From nobody Sun Feb  8 13:53:31 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1569942060; cv=none;
	d=zoho.com; s=zohoarc;
	b=NznB0CPfR6h+5ymM9dipZt4X8a9kT4r1ODNlpzLFYMWW/tCHM19wsJFAwIlvhGBUZkEvm9wueBiPqUihWEAwvao2nFHcYUai2KvojYtXMFCLN9xwhWahZVND6gEuabA+wf+3vpRmYSqcrZM6zGYZE04EM6fv/N1ngeW1Pl0HTBI=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
 s=zohoarc;
	t=1569942060;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results;
	bh=0QrYhmkqW8y9HfJZODcZ0epz/lH5ngYFuZyIn3ayey4=;
	b=L8pWEpTtgVc4pMHar10cAWT4NKW0ET+VffuTvGlXuwNM6hQEbgM+QeyOcvEC1wmjcQgFY0aF0YoPXwk97KF/AsXGSBltAYZbMBD9j1ZDhs7sJdbghjpq2WqUb8uBXXpCN5U0kYHn99cJxNBYJ8gPSoOE/2kkraTeUzDV/glyX+U=
ARC-Authentication-Results: i=1; mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mprivozn@redhat.com> (p=none dis=none)
 header.from=<mprivozn@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1569942060952671.8992494093266;
 Tue, 1 Oct 2019 08:01:00 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 04504A44AF5;
	Tue,  1 Oct 2019 15:00:59 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 7DC6B60167;
	Tue,  1 Oct 2019 15:00:58 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2CFD06B49D;
	Tue,  1 Oct 2019 15:00:58 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id x91F0orB032379 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 1 Oct 2019 11:00:50 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 95C455D784; Tue,  1 Oct 2019 15:00:50 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.2.30])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 1E0405D713
	for <libvir-list@redhat.com>; Tue,  1 Oct 2019 15:00:49 +0000 (UTC)
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Date: Tue,  1 Oct 2019 17:00:43 +0200
Message-Id: 
 <00ef213caa2d279f4ccf436ddc334b4549898012.1569941501.git.mprivozn@redhat.com>
In-Reply-To: <cover.1569941501.git.mprivozn@redhat.com>
References: <cover.1569941501.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 2/3] security_dac: Allow selective remember/recall
	for chardevs
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.6.2 (mx1.redhat.com [10.5.110.68]);
 Tue, 01 Oct 2019 15:00:59 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

While in most cases we want to remember/recall label for a
chardev, there are some special ones (like /dev/tpm0) where we
don't want to remember the seclabel nor recall it. See next
commit for rationale behind.

While the easiest way to implement this would be to just add new
argument to virSecurityDACSetChardevLabel() this one is also a
callback for virSecurityManagerSetChardevLabel() and thus has
more or less stable set of arguments. Therefore, the current
virSecurityDACSetChardevLabel() is renamed to
virSecurityDACSetChardevLabelHelper() and the original function
is set to call the new one.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/security/security_dac.c | 67 +++++++++++++++++++++++++++----------
 1 file changed, 49 insertions(+), 18 deletions(-)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 5df50bdcf5..2733fa664f 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1431,10 +1431,11 @@ virSecurityDACRestoreHostdevLabel(virSecurityManage=
rPtr mgr,
=20
=20
 static int
-virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
-                              virDomainDefPtr def,
-                              virDomainChrSourceDefPtr dev_source,
-                              bool chardevStdioLogd)
+virSecurityDACSetChardevLabelHelper(virSecurityManagerPtr mgr,
+                                    virDomainDefPtr def,
+                                    virDomainChrSourceDefPtr dev_source,
+                                    bool chardevStdioLogd,
+                                    bool remember)
=20
 {
     virSecurityDACDataPtr priv =3D virSecurityManagerGetPrivateData(mgr);
@@ -1471,7 +1472,7 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr m=
gr,
     case VIR_DOMAIN_CHR_TYPE_FILE:
         ret =3D virSecurityDACSetOwnership(mgr, NULL,
                                          dev_source->data.file.path,
-                                         user, group, true);
+                                         user, group, remember);
         break;
=20
     case VIR_DOMAIN_CHR_TYPE_PIPE:
@@ -1479,12 +1480,12 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr=
 mgr,
             virAsprintf(&out, "%s.out", dev_source->data.file.path) < 0)
             goto done;
         if (virFileExists(in) && virFileExists(out)) {
-            if (virSecurityDACSetOwnership(mgr, NULL, in, user, group, tru=
e) < 0 ||
-                virSecurityDACSetOwnership(mgr, NULL, out, user, group, tr=
ue) < 0)
+            if (virSecurityDACSetOwnership(mgr, NULL, in, user, group, rem=
ember) < 0 ||
+                virSecurityDACSetOwnership(mgr, NULL, out, user, group, re=
member) < 0)
                 goto done;
         } else if (virSecurityDACSetOwnership(mgr, NULL,
                                               dev_source->data.file.path,
-                                              user, group, true) < 0) {
+                                              user, group, remember) < 0) {
             goto done;
         }
         ret =3D 0;
@@ -1499,7 +1500,7 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr m=
gr,
              * and passed via FD */
             if (virSecurityDACSetOwnership(mgr, NULL,
                                            dev_source->data.nix.path,
-                                           user, group, true) < 0)
+                                           user, group, remember) < 0)
                 goto done;
         }
         ret =3D 0;
@@ -1525,11 +1526,24 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr=
 mgr,
     return ret;
 }
=20
+
 static int
-virSecurityDACRestoreChardevLabel(virSecurityManagerPtr mgr,
-                                  virDomainDefPtr def ATTRIBUTE_UNUSED,
-                                  virDomainChrSourceDefPtr dev_source,
-                                  bool chardevStdioLogd)
+virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
+                              virDomainDefPtr def,
+                              virDomainChrSourceDefPtr dev_source,
+                              bool chardevStdioLogd)
+{
+    return virSecurityDACSetChardevLabelHelper(mgr, def, dev_source,
+                                               chardevStdioLogd, true);
+}
+
+
+static int
+virSecurityDACRestoreChardevLabelHelper(virSecurityManagerPtr mgr,
+                                        virDomainDefPtr def ATTRIBUTE_UNUS=
ED,
+                                        virDomainChrSourceDefPtr dev_sourc=
e,
+                                        bool chardevStdioLogd,
+                                        bool recall)
 {
     virSecurityDeviceLabelDefPtr chr_seclabel =3D NULL;
     char *in =3D NULL, *out =3D NULL;
@@ -1549,7 +1563,9 @@ virSecurityDACRestoreChardevLabel(virSecurityManagerP=
tr mgr,
     switch ((virDomainChrType)dev_source->type) {
     case VIR_DOMAIN_CHR_TYPE_DEV:
     case VIR_DOMAIN_CHR_TYPE_FILE:
-        ret =3D virSecurityDACRestoreFileLabel(mgr, dev_source->data.file.=
path);
+        ret =3D virSecurityDACRestoreFileLabelInternal(mgr, NULL,
+                                                     dev_source->data.file=
.path,
+                                                     recall);
         break;
=20
     case VIR_DOMAIN_CHR_TYPE_PIPE:
@@ -1557,10 +1573,12 @@ virSecurityDACRestoreChardevLabel(virSecurityManage=
rPtr mgr,
             virAsprintf(&in, "%s.in", dev_source->data.file.path) < 0)
             goto done;
         if (virFileExists(in) && virFileExists(out)) {
-            if (virSecurityDACRestoreFileLabel(mgr, out) < 0 ||
-                virSecurityDACRestoreFileLabel(mgr, in) < 0)
+            if (virSecurityDACRestoreFileLabelInternal(mgr, NULL, out, rec=
all) < 0 ||
+                virSecurityDACRestoreFileLabelInternal(mgr, NULL, in, reca=
ll) < 0)
                 goto done;
-        } else if (virSecurityDACRestoreFileLabel(mgr, dev_source->data.fi=
le.path) < 0) {
+        } else if (virSecurityDACRestoreFileLabelInternal(mgr, NULL,
+                                                          dev_source->data=
.file.path,
+                                                          recall) < 0) {
             goto done;
         }
         ret =3D 0;
@@ -1568,7 +1586,9 @@ virSecurityDACRestoreChardevLabel(virSecurityManagerP=
tr mgr,
=20
     case VIR_DOMAIN_CHR_TYPE_UNIX:
         if (!dev_source->data.nix.listen &&
-            virSecurityDACRestoreFileLabel(mgr, dev_source->data.nix.path)=
 < 0) {
+            virSecurityDACRestoreFileLabelInternal(mgr, NULL,
+                                                   dev_source->data.nix.pa=
th,
+                                                   recall) < 0) {
             goto done;
         }
         ret =3D 0;
@@ -1595,6 +1615,17 @@ virSecurityDACRestoreChardevLabel(virSecurityManager=
Ptr mgr,
 }
=20
=20
+static int
+virSecurityDACRestoreChardevLabel(virSecurityManagerPtr mgr,
+                                  virDomainDefPtr def,
+                                  virDomainChrSourceDefPtr dev_source,
+                                  bool chardevStdioLogd)
+{
+    return virSecurityDACRestoreChardevLabelHelper(mgr, def, dev_source,
+                                                   chardevStdioLogd, true);
+}
+
+
 struct _virSecuritySELinuxChardevCallbackData {
     virSecurityManagerPtr mgr;
     bool chardevStdioLogd;
--=20
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list