qemu: Use qemuDomainOpenFile() in qemuPrepareNVRAM()

Previously, nvram file was created with user/group owner as
'root', rather than specifications defined in libvirtd.conf. The
solution is to call qemuDomainOpenFile(), which creates file with
defined permissions and qemuSecurityDomainSetPathLabel() to set
security label for created nvram file.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1783255

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 35213f81ec4e70a3dabbf9103a518fdf03fcf4b3..2aa4574d94c4a94fe4c2b8a0c1445a76bff4db9f 100644 (file)
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -4499,9 +4499,10 @@ qemuProcessUpdateCPU(virQEMUDriver *driver,
 
 
 static int
-qemuPrepareNVRAM(virQEMUDriverConfig *cfg,
+qemuPrepareNVRAM(virQEMUDriver *driver,
                  virDomainObj *vm)
 {
+    g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
     int ret = -1;
     int srcFD = -1;
     int dstFD = -1;
@@ -4538,17 +4539,17 @@ qemuPrepareNVRAM(virQEMUDriverConfig *cfg,
                              master_nvram_path);
         goto cleanup;
     }
-    if ((dstFD = virFileOpenAs(loader->nvram,
-                               O_WRONLY | O_CREAT | O_EXCL,
-                               S_IRUSR | S_IWUSR,
-                               cfg->user, cfg->group, 0)) < 0) {
-        virReportSystemError(-dstFD,
-                             _("Failed to create file '%s'"),
-                             loader->nvram);
+
+    if ((dstFD = qemuDomainOpenFile(driver, vm, loader->nvram,
+                                    O_WRONLY | O_CREAT | O_EXCL,
+                                    NULL)) < 0)
         goto cleanup;
-    }
+
     created = true;
 
+    if (qemuSecurityDomainSetPathLabel(driver, vm, loader->nvram, false) < 0)
+        goto cleanup;
+
     do {
         char buf[1024];
 
@@ -6723,7 +6724,7 @@ qemuProcessPrepareHost(virQEMUDriver *driver,
     qemuDomainObjPrivate *priv = vm->privateData;
     g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
 
-    if (qemuPrepareNVRAM(cfg, vm) < 0)
+    if (qemuPrepareNVRAM(driver, vm) < 0)
         return -1;
 
     if (vm->def->vsock) {