git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Peng Liang <liangpeng10@huawei.com>
	Mon, 13 Sep 2021 14:23:47 +0000 (22:23 +0800)
committer	Michal Privoznik <mprivozn@redhat.com>
	Thu, 23 Sep 2021 10:42:26 +0000 (12:42 +0200)
commit	c4f3c955d57816da6ea8a4ad12333e817e650977
tree	bb3fc3a1bc8dbbcacebc209bb5575c698d4a9b63	tree
parent	a50c473ad6c988a249bf79a30fb7c6dc19733347	commit \| diff

qemu: don't change ownership of cache directory

Commit 6bcf25017bc6 ("virDomainMemoryPeek API") introduced memory peek
and commit 9936aecfd1b4 ("qemu: Implement the driver methods")
introduced screenshot.  Both of them will put temporary files in
/var/cache/libvirt/qemu, and the temporary files are created by QEMU.
Therefore, the ownership of /var/cache/libvirt/qemu should be changed to
user and group configured in qemu.conf to make sure that QEMU process
can create and write files in the cache directory.

Libvirt will only put the temporary files in /var/cache/libvirt/qemu
until commit cbde35899b90 ("Cache result of QEMU capabilities
extraction"), which will put the cache of QEMU capabilities in
'capabilities' subdir of the cache directory.  Because the capabilities
is used by libvirt, the ownership of both 'capabilities' subdir and
capabilities files are root.  However, when QEMU process runs as a
regular user (e.g. qemu user), the ownership of /var/cache/libvirt/qemu
will be changed to qemu:qemu while that of
/var/cache/libvirt/qemu/capabilities will be still root:root.  Then the
regular user could spoof different capabilities, which maybe lead to
denial of service.

Since the previous patch has move the temp files of screenshot and
memory peek to per-domain directory, no one except domain capabilities
uses cacheDir currently.  And since domain capabilities are used by
libvirtd instead of QEMU, no need to change the ownership of cacheDir to
qemu:qemu explicitly.

Signed-off-by: Peng Liang <liangpeng10@huawei.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>