|
| 1 | +From b3c22760e37dbbd8c3be2368c62dc34289faff42 Mon Sep 17 00:00:00 2001 |
| 2 | +From: Peter Krempa < [email protected]> |
| 3 | +Date: Wed, 12 Nov 2025 17:52:05 +0100 |
| 4 | +Subject: [PATCH] qemu: snapshot: Set umask for 'qemu-img' when creating |
| 5 | + external inactive snapshots |
| 6 | + |
| 7 | +External inactive snapshots are created by invoking 'qemu-img' which |
| 8 | +creates the file. Currently qemu-img creates image with mode 644 based |
| 9 | +on default umask as libvirt doesn't set any. |
| 10 | + |
| 11 | +Having a world-readable image is obviously wrong so set the umask to |
| 12 | +077 to have the file readable only by the owner. |
| 13 | + |
| 14 | +Resolves: https://bugs.debian.org/1120119 |
| 15 | +Signed-off-by: Peter Krempa < [email protected]> |
| 16 | +Signed-off-by: rpm-build <rpm-build> |
| 17 | +Upstream-reference: https://gitlab.com/libvirt/libvirt/-/commit/a379327d8abcde8ac8d3e16fe5e4ba6f790d767a.patch |
| 18 | +--- |
| 19 | + src/qemu/qemu_snapshot.c | 3 +++ |
| 20 | + 1 file changed, 3 insertions(+) |
| 21 | + |
| 22 | +diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c |
| 23 | +index 73ff533..9819448 100644 |
| 24 | +--- a/src/qemu/qemu_snapshot.c |
| 25 | ++++ b/src/qemu/qemu_snapshot.c |
| 26 | +@@ -233,6 +233,9 @@ qemuSnapshotCreateQcow2Files(virQEMUDriver *driver, |
| 27 | + NULL))) |
| 28 | + return -1; |
| 29 | + |
| 30 | ++ /* ensure that new files are only readable by the user */ |
| 31 | ++ virCommandSetUmask(cmd, 0077); |
| 32 | ++ |
| 33 | + /* adds cmd line arg: backing_fmt=format,backing_file=/path/to/backing/file */ |
| 34 | + virBufferAsprintf(&buf, "backing_fmt=%s,backing_file=", |
| 35 | + virStorageFileFormatTypeToString(defdisk->src->format)); |
| 36 | +-- |
| 37 | +2.45.4 |
| 38 | + |
0 commit comments