From nobody Sat May 4 03:55:43 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1515510258708836.1224991530437; Tue, 9 Jan 2018 07:04:18 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 6D6D462B; Tue, 9 Jan 2018 15:04:17 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2C92F74AA8; Tue, 9 Jan 2018 15:04:17 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id E0A253FB1A; Tue, 9 Jan 2018 15:04:16 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w09F4Fe0004846 for ; Tue, 9 Jan 2018 10:04:15 -0500 Received: by smtp.corp.redhat.com (Postfix) id 91AF67FCC6; Tue, 9 Jan 2018 15:04:15 +0000 (UTC) Received: from mx1.redhat.com (ext-mx10.extmail.prod.ext.phx2.redhat.com [10.5.110.39]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 172B47FBA3; Tue, 9 Jan 2018 15:04:10 +0000 (UTC) Received: from youngberry.canonical.com (youngberry.canonical.com [91.189.89.112]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A0739A1F7B; Tue, 9 Jan 2018 15:04:09 +0000 (UTC) Received: from 1.general.paelzer.uk.vpn ([10.172.196.172] helo=localhost.localdomain) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1eYvRg-0008Du-G0; Tue, 09 Jan 2018 15:04:08 +0000 From: Christian Ehrhardt To: Libvirt Devel Date: Tue, 9 Jan 2018 16:04:02 +0100 Message-Id: <1515510245-21171-2-git-send-email-christian.ehrhardt@canonical.com> In-Reply-To: <1515510245-21171-1-git-send-email-christian.ehrhardt@canonical.com> References: <1515510245-21171-1-git-send-email-christian.ehrhardt@canonical.com> X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Tue, 09 Jan 2018 15:04:09 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Tue, 09 Jan 2018 15:04:09 +0000 (UTC) for IP:'91.189.89.112' DOMAIN:'youngberry.canonical.com' HELO:'youngberry.canonical.com' FROM:'christian.ehrhardt@canonical.com' RCPT:'' X-RedHat-Spam-Score: -5.01 (RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD) 91.189.89.112 youngberry.canonical.com 91.189.89.112 youngberry.canonical.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.39 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Cc: Jamie Strandboge , Michal Privoznik , Guido Guenther , Christian Ehrhardt Subject: [libvirt] [PATCH v2 1/4] security, apparmor: implement domainSetPathLabel X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Tue, 09 Jan 2018 15:04:17 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" This came up in discussions around huge pages, but it will cover more per guest paths that should be added to the guests apparmor profile: - keys via qemuDomainWriteMasterKeyFile - per domain dirs via qemuProcessMakeDir - memory backing paths via qemuProcessBuildDestroyMemoryPathsImpl Signed-off-by: Christian Ehrhardt --- src/security/security_apparmor.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/security/security_apparmor.c b/src/security/security_appar= mor.c index 1db94c6..dcd6f52 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -953,6 +953,13 @@ AppArmorSetSavedStateLabel(virSecurityManagerPtr mgr, return reload_profile(mgr, def, savefile, true); } =20 +static int +AppArmorSetPathLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + const char *path) +{ + return reload_profile(mgr, def, path, true); +} =20 static int AppArmorRestoreSavedStateLabel(virSecurityManagerPtr mgr, @@ -1045,6 +1052,8 @@ virSecurityDriver virAppArmorSecurityDriver =3D { .domainSetSavedStateLabel =3D AppArmorSetSavedStateLabel, .domainRestoreSavedStateLabel =3D AppArmorRestoreSavedStateLabel, =20 + .domainSetPathLabel =3D AppArmorSetPathLabel, + .domainSetSecurityImageFDLabel =3D AppArmorSetFDLabel, .domainSetSecurityTapFDLabel =3D AppArmorSetFDLabel, =20 --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat May 4 03:55:43 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1515510269847331.01337918504055; Tue, 9 Jan 2018 07:04:29 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 66C53C070E02; Tue, 9 Jan 2018 15:04:28 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 35E267FCD9; Tue, 9 Jan 2018 15:04:28 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id F1C943FB1D; Tue, 9 Jan 2018 15:04:27 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w09F4RXD004898 for ; Tue, 9 Jan 2018 10:04:27 -0500 Received: by smtp.corp.redhat.com (Postfix) id F382B8062B; Tue, 9 Jan 2018 15:04:26 +0000 (UTC) Received: from mx1.redhat.com (ext-mx06.extmail.prod.ext.phx2.redhat.com [10.5.110.30]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6FEFC80630; Tue, 9 Jan 2018 15:04:10 +0000 (UTC) Received: from youngberry.canonical.com (youngberry.canonical.com [91.189.89.112]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D0E09DF31; Tue, 9 Jan 2018 15:04:09 +0000 (UTC) Received: from 1.general.paelzer.uk.vpn ([10.172.196.172] helo=localhost.localdomain) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1eYvRg-0008Du-M2; Tue, 09 Jan 2018 15:04:08 +0000 From: Christian Ehrhardt To: Libvirt Devel Date: Tue, 9 Jan 2018 16:04:03 +0100 Message-Id: <1515510245-21171-3-git-send-email-christian.ehrhardt@canonical.com> In-Reply-To: <1515510245-21171-1-git-send-email-christian.ehrhardt@canonical.com> References: <1515510245-21171-1-git-send-email-christian.ehrhardt@canonical.com> X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Tue, 09 Jan 2018 15:04:10 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Tue, 09 Jan 2018 15:04:10 +0000 (UTC) for IP:'91.189.89.112' DOMAIN:'youngberry.canonical.com' HELO:'youngberry.canonical.com' FROM:'christian.ehrhardt@canonical.com' RCPT:'' X-RedHat-Spam-Score: -5.01 (RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD) 91.189.89.112 youngberry.canonical.com 91.189.89.112 youngberry.canonical.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.30 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Cc: Jamie Strandboge , Michal Privoznik , Guido Guenther , Christian Ehrhardt Subject: [libvirt] [PATCH v2 2/4] security: full path option for DomainSetPathLabel X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Tue, 09 Jan 2018 15:04:28 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" virSecurityManagerDomainSetPathLabel is used to make a path known to the security modules, but today is used interchangably for - paths to files/dirs to be accessed directly - paths to a dir, but the access will actually be to files therein Depending on the security module it is important to know which of these types it will be. The argument allowSubtree augments the call to the implementations of DomainSetPathLabel that can - per security module - decide if extra actions shall be taken. For now dac/selinux handle this as before, but apparmor will make use of it to add a wildcard to the path that was passed. Signed-off-by: Christian Ehrhardt --- src/qemu/qemu_domain.c | 2 +- src/qemu/qemu_process.c | 4 ++-- src/security/security_apparmor.c | 17 +++++++++++++++-- src/security/security_dac.c | 3 ++- src/security/security_driver.h | 3 ++- src/security/security_manager.c | 5 +++-- src/security/security_manager.h | 16 ++++++++++++++-- src/security/security_selinux.c | 3 ++- src/security/security_stack.c | 5 +++-- 9 files changed, 44 insertions(+), 14 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 0f4c422..5c171e4 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -692,7 +692,7 @@ qemuDomainWriteMasterKeyFile(virQEMUDriverPtr driver, } =20 if (qemuSecurityDomainSetPathLabel(driver->securityManager, - vm->def, path) < 0) + vm->def, path, false) < 0) goto cleanup; =20 ret =3D 0; diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index a0f430f..1a0923a 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -3401,7 +3401,7 @@ qemuProcessBuildDestroyMemoryPathsImpl(virQEMUDriverP= tr driver, } =20 if (qemuSecurityDomainSetPathLabel(driver->securityManager, - def, path) < 0) { + def, path, true) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Unable to label %s"), path); return -1; @@ -4514,7 +4514,7 @@ qemuProcessMakeDir(virQEMUDriverPtr driver, } =20 if (qemuSecurityDomainSetPathLabel(driver->securityManager, - vm->def, path) < 0) + vm->def, path, true) < 0) goto cleanup; =20 ret =3D 0; diff --git a/src/security/security_apparmor.c b/src/security/security_appar= mor.c index dcd6f52..432fab5 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -956,9 +956,22 @@ AppArmorSetSavedStateLabel(virSecurityManagerPtr mgr, static int AppArmorSetPathLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - const char *path) + const char *path, + bool allowSubtree) { - return reload_profile(mgr, def, path, true); + int rc =3D -1; + char *full_path =3D NULL; + + if (allowSubtree) { + if (virAsprintf(&full_path, "%s/{,**}", path) < 0) + return -1; + rc =3D reload_profile(mgr, def, full_path, true); + VIR_FREE(full_path); + } else { + rc =3D reload_profile(mgr, def, path, true); + } + + return rc; } =20 static int diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 609d259..74446d6 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -2081,7 +2081,8 @@ virSecurityDACGetBaseLabel(virSecurityManagerPtr mgr, static int virSecurityDACDomainSetPathLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - const char *path) + const char *path, + bool allowSubtree ATTRIBUTE_UNUSED) { virSecurityDACDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); virSecurityLabelDefPtr seclabel; diff --git a/src/security/security_driver.h b/src/security/security_driver.h index 47dad8b..95e7c4d 100644 --- a/src/security/security_driver.h +++ b/src/security/security_driver.h @@ -139,7 +139,8 @@ typedef int (*virSecurityDomainRestoreInputLabel) (virS= ecurityManagerPtr mgr, virDomainInputDefPtr in= put); typedef int (*virSecurityDomainSetPathLabel) (virSecurityManagerPtr mgr, virDomainDefPtr def, - const char *path); + const char *path, + bool allowSubtree); typedef int (*virSecurityDomainSetChardevLabel) (virSecurityManagerPtr mgr, virDomainDefPtr def, virDomainChrSourceDefPtr = dev_source, diff --git a/src/security/security_manager.c b/src/security/security_manage= r.c index 9249aba..4e80409 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -1048,12 +1048,13 @@ virSecurityManagerGetNested(virSecurityManagerPtr m= gr) int virSecurityManagerDomainSetPathLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, - const char *path) + const char *path, + bool allowSubtree) { if (mgr->drv->domainSetPathLabel) { int ret; virObjectLock(mgr); - ret =3D mgr->drv->domainSetPathLabel(mgr, vm, path); + ret =3D mgr->drv->domainSetPathLabel(mgr, vm, path, allowSubtree); virObjectUnlock(mgr); return ret; } diff --git a/src/security/security_manager.h b/src/security/security_manage= r.h index 013e3b9..e1475b6 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -179,10 +179,22 @@ int virSecurityManagerRestoreInputLabel(virSecurityMa= nagerPtr mgr, virDomainDefPtr vm, virDomainInputDefPtr input); =20 - +/** + * virSecurityManagerDomainSetPathLabel + * @mgr: Storage file to chown + * @vm: target uid + * @path: string describing the path + * @allowSubtree: + * + * set @allowSubtree to true if the call is not only meant for the actual = path + * in @path, but instead to also allow access to all potential subtress. + * Example on @path =3D "/path": + * False =3D> /path + * True =3D> /path but also /path/... (including all deeper levels) */ int virSecurityManagerDomainSetPathLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, - const char *path); + const char *path, + bool allowSubtree); =20 int virSecurityManagerSetChardevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 0815a02..c26cdac 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -3028,7 +3028,8 @@ virSecuritySELinuxGetSecurityMountOptions(virSecurity= ManagerPtr mgr, static int virSecuritySELinuxDomainSetPathLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - const char *path) + const char *path, + bool allowSubtree ATTRIBUTE_UNUSED) { virSecurityLabelDefPtr seclabel; =20 diff --git a/src/security/security_stack.c b/src/security/security_stack.c index 0375e7d..9615f9f 100644 --- a/src/security/security_stack.c +++ b/src/security/security_stack.c @@ -704,7 +704,8 @@ virSecurityStackRestoreInputLabel(virSecurityManagerPtr= mgr, static int virSecurityStackDomainSetPathLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, - const char *path) + const char *path, + bool allowSubtree) { virSecurityStackDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); virSecurityStackItemPtr item =3D priv->itemsHead; @@ -712,7 +713,7 @@ virSecurityStackDomainSetPathLabel(virSecurityManagerPt= r mgr, =20 for (; item; item =3D item->next) { if (virSecurityManagerDomainSetPathLabel(item->securityManager, - vm, path) < 0) + vm, path, allowSubtree) <= 0) rc =3D -1; } =20 --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat May 4 03:55:43 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 15155102583488.161073872932434; Tue, 9 Jan 2018 07:04:18 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 069F45BEB3; Tue, 9 Jan 2018 15:04:17 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D578B61299; Tue, 9 Jan 2018 15:04:16 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 98B283FB18; Tue, 9 Jan 2018 15:04:16 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w09F4FLk004848 for ; Tue, 9 Jan 2018 10:04:15 -0500 Received: by smtp.corp.redhat.com (Postfix) id 9D3A27F813; Tue, 9 Jan 2018 15:04:15 +0000 (UTC) Received: from mx1.redhat.com (ext-mx07.extmail.prod.ext.phx2.redhat.com [10.5.110.31]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 178DD7FBAE; Tue, 9 Jan 2018 15:04:10 +0000 (UTC) Received: from youngberry.canonical.com (youngberry.canonical.com [91.189.89.112]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0456AC0467C4; Tue, 9 Jan 2018 15:04:10 +0000 (UTC) Received: from 1.general.paelzer.uk.vpn ([10.172.196.172] helo=localhost.localdomain) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1eYvRg-0008Du-SB; Tue, 09 Jan 2018 15:04:08 +0000 From: Christian Ehrhardt To: Libvirt Devel Date: Tue, 9 Jan 2018 16:04:04 +0100 Message-Id: <1515510245-21171-4-git-send-email-christian.ehrhardt@canonical.com> In-Reply-To: <1515510245-21171-1-git-send-email-christian.ehrhardt@canonical.com> References: <1515510245-21171-1-git-send-email-christian.ehrhardt@canonical.com> X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Tue, 09 Jan 2018 15:04:10 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Tue, 09 Jan 2018 15:04:10 +0000 (UTC) for IP:'91.189.89.112' DOMAIN:'youngberry.canonical.com' HELO:'youngberry.canonical.com' FROM:'christian.ehrhardt@canonical.com' RCPT:'' X-RedHat-Spam-Score: -5.01 (RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD) 91.189.89.112 youngberry.canonical.com 91.189.89.112 youngberry.canonical.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.31 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Cc: Jamie Strandboge , Michal Privoznik , Guido Guenther , Christian Ehrhardt Subject: [libvirt] [PATCH v2 3/4] security, apparmor: add (Set|Restore)ChardevLabel X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Tue, 09 Jan 2018 15:04:17 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Since 1b4f66e "security: introduce virSecurityManager (Set|Restore)ChardevLabel" this is a public API of security manager. Implementing this in apparmor avoids miss any rules that should be added for devices labeled via these calls. Signed-off-by: Christian Ehrhardt --- src/security/security_apparmor.c | 74 ++++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 74 insertions(+) diff --git a/src/security/security_apparmor.c b/src/security/security_appar= mor.c index 432fab5..a989992 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -946,6 +946,77 @@ AppArmorRestoreSecurityHostdevLabel(virSecurityManager= Ptr mgr, } =20 static int +AppArmorSetChardevLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainChrSourceDefPtr dev_source, + bool chardevStdioLogd ATTRIBUTE_UNUSED) +{ + char *in =3D NULL, *out =3D NULL; + int ret =3D -1; + virSecurityLabelDefPtr secdef; + + secdef =3D virDomainDefGetSecurityLabelDef(def, SECURITY_APPARMOR_NAME= ); + if (!secdef) + return 0; + + switch ((virDomainChrType) dev_source->type) { + case VIR_DOMAIN_CHR_TYPE_DEV: + case VIR_DOMAIN_CHR_TYPE_FILE: + case VIR_DOMAIN_CHR_TYPE_UNIX: + case VIR_DOMAIN_CHR_TYPE_PTY: + ret =3D reload_profile(mgr, def, dev_source->data.file.path, true); + break; + + case VIR_DOMAIN_CHR_TYPE_PIPE: + if (virAsprintf(&in, "%s.in", dev_source->data.file.path) < 0 || + virAsprintf(&out, "%s.out", dev_source->data.file.path) < 0) + goto done; + if (virFileExists(in)) { + if (reload_profile(mgr, def, in, true) < 0) + goto done; + } + if (virFileExists(out)) { + if (reload_profile(mgr, def, out, true) < 0) + goto done; + } + ret =3D reload_profile(mgr, def, dev_source->data.file.path, true); + break; + + case VIR_DOMAIN_CHR_TYPE_SPICEPORT: + case VIR_DOMAIN_CHR_TYPE_NULL: + case VIR_DOMAIN_CHR_TYPE_VC: + case VIR_DOMAIN_CHR_TYPE_STDIO: + case VIR_DOMAIN_CHR_TYPE_UDP: + case VIR_DOMAIN_CHR_TYPE_TCP: + case VIR_DOMAIN_CHR_TYPE_SPICEVMC: + case VIR_DOMAIN_CHR_TYPE_NMDM: + case VIR_DOMAIN_CHR_TYPE_LAST: + ret =3D 0; + break; + } + + done: + VIR_FREE(in); + VIR_FREE(out); + return ret; +} + +static int +AppArmorRestoreChardevLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainChrSourceDefPtr dev_source ATTRIBUTE_= UNUSED, + bool chardevStdioLogd ATTRIBUTE_UNUSED) +{ + virSecurityLabelDefPtr secdef; + + secdef =3D virDomainDefGetSecurityLabelDef(def, SECURITY_APPARMOR_NAME= ); + if (!secdef) + return 0; + + return reload_profile(mgr, def, NULL, false); +} + +static int AppArmorSetSavedStateLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, const char *savefile) @@ -1067,6 +1138,9 @@ virSecurityDriver virAppArmorSecurityDriver =3D { =20 .domainSetPathLabel =3D AppArmorSetPathLabel, =20 + .domainSetSecurityChardevLabel =3D AppArmorSetChardevLabel, + .domainRestoreSecurityChardevLabel =3D AppArmorRestoreChardevLabel, + .domainSetSecurityImageFDLabel =3D AppArmorSetFDLabel, .domainSetSecurityTapFDLabel =3D AppArmorSetFDLabel, =20 --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat May 4 03:55:43 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 151551026198771.1588689590103; Tue, 9 Jan 2018 07:04:21 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5ADDD883C6; Tue, 9 Jan 2018 15:04:20 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 31CD2811A7; Tue, 9 Jan 2018 15:04:20 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id EAD5418033DB; Tue, 9 Jan 2018 15:04:19 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w09F4FJL004847 for ; Tue, 9 Jan 2018 10:04:15 -0500 Received: by smtp.corp.redhat.com (Postfix) id 9970C7F812; Tue, 9 Jan 2018 15:04:15 +0000 (UTC) Received: from mx1.redhat.com (ext-mx04.extmail.prod.ext.phx2.redhat.com [10.5.110.28]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1733F7FBA6; Tue, 9 Jan 2018 15:04:10 +0000 (UTC) Received: from youngberry.canonical.com (youngberry.canonical.com [91.189.89.112]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3306D7823A; Tue, 9 Jan 2018 15:04:10 +0000 (UTC) Received: from 1.general.paelzer.uk.vpn ([10.172.196.172] helo=localhost.localdomain) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1eYvRh-0008Du-1z; Tue, 09 Jan 2018 15:04:09 +0000 From: Christian Ehrhardt To: Libvirt Devel Date: Tue, 9 Jan 2018 16:04:05 +0100 Message-Id: <1515510245-21171-5-git-send-email-christian.ehrhardt@canonical.com> In-Reply-To: <1515510245-21171-1-git-send-email-christian.ehrhardt@canonical.com> References: <1515510245-21171-1-git-send-email-christian.ehrhardt@canonical.com> X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Tue, 09 Jan 2018 15:04:10 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Tue, 09 Jan 2018 15:04:10 +0000 (UTC) for IP:'91.189.89.112' DOMAIN:'youngberry.canonical.com' HELO:'youngberry.canonical.com' FROM:'christian.ehrhardt@canonical.com' RCPT:'' X-RedHat-Spam-Score: -5.01 (RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD) 91.189.89.112 youngberry.canonical.com 91.189.89.112 youngberry.canonical.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.28 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Cc: Jamie Strandboge , Michal Privoznik , Guido Guenther , Christian Ehrhardt Subject: [libvirt] [PATCH v2 4/4] apparmor, virt-aa-helper: drop static channel rule X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Tue, 09 Jan 2018 15:04:20 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" This is now covered by DomainSetPathLabel being implemented in apparmor. Signed-off-by: Christian Ehrhardt --- src/security/virt-aa-helper.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 07ece73..f7ccae0 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -1353,8 +1353,6 @@ main(int argc, char **argv) LOCALSTATEDIR, ctl->def->name); virBufferAsprintf(&buf, " \"%s/lib/libvirt/qemu/domain-%d= -%.*s/*\" rw,\n", LOCALSTATEDIR, ctl->def->id, 20, ctl->de= f->name); - virBufferAsprintf(&buf, " \"%s/lib/libvirt/qemu/channel/t= arget/domain-%d-%.*s/*\" rw,\n", - LOCALSTATEDIR, ctl->def->id, 20, ctl->de= f->name); virBufferAsprintf(&buf, " \"%s/run/libvirt/**/%s.pid\" rw= k,\n", LOCALSTATEDIR, ctl->def->name); virBufferAsprintf(&buf, " \"/run/libvirt/**/%s.pid\" rwk,= \n", --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list