From nobody Sun May 5 09:47:54 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) client-ip=205.139.110.61; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593621720; cv=none; d=zohomail.com; s=zohoarc; b=QW8YUfA4UBk7d1Z6/Gc1DAheIXQwJsPQFw+msGjI2p4Wormt2lJUk2H0thXxueW6a9pzj5KehdKVA42Xt35UH7q9dmiCIbPza7NJGvtIC6eL4pG3Qtau8en9CmqBWfQxtszOOr2wmWVBaOv3fga3o6ZRuOP9Jp54yi+ABf1Ye1w= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593621720; h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=0d/LRawNhETDEJk8k/Lurtupv4ETLsy1Z+46q7ohnfM=; b=VgS+LKbw3jDoapcFN62KWf2KAchF8mGm1AbBEFQrmMyGYW/xb8kI3uNThDO4YJCsAxwv4pAstKMpFG1qBpEMUmh5GDvkojrBdmBYvRUjtrGQbRSaPoP4AwQwXy2d0SlmrSr78Zi7xtIXWpKtSSs6sbsLm9k10Fc+jKz8Za1x+CM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) by mx.zohomail.com with SMTPS id 1593621720077992.604783938166; Wed, 1 Jul 2020 09:42:00 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-358-wuLLJhALOLyuTOKE-W-oCg-1; Wed, 01 Jul 2020 12:41:55 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 67ACB87950B; Wed, 1 Jul 2020 16:41:50 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1BEDA5C1D3; Wed, 1 Jul 2020 16:41:49 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id A26C81809554; Wed, 1 Jul 2020 16:41:47 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 061GdwIR010487 for ; Wed, 1 Jul 2020 12:39:58 -0400 Received: by smtp.corp.redhat.com (Postfix) id D952960CD3; Wed, 1 Jul 2020 16:39:58 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.36.110.55]) by smtp.corp.redhat.com (Postfix) with ESMTP id DE00C60CD1; Wed, 1 Jul 2020 16:39:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593621718; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=0d/LRawNhETDEJk8k/Lurtupv4ETLsy1Z+46q7ohnfM=; b=JQyVUbCA4Rb9t0D9U7WTQJ+jdfWYY72OpD5FjSFHn0hT+xrnyRRFuS+bYHYqacLiNjl5vu SlLGr4nX02WEe+BPSIjxoR5zRBLSEl2mPFAjg813ChwUuZRMz8Cg3hWxw2jPFhg9nC0AbF ZE/w6gz1VdhEs17vlNskNrjHEv/Ub2Y= X-MC-Unique: wuLLJhALOLyuTOKE-W-oCg-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH] util: add access check for hooks to fix running as non-root Date: Wed, 1 Jul 2020 17:39:53 +0100 Message-Id: <20200701163953.1698883-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Since feb83c1e710b9ea8044a89346f4868d03b31b0f1 libvirtd will abort on startup if run as non-root 2020-07-01 16:30:30.738+0000: 1647444: error : virDirOpenInternal:2869 : = cannot open directory '/etc/libvirt/hooks/daemon.d': Permission denied The root cause flaw is that non-root libvirtd is using /etc/libvirt for its hooks. Traditionally that has been harmless though since we checked whether we could access the hook file and degraded gracefully. We need the same access check for iterating over the hook directory. Long term we should make it possible to have an unprivileged hook dir under $HOME. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Daniel Henrique Barboza --- src/util/virhook.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/util/virhook.c b/src/util/virhook.c index 3e025fd3a6..a7ab98560c 100644 --- a/src/util/virhook.c +++ b/src/util/virhook.c @@ -171,6 +171,12 @@ virHookCheck(int no, const char *driver) } =20 dir_path =3D g_strdup_printf("%s.d", path); + + if (access(dir_path, X_OK | R_OK) < 0) { + VIR_DEBUG("Hook dir %s is not accessible", dir_path); + return 1; + } + if ((ret =3D virDirOpenIfExists(&dir, dir_path)) < 0) return -1; =20 @@ -415,6 +421,10 @@ virHookCall(int driver, } =20 dir_path =3D g_strdup_printf("%s.d", path); + + if (access(dir_path, X_OK | R_OK) < 0) + return script_ret; + if ((ret =3D virDirOpenIfExists(&dir, dir_path)) < 0) return -1; =20 --=20 2.26.2