From nobody Sat May 18 11:26:08 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 216.205.24.124 as permitted sender) client-ip=216.205.24.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=quarantine dis=quarantine)  header.from=suse.com
ARC-Seal: i=1; a=rsa-sha256; t=1607037994; cv=none;
	d=zohomail.com; s=zohoarc;
	b=DZyENTwIPgtZeWE8HFApHPsVZmrmrRExgU/G8YlG6yD02gCp+SELbjGNvstuJIZYFu58aC6ShTPvzlDcMjvrYnLXg7lK8YluNSk7EyZmmJMgpMh+qwxCDP6XrgcljwAlyHkUaF5KZM3o/do31ll1BxvD52s5huODy/fOnE0QukU=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1607037994;
 h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To;
	bh=4LeO40syL3W8OFXNRXZ/r2GTqT1OEyQ9deiikhN8Yrs=;
	b=COVtDfuKI6Hi5Cw3taYEqKs6qaA49FQN7XQ0+lGPFZR6J3cZ/Lqvly9sMy4Xw/6s9bdYuqxPpyf8lQGLzLoW4m6yq9mA4Ii5+agrfe3AJd5o8Ohw+RHO0I9Ln+cpF6tK+zb7KJw8PeVVOukqCocZiDIriE6t/o6h/eUSHnI07UQ=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail header.from=<jfehlig@suse.com> (p=quarantine dis=quarantine)
 header.from=<jfehlig@suse.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
	with SMTPS id 1607037994742613.9906833589512;
 Thu, 3 Dec 2020 15:26:34 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-45-zt49T8YoN1qAywR6ijY6YQ-1; Thu, 03 Dec 2020 18:26:30 -0500
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8A9249CC03;
	Thu,  3 Dec 2020 23:26:22 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 06FBB5C1B4;
	Thu,  3 Dec 2020 23:26:19 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 659FA18095C7;
	Thu,  3 Dec 2020 23:26:15 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
	[10.11.54.3])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 0B3NQD9x017293 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 3 Dec 2020 18:26:13 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 628D4101F0AB; Thu,  3 Dec 2020 23:26:13 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 5D406101F0A8
	for <libvir-list@redhat.com>; Thu,  3 Dec 2020 23:26:11 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 38C1B803DCD
	for <libvir-list@redhat.com>; Thu,  3 Dec 2020 23:26:11 +0000 (UTC)
Received: from de-smtp-delivery-102.mimecast.com
	(de-smtp-delivery-102.mimecast.com [194.104.109.102]) (Using TLS) by
	relay.mimecast.com with ESMTP id us-mta-107-tm7-so57NniERoeAfPk36Q-1;
	Thu, 03 Dec 2020 18:26:07 -0500
Received: from EUR04-DB3-obe.outbound.protection.outlook.com
	(mail-db3eur04lp2057.outbound.protection.outlook.com [104.47.12.57])
	(Using TLS) by relay.mimecast.com with ESMTP id
	de-mta-5-QyPIK62bMb6eVLQMiDpaEw-1; Fri, 04 Dec 2020 00:26:05 +0100
Received: from AM8PR04MB7761.eurprd04.prod.outlook.com (2603:10a6:20b:248::15)
	by AM0PR04MB4036.eurprd04.prod.outlook.com (2603:10a6:208:64::18)
	with Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.17;
	Thu, 3 Dec 2020 23:26:03 +0000
Received: from AM8PR04MB7761.eurprd04.prod.outlook.com
	([fe80::28ad:2119:382e:6dae]) by
	AM8PR04MB7761.eurprd04.prod.outlook.com
	([fe80::28ad:2119:382e:6dae%7]) with mapi id 15.20.3632.017;
	Thu, 3 Dec 2020 23:26:03 +0000
Received: from linux-tbji.devlab.prv.suse.com (75.169.0.32) by
	AM8P192CA0016.EURP192.PROD.OUTLOOK.COM (2603:10a6:20b:21b::21)
	with Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.17
	via Frontend Transport; Thu, 3 Dec 2020 23:26:02 +0000
X-MC-Unique: zt49T8YoN1qAywR6ijY6YQ-1
X-MC-Unique: tm7-so57NniERoeAfPk36Q-1
X-MC-Unique: QyPIK62bMb6eVLQMiDpaEw-1
From: Jim Fehlig <jfehlig@suse.com>
To: libvir-list@redhat.com
Subject: [PATCH] lxc: Set default security model in XML parser config
Date: Thu,  3 Dec 2020 16:25:42 -0700
Message-ID: <20201203232542.3961-1-jfehlig@suse.com>
X-Originating-IP: [75.169.0.32]
X-ClientProxiedBy: AM8P192CA0016.EURP192.PROD.OUTLOOK.COM
	(2603:10a6:20b:21b::21) To AM8PR04MB7761.eurprd04.prod.outlook.com
	(2603:10a6:20b:248::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 78aab4e6-804f-4a87-c72f-08d897e2ccd9
X-MS-TrafficTypeDiagnostic: AM0PR04MB4036:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
 <AM0PR04MB4036DB8B3EA36591B4AECF15C6F20@AM0PR04MB4036.eurprd04.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:7691
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0
X-Microsoft-Antispam-Message-Info: 
 WoIK7leZwpLrmKFRBmF3fMa+H1xkje/SYltD6KTzR6jmDjAp2N2tTrx9QVf+MYKlkYTy452PsxiI1yUnmEeewHIauIcAO87U14to5Z37Qm3NvHtS04NrS53mV7kLKCJDV8KldY1D9jUf7Lb8Uo0bmRuCzGBMvb9ViDqJgO1ppWfX6w7oHoo18GdyajVSYThzxP/v8cxxJGuqQ9t0dHIUsdzgc3ANmJhZmz8sTW9AdPACbIDpLM483oYLEAQf27Ex0mxZqu1LId8TBlsw4selmfpy0VSWVlEG0Kny3uSntu8ndjep7bVAywd0EcmMQHJFcxDbrRx+Lzm+/iNyptWVkXHHegIfuRjZ5A1GrICvWlfkw3no59aj7EF+Kx366AJ47m7PcoL7b3aH1jyrf6AVUQ==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
	IPV:NLI; SFV:NSPM; H:AM8PR04MB7761.eurprd04.prod.outlook.com;
	PTR:; CAT:NONE;
	SFS:(396003)(136003)(39860400002)(366004)(346002)(376002)(15650500001)(956004)(66556008)(66476007)(66946007)(6666004)(5660300002)(36756003)(83380400001)(966005)(6916009)(4326008)(7696005)(52116002)(2616005)(316002)(107886003)(1076003)(86362001)(26005)(2906002)(16526019)(186003)(8676002)(478600001)(8936002)(6486002);
	DIR:OUT; SFP:1101
X-MS-Exchange-AntiSpam-MessageData: 
 =?us-ascii?Q?AUoD3NXxJDQe2lzOSNizqGh5Vpg2Hyqz+2ZjnlRwoze1LkNGKG+5C80nqqwS?=
	=?us-ascii?Q?zKt4gYPCi3K44EhZerkqs3UdbveZJt+Zk8Kw/cOLfnThNgmlqRB7p2KsrZLM?=
	=?us-ascii?Q?vqgW5njfgCYcBIs/TfnWR+arnSjsSxa5wn6SEiUiVnVUHlrqmMUKefSVdFfV?=
	=?us-ascii?Q?bNqPswT3cUViE5Q9gY3SpAiFrxVLq4ya/gzpUAn1LpWLTg2/cYI7yFqVUwF1?=
	=?us-ascii?Q?22o1pmlGVqgoNfNWRNzRvLRkKRT+T31ylN4GuLgKy2V9XVcqcfyAJ5ZrJPnk?=
	=?us-ascii?Q?Mlhak3t8wRFnxhUpYDsQUABbA5CUqfzkMng2BGsHGimU5Un95Imru5OXiEOQ?=
	=?us-ascii?Q?2/FaB7xLBwFqKhbgWY97FQkCkszm2JQyJSlfau2fey31Jna7Yrw/2Y0PWqR6?=
	=?us-ascii?Q?gFZY+0OGtIZW/HCmxWTA5v76cgUT6/vjRZTcGRqCqSdIQJy1Tl8NQBfBmeUX?=
	=?us-ascii?Q?iEEwSuwzcenOUuQ0qSEa1PfNuIslUJGDTLXO7ZEQ/c8hcHsE145VZavH+TfV?=
	=?us-ascii?Q?ZIKkiYukhz3qyeA74mkyzdBaA692qfexvL3sA/UJdJPYZnlbDdkejsKQsseF?=
	=?us-ascii?Q?ARV6mZHd3IK4BzeMhwqMz1MUWVp+C0XLeIKyHGjis4LnIVZMdRsPwoG2q/xH?=
	=?us-ascii?Q?MQ2unuCX/q9U7PJcosDA7ey06qOaFXGSXbLT5Jecw3Qt0NC7PI3A5KSHeuq7?=
	=?us-ascii?Q?vnPN2TTopX8x01ULS+srwU55Teki3+uKV0CRXcVhBeyQo4m2x6iVne/6u7t/?=
	=?us-ascii?Q?BuLuJb/0knsmh930yaYLo/7tebjmLLUE1izZCU7EwnPtR3Qti9r9Bqm38Ugk?=
	=?us-ascii?Q?hX/eufCB8aCkeFCu7M72aAWbEptC3jufvPtCVEiZ0Jvcp/ecThhqtf/5R7lz?=
	=?us-ascii?Q?C0oP1DyFeVjyA4vxcVnFq8YkG4IV7xMFo8u99E0nb8S7xwZdg5DBqm/fn63A?=
	=?us-ascii?Q?r6lgki4XCFubQagp/ypuYEi9WmuGDK8oJJBISHA8ICo=3D?=
X-OriginatorOrg: suse.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 78aab4e6-804f-4a87-c72f-08d897e2ccd9
X-MS-Exchange-CrossTenant-AuthSource: AM8PR04MB7761.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Dec 2020 23:26:03.1348 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 qm5oQIKIsAcO73aKNjwi9h55n1Ra6iVR4xC4naJDE63F3goQCQvBIoS/FfcYANCVubZKfE2hmyWBfpppSCs9rg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR04MB4036
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-MIME-Autoconverted: from quoted-printable to 8bit by
	lists01.pubmisc.prod.ext.phx2.redhat.com id 0B3NQD9x017293
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Attempting to create a lxc domain with <seclabel type=3D'none'/> fails

virsh --connect lxc:/// create distro_nosec.xml
error: Failed to create domain from distro_nosec.xml
error: unsupported configuration: Security driver model '(null)' is not ava=
ilable

The lxc driver does not set a default security driver model in the XML
parser config, causing seclabels of type=3D'none' to have a null model.
The lxc driver's security manager is initialized in lxcStateInitialize()
by calling lxcSecurityInit(). Use the model of this manager as the
default in the XML parser config.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---

Kind'a, sort'a a V2 of

https://www.redhat.com/archives/libvir-list/2020-December/msg00186.html

It's quite a different approach to solving the problem than that patch.

 src/lxc/lxc_conf.c       | 3 ++-
 src/lxc/lxc_conf.h       | 3 ++-
 src/lxc/lxc_controller.c | 2 +-
 src/lxc/lxc_driver.c     | 5 ++++-
 tests/testutilslxc.c     | 2 +-
 5 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/lxc/lxc_conf.c b/src/lxc/lxc_conf.c
index 13da6c4586..e6ad91205e 100644
--- a/src/lxc/lxc_conf.c
+++ b/src/lxc/lxc_conf.c
@@ -209,9 +209,10 @@ virCapsPtr virLXCDriverGetCapabilities(virLXCDriverPtr=
 driver,
=20
=20
 virDomainXMLOptionPtr
-lxcDomainXMLConfInit(virLXCDriverPtr driver)
+lxcDomainXMLConfInit(virLXCDriverPtr driver, const char *defsecmodel)
 {
     virLXCDriverDomainDefParserConfig.priv =3D driver;
+    virLXCDriverDomainDefParserConfig.defSecModel =3D defsecmodel;
     return virDomainXMLOptionNew(&virLXCDriverDomainDefParserConfig,
                                  &virLXCDriverPrivateDataCallbacks,
                                  &virLXCDriverDomainXMLNamespace,
diff --git a/src/lxc/lxc_conf.h b/src/lxc/lxc_conf.h
index f2f0e0a570..664bafc7b9 100644
--- a/src/lxc/lxc_conf.h
+++ b/src/lxc/lxc_conf.h
@@ -112,7 +112,8 @@ int virLXCLoadDriverConfig(virLXCDriverConfigPtr cfg,
 virCapsPtr virLXCDriverCapsInit(virLXCDriverPtr driver);
 virCapsPtr virLXCDriverGetCapabilities(virLXCDriverPtr driver,
                                        bool refresh);
-virDomainXMLOptionPtr lxcDomainXMLConfInit(virLXCDriverPtr driver);
+virDomainXMLOptionPtr lxcDomainXMLConfInit(virLXCDriverPtr driver,
+                                           const char *defsecmodel);
=20
 static inline void lxcDriverLock(virLXCDriverPtr driver)
 {
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index 97de0408b6..67e5e63d00 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -169,7 +169,7 @@ virLXCControllerDriverNew(void)
     }
=20
     driver->caps =3D virLXCDriverCapsInit(NULL);
-    driver->xmlopt =3D lxcDomainXMLConfInit(driver);
+    driver->xmlopt =3D lxcDomainXMLConfInit(driver, NULL);
=20
     return driver;
 }
diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index d0503ef2ea..9d94c703ea 100644
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -1470,6 +1470,7 @@ static int lxcStateInitialize(bool privileged,
 {
     virLXCDriverConfigPtr cfg =3D NULL;
     bool autostart =3D true;
+    const char *defsecmodel;
=20
     if (root !=3D NULL) {
         virReportError(VIR_ERR_INVALID_ARG, "%s",
@@ -1525,7 +1526,9 @@ static int lxcStateInitialize(bool privileged,
     if (!(lxc_driver->hostdevMgr =3D virHostdevManagerGetDefault()))
         goto cleanup;
=20
-    if (!(lxc_driver->xmlopt =3D lxcDomainXMLConfInit(lxc_driver)))
+    defsecmodel =3D virSecurityManagerGetModel(lxc_driver->securityManager=
);
+   =20
+    if (!(lxc_driver->xmlopt =3D lxcDomainXMLConfInit(lxc_driver, defsecmo=
del)))
         goto cleanup;
=20
     if (!(lxc_driver->closeCallbacks =3D virCloseCallbacksNew()))
diff --git a/tests/testutilslxc.c b/tests/testutilslxc.c
index b5e2f542e7..e15ea2bd32 100644
--- a/tests/testutilslxc.c
+++ b/tests/testutilslxc.c
@@ -71,7 +71,7 @@ testLXCDriverInit(void)
     }
=20
     driver->caps =3D testLXCCapsInit();
-    driver->xmlopt =3D lxcDomainXMLConfInit(driver);
+    driver->xmlopt =3D lxcDomainXMLConfInit(driver, NULL);
=20
     return driver;
 }
--=20
2.29.2