This problem is reproducible only with secret driver. When
starting a domain via virt-qemu-run and both secret and
(nonexistent) root directory specified this is what happens:
1) virt-qemu-run opens "secret:///embed?root=$rootdir"
connection, which results in the secret driver initialization
(done in secretStateInitialize()). During this process, the
driver creates its own configDir (derived from $rootdir)
including those parents which don't exists yet. This is all
done with the mode S_IRWXU and thus results in the $rootdir
being created with very restrictive mode (specifically, +x is
missing for group and others).
2) now, virt-qemu-run opens "qemu:///embed?root=$rootdir" and
calls virDomainCreateXML(). This results in the master-key.aes
being written somewhere under the $rootdir and telling qemu
where to find it.
But because the secret driver created $rootdir with too
restrictive mode, qemu can't access the file (even though it
knows the full path) and fails to start.
It looks like the best solution is to pre-create the root
directory before opening any connection (letting any driver
initialize itself) and set its mode to something less
restrictive.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=
1859873
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
}
tmproot = true;
- if (chmod(root, 0755) < 0) {
- g_printerr("%s: cannot chown temporary dir: %s\n",
- argv[0], g_strerror(errno));
- goto cleanup;
- }
+ } else if (g_mkdir_with_parents(root, 0755) < 0) {
+ g_printerr("%s: cannot create dir: %s\n",
+ argv[0], g_strerror(errno));
+ goto cleanup;
+ }
+
+ if (chmod(root, 0755) < 0) {
+ g_printerr("%s: cannot chmod temporary dir: %s\n",
+ argv[0], g_strerror(errno));
+ goto cleanup;
}
escaped = g_uri_escape_string(root, NULL, true);
projects / thirdparty / libvirt.git / commitdiff
