<nvram> auto-creation does not honour permissions defined in libvirtd.conf
Software environment
- Operating system:ubuntu 20.04
- Architecture:amd64
- kernel version:5.4.0-73-generic
- libvirt version:6.0.0
- Hypervisor and version:qemu 4.2-3ubuntu6.16
Description of problem
I'm using OpenNebula an "Open Source Cloud & Edge Computing Platform". OpenNebula use libvirt to manage VM.
I would like to start EFI VM, but libvirt creates /var/lib/libvirt/qemu/nvram/one-3_VARS.fd file with wrong permissions as describe here: https://github.com/OpenNebula/one/issues/2481
Steps to reproduce
- Set libvirtd.conf to have user = XXX and group = XXX where XXX is non-root and qemu.conf to have dynamic_ownership = 0
- virsh create a domain with component which instantiates from a template
- It has created the file but given it root permissions: internal error: qemu unexpectedly closed the monitor: 2019-12-13T14:52:42.059479Z qemu-kvm: -drive file=.../OVMF_VARS.fd,if=pflash,format=raw,unit=1: Could not open '.../OVMF_VARS.fd': Permission denied
Additional information
I think the problem is in src/qemu/qemu_process.c file, in qemuPrepareNVRAM function:
There is no flags define (last argument is "0"): if ((dstFD = virFileOpenAs(loader->nvram, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR, cfg->user, cfg->group, 0)) < 0) {
If I replace 0 to "(VIR_FILE_OPEN_FORCE_OWNER | VIR_FILE_OPEN_FORCE_MODE)", everything is ok.
Is this correction seems correct for you? I can create a merge requests if it's correct.