return -1;
}
- if (qemu_supports (g, NULL) == -1)
- return -1;
-
- /* Only SCSI and virtio drivers support readonly mode.
- * This is only supported as a QEMU feature since 2010/01.
- */
- int supports_ro = 0;
- if ((STREQ (drive_if, "scsi") || STREQ (drive_if, "virtio")) &&
- qemu_supports (g, "readonly=on"))
- supports_ro = 1;
-
- size_t len = strlen (filename) + 100;
+ size_t len = strlen (filename) + 64;
char buf[len];
- snprintf (buf, len, "file=%s,snapshot=on,%sif=%s",
- filename,
- supports_ro ? "readonly=on," : "",
- drive_if);
+ snprintf (buf, len, "file=%s,snapshot=on,if=%s", filename, drive_if);
return guestfs__config (g, "-drive", buf);
}
}
}
+ /* Allow anyone to read the temporary directory. There are no
+ * secrets in the kernel or initrd files. The socket in this
+ * directory won't be readable but anyone can see it exists if they
+ * want. (RHBZ#610880).
+ */
+ if (chmod (g->tmpdir, 0755) == -1)
+ fprintf (stderr, "chmod: %s: %m (ignored)\n", g->tmpdir);
+
/* First search g->path for the supermin appliance, and try to
* synthesize a kernel and initrd from that. If it fails, we
* try the path search again looking for a backup ordinary
*initrd = safe_malloc (g, len + 8);
snprintf (*initrd, len+8, "%s/initrd", g->tmpdir);
+ /* Set a sensible umask in the subprocess, so kernel and initrd
+ * output files are world-readable (RHBZ#610880).
+ */
snprintf (cmd, sizeof cmd,
+ "umask 0002; "
"febootstrap-supermin-helper%s "
"-k '%s/kmod.whitelist' "
"'%s/supermin.d' "