On Fri, 2020-02-28 at 16:56 +0100, Michal Privoznik wrote: > +++ b/src/qemu/qemu_shim.c > @@ -158,6 +158,12 @@ int main(int argc, char **argv) > return 1; > } > tmproot = true; > + > + if (chmod(root, S_IRWXU | S_IXGRP | S_IXOTH) < 0) { I think this is unnecessarily restrictive: the directories that are created right underneath root are all 0755, with the files themselves being mostly 0600, so using 0711 here is only going to add a bit of annoyance rather than actual security I think. Also, and this is a personal preference so feel free to ignore it, I would find using octal values directly more readable. With a more permissive mode used, Reviewed-by: Andrea Bolognani <abologna@xxxxxxxxxx> -- Andrea Bolognani / Red Hat / Virtualization