From: Osier Yang Date: Wed, 11 Jul 2012 14:40:48 +0000 (+0800) Subject: storage: Default pool permission mode to 0755 X-Git-Tag: CVE-2012-3445~177 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8a544719aa2fe92332756ea0483844b81d4d56ae;p=thirdparty%2Flibvirt.git storage: Default pool permission mode to 0755 Per the typical use of libvirt is to fork the qemu process with qemu:qemu. Setting the pool permission mode as 0700 by default will prevent the guest start with permission reason. Define macro for the default pool and vol permission modes incidentally. --- diff --git a/src/conf/storage_conf.c b/src/conf/storage_conf.c index ab8df9eb5a..36a3bb91c4 100644 --- a/src/conf/storage_conf.c +++ b/src/conf/storage_conf.c @@ -47,6 +47,8 @@ #define VIR_FROM_THIS VIR_FROM_STORAGE +#define DEFAULT_POOL_PERM_MODE 0755 +#define DEFAULT_VOL_PERM_MODE 0600 VIR_ENUM_IMPL(virStoragePool, VIR_STORAGE_POOL_LAST, @@ -812,7 +814,8 @@ virStoragePoolDefParseXML(xmlXPathContextPtr ctxt) { goto cleanup; if (virStorageDefParsePerms(ctxt, &ret->target.perms, - "./target/permissions", 0700) < 0) + "./target/permissions", + DEFAULT_POOL_PERM_MODE) < 0) goto cleanup; } @@ -1137,7 +1140,8 @@ virStorageVolDefParseXML(virStoragePoolDefPtr pool, } if (virStorageDefParsePerms(ctxt, &ret->target.perms, - "./target/permissions", 0600) < 0) + "./target/permissions", + DEFAULT_VOL_PERM_MODE) < 0) goto cleanup; node = virXPathNode("./target/encryption", ctxt); @@ -1168,7 +1172,8 @@ virStorageVolDefParseXML(virStoragePoolDefPtr pool, } if (virStorageDefParsePerms(ctxt, &ret->backingStore.perms, - "./backingStore/permissions", 0600) < 0) + "./backingStore/permissions", + DEFAULT_VOL_PERM_MODE) < 0) goto cleanup; return ret;