cache/libvirt/qemu */ + { cfg->cacheDir, 0777, -1, -1 }, + + /* example: /run/libvirt/qemu */ + { cfg->stateDir, 0777, -1, -1 }, + { cfg->slirpStateDir, 0777, cfg->user, cfg->group }, + { cfg->passtStateDir, 0777, cfg->user, cfg->group }, + { cfg->rdpStateDir, 0777, cfg->user, cfg->group }, + { channeldir, 0777, cfg->user, cfg->group }, + { cfg->channelTargetDir, 0777, cfg->user, cfg->group }, + + /* example: /var/lib/libvirt/qemu */ + { cfg->libDir, 0777, cfg->user, cfg->group }, + { cfg->saveDir, 0777, cfg->user, cfg->group }, + { cfg->snapshotDir, 0777, cfg->user, cfg->group }, + { cfg->checkpointDir, 0777, cfg->user, cfg->group }, + { cfg->autoDumpPath, 0777, cfg->user, cfg->group }, + { cfg->nvramDir, 0777, cfg->user, cfg->group }, + { cfg->varstoreDir, 0777, cfg->user, cfg->group }, + { cfg->memoryBackingDir, 0777, cfg->user, cfg->group }, + }; + + for (i =3D 0; i < G_N_ELEMENTS(dirs); i++) { + if (g_mkdir_with_parents(dirs[i].dir, dirs[i].mode) < 0) { + virReportSystemError(errno, _("Failed to create directory %1$s= "), + dirs[i].dir); + return -1; + } + + if (privileged && + dirs[i].user !=3D -1) { + if (chown(dirs[i].dir, dirs[i].user, dirs[i].group) < 0) { + virReportSystemError(errno, + _("unable to set ownership of '%1$s' = to %2$d:%3$d"), + dirs[i].dir, (int)dirs[i].user, + (int)dirs[i].group); + return -1; + } + } } =20 if (virDirCreate(cfg->dbusStateDir, 0770, cfg->user, cfg->group, VIR_DIR_CREATE_ALLOW_EXIST) < 0) { virReportSystemError(errno, _("Failed to create dbus state dir %1$= s"), cfg->dbusStateDir); - goto error; - } - if (g_mkdir_with_parents(cfg->rdpStateDir, 0777) < 0) { - virReportSystemError(errno, _("Failed to create rdp state dir %1$s= "), - cfg->rdpStateDir); - goto error; - } - - if (privileged) { - g_autofree char *channeldir =3D NULL; - - if (chown(cfg->libDir, cfg->user, cfg->group) < 0) { - virReportSystemError(errno, - _("unable to set ownership of '%1$s' to u= ser %2$d:%3$d"), - cfg->libDir, (int)cfg->user, - (int)cfg->group); - goto error; - } - if (chown(cfg->saveDir, cfg->user, cfg->group) < 0) { - virReportSystemError(errno, - _("unable to set ownership of '%1$s' to %= 2$d:%3$d"), - cfg->saveDir, (int)cfg->user, - (int)cfg->group); - goto error; - } - if (chown(cfg->snapshotDir, cfg->user, cfg->group) < 0) { - virReportSystemError(errno, - _("unable to set ownership of '%1$s' to %= 2$d:%3$d"), - cfg->snapshotDir, (int)cfg->user, - (int)cfg->group); - goto error; - } - if (chown(cfg->checkpointDir, cfg->user, cfg->group) < 0) { - virReportSystemError(errno, - _("unable to set ownership of '%1$s' to %= 2$d:%3$d"), - cfg->checkpointDir, (int)cfg->user, - (int)cfg->group); - goto error; - } - if (chown(cfg->autoDumpPath, cfg->user, cfg->group) < 0) { - virReportSystemError(errno, - _("unable to set ownership of '%1$s' to %= 2$d:%3$d"), - cfg->autoDumpPath, (int)cfg->user, - (int)cfg->group); - goto error; - } - channeldir =3D g_path_get_dirname(cfg->channelTargetDir); - - if (chown(channeldir, cfg->user, cfg->group) < 0) { - virReportSystemError(errno, - _("unable to set ownership of '%1$s' to %= 2$d:%3$d"), - channeldir, (int)cfg->user, - (int)cfg->group); - goto error; - } - if (chown(cfg->channelTargetDir, cfg->user, cfg->group) < 0) { - virReportSystemError(errno, - _("unable to set ownership of '%1$s' to %= 2$d:%3$d"), - cfg->channelTargetDir, (int)cfg->user, - (int)cfg->group); - goto error; - } - if (chown(cfg->nvramDir, cfg->user, cfg->group) < 0) { - virReportSystemError(errno, - _("unable to set ownership of '%1$s' to %= 2$d:%3$d"), - cfg->nvramDir, (int)cfg->user, - (int)cfg->group); - goto error; - } - if (chown(cfg->varstoreDir, cfg->user, cfg->group) < 0) { - virReportSystemError(errno, - _("unable to set ownership of '%1$s' to %= 2$d:%3$d"), - cfg->varstoreDir, (int)cfg->user, - (int)cfg->group); - goto error; - } - if (chown(cfg->memoryBackingDir, cfg->user, cfg->group) < 0) { - virReportSystemError(errno, - _("unable to set ownership of '%1$s' to %= 2$d:%3$d"), - cfg->memoryBackingDir, (int)cfg->user, - (int)cfg->group); - goto error; - } - if (chown(cfg->slirpStateDir, cfg->user, cfg->group) < 0) { - virReportSystemError(errno, - _("unable to set ownership of '%1$s' to %= 2$d:%3$d"), - cfg->slirpStateDir, (int)cfg->user, - (int)cfg->group); - goto error; - } - if (chown(cfg->passtStateDir, cfg->user, cfg->group) < 0) { - virReportSystemError(errno, - _("unable to set ownership of '%1$s' to %= 2$d:%3$d"), - cfg->passtStateDir, (int)cfg->user, - (int)cfg->group); - goto error; - } - if (chown(cfg->rdpStateDir, cfg->user, cfg->group) < 0) { - virReportSystemError(errno, - _("unable to set ownership of '%1$s' to %= 2$d:%3$d"), - cfg->rdpStateDir, (int)cfg->user, - (int)cfg->group); - goto error; - } + return -1; } =20 if (privileged && virFileUpdatePerm(cfg->memoryBackingDir, 0, S_IXGRP | S_IXOTH) < 0) - goto error; + return -1; =20 - ret =3D 0; -error: - return ret; + return 0; } =20 =20 --=20 2.53.0 From nobody Wed Apr 15 07:00:21 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1775513980; cv=none; d=zohomail.com; s=zohoarc; b=LnnwPmt0gcRc9jO8YSgoyXgczMcqTAOabAOXcyBnAPRE7e1IokQHc6dKBUfnlLi6CGDjKVI1hA7Gn3lfll3TGpd2eHc9tcgWwA/aP1MzrOl0BArQ+jJJGVQ37gE1/CuCc1qobxC3HmXjHeGQowGJPCXMKTzCdatLwzr4EEFV0l0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1775513980; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id; bh=JJEVq/v7+GVNC18oM6rd5+EqvjM4h4ZdgoZZCLVZ5Xk=; b=Vtq/YiO57eWl2C29AEqkglmYMqyYfA09IivqYEVDtx08wpBxDVlF51rtCJf9ecYmDHPk2iBW87De52QfzG76inNk/WMI5LLQh3cniXj7v4NsTURTR0CppIqmXZQjD4TsVZUIw58bxmOV45Tr37OdrvulR7Fr1j+eyaIT8ECZPX8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1775513980947479.5982465059021; Mon, 6 Apr 2026 15:19:40 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 993) id 2C4C73F8A8; Mon, 6 Apr 2026 18:19:40 -0400 (EDT) Received: from [172.19.199.12] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id 5E61841973; Mon, 6 Apr 2026 18:17:22 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 993) id BFF993F2F8; Mon, 6 Apr 2026 18:17:14 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 6CFB53F87C for ; Mon, 6 Apr 2026 18:17:13 -0400 (EDT) Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-27-Q8SWiJf1Mwe-mAp0ZOXh-Q-1; Mon, 06 Apr 2026 18:17:11 -0400 Received: from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 2F26F1956089 for ; Mon, 6 Apr 2026 22:17:11 +0000 (UTC) Received: from colepc.redhat.com (unknown [10.22.88.63]) by mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 9F66A19560A6; Mon, 6 Apr 2026 22:17:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HELO_MISC_IP,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1775513833; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JJEVq/v7+GVNC18oM6rd5+EqvjM4h4ZdgoZZCLVZ5Xk=; b=A+DqXxlaoKriB29QMLaQpiNglS+wWe39BH/xeXWoJgzca/+2Gp/oGOWr7HWq4WWli5d7Wq i8Mi/CYf8E05kpJhLgdKWGKh9n8jJEEqDo60pRNraYsWDyY6+7vZ8neOGzy+nktjD9s4zR ctebny7uh2nyeDrV2/dm4d3rTleYTfI= X-MC-Unique: Q8SWiJf1Mwe-mAp0ZOXh-Q-1 X-Mimecast-MFC-AGG-ID: Q8SWiJf1Mwe-mAp0ZOXh-Q_1775513831 To: devel@lists.libvirt.org Subject: [PATCH 3/6] qemu: driver: don't chown() dirname(cfg->channelTargetDir) Date: Mon, 6 Apr 2026 18:16:55 -0400 Message-ID: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.12 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: MCKHYRFLQxmXgFe4kmYyjCZbCJP7eCY0eS2MDAXLido_1775513831 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: F7LUSSA7YH4MTW6AJUEVMF4Q7SFLKT6R X-Message-ID-Hash: F7LUSSA7YH4MTW6AJUEVMF4Q7SFLKT6R X-MailFrom: crobinso@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Cole Robinson X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Cole Robinson via Devel Reply-To: Cole Robinson X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1775513981769158500 Content-Type: text/plain; charset="utf-8"; x-default="true" Once upon a time dirname(cfg->channelTargetDir) was a unique dir, but nowadays it is the same as cfg->stateDir, so this is redundant. Signed-off-by: Cole Robinson Reviewed-by: Peter Krempa --- src/qemu/qemu_driver.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 0cf88b8be9..5dff049d85 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -523,7 +523,6 @@ qemuStateInitializeDirs(bool privileged, virQEMUDriverConfig *cfg) { size_t i; - g_autofree char *channeldir =3D g_path_get_dirname(cfg->channelTargetD= ir); =20 struct dirperms { const char *dir; @@ -540,7 +539,6 @@ qemuStateInitializeDirs(bool privileged, { cfg->slirpStateDir, 0777, cfg->user, cfg->group }, { cfg->passtStateDir, 0777, cfg->user, cfg->group }, { cfg->rdpStateDir, 0777, cfg->user, cfg->group }, - { channeldir, 0777, cfg->user, cfg->group }, { cfg->channelTargetDir, 0777, cfg->user, cfg->group }, =20 /* example: /var/lib/libvirt/qemu */ --=20 2.53.0 From nobody Wed Apr 15 07:00:21 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1775514017; cv=none; d=zohomail.com; s=zohoarc; b=C5yPeylgcybb7oJCMXdSOJPTIddQ25ONWTghCuXG/hk/aVir3gaeUIwWjwnC82MfI9J8R/II3BJfkAl8zSYFXLFxegVAVT8i4nk/Mu7fqOZnwY5xDN26+OBjfHJO87R9pL525t7lGRCNgcgl5C6VBifdy5ZCU2yo/c1owxV1f68= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1775514017; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id; bh=QTMoSBvLTy39UtLvLYrwrbpmkGWVKLh9uYqV3RPaCOo=; b=aJq6pTDoE/JlesdeEJehE+J98hQv193M6vx4rkO2QYSbatmSc+x0msm1RsGJ4JapOGiwiz4QlefA/Uoe1eVPSjKKtVJN5OspCLwFvOMjsav/CCnNDcqgdYCVnSYlyFbkApPdgWRn6XGRMCXa+M20ngnRgcB6k08KgEa6iRqa0Zo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1775514017702580.4224964754477; Mon, 6 Apr 2026 15:20:17 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 993) id EAA9F3F967; Mon, 6 Apr 2026 18:20:16 -0400 (EDT) Received: from [172.19.199.12] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id 0F43C3F894; Mon, 6 Apr 2026 18:17:24 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 993) id E02B03F2F8; Mon, 6 Apr 2026 18:17:14 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 519BB3F308 for ; Mon, 6 Apr 2026 18:17:14 -0400 (EDT) Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-338-LnmPWlc2MpeRPjraBhDAbg-1; Mon, 06 Apr 2026 18:17:12 -0400 Received: from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id E7DEC195608F for ; Mon, 6 Apr 2026 22:17:11 +0000 (UTC) Received: from colepc.redhat.com (unknown [10.22.88.63]) by mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 64CFE19560A6; Mon, 6 Apr 2026 22:17:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HELO_MISC_IP,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1775513834; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QTMoSBvLTy39UtLvLYrwrbpmkGWVKLh9uYqV3RPaCOo=; b=S3QdVI9G+oRpr0wVBjV7kerIC8vhObVjQ0SEBxrBAvW9ULzpfQz61iKIjAPn6SFrb1qPAc 1ATjls5K8Kithb0ufz41ecFhHKajLolNX7t4uIlI1EAJn0p1lt57HAffIOiCC393Rak9QC STHGxx713XgU4wAZTLMbqCyMPTNarI0= X-MC-Unique: LnmPWlc2MpeRPjraBhDAbg-1 X-Mimecast-MFC-AGG-ID: LnmPWlc2MpeRPjraBhDAbg_1775513832 To: devel@lists.libvirt.org Subject: [PATCH 4/6] qemu: driver: sync dir creation permissions with RPM spec Date: Mon, 6 Apr 2026 18:16:56 -0400 Message-ID: <95f262c45d9deae4ee5efdb89abd016056b99dc9.1775502787.git.crobinso@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.12 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: nsxAV0Y7x3AZIsZgDNyjOpSauXMpKvYulVQ0VoKMMOg_1775513832 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: DCUBCSKUQRUKWDHN3X75W2MIYOEUZH5X X-Message-ID-Hash: DCUBCSKUQRUKWDHN3X75W2MIYOEUZH5X X-MailFrom: crobinso@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Cole Robinson X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Cole Robinson via Devel Reply-To: Cole Robinson X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1775514019307154100 Content-Type: text/plain; charset="utf-8"; x-default="true" The 0777 permission mask we use when creating most 'cfg' dirs does not match what we put on disk via the RPM spec file. Generally those dirs are more locked down. Match driver startup permissions and owners with what we encode in the RPM spec. Presumably this is safe because this has been tested with real world usage. Some dirs are created here but not in the RPM spec. Leave their permission mask as is, we will deal with them in future patches. The 2 runtime changes for an RPM installed libvirt is that stateDir is now chown(qemu, qemu) and runDir is now chown(0, 0) where previously there was no chown() calls for these dirs. I don't think that should cause problems Signed-off-by: Cole Robinson Reviewed-by: Peter Krempa --- src/qemu/qemu_driver.c | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 5dff049d85..f351aab009 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -524,6 +524,9 @@ qemuStateInitializeDirs(bool privileged, { size_t i; =20 + uid_t daemon_uid =3D geteuid(); + gid_t daemon_gid =3D getegid(); + struct dirperms { const char *dir; int mode; @@ -532,24 +535,24 @@ qemuStateInitializeDirs(bool privileged, }; struct dirperms dirs[] =3D { /* example: /var/cache/libvirt/qemu */ - { cfg->cacheDir, 0777, -1, -1 }, + { cfg->cacheDir, 0750, daemon_uid, daemon_gid }, =20 /* example: /run/libvirt/qemu */ - { cfg->stateDir, 0777, -1, -1 }, - { cfg->slirpStateDir, 0777, cfg->user, cfg->group }, - { cfg->passtStateDir, 0777, cfg->user, cfg->group }, + { cfg->stateDir, 0755, cfg->user, cfg->group }, + { cfg->slirpStateDir, 0755, cfg->user, cfg->group }, + { cfg->passtStateDir, 0755, cfg->user, cfg->group }, { cfg->rdpStateDir, 0777, cfg->user, cfg->group }, { cfg->channelTargetDir, 0777, cfg->user, cfg->group }, =20 /* example: /var/lib/libvirt/qemu */ - { cfg->libDir, 0777, cfg->user, cfg->group }, - { cfg->saveDir, 0777, cfg->user, cfg->group }, - { cfg->snapshotDir, 0777, cfg->user, cfg->group }, - { cfg->checkpointDir, 0777, cfg->user, cfg->group }, - { cfg->autoDumpPath, 0777, cfg->user, cfg->group }, - { cfg->nvramDir, 0777, cfg->user, cfg->group }, - { cfg->varstoreDir, 0777, cfg->user, cfg->group }, - { cfg->memoryBackingDir, 0777, cfg->user, cfg->group }, + { cfg->libDir, 0751, cfg->user, cfg->group }, + { cfg->saveDir, 0751, cfg->user, cfg->group }, + { cfg->snapshotDir, 0751, cfg->user, cfg->group }, + { cfg->checkpointDir, 0751, cfg->user, cfg->group }, + { cfg->autoDumpPath, 0751, cfg->user, cfg->group }, + { cfg->nvramDir, 0751, cfg->user, cfg->group }, + { cfg->varstoreDir, 0751, cfg->user, cfg->group }, + { cfg->memoryBackingDir, 0751, cfg->user, cfg->group }, }; =20 for (i =3D 0; i < G_N_ELEMENTS(dirs); i++) { @@ -559,8 +562,7 @@ qemuStateInitializeDirs(bool privileged, return -1; } =20 - if (privileged && - dirs[i].user !=3D -1) { + if (privileged) { if (chown(dirs[i].dir, dirs[i].user, dirs[i].group) < 0) { virReportSystemError(errno, _("unable to set ownership of '%1$s' = to %2$d:%3$d"), --=20 2.53.0 From nobody Wed Apr 15 07:00:21 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1775514052; cv=none; d=zohomail.com; s=zohoarc; b=bIyiIqECGANKryBP/Sn86pS6xWZbPkRaw2XvRi6TPyc7WUGhhHALJ/xf4/WlU61L0eGV/mOIaZxPXwarMZ+d1juDq9eYvtYOmL2lltJq8smUJEFsliNJ9CoTMq9fffi3inKlMRmijaU8jX3/qLYe7WDQBVKbesHTryoJAu/GXOM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1775514052; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id; bh=IWVcAvvawZuiYVhQQVHcnMUvoakZri28hdj1FurHDzE=; b=bvQrFFkx5Bg0fSTkpVAckr9DAsPQnPNHrSs88DVlmddNh336qGskLco5nZugcMJ7SqyqlJTPraosRRJMDWQRpGpsgtfQNInEImyp+3SKrbTVljcPcZP7KSoqmRSyR9FWCiGV4RMJzh7C5QiqZryVKoiGzxvrWUSGe5a34l8PB+Q= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1775514052315554.5918514916671; Mon, 6 Apr 2026 15:20:52 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 993) id 499C73F96D; Mon, 6 Apr 2026 18:20:51 -0400 (EDT) Received: from [172.19.199.12] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id 602B541AAA; Mon, 6 Apr 2026 18:17:25 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 993) id 2CB773F83C; Mon, 6 Apr 2026 18:17:15 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id D99BA3F83E for ; Mon, 6 Apr 2026 18:17:14 -0400 (EDT) Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-167-ewiEKt4TOAqaY1odrohTxw-1; Mon, 06 Apr 2026 18:17:13 -0400 Received: from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id A6FED18005B6 for ; Mon, 6 Apr 2026 22:17:12 +0000 (UTC) Received: from colepc.redhat.com (unknown [10.22.88.63]) by mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 288FC19560A6; Mon, 6 Apr 2026 22:17:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HELO_MISC_IP,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1775513834; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IWVcAvvawZuiYVhQQVHcnMUvoakZri28hdj1FurHDzE=; b=RdfmzJI+wmsQaCOGuGaLUth4qnMrnMavgRFbkLBurLrQcIpZlxDC/4CpQobAeajNhlVPy9 k8avn+JWkZnYsG5stwLjqJDYS6FOttuOOi6h9raRDUhxipHIfY79dpR/PBtiYeAR8IYBqM ELKgZepjqcD2Xyykz+slMYvrMA4cmvI= X-MC-Unique: ewiEKt4TOAqaY1odrohTxw-1 X-Mimecast-MFC-AGG-ID: ewiEKt4TOAqaY1odrohTxw_1775513832 To: devel@lists.libvirt.org Subject: [PATCH 5/6] qemu: driver: adjust mode mask for rdpStateDir Date: Mon, 6 Apr 2026 18:16:57 -0400 Message-ID: <679726e97e9cc692c4ca4cc9e13be0d9107c017b.1775502787.git.crobinso@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.12 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: pRp7o2wIJqHkW7c6bJg-qWfA_AjQXGOWeuAMbLnV5tQ_1775513832 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: GFGWJRYNH6XVLUFWWEDHWKAZHEZCN3IJ X-Message-ID-Hash: GFGWJRYNH6XVLUFWWEDHWKAZHEZCN3IJ X-MailFrom: crobinso@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Cole Robinson X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Cole Robinson via Devel Reply-To: Cole Robinson X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1775514054049158500 Content-Type: text/plain; charset="utf-8"; x-default="true" rdpStateDir serves a similar purpose to slirpStateDir, just tracking the external process pid. Use the same mask as slirpStateDir Add rdpStateDir to the rpm spec similarly Signed-off-by: Cole Robinson Reviewed-by: Peter Krempa --- libvirt.spec.in | 1 + src/qemu/qemu_driver.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/libvirt.spec.in b/libvirt.spec.in index 00316a03f2..258c59e7c5 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -2340,6 +2340,7 @@ exit 0 %ghost %dir %attr(0755, %{qemu_user}, %{qemu_group}) %{_rundir}/libvirt/qe= mu/ %ghost %dir %attr(0770, %{qemu_user}, %{qemu_group}) %{_rundir}/libvirt/qe= mu/dbus/ %ghost %dir %attr(0755, %{qemu_user}, %{qemu_group}) %{_rundir}/libvirt/qe= mu/passt/ +%ghost %dir %attr(0755, %{qemu_user}, %{qemu_group}) %{_rundir}/libvirt/qe= mu/rdp/ %ghost %dir %attr(0755, %{qemu_user}, %{qemu_group}) %{_rundir}/libvirt/qe= mu/slirp/ %ghost %dir %attr(0770, %{qemu_user}, %{qemu_group}) %{_rundir}/libvirt/qe= mu/swtpm/ %dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvir= t/qemu/ diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index f351aab009..cf4f97d104 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -541,7 +541,7 @@ qemuStateInitializeDirs(bool privileged, { cfg->stateDir, 0755, cfg->user, cfg->group }, { cfg->slirpStateDir, 0755, cfg->user, cfg->group }, { cfg->passtStateDir, 0755, cfg->user, cfg->group }, - { cfg->rdpStateDir, 0777, cfg->user, cfg->group }, + { cfg->rdpStateDir, 0755, cfg->user, cfg->group }, { cfg->channelTargetDir, 0777, cfg->user, cfg->group }, =20 /* example: /var/lib/libvirt/qemu */ --=20 2.53.0 From nobody Wed Apr 15 07:00:21 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1775514148; cv=none; d=zohomail.com; s=zohoarc; b=WINQ/q73LD7utsSYVeiWYJ/qGfBVW2GU8A+6vfRC9HbAtGmYDATykOnBuD0vt9b1TMXvsQ6IRtileMocadGpkhMEcHyRfx4szz6yE+fC5e3e2b2ZP6Hfb227AfXlAly4WnJf1Y2V9deY/Xjh5mipx38UsfMJZL6JqenblgCdqgs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1775514148; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id; bh=Eo4Fggz0TChl63abxYG4diBfYjxPlr4zVie3Q6M6LEo=; b=F4UM4bKQASLcSddCH8QCjYrTqGAJBcPMYVzXL/SAPmp4yzclpuwGn/8PqbbmDFhEp+wIr4DOcWelD06zRQEAf+7MEjQc6nqHsdneYaHlUz/6y6wMMZD92kg3bNJCaWZDVpaIClShd1lDXv2g4Thufqxd1nTUCcAMN0RNtgsFXQ8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1775514148822112.86136603171803; Mon, 6 Apr 2026 15:22:28 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 993) id 0935E3F894; Mon, 6 Apr 2026 18:22:28 -0400 (EDT) Received: from [172.19.199.12] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id E79DD41B64; Mon, 6 Apr 2026 18:17:29 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 993) id 759073F83C; Mon, 6 Apr 2026 18:17:16 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id E278B3F2F8 for ; Mon, 6 Apr 2026 18:17:15 -0400 (EDT) Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-172-J3L0fzLePOmj9WaFh-PLGA-1; Mon, 06 Apr 2026 18:17:14 -0400 Received: from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 66FB318005B0 for ; Mon, 6 Apr 2026 22:17:13 +0000 (UTC) Received: from colepc.redhat.com (unknown [10.22.88.63]) by mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id DCF4419560A6; Mon, 6 Apr 2026 22:17:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HELO_MISC_IP,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1775513835; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Eo4Fggz0TChl63abxYG4diBfYjxPlr4zVie3Q6M6LEo=; b=UkAf0L4Vz3apI0bW1B+m5clzW1cJyxdIvTsTueMIIR5xMU1pNhqXmUoadNicGcA82kyC4H Ck2LyUZA7SGyu6vlBZjeMAi0aqlQufP2vHIiZy6x+RDld36WqlRcqV4mr/I9g2JwMnDYT0 146nTq5o+e6ukjYcogfiorL5gxHwU9w= X-MC-Unique: J3L0fzLePOmj9WaFh-PLGA-1 X-Mimecast-MFC-AGG-ID: J3L0fzLePOmj9WaFh-PLGA_1775513833 To: devel@lists.libvirt.org Subject: [PATCH 6/6] qemu: driver: adjust mode mask for channelTargetDir Date: Mon, 6 Apr 2026 18:16:58 -0400 Message-ID: <6d006b646f7caa830ee05860c6772c1b772058f6.1775502787.git.crobinso@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.12 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: hxzS-vPz7GxstftRqofss0qlHMgrN71sUqos1dYdmvA_1775513833 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: SMFHJTOSFDZVXKUI24IHGBITF52M3G5J X-Message-ID-Hash: SMFHJTOSFDZVXKUI24IHGBITF52M3G5J X-MailFrom: crobinso@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Cole Robinson X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Cole Robinson via Devel Reply-To: Cole Robinson X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1775514150434158500 Content-Type: text/plain; charset="utf-8"; x-default="true" The only thing created directly in channelTargetDir is domain specific directories (see priv->channelTargetDir). 0755 seems fine here, like other state dirs. Add channelTargetDir to the rpm spec similarly Signed-off-by: Cole Robinson Reviewed-by: Peter Krempa --- libvirt.spec.in | 1 + src/qemu/qemu_driver.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/libvirt.spec.in b/libvirt.spec.in index 258c59e7c5..e001a1ac64 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -2338,6 +2338,7 @@ exit 0 %config(noreplace) %{_sysconfdir}/libvirt/qemu-lockd.conf %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.qemu %ghost %dir %attr(0755, %{qemu_user}, %{qemu_group}) %{_rundir}/libvirt/qe= mu/ +%ghost %dir %attr(0755, %{qemu_user}, %{qemu_group}) %{_rundir}/libvirt/qe= mu/channel/ %ghost %dir %attr(0770, %{qemu_user}, %{qemu_group}) %{_rundir}/libvirt/qe= mu/dbus/ %ghost %dir %attr(0755, %{qemu_user}, %{qemu_group}) %{_rundir}/libvirt/qe= mu/passt/ %ghost %dir %attr(0755, %{qemu_user}, %{qemu_group}) %{_rundir}/libvirt/qe= mu/rdp/ diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index cf4f97d104..99b752f7e8 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -542,7 +542,7 @@ qemuStateInitializeDirs(bool privileged, { cfg->slirpStateDir, 0755, cfg->user, cfg->group }, { cfg->passtStateDir, 0755, cfg->user, cfg->group }, { cfg->rdpStateDir, 0755, cfg->user, cfg->group }, - { cfg->channelTargetDir, 0777, cfg->user, cfg->group }, + { cfg->channelTargetDir, 0755, cfg->user, cfg->group }, =20 /* example: /var/lib/libvirt/qemu */ { cfg->libDir, 0751, cfg->user, cfg->group }, --=20 2.53.0