[PATCH v1 25/34] qemuDomainBuildNamespace: Populate loader from daemon's namespace
As mentioned in one of previous commits, populating domain's
namespace from pre-exec() hook is dangerous. This commit moves
population of the namespace with domain loader into daemon's
namespace.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_domain_namespace.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/qemu/qemu_domain_namespace.c b/src/qemu/qemu_domain_namespace.c
index 2ab10cb9f0..66c6cedadf 100644
--- a/src/qemu/qemu_domain_namespace.c
+++ b/src/qemu/qemu_domain_namespace.c
@@ -801,7 +801,7 @@ qemuDomainSetupAllRNGs(virDomainObjPtr vm,
static int
qemuDomainSetupLoader(virDomainObjPtr vm,
- const struct qemuDomainCreateDeviceData *data)
+ char ***paths)
{
virDomainLoaderDefPtr loader = vm->def->os.loader;
@@ -810,16 +810,16 @@ qemuDomainSetupLoader(virDomainObjPtr vm,
if (loader) {
switch ((virDomainLoader) loader->type) {
case VIR_DOMAIN_LOADER_TYPE_ROM:
- if (qemuDomainCreateDevice(loader->path, data, false) < 0)
+ if (virStringListAdd(paths, loader->path) < 0)
return -1;
break;
case VIR_DOMAIN_LOADER_TYPE_PFLASH:
- if (qemuDomainCreateDevice(loader->path, data, false) < 0)
+ if (virStringListAdd(paths, loader->path) < 0)
return -1;
if (loader->nvram &&
- qemuDomainCreateDevice(loader->nvram, data, false) < 0)
+ virStringListAdd(paths, loader->nvram) < 0)
return -1;
break;
@@ -891,6 +891,9 @@ qemuDomainBuildNamespace(virQEMUDriverConfigPtr cfg,
if (qemuDomainSetupAllRNGs(vm, &paths) < 0)
return -1;
+ if (qemuDomainSetupLoader(vm, &paths) < 0)
+ return -1;
+
if (qemuDomainNamespaceMknodPaths(vm, (const char **) paths) < 0)
return -1;
@@ -942,9 +945,6 @@ qemuDomainUnshareNamespace(virQEMUDriverConfigPtr cfg,
if (qemuDomainSetupDev(mgr, vm, devPath) < 0)
goto cleanup;
- if (qemuDomainSetupLoader(vm, &data) < 0)
- goto cleanup;
-
if (qemuDomainSetupLaunchSecurity(vm, &data) < 0)
goto cleanup;
--
2.26.2