qemu: Do not allow others into per-VM subdirectories

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index d9a0942c4dfd9b1419f25688cc2db8ede73de1ae..ce2c70cb3fd16990288262dfe71345fe56143ad1 100644 (file)
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -4734,7 +4734,7 @@ int qemuProcessStart(virConnectPtr conn,
     if (virAsprintf(&tmppath, "%s/domain-%s", cfg->libDir, vm->def->name) < 0)
         goto cleanup;
 
-    if (virFileMakePath(tmppath) < 0) {
+    if (virFileMakePathWithMode(tmppath, 0750) < 0) {
         virReportSystemError(errno, _("Cannot create directory '%s'"), tmppath);
         goto cleanup;
     }
@@ -4749,7 +4749,7 @@ int qemuProcessStart(virConnectPtr conn,
                     cfg->channelTargetDir, vm->def->name) < 0)
         goto cleanup;
 
-    if (virFileMakePath(tmppath) < 0) {
+    if (virFileMakePathWithMode(tmppath, 0750) < 0) {
         virReportSystemError(errno, _("Cannot create directory '%s'"), tmppath);
         goto cleanup;
     }