qemu: Label uniqDir when probing capabilities

This does not cause a problem in usual scenarios thanks to us allowing
CAP_DAC_OVERRIDE for the qemu process, however in some scenarios this might be
an issue because the directory is created with mkdtemp(3) which explicitly
creates that with 0700 permissions and qemu running as non-root cannot access
that.

The scenarios include:
 - Builds without CAPNG
 - Running libvirtd in certain container configurations [1]
 - and possibly others.

[1] https://github.com/kubevirt/kubevirt/pull/2181#issuecomment-481840304

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 47d8ca2ff163918f3e58dd12aaad06ac5e99f30e..f773aa89b78dd282107067c791b440ac3cbb16c8 100644 (file)
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -8447,6 +8447,21 @@ qemuProcessQMPNew(const char *binary,
 }
 
 
+static int
+qemuProcessQEMULabelUniqPath(qemuProcessQMPPtr proc)
+{
+    /* We cannot use the security driver here, but we should not need to. */
+    if (chown(proc->uniqDir, proc->runUid, -1) < 0) {
+        virReportSystemError(errno,
+                             _("Cannot chown uniq path: %s"),
+                             proc->uniqDir);
+        return -1;
+    }
+
+    return 0;
+}
+
+
 static int
 qemuProcessQMPInit(qemuProcessQMPPtr proc)
 {
@@ -8466,6 +8481,9 @@ qemuProcessQMPInit(qemuProcessQMPPtr proc)
         goto cleanup;
     }
 
+    if (qemuProcessQEMULabelUniqPath(proc) < 0)
+        goto cleanup;
+
     if (virAsprintf(&proc->monpath, "%s/%s", proc->uniqDir,
                     "qmp.monitor") < 0)
         goto cleanup;