qemu: snapshot: Set umask for 'qemu-img' when creating external inactive snapshots

External inactive snapshots are created by invoking 'qemu-img' which
creates the file. Currently qemu-img creates image with mode 644 based
on default umask as libvirt doesn't set any.

Having a world-readable image is obviously wrong so set the umask to
077 to have the file readable only by the owner.

Resolves: https://bugs.debian.org/1120119
Signed-off-by: Peter Krempa <pkrempa@redhat.com>

diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c
index 5aa7d1b3a79d5dbe0811f2b4d7961878fc1171e9..302775af926f38d05918aa8caea8c1424d5e40bf 100644 (file)
--- a/src/qemu/qemu_snapshot.c
+++ b/src/qemu/qemu_snapshot.c
@@ -228,6 +228,9 @@ qemuSnapshotCreateQcow2Files(virDomainDef *def,
                                          NULL)))
             return -1;
 
+        /* ensure that new files are only readable by the user */
+        virCommandSetUmask(cmd, 0077);
+
         /* adds cmd line arg: backing_fmt=format,backing_file=/path/to/backing/file */
         virBufferAsprintf(&buf, "backing_fmt=%s,backing_file=",
                           virStorageFileFormatTypeToString(defdisk->src->format));