From nobody Sun Feb 8 18:24:54 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) client-ip=205.139.110.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1582805280; cv=none; d=zohomail.com; s=zohoarc; b=TbgflCNcUqizFTOs41L7e8Tp+MMa/ckzjyiR6xLFC2QD0SCHCiW/dS21mAr1sIFoJy6XJ0EBeBNsBhIY7mQ3VYNJTRuxx58HIVDYS1/rZmnDg1XSHqAftKCC6W2c7ULuESrKD+ZPGmlMWN1h79Rha0gZ0+kD/Oc2uagyKUMvEco= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1582805280; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=U3rnITClYnGa2KNE+NDcqnV0FjO1/i7WCEeYE1XHRFQ=; b=mSw0g5cIoVY9a8hw4ibauJerNFOpa6VLdtvtijdPhZYZ17pv43vRVoAQVg1XhtodUKjuCp7IgeN5STJPgFTKARcuZbv87xV9s6bg7djrRMhA0CCCBl+9U/gRBGErCYHOKaLgVld5YST5Rhw9qxI9SDokLkc7x4EG8xKMVEnE/+M= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) by mx.zohomail.com with SMTPS id 1582805280700161.8079296094387; Thu, 27 Feb 2020 04:08:00 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-196-rzCoTw0FPl-uLlOPqEgDaQ-1; Thu, 27 Feb 2020 07:07:55 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E4AA510CE780; Thu, 27 Feb 2020 12:07:48 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D3ED777945; Thu, 27 Feb 2020 12:07:47 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 8763D18089CE; Thu, 27 Feb 2020 12:07:44 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 01RC7g84026289 for ; Thu, 27 Feb 2020 07:07:42 -0500 Received: by smtp.corp.redhat.com (Postfix) id CDCDE92984; Thu, 27 Feb 2020 12:07:42 +0000 (UTC) Received: from moe.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2D2E092973 for ; Thu, 27 Feb 2020 12:07:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1582805277; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=U3rnITClYnGa2KNE+NDcqnV0FjO1/i7WCEeYE1XHRFQ=; b=MDFRKphaEKz2rsa5WzWzWL2u9/4f1mAM5UNH5+cdt76rtY9FSVn+SDOGl15j/CHCwnIfaN WkO/uMCU3PTfYDKuX7J81VlKeVJVDsWjlnBkpte1CxV0xTIInyF3qg1K38dSQFAax5c6QM 1yPT1GgqdcTmhUKh1dHIZklVzmX1N/c= X-MC-Unique: rzCoTw0FPl-uLlOPqEgDaQ-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 1/2] security: Introduce VIR_SECURITY_DOMAIN_IMAGE_TOP_PARENT flag Date: Thu, 27 Feb 2020 13:07:35 +0100 Message-Id: <0c387be59b82033be7d95049d11c472b9dc583a8.1582805083.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Our decision whether to remember seclabel for a disk image depends on a few factors. If the image is readonly or shared or not top parent of a backing chain the remembering is suppressed for the image. However, the virSecurityManagerSetImageLabel() is too low level to determine whether passed @src is top parent or not. Even though it has domain definition available, in some cases (like snapshots or block copy) the @src is added to the definition only after the operation succeeded. Therefore, introduce a flag which callers can use to help us with the decision. Signed-off-by: Michal Privoznik --- src/security/security_dac.c | 16 +++++++++++----- src/security/security_manager.h | 1 + src/security/security_selinux.c | 18 ++++++++++++------ 3 files changed, 24 insertions(+), 11 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index f412054d0e..3f8b04b307 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -889,14 +889,14 @@ static int virSecurityDACSetImageLabelInternal(virSecurityManagerPtr mgr, virDomainDefPtr def, virStorageSourcePtr src, - virStorageSourcePtr parent) + virStorageSourcePtr parent, + bool is_topparent) { virSecurityLabelDefPtr secdef; virSecurityDeviceLabelDefPtr disk_seclabel; virSecurityDeviceLabelDefPtr parent_seclabel =3D NULL; virSecurityDACDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); bool remember; - bool is_toplevel =3D parent =3D=3D src || parent->externalDataStore = =3D=3D src; uid_t user; gid_t group; =20 @@ -954,7 +954,7 @@ virSecurityDACSetImageLabelInternal(virSecurityManagerP= tr mgr, * but the top layer, or read only image, or disk explicitly * marked as shared. */ - remember =3D is_toplevel && !src->readonly && !src->shared; + remember =3D is_topparent && !src->readonly && !src->shared; =20 return virSecurityDACSetOwnership(mgr, src, NULL, user, group, remembe= r); } @@ -967,10 +967,13 @@ virSecurityDACSetImageLabelRelative(virSecurityManage= rPtr mgr, virStorageSourcePtr parent, virSecurityDomainImageLabelFlags flags) { + bool is_topparent =3D flags & VIR_SECURITY_DOMAIN_IMAGE_TOP_PARENT; virStorageSourcePtr n; =20 + flags &=3D ~VIR_SECURITY_DOMAIN_IMAGE_TOP_PARENT; + for (n =3D src; virStorageSourceIsBacking(n); n =3D n->backingStore) { - if (virSecurityDACSetImageLabelInternal(mgr, def, n, parent) < 0) + if (virSecurityDACSetImageLabelInternal(mgr, def, n, parent, is_to= pparent) < 0) return -1; =20 if (n->externalDataStore && @@ -983,6 +986,8 @@ virSecurityDACSetImageLabelRelative(virSecurityManagerP= tr mgr, =20 if (!(flags & VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN)) break; + + is_topparent =3D false; } =20 return 0; @@ -2114,7 +2119,8 @@ virSecurityDACSetAllLabel(virSecurityManagerPtr mgr, if (virDomainDiskGetType(def->disks[i]) =3D=3D VIR_STORAGE_TYPE_DI= R) continue; if (virSecurityDACSetImageLabel(mgr, def, def->disks[i]->src, - VIR_SECURITY_DOMAIN_IMAGE_LABEL_BA= CKING_CHAIN) < 0) + VIR_SECURITY_DOMAIN_IMAGE_LABEL_BA= CKING_CHAIN | + VIR_SECURITY_DOMAIN_IMAGE_TOP_PARE= NT) < 0) return -1; } =20 diff --git a/src/security/security_manager.h b/src/security/security_manage= r.h index b92ea5dc87..11904fda89 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -151,6 +151,7 @@ virSecurityManagerPtr* virSecurityManagerGetNested(virS= ecurityManagerPtr mgr); =20 typedef enum { VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN =3D 1 << 0, + VIR_SECURITY_DOMAIN_IMAGE_TOP_PARENT =3D 1 << 1, } virSecurityDomainImageLabelFlags; =20 int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr, diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 2241a35e6e..0aa0c2bb71 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1824,7 +1824,8 @@ static int virSecuritySELinuxSetImageLabelInternal(virSecurityManagerPtr mgr, virDomainDefPtr def, virStorageSourcePtr src, - virStorageSourcePtr parent) + virStorageSourcePtr parent, + bool is_topparent) { virSecuritySELinuxDataPtr data =3D virSecurityManagerGetPrivateData(mg= r); virSecurityLabelDefPtr secdef; @@ -1832,7 +1833,6 @@ virSecuritySELinuxSetImageLabelInternal(virSecurityMa= nagerPtr mgr, virSecurityDeviceLabelDefPtr parent_seclabel =3D NULL; char *use_label =3D NULL; bool remember; - bool is_toplevel =3D parent =3D=3D src || parent->externalDataStore = =3D=3D src; g_autofree char *vfioGroupDev =3D NULL; const char *path =3D src->path; int ret; @@ -1856,7 +1856,7 @@ virSecuritySELinuxSetImageLabelInternal(virSecurityMa= nagerPtr mgr, * but the top layer, or read only image, or disk explicitly * marked as shared. */ - remember =3D is_toplevel && !src->readonly && !src->shared; + remember =3D is_topparent && !src->readonly && !src->shared; =20 disk_seclabel =3D virStorageSourceGetSecurityLabelDef(src, SECURITY_SELINUX_N= AME); @@ -1873,7 +1873,7 @@ virSecuritySELinuxSetImageLabelInternal(virSecurityMa= nagerPtr mgr, return 0; =20 use_label =3D parent_seclabel->label; - } else if (is_toplevel) { + } else if (parent =3D=3D src || parent->externalDataStore =3D=3D src) { if (src->shared) { use_label =3D data->file_context; } else if (src->readonly) { @@ -1927,10 +1927,13 @@ virSecuritySELinuxSetImageLabelRelative(virSecurity= ManagerPtr mgr, virStorageSourcePtr parent, virSecurityDomainImageLabelFlags f= lags) { + bool is_topparent =3D flags & VIR_SECURITY_DOMAIN_IMAGE_TOP_PARENT; virStorageSourcePtr n; =20 + flags &=3D ~VIR_SECURITY_DOMAIN_IMAGE_TOP_PARENT; + for (n =3D src; virStorageSourceIsBacking(n); n =3D n->backingStore) { - if (virSecuritySELinuxSetImageLabelInternal(mgr, def, n, parent) <= 0) + if (virSecuritySELinuxSetImageLabelInternal(mgr, def, n, parent, i= s_topparent) < 0) return -1; =20 if (n->externalDataStore && @@ -1943,6 +1946,8 @@ virSecuritySELinuxSetImageLabelRelative(virSecurityMa= nagerPtr mgr, =20 if (!(flags & VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN)) break; + + is_topparent =3D false; } =20 return 0; @@ -3146,7 +3151,8 @@ virSecuritySELinuxSetAllLabel(virSecurityManagerPtr m= gr, continue; } if (virSecuritySELinuxSetImageLabel(mgr, def, def->disks[i]->src, - VIR_SECURITY_DOMAIN_IMAGE_LABE= L_BACKING_CHAIN) < 0) + VIR_SECURITY_DOMAIN_IMAGE_LABE= L_BACKING_CHAIN | + VIR_SECURITY_DOMAIN_IMAGE_TOP_= PARENT) < 0) return -1; } /* XXX fixme process def->fss if relabel =3D=3D true */ --=20 2.24.1