From 6483b1e32b086dff93bd84dae2f5c9a87ddf0809 Mon Sep 17 00:00:00 2001
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 21 Jul 2020 14:49:42 +0200
Subject: [PATCH] qemuDomainBuildNamespace: Populate loader from daemon's
 namespace
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

As mentioned in one of previous commits, populating domain's
namespace from pre-exec() hook is dangerous. This commit moves
population of the namespace with domain loader into daemon's
namespace.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
 src/qemu/qemu_namespace.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
index 06d739cbca..3460a60290 100644
--- a/src/qemu/qemu_namespace.c
+++ b/src/qemu/qemu_namespace.c
@@ -801,7 +801,7 @@ qemuDomainSetupAllRNGs(virDomainObjPtr vm,
 
 static int
 qemuDomainSetupLoader(virDomainObjPtr vm,
-                      const struct qemuDomainCreateDeviceData *data)
+                      char ***paths)
 {
     virDomainLoaderDefPtr loader = vm->def->os.loader;
 
@@ -810,16 +810,16 @@ qemuDomainSetupLoader(virDomainObjPtr vm,
     if (loader) {
         switch ((virDomainLoader) loader->type) {
         case VIR_DOMAIN_LOADER_TYPE_ROM:
-            if (qemuDomainCreateDevice(loader->path, data, false) < 0)
+            if (virStringListAdd(paths, loader->path) < 0)
                 return -1;
             break;
 
         case VIR_DOMAIN_LOADER_TYPE_PFLASH:
-            if (qemuDomainCreateDevice(loader->path, data, false) < 0)
+            if (virStringListAdd(paths, loader->path) < 0)
                 return -1;
 
             if (loader->nvram &&
-                qemuDomainCreateDevice(loader->nvram, data, false) < 0)
+                virStringListAdd(paths, loader->nvram) < 0)
                 return -1;
             break;
 
@@ -891,6 +891,9 @@ qemuDomainBuildNamespace(virQEMUDriverConfigPtr cfg,
     if (qemuDomainSetupAllRNGs(vm, &paths) < 0)
         return -1;
 
+    if (qemuDomainSetupLoader(vm, &paths) < 0)
+        return -1;
+
     if (qemuNamespaceMknodPaths(vm, (const char **) paths) < 0)
         return -1;
 
@@ -942,9 +945,6 @@ qemuDomainUnshareNamespace(virQEMUDriverConfigPtr cfg,
     if (qemuDomainSetupDev(mgr, vm, devPath) < 0)
         goto cleanup;
 
-    if (qemuDomainSetupLoader(vm, &data) < 0)
-        goto cleanup;
-
     if (qemuDomainSetupLaunchSecurity(vm, &data) < 0)
         goto cleanup;