From nobody Fri May 10 13:04:32 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1632137500; cv=none; d=zohomail.com; s=zohoarc; b=cDgs/GVcTM6c0k0/rbAvL+EwafuQkuNcEO1hqCfGbxIeo83nxRFpDsHS5xvVb15waBlVNQsnWzi/eAfMHDockTHiWctR0YR8a/JIKwioPrdYaxQDdBJKLLLMrghDjkH65wK9scJLcv+HWFv1tq/ttONpnBVs7oYxFem02IYKRC4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1632137500; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=1L2MICnUnnUYEFbfvmKavlMnk5PtS8aq8W7D4gyiCik=; b=ZssmcZt+bXyvI581MLG/ZyYlw+idybBSvyWWXCuWA89I5st2pf1a75tu7MMIV1XJY0EQzMd4fsuJWcNPb2X++Q44Q73yX9XwqVxUDS5/xDrAIdhOcZCe+za23FuzWJkhg66ywDcrVxvLSREF1fQJ7Nx0D0jgDgUFNizsPaTelQA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 163213750060840.38583677230383; Mon, 20 Sep 2021 04:31:40 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-4-ueSMmtOcPryFKyuqjrh2mw-1; Mon, 20 Sep 2021 07:31:37 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id EF5621084685; Mon, 20 Sep 2021 11:31:32 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D33476A257; Mon, 20 Sep 2021 11:31:32 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id A4B79180598A; Mon, 20 Sep 2021 11:31:32 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 18KBVREU027943 for ; Mon, 20 Sep 2021 07:31:27 -0400 Received: by smtp.corp.redhat.com (Postfix) id A98366A257; Mon, 20 Sep 2021 11:31:27 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.192.21]) by smtp.corp.redhat.com (Postfix) with ESMTP id EB25D1346F for ; Mon, 20 Sep 2021 11:31:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1632137499; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=1L2MICnUnnUYEFbfvmKavlMnk5PtS8aq8W7D4gyiCik=; b=QeF633wEzjOxEEM8K2J1s5tti387C5fpneCJrn9Ta/+mzXQt2nLZt9m8jXr0PyNtAoz+dE hebfcommbOVWW4LRXk0GBxf4uyi7kx/ur7KLUwczuNfww9wM/AzODCRHv/7WVOxPTH3mPC 5dGAZhZN9Cqci2GsqsMYIj9JL1L8uCM= X-MC-Unique: ueSMmtOcPryFKyuqjrh2mw-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 1/2] selinux: Swap two blocks handling setfilecon_raw() failure Date: Mon, 20 Sep 2021 13:31:18 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1632137501565100002 Content-Type: text/plain; charset="utf-8" In virSecuritySELinuxSetFileconImpl() we have code that handles setfilecon_raw() failure. The code consists of two blocks: one for dealing with shared filesystem like NFS (errno is ENOTSUP or EROFS) and the other block that's dealing with EPERM for privileged daemon. Well, the order of these two blocks is a bit confusing because the comment above them mentions the NFS case but EPERM block follows. Swap these two blocks to make it less confusing. Signed-off-by: Michal Privoznik --- src/security/security_selinux.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 0e5ea0366d..050acee2b0 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1264,22 +1264,9 @@ virSecuritySELinuxSetFileconImpl(const char *path, * boolean tunables to allow it ... */ VIR_WARNINGS_NO_WLOGICALOP_EQUAL_EXPR - if (setfilecon_errno !=3D EOPNOTSUPP && setfilecon_errno !=3D ENOT= SUP && - setfilecon_errno !=3D EROFS) { + if (setfilecon_errno =3D=3D EOPNOTSUPP || setfilecon_errno =3D=3D = ENOTSUP || + setfilecon_errno =3D=3D EROFS) { VIR_WARNINGS_RESET - /* However, don't claim error if SELinux is in Enforcing mode = and - * we are running as unprivileged user and we really did see E= PERM. - * Otherwise we want to return error if SELinux is Enforcing. = */ - if (security_getenforce() =3D=3D 1 && - (setfilecon_errno !=3D EPERM || privileged)) { - virReportSystemError(setfilecon_errno, - _("unable to set security context '%s= ' on '%s'"), - tcon, path); - return -1; - } - VIR_WARN("unable to set security context '%s' on '%s' (errno %= d)", - tcon, path, setfilecon_errno); - } else { const char *msg; if (virFileIsSharedFSType(path, VIR_FILE_SHFS_NFS) =3D=3D 1 && security_get_boolean_active("virt_use_nfs") !=3D 1) { @@ -1293,6 +1280,19 @@ virSecuritySELinuxSetFileconImpl(const char *path, VIR_INFO("Setting security context '%s' on '%s' not suppor= ted", tcon, path); } + } else { + /* However, don't claim error if SELinux is in Enforcing mode = and + * we are running as unprivileged user and we really did see E= PERM. + * Otherwise we want to return error if SELinux is Enforcing. = */ + if (security_getenforce() =3D=3D 1 && + (setfilecon_errno !=3D EPERM || privileged)) { + virReportSystemError(setfilecon_errno, + _("unable to set security context '%s= ' on '%s'"), + tcon, path); + return -1; + } + VIR_WARN("unable to set security context '%s' on '%s' (errno %= d)", + tcon, path, setfilecon_errno); } =20 return 1; --=20 2.32.0 From nobody Fri May 10 13:04:32 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1632137500; cv=none; d=zohomail.com; s=zohoarc; b=JoQX+8q9gFPJsRlU8HXHe4Asb8tVV55JsvKqx9STWWuP2q2qGIi5MT0iXVXth0SRrxTt2Q5csiSrNx+KeXkRDG79QgoF87hJF2i5q6GKaNImzDWGHvgb9HqeSXeUJ9FbGqJ1HS2FnM3b6eqxc7U6E8RKpzO/XQN7SwYcFen6Xpw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1632137500; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=F96IkVwBROPafnwqp5WRbDFiXGxKm5BGbQTrds4rCbM=; b=FftRwrlNtgDdoMjtSwAjWN0eZLcCYt4NFCuN+C8qCqScuYDEoLJ1aMKU5We2IoMyVoYFiwOoSGHvUTWrQ41ja50Q75rswr5SO4CRBgnsKI2Uq38aR00upU3PZryUx/53Zx+BBxjvmwRl/9nDyVOc2CX/EKREKkLS49KDvKVwUXQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1632137500267243.8229312613039; Mon, 20 Sep 2021 04:31:40 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-2-WCFxkD5JO7GHP2-udu4FOA-1; Mon, 20 Sep 2021 07:31:37 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8A20C19253CA; Mon, 20 Sep 2021 11:31:32 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 670155D9DC; Mon, 20 Sep 2021 11:31:32 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3689A1805986; Mon, 20 Sep 2021 11:31:31 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 18KBVTXX027951 for ; Mon, 20 Sep 2021 07:31:29 -0400 Received: by smtp.corp.redhat.com (Postfix) id 35DE219E7E; Mon, 20 Sep 2021 11:31:29 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.192.21]) by smtp.corp.redhat.com (Postfix) with ESMTP id 20A081346F for ; Mon, 20 Sep 2021 11:31:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1632137499; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=F96IkVwBROPafnwqp5WRbDFiXGxKm5BGbQTrds4rCbM=; b=KW1mlMWmAGuXLKxarpUMJdGwS6NiJOQaAV8GVdZpfrMUEUA5EGT7sUAgnVxZxSnbcsd5zK /ga1KVQcA/ZMKK8rfghSfWrc1oQAT7EmpyNIiIeaxsYqMy2PJWzpeNEy8cRAMTMWbrqeDt mcbIDX3Wag93ft5kF+ETHUwzhCfnJzg= X-MC-Unique: WCFxkD5JO7GHP2-udu4FOA-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 2/2] selinux: Don't ignore ENOENT in Permissive mode Date: Mon, 20 Sep 2021 13:31:19 +0200 Message-Id: <655f853baabfb87e64f313c445ed39cd55861b78.1632137458.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1632138402744100001 Content-Type: text/plain; charset="utf-8" In selinux driver there's virSecuritySELinuxSetFileconImpl() which is responsible for actual setting of SELinux label on given file and handling possible failures. In fhe failure handling code we decide whether failure is fatal or not. But there is a bug: depending on SELinux mode (Permissive vs. Enforcing) the ENOENT is either ignored or considered fatal. This not correct - ENOENT must always be fatal - QEMU will fail opening it anyways. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=3D2004850 Signed-off-by: Michal Privoznik --- src/security/security_selinux.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 050acee2b0..7e8c4fb4f2 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1283,9 +1283,11 @@ virSecuritySELinuxSetFileconImpl(const char *path, } else { /* However, don't claim error if SELinux is in Enforcing mode = and * we are running as unprivileged user and we really did see E= PERM. - * Otherwise we want to return error if SELinux is Enforcing. = */ - if (security_getenforce() =3D=3D 1 && - (setfilecon_errno !=3D EPERM || privileged)) { + * Otherwise we want to return error if SELinux is Enforcing, = or we + * saw EPERM regardless of SELinux mode. */ + if (setfilecon_errno =3D=3D ENOENT || + (security_getenforce() =3D=3D 1 && + (setfilecon_errno !=3D EPERM || privileged))) { virReportSystemError(setfilecon_errno, _("unable to set security context '%s= ' on '%s'"), tcon, path); --=20 2.32.0