From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 21 Jul 2020 12:30:44 +0000 (+0200)
Subject: qemuDomainBuildNamespace: Populate graphics from daemon's namespace
X-Git-Tag: v6.7.0-rc1~184
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5f4f7c2094a73afccad7b1cdf9878b7a0fdcdbcc;p=thirdparty%2Flibvirt.git

qemuDomainBuildNamespace: Populate graphics from daemon's namespace

As mentioned in one of previous commits, populating domain's
namespace from pre-exec() hook is dangerous. This commit moves
population of the namespace with domain graphics (render node)
into daemon's namespace.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---

diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
index f31aae281c..cb6156c3c1 100644
--- a/src/qemu/qemu_namespace.c
+++ b/src/qemu/qemu_namespace.c
@@ -701,27 +701,27 @@ qemuDomainSetupAllTPMs(virDomainObjPtr vm,
 
 static int
 qemuDomainSetupGraphics(virDomainGraphicsDefPtr gfx,
-                        const struct qemuDomainCreateDeviceData *data)
+                        char ***paths)
 {
     const char *rendernode = virDomainGraphicsGetRenderNode(gfx);
 
     if (!rendernode)
         return 0;
 
-    return qemuDomainCreateDevice(rendernode, data, false);
+    return virStringListAdd(paths, rendernode);
 }
 
 
 static int
 qemuDomainSetupAllGraphics(virDomainObjPtr vm,
-                           const struct qemuDomainCreateDeviceData *data)
+                           char ***paths)
 {
     size_t i;
 
     VIR_DEBUG("Setting up graphics");
     for (i = 0; i < vm->def->ngraphics; i++) {
         if (qemuDomainSetupGraphics(vm->def->graphics[i],
-                                    data) < 0)
+                                    paths) < 0)
             return -1;
     }
 
@@ -882,6 +882,9 @@ qemuDomainBuildNamespace(virQEMUDriverConfigPtr cfg,
     if (qemuDomainSetupAllTPMs(vm, &paths) < 0)
         return -1;
 
+    if (qemuDomainSetupAllGraphics(vm, &paths) < 0)
+        return -1;
+
     if (qemuNamespaceMknodPaths(vm, (const char **) paths) < 0)
         return -1;
 
@@ -933,9 +936,6 @@ qemuDomainUnshareNamespace(virQEMUDriverConfigPtr cfg,
     if (qemuDomainSetupDev(mgr, vm, devPath) < 0)
         goto cleanup;
 
-    if (qemuDomainSetupAllGraphics(vm, &data) < 0)
-        goto cleanup;
-
     if (qemuDomainSetupAllInputs(vm, &data) < 0)
         goto cleanup;