From 1b3b61bc9cd913a2f3fea1ab39ded81c6da2bacd Mon Sep 17 00:00:00 2001

Message-Id: <1b3b61bc9cd913a2f3fea1ab39ded81c6da2bacd@dist-git>

From: Martin Kletzander <mkletzan@redhat.com>

Date: Mon, 14 Sep 2015 10:15:26 +0200

Subject: [PATCH] qemu: Do not allow others into per-VM subdirectories

https://bugzilla.redhat.com/show_bug.cgi?id=1146886

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>

(cherry picked from commit 192a13948905668955ff39e32d4622f8511fadf0)

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>

---

 src/qemu/qemu_process.c | 4 ++--

 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c

index d5b0fc0..ee1d6b2 100644

--- a/src/qemu/qemu_process.c

+++ b/src/qemu/qemu_process.c

@@ -4737,7 +4737,7 @@ int qemuProcessStart(virConnectPtr conn,

     if (virAsprintf(&tmppath, "%s/domain-%s", cfg->libDir, vm->def->name) < 0)

         goto cleanup;

-    if (virFileMakePath(tmppath) < 0) {

+    if (virFileMakePathWithMode(tmppath, 0750) < 0) {

         virReportSystemError(errno, _("Cannot create directory '%s'"), tmppath);

         goto cleanup;

     }

@@ -4752,7 +4752,7 @@ int qemuProcessStart(virConnectPtr conn,

                     cfg->channelTargetDir, vm->def->name) < 0)

         goto cleanup;

-    if (virFileMakePath(tmppath) < 0) {

+    if (virFileMakePathWithMode(tmppath, 0750) < 0) {

         virReportSystemError(errno, _("Cannot create directory '%s'"), tmppath);

         goto cleanup;

     }

-- 

2.5.2