From bcdaa91a27b5b2d103535270a6a287efe6cd8bfb Mon Sep 17 00:00:00 2001
From: Kristina Hanicova <khanicov@redhat.com>
Date: Fri, 21 May 2021 13:41:29 +0200
Subject: [PATCH] qemu: Use qemuDomainOpenFile() in qemuPrepareNVRAM()

Previously, nvram file was created with user/group owner as
'root', rather than specifications defined in libvirtd.conf. The
solution is to call qemuDomainOpenFile(), which creates file with
defined permissions and qemuSecurityDomainSetPathLabel() to set
security label for created nvram file.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1783255

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/qemu/qemu_process.c | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 35213f81ec..2aa4574d94 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -4499,9 +4499,10 @@ qemuProcessUpdateCPU(virQEMUDriver *driver,
 
 
 static int
-qemuPrepareNVRAM(virQEMUDriverConfig *cfg,
+qemuPrepareNVRAM(virQEMUDriver *driver,
                  virDomainObj *vm)
 {
+    g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
     int ret = -1;
     int srcFD = -1;
     int dstFD = -1;
@@ -4538,17 +4539,17 @@ qemuPrepareNVRAM(virQEMUDriverConfig *cfg,
                              master_nvram_path);
         goto cleanup;
     }
-    if ((dstFD = virFileOpenAs(loader->nvram,
-                               O_WRONLY | O_CREAT | O_EXCL,
-                               S_IRUSR | S_IWUSR,
-                               cfg->user, cfg->group, 0)) < 0) {
-        virReportSystemError(-dstFD,
-                             _("Failed to create file '%s'"),
-                             loader->nvram);
+
+    if ((dstFD = qemuDomainOpenFile(driver, vm, loader->nvram,
+                                    O_WRONLY | O_CREAT | O_EXCL,
+                                    NULL)) < 0)
         goto cleanup;
-    }
+
     created = true;
 
+    if (qemuSecurityDomainSetPathLabel(driver, vm, loader->nvram, false) < 0)
+        goto cleanup;
+
     do {
         char buf[1024];
 
@@ -6723,7 +6724,7 @@ qemuProcessPrepareHost(virQEMUDriver *driver,
     qemuDomainObjPrivate *priv = vm->privateData;
     g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
 
-    if (qemuPrepareNVRAM(cfg, vm) < 0)
+    if (qemuPrepareNVRAM(driver, vm) < 0)
         return -1;
 
     if (vm->def->vsock) {
-- 
2.47.2