From nobody Sat May 18 01:15:05 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1669996621; cv=none;
	d=zohomail.com; s=zohoarc;
	b=bwXmCqHZCGcKzstVxJJxYq+AVMZFcz9AyE9MM+uT1+2OASfCVa1KAr4CMhrMaZZ89CwlsPiJ1MyDRUZBzbmkAhUs724pGhDBDev65P2ZfRflotzQQjz+7se5sBPYdM0oB0bDMuFEOgo/SAu9CSfkF7d20ZbLJG2rWtHk5gZfUqw=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1669996621;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=3lnUtxKgIAw3oO0gMYzqI2Bc6zxdIgpe7GUHAgBAgSk=;
	b=SLVkNaYa4SIJq62aJK33Bq5wTKboEa/0FDRWt5+dcuN/WI20x1wlD2rQ5xorCOGzyGbS+elDuLuD7ssym2tlVVzZSQLiBAKwP9FjALX6zQ0nXrKJSB9fFHnzngKiBltCgW41ED38FC53pDzaCy/8RcAinR5HeNOhHv+5S4bUats=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mprivozn@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 16699966216981022.0689310301011;
 Fri, 2 Dec 2022 07:57:01 -0800 (PST)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-99-UEA9gFCGNeOocnSBS-nI4A-1; Fri, 02 Dec 2022 10:56:56 -0500
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com
 [10.11.54.8])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8186C101A528;
	Fri,  2 Dec 2022 15:56:49 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 1F192C15BB4;
	Fri,  2 Dec 2022 15:56:49 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id E34E9194658F;
	Fri,  2 Dec 2022 15:56:48 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
 [10.11.54.3])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 3FBE01946587 for <libvir-list@listman.corp.redhat.com>;
 Fri,  2 Dec 2022 15:56:41 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id F1467111E40B; Fri,  2 Dec 2022 15:56:40 +0000 (UTC)
Received: from maggie.redhat.com (unknown [10.43.2.39])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 95B21111E3FA
 for <libvir-list@redhat.com>; Fri,  2 Dec 2022 15:56:40 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1669996620;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=3lnUtxKgIAw3oO0gMYzqI2Bc6zxdIgpe7GUHAgBAgSk=;
	b=CcVSr9TFTt9O0sYwPwTSxrUsHSP2z8k3gsANIoIJufo+bphuuPhsJdt57JGtMfMOMgbejI
	fqCftwtaYCPQWFbV7wQJ+2vxIDHWWTYxNyMX02OR/SlpzhwL2uHYO5+VeMrZb92CcYs15U
	1/0gJ9FN2Bb+38laeDKXXeZrfdwjf58=
X-MC-Unique: UEA9gFCGNeOocnSBS-nI4A-1
X-Original-To: libvir-list@listman.corp.redhat.com
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH 1/3] security: Extend TPM label APIs
Date: Fri,  2 Dec 2022 16:56:36 +0100
Message-Id: 
 <434bba8f8a27543b1a5ecfa3e79df07dd50c2075.1669996391.git.mprivozn@redhat.com>
In-Reply-To: <cover.1669996391.git.mprivozn@redhat.com>
References: <cover.1669996391.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/libvir-list/>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
Errors-To: libvir-list-bounces@redhat.com
Sender: "libvir-list" <libvir-list-bounces@redhat.com>
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1669996622438100006
Content-Type: text/plain; charset="utf-8"; x-default="true"

The virSecurityDomainSetTPMLabels() and
virSecurityDomainRestoreTPMLabels() APIs set/restore label on two
files/directories:

  1) the TPM state (tpm->data.emulator.storagepath), and
  2) the TPM log file (tpm->data.emulator.logfile).

Soon there will be a need to set the label on the log file but
not on the state. Therefore, extend these APIs for a boolean flag
that when set does both, but when unset does only 2).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: J=C3=A1n Tomko <jtomko@redhat.com>
---
 src/qemu/qemu_security.c        |  6 ++---
 src/security/security_driver.h  |  6 +++--
 src/security/security_manager.c | 10 +++++----
 src/security/security_manager.h |  6 +++--
 src/security/security_selinux.c | 40 +++++++++++++++++++++------------
 src/security/security_stack.c   | 12 +++++-----
 6 files changed, 50 insertions(+), 30 deletions(-)

diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index 5b7d5f30c2..d9a1ee5f56 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -535,7 +535,7 @@ qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
     transactionStarted =3D true;
=20
     if (virSecurityManagerSetTPMLabels(driver->securityManager,
-                                       vm->def) < 0) {
+                                       vm->def, true) < 0) {
         virSecurityManagerTransactionAbort(driver->securityManager);
         return -1;
     }
@@ -560,7 +560,7 @@ qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
         virSecurityManagerTransactionStart(driver->securityManager) >=3D 0)
         transactionStarted =3D true;
=20
-    virSecurityManagerRestoreTPMLabels(driver->securityManager, vm->def);
+    virSecurityManagerRestoreTPMLabels(driver->securityManager, vm->def, t=
rue);
=20
     if (transactionStarted &&
         virSecurityManagerTransactionCommit(driver->securityManager,
@@ -583,7 +583,7 @@ qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver,
     if (virSecurityManagerTransactionStart(driver->securityManager) >=3D 0)
         transactionStarted =3D true;
=20
-    virSecurityManagerRestoreTPMLabels(driver->securityManager, vm->def);
+    virSecurityManagerRestoreTPMLabels(driver->securityManager, vm->def, t=
rue);
=20
     if (transactionStarted &&
         virSecurityManagerTransactionCommit(driver->securityManager,
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index a1fc23be38..fe6982ceca 100644
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -154,9 +154,11 @@ typedef int (*virSecurityDomainRestoreChardevLabel) (v=
irSecurityManager *mgr,
                                                      virDomainChrSourceDef=
 *dev_source,
                                                      bool chardevStdioLogd=
);
 typedef int (*virSecurityDomainSetTPMLabels) (virSecurityManager *mgr,
-                                              virDomainDef *def);
+                                              virDomainDef *def,
+                                              bool setTPMStateLabel);
 typedef int (*virSecurityDomainRestoreTPMLabels) (virSecurityManager *mgr,
-                                                  virDomainDef *def);
+                                                  virDomainDef *def,
+                                                  bool restoreTPMStateLabe=
l);
 typedef int (*virSecurityDomainSetNetdevLabel) (virSecurityManager *mgr,
                                                 virDomainDef *def,
                                                 virDomainNetDef *net);
diff --git a/src/security/security_manager.c b/src/security/security_manage=
r.c
index 572e400a48..2f8e89cb04 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -1188,27 +1188,29 @@ virSecurityManagerRestoreChardevLabel(virSecurityMa=
nager *mgr,
=20
 int
 virSecurityManagerSetTPMLabels(virSecurityManager *mgr,
-                               virDomainDef *vm)
+                               virDomainDef *vm,
+                               bool setTPMStateLabel)
 {
     VIR_LOCK_GUARD lock =3D virObjectLockGuard(mgr);
=20
     if (!mgr->drv->domainSetSecurityTPMLabels)
         return 0;
=20
-    return mgr->drv->domainSetSecurityTPMLabels(mgr, vm);
+    return mgr->drv->domainSetSecurityTPMLabels(mgr, vm, setTPMStateLabel);
 }
=20
=20
 int
 virSecurityManagerRestoreTPMLabels(virSecurityManager *mgr,
-                                   virDomainDef *vm)
+                                   virDomainDef *vm,
+                                   bool restoreTPMStateLabel)
 {
     VIR_LOCK_GUARD lock =3D virObjectLockGuard(mgr);
=20
     if (!mgr->drv->domainRestoreSecurityTPMLabels)
         return 0;
=20
-    return mgr->drv->domainRestoreSecurityTPMLabels(mgr, vm);
+    return mgr->drv->domainRestoreSecurityTPMLabels(mgr, vm, restoreTPMSta=
teLabel);
 }
=20
=20
diff --git a/src/security/security_manager.h b/src/security/security_manage=
r.h
index bb3855efef..60597ffc0a 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -214,10 +214,12 @@ int virSecurityManagerRestoreChardevLabel(virSecurity=
Manager *mgr,
                                           bool chardevStdioLogd);
=20
 int virSecurityManagerSetTPMLabels(virSecurityManager *mgr,
-                                   virDomainDef *vm);
+                                   virDomainDef *vm,
+                                   bool setTPMStateLabel);
=20
 int virSecurityManagerRestoreTPMLabels(virSecurityManager *mgr,
-                                       virDomainDef *vm);
+                                       virDomainDef *vm,
+                                       bool restoreTPMStateLabel);
=20
 int virSecurityManagerSetNetdevLabel(virSecurityManager *mgr,
                                      virDomainDef *vm,
diff --git a/src/security/security_selinux.c b/src/security/security_selinu=
x.c
index 92e85c92e0..415a26a386 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -3526,7 +3526,8 @@ virSecuritySELinuxRestoreFileLabels(virSecurityManage=
r *mgr,
=20
 static int
 virSecuritySELinuxSetTPMLabels(virSecurityManager *mgr,
-                               virDomainDef *def)
+                               virDomainDef *def,
+                               bool setTPMStateLabel)
 {
     int ret =3D 0;
     size_t i;
@@ -3540,13 +3541,18 @@ virSecuritySELinuxSetTPMLabels(virSecurityManager *=
mgr,
         if (def->tpms[i]->type !=3D VIR_DOMAIN_TPM_TYPE_EMULATOR)
             continue;
=20
-        ret =3D virSecuritySELinuxSetFileLabels(
-            mgr, def->tpms[i]->data.emulator.storagepath,
-            seclabel);
-        if (ret =3D=3D 0 && def->tpms[i]->data.emulator.logfile)
-            ret =3D virSecuritySELinuxSetFileLabels(
-                mgr, def->tpms[i]->data.emulator.logfile,
-                seclabel);
+        if (setTPMStateLabel) {
+            ret =3D virSecuritySELinuxSetFileLabels(mgr,
+                                                  def->tpms[i]->data.emula=
tor.storagepath,
+                                                  seclabel);
+        }
+
+        if (ret =3D=3D 0 &&
+            def->tpms[i]->data.emulator.logfile) {
+            ret =3D virSecuritySELinuxSetFileLabels(mgr,
+                                                  def->tpms[i]->data.emula=
tor.logfile,
+                                                  seclabel);
+        }
     }
=20
     return ret;
@@ -3555,7 +3561,8 @@ virSecuritySELinuxSetTPMLabels(virSecurityManager *mg=
r,
=20
 static int
 virSecuritySELinuxRestoreTPMLabels(virSecurityManager *mgr,
-                                   virDomainDef *def)
+                                   virDomainDef *def,
+                                   bool restoreTPMStateLabel)
 {
     int ret =3D 0;
     size_t i;
@@ -3564,11 +3571,16 @@ virSecuritySELinuxRestoreTPMLabels(virSecurityManag=
er *mgr,
         if (def->tpms[i]->type !=3D VIR_DOMAIN_TPM_TYPE_EMULATOR)
             continue;
=20
-        ret =3D virSecuritySELinuxRestoreFileLabels(
-            mgr, def->tpms[i]->data.emulator.storagepath);
-        if (ret =3D=3D 0 && def->tpms[i]->data.emulator.logfile)
-            ret =3D virSecuritySELinuxRestoreFileLabels(
-                mgr, def->tpms[i]->data.emulator.logfile);
+        if (restoreTPMStateLabel) {
+            ret =3D virSecuritySELinuxRestoreFileLabels(mgr,
+                                                      def->tpms[i]->data.e=
mulator.storagepath);
+        }
+
+        if (ret =3D=3D 0 &&
+            def->tpms[i]->data.emulator.logfile) {
+            ret =3D virSecuritySELinuxRestoreFileLabels(mgr,
+                                                      def->tpms[i]->data.e=
mulator.logfile);
+        }
     }
=20
     return ret;
diff --git a/src/security/security_stack.c b/src/security/security_stack.c
index 0c72f93a20..560f797030 100644
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -916,14 +916,15 @@ virSecurityStackDomainRestoreChardevLabel(virSecurity=
Manager *mgr,
=20
 static int
 virSecurityStackSetTPMLabels(virSecurityManager *mgr,
-                             virDomainDef *vm)
+                             virDomainDef *vm,
+                             bool setTPMStateLabel)
 {
     virSecurityStackData *priv =3D virSecurityManagerGetPrivateData(mgr);
     virSecurityStackItem *item =3D priv->itemsHead;
=20
     for (; item; item =3D item->next) {
         if (virSecurityManagerSetTPMLabels(item->securityManager,
-                                           vm) < 0)
+                                           vm, setTPMStateLabel) < 0)
             goto rollback;
     }
=20
@@ -932,7 +933,7 @@ virSecurityStackSetTPMLabels(virSecurityManager *mgr,
  rollback:
     for (item =3D item->prev; item; item =3D item->prev) {
         if (virSecurityManagerRestoreTPMLabels(item->securityManager,
-                                               vm) < 0) {
+                                               vm, setTPMStateLabel) < 0) {
             VIR_WARN("Unable to restore TPM label after failed set label "
                      "call virDriver=3D%s driver=3D%s domain=3D%s",
                      virSecurityManagerGetVirtDriver(mgr),
@@ -946,7 +947,8 @@ virSecurityStackSetTPMLabels(virSecurityManager *mgr,
=20
 static int
 virSecurityStackRestoreTPMLabels(virSecurityManager *mgr,
-                                 virDomainDef *vm)
+                                 virDomainDef *vm,
+                                 bool restoreTPMStateLabel)
 {
     virSecurityStackData *priv =3D virSecurityManagerGetPrivateData(mgr);
     virSecurityStackItem *item =3D priv->itemsHead;
@@ -954,7 +956,7 @@ virSecurityStackRestoreTPMLabels(virSecurityManager *mg=
r,
=20
     for (; item; item =3D item->next) {
         if (virSecurityManagerRestoreTPMLabels(item->securityManager,
-                                               vm) < 0)
+                                               vm, restoreTPMStateLabel) <=
 0)
             rc =3D -1;
     }
=20
--=20
2.37.4
From nobody Sat May 18 01:15:05 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1669996619; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Eu5NbbWioiEWREZk+g10MvntcR6WZKLcNyNE5GVvRm6sbtyBhrhF/XNiECEq/AvkTVlXvwuE9iwzFIFPYQMGr1MuUglbliLw/hEr1nZ7dqJuNw2DcDShyve+hH3uQwKRM9JvpvGf/hrDE+lpUOqvO9m3CZJUpQvyPk78f3Fp3D4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1669996619;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=DrRZg19Ue3uEJDykFaMJYrdbYtNyHLW2Ocq9YaYGzAE=;
	b=hdtj5fMIeZuRks6y4TSCBJNdxDm7QaPRdi0cuo3GRz2Ae6j2Vj7MBX9ZykGIsFQaGFWzUEQJeRjo2HNtGndQ9KMDM0DXXxdZ+nwp67MHozBNwJ2ejoFqdX0c4sUH+uTmx7a2rY/ujDT14ynD/XJymbv1ihgAcZ5Mz6qiWCZkV1A=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mprivozn@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1669996619631880.3021036029926;
 Fri, 2 Dec 2022 07:56:59 -0800 (PST)
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-183-7qhWcPPzPfCTAEs8lONReg-1; Fri, 02 Dec 2022 10:56:54 -0500
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com
 [10.11.54.8])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 892FC1C0691F;
	Fri,  2 Dec 2022 15:56:50 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 709B4C2C8C7;
	Fri,  2 Dec 2022 15:56:50 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id A10A41946A79;
	Fri,  2 Dec 2022 15:56:49 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
 [10.11.54.3])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id AE0D61946587 for <libvir-list@listman.corp.redhat.com>;
 Fri,  2 Dec 2022 15:56:41 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id 913AA111E410; Fri,  2 Dec 2022 15:56:41 +0000 (UTC)
Received: from maggie.redhat.com (unknown [10.43.2.39])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 3622D111E3FA
 for <libvir-list@redhat.com>; Fri,  2 Dec 2022 15:56:41 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1669996618;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=DrRZg19Ue3uEJDykFaMJYrdbYtNyHLW2Ocq9YaYGzAE=;
	b=b6DikP7YXVRkxeacjNRtkCKDyUWXmS9ZTpaW3PvmaDWRyAPvjAQyONg6vz+5ARWedYRm1I
	EFWPqtD7isYbhxxZoFHH3AXUxie6rA4KuCm6eHweGakhPCCNbBLMpMLsBFjGY++kCBHWF3
	t4aMSHdGr9mAeQ0zwzoJDGdhORFLpUg=
X-MC-Unique: 7qhWcPPzPfCTAEs8lONReg-1
X-Original-To: libvir-list@listman.corp.redhat.com
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH 2/3] qemu_tpm: Extend start/stop APIs
Date: Fri,  2 Dec 2022 16:56:37 +0100
Message-Id: 
 <9399f89dfcc5b77b4e37e43bfa2d9022c202783a.1669996391.git.mprivozn@redhat.com>
In-Reply-To: <cover.1669996391.git.mprivozn@redhat.com>
References: <cover.1669996391.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/libvir-list/>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
Errors-To: libvir-list-bounces@redhat.com
Sender: "libvir-list" <libvir-list-bounces@redhat.com>
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1669996620455100002
Content-Type: text/plain; charset="utf-8"; x-default="true"

This is basically just a continuation of the previous commit.
Now that the security driver APIs have a boolean flag that
controls setting/restoring seclabel of either both TPM state and
log files, or just the log file, propagate this boolean into
those APIs that start/stop swtpm emulator. For now, just pass
true. The juicy bits are soon to come.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: J=C3=A1n Tomko <jtomko@redhat.com>
---
 src/qemu/qemu_security.c | 13 +++++++++----
 src/qemu/qemu_security.h |  4 +++-
 src/qemu/qemu_tpm.c      |  4 ++--
 3 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index d9a1ee5f56..def4061488 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -507,6 +507,7 @@ qemuSecurityRestoreNetdevLabel(virQEMUDriver *driver,
  * @cmd: the command to run
  * @uid: the uid to run the emulator
  * @gid: the gid to run the emulator
+ * @setTPMStateLabel: whether TPM state should be labelled, or just logfile
  * @existstatus: pointer to int returning exit status of process
  * @cmdret: pointer to int returning result of virCommandRun
  *
@@ -523,6 +524,7 @@ qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
                              virCommand *cmd,
                              uid_t uid,
                              gid_t gid,
+                             bool setTPMStateLabel,
                              int *exitstatus,
                              int *cmdret)
 {
@@ -535,7 +537,7 @@ qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
     transactionStarted =3D true;
=20
     if (virSecurityManagerSetTPMLabels(driver->securityManager,
-                                       vm->def, true) < 0) {
+                                       vm->def, setTPMStateLabel) < 0) {
         virSecurityManagerTransactionAbort(driver->securityManager);
         return -1;
     }
@@ -560,7 +562,8 @@ qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
         virSecurityManagerTransactionStart(driver->securityManager) >=3D 0)
         transactionStarted =3D true;
=20
-    virSecurityManagerRestoreTPMLabels(driver->securityManager, vm->def, t=
rue);
+    virSecurityManagerRestoreTPMLabels(driver->securityManager,
+                                       vm->def, setTPMStateLabel);
=20
     if (transactionStarted &&
         virSecurityManagerTransactionCommit(driver->securityManager,
@@ -575,7 +578,8 @@ qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
=20
 void
 qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver,
-                               virDomainObj *vm)
+                               virDomainObj *vm,
+                               bool restoreTPMStateLabel)
 {
     qemuDomainObjPrivate *priv =3D vm->privateData;
     bool transactionStarted =3D false;
@@ -583,7 +587,8 @@ qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver,
     if (virSecurityManagerTransactionStart(driver->securityManager) >=3D 0)
         transactionStarted =3D true;
=20
-    virSecurityManagerRestoreTPMLabels(driver->securityManager, vm->def, t=
rue);
+    virSecurityManagerRestoreTPMLabels(driver->securityManager,
+                                       vm->def, restoreTPMStateLabel);
=20
     if (transactionStarted &&
         virSecurityManagerTransactionCommit(driver->securityManager,
diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
index e01d4699e6..969a47fc17 100644
--- a/src/qemu/qemu_security.h
+++ b/src/qemu/qemu_security.h
@@ -90,11 +90,13 @@ int qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
                                  virCommand *cmd,
                                  uid_t uid,
                                  gid_t gid,
+                                 bool setTPMStateLabel,
                                  int *exitstatus,
                                  int *cmdret);
=20
 void qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver,
-                                    virDomainObj *vm);
+                                    virDomainObj *vm,
+                                    bool restoreTPMStateLabel);
=20
 int qemuSecuritySetSavedStateLabel(virQEMUDriver *driver,
                                    virDomainObj *vm,
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index d2f5bfb055..8dba716ef2 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -962,7 +962,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
         }
     } else if (qemuSecurityStartTPMEmulator(driver, vm, cmd,
                                             cfg->swtpm_user, cfg->swtpm_gr=
oup,
-                                            NULL, &cmdret) < 0) {
+                                            true, NULL, &cmdret) < 0) {
         goto error;
     }
=20
@@ -1139,7 +1139,7 @@ qemuExtTPMStop(virQEMUDriver *driver,
=20
     qemuTPMEmulatorStop(cfg->swtpmStateDir, shortName);
     if (!(outgoingMigration && qemuTPMHasSharedStorage(vm->def)))
-        qemuSecurityCleanupTPMEmulator(driver, vm);
+        qemuSecurityCleanupTPMEmulator(driver, vm, true);
 }
=20
=20
--=20
2.37.4
From nobody Sat May 18 01:15:05 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1669996620; cv=none;
	d=zohomail.com; s=zohoarc;
	b=JRATvs5vcXe/NK6qgpMOXAhs9OhstXPZK5ihZ1bksLsT9ZR3GIdTEJIhhJEBvb4fVeY4ZH3PdhJ7RK+gD/PMfrIU9QZk07PKCIYl7htgtxTEoi0EFeNDpDePmnNbny/ni2Yr0SiwE0V+d9joENwRRPndaxgHQaiYWtdrQMSSVaA=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1669996620;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=9wYsfDt85WoSFui34ljVRB6B/zkWgVs3h9TQo4P0DIc=;
	b=Fc2ZsCc0Dp0YWAfy+f93Oww/VjXzBfJZYZLPkKWfLHonOEYWKqMrmMC97WFCoUmrt1j/XYmXy6GFBIR17uUecXPIhA9aKx3YBRLrWCAhGfGF6ga6ySoRIcCoBb93V9L9kt33dNrLnZInaUVlW6hkabD+FL73rzLTZjKeX2IIb1I=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mprivozn@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1669996620126998.5242392136091;
 Fri, 2 Dec 2022 07:57:00 -0800 (PST)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-595-ob6xQr2_NHiRe76vg03f9Q-1; Fri, 02 Dec 2022 10:56:55 -0500
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com
 [10.11.54.2])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 08AB4833AEF;
	Fri,  2 Dec 2022 15:56:51 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id D9DD240E9788;
	Fri,  2 Dec 2022 15:56:50 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id E3F561947048;
	Fri,  2 Dec 2022 15:56:49 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
 [10.11.54.3])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 545BC1946587 for <libvir-list@listman.corp.redhat.com>;
 Fri,  2 Dec 2022 15:56:42 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id 31D04111E412; Fri,  2 Dec 2022 15:56:42 +0000 (UTC)
Received: from maggie.redhat.com (unknown [10.43.2.39])
 by smtp.corp.redhat.com (Postfix) with ESMTP id CAFC7111E3FA
 for <libvir-list@redhat.com>; Fri,  2 Dec 2022 15:56:41 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1669996619;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=9wYsfDt85WoSFui34ljVRB6B/zkWgVs3h9TQo4P0DIc=;
	b=bOZUiBppbfcblhJwJw9DtlVEj3lxss4jn2FqNakOA81RZA14QLNOzuqzX17bYHa9zlTvpE
	axDdiKQwcSz6D5xuzwOBOu8k5L4AYHwpaT5eDRqZySxAvqI+x41VrSqT6s8LRW8CYWvJ5R
	SWXOERUsoEy27Ui5Kd1Hrb3l0KtbmA0=
X-MC-Unique: ob6xQr2_NHiRe76vg03f9Q-1
X-Original-To: libvir-list@listman.corp.redhat.com
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH 3/3] qemu_tpm: Set log file label on migration
Date: Fri,  2 Dec 2022 16:56:38 +0100
Message-Id: 
 <a3a89facdb1f48596c9f0dc2aa98945a5e2f2682.1669996391.git.mprivozn@redhat.com>
In-Reply-To: <cover.1669996391.git.mprivozn@redhat.com>
References: <cover.1669996391.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/libvir-list/>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
Errors-To: libvir-list-bounces@redhat.com
Sender: "libvir-list" <libvir-list-bounces@redhat.com>
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1669996620448100001
Content-Type: text/plain; charset="utf-8"; x-default="true"

Recently, the QEMU driver gained support for migration with TPM
state on a shared volume (e.g. NFS). As a part of that, the
destination side avoids setting seclabels on it to avoid cutting
off the source while it is still using it. Makes sense, except
for a wee bit: the secdriver API does a bit more - it also sets
label on the swtpm log file. And this one definitely needs to be
labeled (it lives under /var/log/swtpm/libvirt/qemu/..., i.e. not
on a shared volume).

Previously, qemuSecurityStartTPMEmulator() took care of that. But
during rework to shared volume migration, the code was changed so
now plain qemuSecurityCommandRun() would be run (i.e. no
relabelling).

But after previous commits, we can now chose whether the TPM
state should be relabelled or just the log file.

Fixes: 2e669ec789231d39e0d5f5f6a201d2a661b8070c
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=3D2130192#c7
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: J=C3=A1n Tomko <jtomko@redhat.com>
---
 src/qemu/qemu_tpm.c | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 8dba716ef2..0939f64e4e 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -926,6 +926,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
     g_autofree char *pidfile =3D NULL;
     virTimeBackOffVar timebackoff;
     const unsigned long long timeout =3D 1000; /* ms */
+    bool setTPMStateLabel =3D true;
     int cmdret =3D 0;
     pid_t pid =3D -1;
=20
@@ -955,14 +956,12 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
     if (incomingMigration &&
         virFileIsSharedFS(tpm->data.emulator.storagepath) =3D=3D 1) {
         /* security labels must have been set up on source already */
-        if (qemuSecurityCommandRun(driver, vm, cmd,
-                                   cfg->swtpm_user, cfg->swtpm_group,
-                                   NULL, &cmdret) < 0) {
-            goto error;
-        }
-    } else if (qemuSecurityStartTPMEmulator(driver, vm, cmd,
-                                            cfg->swtpm_user, cfg->swtpm_gr=
oup,
-                                            true, NULL, &cmdret) < 0) {
+        setTPMStateLabel =3D false;
+    }
+
+    if (qemuSecurityStartTPMEmulator(driver, vm, cmd,
+                                     cfg->swtpm_user, cfg->swtpm_group,
+                                     setTPMStateLabel, NULL, &cmdret) < 0)=
 {
         goto error;
     }
=20
@@ -1133,13 +1132,16 @@ qemuExtTPMStop(virQEMUDriver *driver,
 {
     g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver);
     g_autofree char *shortName =3D virDomainDefGetShortName(vm->def);
+    bool restoreTPMStateLabel =3D true;
=20
     if (!shortName)
         return;
=20
     qemuTPMEmulatorStop(cfg->swtpmStateDir, shortName);
-    if (!(outgoingMigration && qemuTPMHasSharedStorage(vm->def)))
-        qemuSecurityCleanupTPMEmulator(driver, vm, true);
+    if (outgoingMigration || qemuTPMHasSharedStorage(vm->def))
+        restoreTPMStateLabel =3D false;
+
+    qemuSecurityCleanupTPMEmulator(driver, vm, restoreTPMStateLabel);
 }
=20
=20
--=20
2.37.4