From nobody Mon Apr 29 03:35:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1529661429576583.7181633297653; Fri, 22 Jun 2018 02:57:09 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 80E355F742; Fri, 22 Jun 2018 09:57:07 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C2B9F795B3; Fri, 22 Jun 2018 09:57:06 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 97BB33F7FE; Fri, 22 Jun 2018 09:57:04 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w5M9v1qq026494 for ; Fri, 22 Jun 2018 05:57:01 -0400 Received: by smtp.corp.redhat.com (Postfix) id 291E82156888; Fri, 22 Jun 2018 09:57:01 +0000 (UTC) Received: from t460.redhat.com (unknown [10.33.36.39]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2AABF215688A; Fri, 22 Jun 2018 09:57:00 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Fri, 22 Jun 2018 10:56:59 +0100 Message-Id: <20180622095659.20251-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH] qemu: ensure FDs passed to QEMU for chardevs have correct SELinux labels X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Fri, 22 Jun 2018 09:57:08 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 The UNIX socket FDs were we passing to QEMU inherited a label based on libvirtd's context. QEMU is thus denied ability to access the UNIX socket. We need to use the security manager to change our current context temporarily when creating the UNIX socket FD. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Laine Stump --- src/qemu/qemu_command.c | 86 ++++++++++++++++++++++++++++------------- src/qemu/qemu_command.h | 1 + src/qemu/qemu_process.c | 2 + 3 files changed, 63 insertions(+), 26 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 1ffcb5b1ae..146f671663 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -4931,6 +4931,7 @@ qemuOpenChrChardevUNIXSocket(const virDomainChrSource= Def *dev) * host side of the character device */ static char * qemuBuildChrChardevStr(virLogManagerPtr logManager, + virSecurityManagerPtr secManager, virCommandPtr cmd, virQEMUDriverConfigPtr cfg, const virDomainDef *def, @@ -5065,7 +5066,13 @@ qemuBuildChrChardevStr(virLogManagerPtr logManager, =20 case VIR_DOMAIN_CHR_TYPE_UNIX: if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_CHARDEV_FD_PASS)) { + if (qemuSecuritySetSocketLabel(secManager, (virDomainDefPtr)de= f) < 0) + goto cleanup; int fd =3D qemuOpenChrChardevUNIXSocket(dev); + if (qemuSecurityClearSocketLabel(secManager, (virDomainDefPtr)= def) < 0) { + VIR_FORCE_CLOSE(fd); + goto cleanup; + } if (fd < 0) goto cleanup; =20 @@ -5404,6 +5411,7 @@ qemuBuildHostdevCommandLine(virCommandPtr cmd, =20 static int qemuBuildMonitorCommandLine(virLogManagerPtr logManager, + virSecurityManagerPtr secManager, virCommandPtr cmd, virQEMUDriverConfigPtr cfg, virDomainDefPtr def, @@ -5414,7 +5422,8 @@ qemuBuildMonitorCommandLine(virLogManagerPtr logManag= er, if (!priv->monConfig) return 0; =20 - if (!(chrdev =3D qemuBuildChrChardevStr(logManager, cmd, cfg, def, + if (!(chrdev =3D qemuBuildChrChardevStr(logManager, secManager, + cmd, cfg, def, priv->monConfig, "monitor", priv->qemuCaps, true, priv->chardevStdioLogd))) @@ -5533,6 +5542,7 @@ qemuBuildSclpDevStr(virDomainChrDefPtr dev) =20 static int qemuBuildRNGBackendChrdevStr(virLogManagerPtr logManager, + virSecurityManagerPtr secManager, virCommandPtr cmd, virQEMUDriverConfigPtr cfg, const virDomainDef *def, @@ -5550,7 +5560,8 @@ qemuBuildRNGBackendChrdevStr(virLogManagerPtr logMana= ger, return 0; =20 case VIR_DOMAIN_RNG_BACKEND_EGD: - if (!(*chr =3D qemuBuildChrChardevStr(logManager, cmd, cfg, def, + if (!(*chr =3D qemuBuildChrChardevStr(logManager, secManager, + cmd, cfg, def, rng->source.chardev, rng->info.alias, qemuCaps, tru= e, chardevStdioLogd))) @@ -5680,6 +5691,7 @@ qemuBuildRNGDevStr(const virDomainDef *def, =20 static int qemuBuildRNGCommandLine(virLogManagerPtr logManager, + virSecurityManagerPtr secManager, virCommandPtr cmd, virQEMUDriverConfigPtr cfg, const virDomainDef *def, @@ -5702,7 +5714,7 @@ qemuBuildRNGCommandLine(virLogManagerPtr logManager, } =20 /* possibly add character device for backend */ - if (qemuBuildRNGBackendChrdevStr(logManager, cmd, cfg, def, + if (qemuBuildRNGBackendChrdevStr(logManager, secManager, cmd, cfg,= def, rng, qemuCaps, &tmp, chardevStdioLogd) < 0) return -1; @@ -8135,6 +8147,7 @@ qemuBuildGraphicsCommandLine(virQEMUDriverConfigPtr c= fg, static int qemuBuildVhostuserCommandLine(virQEMUDriverPtr driver, virLogManagerPtr logManager, + virSecurityManagerPtr secManager, virCommandPtr cmd, virDomainDefPtr def, virDomainNetDefPtr net, @@ -8157,7 +8170,8 @@ qemuBuildVhostuserCommandLine(virQEMUDriverPtr driver, =20 switch ((virDomainChrType)net->data.vhostuser->type) { case VIR_DOMAIN_CHR_TYPE_UNIX: - if (!(chardev =3D qemuBuildChrChardevStr(logManager, cmd, cfg, def, + if (!(chardev =3D qemuBuildChrChardevStr(logManager, secManager, + cmd, cfg, def, net->data.vhostuser, net->info.alias, qemuCaps, = false, chardevStdioLogd))) @@ -8225,6 +8239,7 @@ qemuBuildVhostuserCommandLine(virQEMUDriverPtr driver, static int qemuBuildInterfaceCommandLine(virQEMUDriverPtr driver, virLogManagerPtr logManager, + virSecurityManagerPtr secManager, virCommandPtr cmd, virDomainDefPtr def, virDomainNetDefPtr net, @@ -8356,7 +8371,7 @@ qemuBuildInterfaceCommandLine(virQEMUDriverPtr driver, break; =20 case VIR_DOMAIN_NET_TYPE_VHOSTUSER: - ret =3D qemuBuildVhostuserCommandLine(driver, logManager, cmd, def, + ret =3D qemuBuildVhostuserCommandLine(driver, logManager, secManag= er, cmd, def, net, qemuCaps, bootindex, chardevStdioLogd); goto cleanup; @@ -8534,6 +8549,7 @@ qemuBuildInterfaceCommandLine(virQEMUDriverPtr driver, static int qemuBuildNetCommandLine(virQEMUDriverPtr driver, virLogManagerPtr logManager, + virSecurityManagerPtr secManager, virCommandPtr cmd, virDomainDefPtr def, virQEMUCapsPtr qemuCaps, @@ -8566,7 +8582,7 @@ qemuBuildNetCommandLine(virQEMUDriverPtr driver, for (i =3D 0; i < def->nnets; i++) { virDomainNetDefPtr net =3D def->nets[i]; =20 - if (qemuBuildInterfaceCommandLine(driver, logManager, cmd, def= , net, + if (qemuBuildInterfaceCommandLine(driver, logManager, secManag= er, cmd, def, net, qemuCaps, bootNet, vmop, standalone, nnicindexes, nicindexes, @@ -8629,6 +8645,7 @@ qemuBuildSmartcardFindCCIDController(const virDomainD= ef *def, =20 static int qemuBuildSmartcardCommandLine(virLogManagerPtr logManager, + virSecurityManagerPtr secManager, virCommandPtr cmd, virQEMUDriverConfigPtr cfg, const virDomainDef *def, @@ -8702,7 +8719,8 @@ qemuBuildSmartcardCommandLine(virLogManagerPtr logMan= ager, return -1; } =20 - if (!(devstr =3D qemuBuildChrChardevStr(logManager, cmd, cfg, def, + if (!(devstr =3D qemuBuildChrChardevStr(logManager, secManager, + cmd, cfg, def, smartcard->data.passthru, smartcard->info.alias, qemuCaps, true, @@ -8862,6 +8880,7 @@ qemuBuildShmemBackendMemProps(virDomainShmemDefPtr sh= mem) =20 static int qemuBuildShmemCommandLine(virLogManagerPtr logManager, + virSecurityManagerPtr secManager, virCommandPtr cmd, virQEMUDriverConfigPtr cfg, virDomainDefPtr def, @@ -8933,7 +8952,8 @@ qemuBuildShmemCommandLine(virLogManagerPtr logManager, VIR_FREE(devstr); =20 if (shmem->server.enabled) { - devstr =3D qemuBuildChrChardevStr(logManager, cmd, cfg, def, + devstr =3D qemuBuildChrChardevStr(logManager, secManager, + cmd, cfg, def, &shmem->server.chr, shmem->info.alias, qemuCaps, true, chardevStdioLogd); @@ -9020,6 +9040,7 @@ qemuChrIsPlatformDevice(const virDomainDef *def, =20 static int qemuBuildSerialCommandLine(virLogManagerPtr logManager, + virSecurityManagerPtr secManager, virCommandPtr cmd, virQEMUDriverConfigPtr cfg, const virDomainDef *def, @@ -9043,7 +9064,8 @@ qemuBuildSerialCommandLine(virLogManagerPtr logManage= r, if (serial->source->type =3D=3D VIR_DOMAIN_CHR_TYPE_SPICEPORT && != havespice) continue; =20 - if (!(devstr =3D qemuBuildChrChardevStr(logManager, cmd, cfg, def, + if (!(devstr =3D qemuBuildChrChardevStr(logManager, secManager, + cmd, cfg, def, serial->source, serial->info.alias, qemuCaps, true, @@ -9080,6 +9102,7 @@ qemuBuildSerialCommandLine(virLogManagerPtr logManage= r, =20 static int qemuBuildParallelsCommandLine(virLogManagerPtr logManager, + virSecurityManagerPtr secManager, virCommandPtr cmd, virQEMUDriverConfigPtr cfg, const virDomainDef *def, @@ -9092,7 +9115,8 @@ qemuBuildParallelsCommandLine(virLogManagerPtr logMan= ager, virDomainChrDefPtr parallel =3D def->parallels[i]; char *devstr; =20 - if (!(devstr =3D qemuBuildChrChardevStr(logManager, cmd, cfg, def, + if (!(devstr =3D qemuBuildChrChardevStr(logManager, secManager, + cmd, cfg, def, parallel->source, parallel->info.alias, qemuCaps, true, @@ -9113,6 +9137,7 @@ qemuBuildParallelsCommandLine(virLogManagerPtr logMan= ager, =20 static int qemuBuildChannelsCommandLine(virLogManagerPtr logManager, + virSecurityManagerPtr secManager, virCommandPtr cmd, virQEMUDriverConfigPtr cfg, const virDomainDef *def, @@ -9127,7 +9152,8 @@ qemuBuildChannelsCommandLine(virLogManagerPtr logMana= ger, =20 switch (channel->targetType) { case VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_GUESTFWD: - if (!(devstr =3D qemuBuildChrChardevStr(logManager, cmd, cfg, = def, + if (!(devstr =3D qemuBuildChrChardevStr(logManager, secManager, + cmd, cfg, def, channel->source, channel->info.alias, qemuCaps, true, @@ -9144,7 +9170,8 @@ qemuBuildChannelsCommandLine(virLogManagerPtr logMana= ger, break; =20 case VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_VIRTIO: - if (!(devstr =3D qemuBuildChrChardevStr(logManager, cmd, cfg, = def, + if (!(devstr =3D qemuBuildChrChardevStr(logManager, secManager, + cmd, cfg, def, channel->source, channel->info.alias, qemuCaps, true, @@ -9166,6 +9193,7 @@ qemuBuildChannelsCommandLine(virLogManagerPtr logMana= ger, =20 static int qemuBuildConsoleCommandLine(virLogManagerPtr logManager, + virSecurityManagerPtr secManager, virCommandPtr cmd, virQEMUDriverConfigPtr cfg, const virDomainDef *def, @@ -9187,7 +9215,8 @@ qemuBuildConsoleCommandLine(virLogManagerPtr logManag= er, return -1; } =20 - if (!(devstr =3D qemuBuildChrChardevStr(logManager, cmd, cfg, = def, + if (!(devstr =3D qemuBuildChrChardevStr(logManager, secManager, + cmd, cfg, def, console->source, console->info.alias, qemuCaps, true, @@ -9208,7 +9237,8 @@ qemuBuildConsoleCommandLine(virLogManagerPtr logManag= er, return -1; } =20 - if (!(devstr =3D qemuBuildChrChardevStr(logManager, cmd, cfg, = def, + if (!(devstr =3D qemuBuildChrChardevStr(logManager, secManager, + cmd, cfg, def, console->source, console->info.alias, qemuCaps, true, @@ -9223,7 +9253,8 @@ qemuBuildConsoleCommandLine(virLogManagerPtr logManag= er, break; =20 case VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_VIRTIO: - if (!(devstr =3D qemuBuildChrChardevStr(logManager, cmd, cfg, = def, + if (!(devstr =3D qemuBuildChrChardevStr(logManager, secManager, + cmd, cfg, def, console->source, console->info.alias, qemuCaps, true, @@ -9342,6 +9373,7 @@ qemuBuildRedirdevDevStr(const virDomainDef *def, =20 static int qemuBuildRedirdevCommandLine(virLogManagerPtr logManager, + virSecurityManagerPtr secManager, virCommandPtr cmd, virQEMUDriverConfigPtr cfg, const virDomainDef *def, @@ -9354,7 +9386,8 @@ qemuBuildRedirdevCommandLine(virLogManagerPtr logMana= ger, virDomainRedirdevDefPtr redirdev =3D def->redirdevs[i]; char *devstr; =20 - if (!(devstr =3D qemuBuildChrChardevStr(logManager, cmd, cfg, def, + if (!(devstr =3D qemuBuildChrChardevStr(logManager, secManager, + cmd, cfg, def, redirdev->source, redirdev->info.alias, qemuCaps, true, @@ -10065,6 +10098,7 @@ qemuBuildVsockCommandLine(virCommandPtr cmd, virCommandPtr qemuBuildCommandLine(virQEMUDriverPtr driver, virLogManagerPtr logManager, + virSecurityManagerPtr secManager, virDomainObjPtr vm, const char *migrateURI, virDomainSnapshotObjPtr snapshot, @@ -10181,7 +10215,7 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, if (qemuBuildSgaCommandLine(cmd, def, qemuCaps) < 0) goto error; =20 - if (qemuBuildMonitorCommandLine(logManager, cmd, cfg, def, priv) < 0) + if (qemuBuildMonitorCommandLine(logManager, secManager, cmd, cfg, def,= priv) < 0) goto error; =20 if (qemuBuildClockCommandLine(cmd, def, qemuCaps) < 0) @@ -10211,29 +10245,29 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, if (qemuBuildFSDevCommandLine(cmd, def, qemuCaps) < 0) goto error; =20 - if (qemuBuildNetCommandLine(driver, logManager, cmd, def, + if (qemuBuildNetCommandLine(driver, logManager, secManager, cmd, def, qemuCaps, vmop, standalone, nnicindexes, nicindexes, &bootHostdevNet, chardevStdioLogd) < 0) goto error; =20 - if (qemuBuildSmartcardCommandLine(logManager, cmd, cfg, def, qemuCaps, + if (qemuBuildSmartcardCommandLine(logManager, secManager, cmd, cfg, de= f, qemuCaps, chardevStdioLogd) < 0) goto error; =20 - if (qemuBuildSerialCommandLine(logManager, cmd, cfg, def, qemuCaps, + if (qemuBuildSerialCommandLine(logManager, secManager, cmd, cfg, def, = qemuCaps, chardevStdioLogd) < 0) goto error; =20 - if (qemuBuildParallelsCommandLine(logManager, cmd, cfg, def, qemuCaps, + if (qemuBuildParallelsCommandLine(logManager, secManager, cmd, cfg, de= f, qemuCaps, chardevStdioLogd) < 0) goto error; =20 - if (qemuBuildChannelsCommandLine(logManager, cmd, cfg, def, qemuCaps, + if (qemuBuildChannelsCommandLine(logManager, secManager, cmd, cfg, def= , qemuCaps, chardevStdioLogd) < 0) goto error; =20 - if (qemuBuildConsoleCommandLine(logManager, cmd, cfg, def, qemuCaps, + if (qemuBuildConsoleCommandLine(logManager, secManager, cmd, cfg, def,= qemuCaps, chardevStdioLogd) < 0) goto error; =20 @@ -10258,7 +10292,7 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, if (qemuBuildWatchdogCommandLine(cmd, def, qemuCaps) < 0) goto error; =20 - if (qemuBuildRedirdevCommandLine(logManager, cmd, cfg, def, qemuCaps, + if (qemuBuildRedirdevCommandLine(logManager, secManager, cmd, cfg, def= , qemuCaps, chardevStdioLogd) < 0) goto error; =20 @@ -10271,7 +10305,7 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, if (qemuBuildMemballoonCommandLine(cmd, def, qemuCaps) < 0) goto error; =20 - if (qemuBuildRNGCommandLine(logManager, cmd, cfg, def, qemuCaps, + if (qemuBuildRNGCommandLine(logManager, secManager, cmd, cfg, def, qem= uCaps, chardevStdioLogd) < 0) goto error; =20 @@ -10306,7 +10340,7 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, goto error; =20 for (i =3D 0; i < def->nshmems; i++) { - if (qemuBuildShmemCommandLine(logManager, cmd, cfg, + if (qemuBuildShmemCommandLine(logManager, secManager, cmd, cfg, def, def->shmems[i], qemuCaps, chardevStdioLogd)) goto error; diff --git a/src/qemu/qemu_command.h b/src/qemu/qemu_command.h index c78282eb09..4f1b360130 100644 --- a/src/qemu/qemu_command.h +++ b/src/qemu/qemu_command.h @@ -46,6 +46,7 @@ VIR_ENUM_DECL(qemuVideo) =20 virCommandPtr qemuBuildCommandLine(virQEMUDriverPtr driver, virLogManagerPtr logManager, + virSecurityManagerPtr secManager, virDomainObjPtr vm, const char *migrateURI, virDomainSnapshotObjPtr snapshot, diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 2967568f62..7e9ad01e61 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -6174,6 +6174,7 @@ qemuProcessLaunch(virConnectPtr conn, VIR_DEBUG("Building emulator command line"); if (!(cmd =3D qemuBuildCommandLine(driver, qemuDomainLogContextGetManager(logCtx= t), + driver->securityManager, vm, incoming ? incoming->launchURI : NULL, snapshot, vmop, @@ -6642,6 +6643,7 @@ qemuProcessCreatePretendCmd(virQEMUDriverPtr driver, VIR_DEBUG("Building emulator command line"); cmd =3D qemuBuildCommandLine(driver, NULL, + driver->securityManager, vm, migrateURI, NULL, --=20 2.17.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list