qemuDomainAttachDeviceMknodHelper: Don't unlink() so often

Not that I'd encounter any bug here, but the code doesn't look
100% correct. Imagine, somebody is trying to attach a device to a
domain, and the device's /dev entry already exists in the qemu
namespace. This is handled gracefully and the control continues
with setting up ACLs and calling security manager to set up
labels. Now, if any of these steps fail, control jump on the
'cleanup' label and unlink() the file straight away. Even when it
was not us who created the file in the first place. This can be
possibly dangerous.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index ad80be034b1f64632535df1c3303ed8009f0847f..4eff2ef4609fa6de1e146f0949a32b093b86c476 100644 (file)
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -7523,6 +7523,7 @@ qemuDomainAttachDeviceMknodHelper(pid_t pid ATTRIBUTE_UNUSED,
 {
     struct qemuDomainAttachDeviceMknodData *data = opaque;
     int ret = -1;
+    bool delDevice = false;
 
     virSecurityManagerPostFork(data->driver->securityManager);
 
@@ -7545,6 +7546,8 @@ qemuDomainAttachDeviceMknodHelper(pid_t pid ATTRIBUTE_UNUSED,
                                  data->file);
             goto cleanup;
         }
+    } else {
+        delDevice = true;
     }
 
     if (virFileSetACLs(data->file, data->acl) < 0 &&
@@ -7608,7 +7611,7 @@ qemuDomainAttachDeviceMknodHelper(pid_t pid ATTRIBUTE_UNUSED,
 
     ret = 0;
  cleanup:
-    if (ret < 0)
+    if (ret < 0 && delDevice)
         unlink(data->file);
     virFileFreeACLs(&data->acl);
     return ret;