Avoid using /tmp for qemu state files since an unprivileged user

in dom0 could potentially exploit the fact.

Thanks to Dan Berrange <berrange@redhat.com>

Signed-off-by: Steven Hand

diff --git a/tools/ioemu/target-i386-dm/helper2.c b/tools/ioemu/target-i386-dm/helper2.c
index 4d43b1802c9b5a90c2369bac24d457cd76f2ae2a..4a6c865a75fe3d41037cb95795e37e3208c0023f 100644 (file)
--- a/tools/ioemu/target-i386-dm/helper2.c
+++ b/tools/ioemu/target-i386-dm/helper2.c
@@ -635,7 +635,7 @@ int main_loop(void)
     main_loop_wait(1); /* For the select() on events */
 
     /* Save the device state */
-    sprintf(qemu_file, "/tmp/xen.qemu-dm.%d", domid);
+    sprintf(qemu_file, "/var/lib/xen/qemu-save.%d", domid);
     do_savevm(qemu_file);
 
     return 0;

diff --git a/tools/python/xen/xend/XendCheckpoint.py b/tools/python/xen/xend/XendCheckpoint.py
index 76dadda783b89c797222d833ab7c64504491ab54..2cfc06a2dbe234b5c397a668bc36ae63395e5976 100644 (file)
--- a/tools/python/xen/xend/XendCheckpoint.py
+++ b/tools/python/xen/xend/XendCheckpoint.py
@@ -111,7 +111,8 @@ def save(fd, dominfo, network, live, dst, checkpoint=False):
         # put qemu device model state
         if hvm:
             write_exact(fd, QEMU_SIGNATURE, "could not write qemu signature")
-            qemu_fd = os.open("/tmp/xen.qemu-dm.%d" % dominfo.getDomid(), os.O_RDONLY)
+            qemu_fd = os.open("/var/lib/xen/qemu-save.%d" % dominfo.getDomid(),
+                              os.O_RDONLY)
             while True:
                 buf = os.read(qemu_fd, dm_batch)
                 if len(buf):
@@ -119,7 +120,7 @@ def save(fd, dominfo, network, live, dst, checkpoint=False):
                 else:
                     break
             os.close(qemu_fd)
-            os.remove("/tmp/xen.qemu-dm.%d" % dominfo.getDomid())
+            os.remove("/var/lib/xen/qemu-save.%d" % dominfo.getDomid())
 
         if checkpoint:
             dominfo.resumeDomain()
@@ -238,7 +239,7 @@ def restore(xd, fd, dominfo = None, paused = False):
             if qemu_signature != QEMU_SIGNATURE:
                 raise XendError("not a valid device model state: found '%s'" %
                                 qemu_signature)
-            qemu_fd = os.open("/tmp/xen.qemu-dm.%d" % dominfo.getDomid(),
+            qemu_fd = os.open("/var/lib/xen/qemu-save.%d" % dominfo.getDomid(),
                               os.O_WRONLY | os.O_CREAT | os.O_TRUNC)
             while True:
                 buf = os.read(fd, dm_batch)

diff --git a/tools/python/xen/xend/image.py b/tools/python/xen/xend/image.py
index 3b52040e78970acb12bd22d4d8e84c80828a124b..527a13093b486ca2fa44e88828bd5f32e33b0303 100644 (file)
--- a/tools/python/xen/xend/image.py
+++ b/tools/python/xen/xend/image.py
@@ -429,7 +429,7 @@ class HVMImageHandler(ImageHandler):
                              (self.getRequiredInitialReservation() / 1024) ])
         args = args + self.dmargs
         if restore:
-            args = args + ([ "-loadvm", "/tmp/xen.qemu-dm.%d" %
+            args = args + ([ "-loadvm", "/var/lib/xen/xen.qemu-dm.%d" %
                              self.vm.getDomid() ])
         env = dict(os.environ)
         if self.display: