From: Michal Privoznik <mprivozn@redhat.com>
Date: Thu, 25 Feb 2021 17:20:51 +0000 (+0100)
Subject: qemu_shim: Always pre-create root dir
X-Git-Tag: v7.2.0-rc1~137
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=76f3b2988bea373587ee3ff9584c7bb07b78d80a;p=thirdparty%2Flibvirt.git

qemu_shim: Always pre-create root dir

This problem is reproducible only with secret driver. When
starting a domain via virt-qemu-run and both secret and
(nonexistent) root directory specified this is what happens:

1) virt-qemu-run opens "secret:///embed?root=$rootdir"
   connection, which results in the secret driver initialization
   (done in secretStateInitialize()). During this process, the
   driver creates its own configDir (derived from $rootdir)
   including those parents which don't exists yet. This is all
   done with the mode S_IRWXU and thus results in the $rootdir
   being created with very restrictive mode (specifically, +x is
   missing for group and others).

2) now, virt-qemu-run opens "qemu:///embed?root=$rootdir" and
   calls virDomainCreateXML(). This results in the master-key.aes
   being written somewhere under the $rootdir and telling qemu
   where to find it.

But because the secret driver created $rootdir with too
restrictive mode, qemu can't access the file (even though it
knows the full path) and fails to start.

It looks like the best solution is to pre-create the root
directory before opening any connection (letting any driver
initialize itself) and set its mode to something less
restrictive.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1859873
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
---

diff --git a/src/qemu/qemu_shim.c b/src/qemu/qemu_shim.c
index c10598df4b..d85497bd3a 100644
--- a/src/qemu/qemu_shim.c
+++ b/src/qemu/qemu_shim.c
@@ -210,11 +210,16 @@ int main(int argc, char **argv)
         }
         tmproot = true;
 
-        if (chmod(root, 0755) < 0) {
-            g_printerr("%s: cannot chown temporary dir: %s\n",
-                       argv[0], g_strerror(errno));
-            goto cleanup;
-        }
+    } else if (g_mkdir_with_parents(root, 0755) < 0) {
+        g_printerr("%s: cannot create dir: %s\n",
+                   argv[0], g_strerror(errno));
+        goto cleanup;
+    }
+
+    if (chmod(root, 0755) < 0) {
+        g_printerr("%s: cannot chmod temporary dir: %s\n",
+                   argv[0], g_strerror(errno));
+        goto cleanup;
     }
 
     escaped = g_uri_escape_string(root, NULL, true);