From nobody Fri Mar 29 05:27:34 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=huawei.com Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1633954125761759.8972577941971; Mon, 11 Oct 2021 05:08:45 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-139-XIRTIq-NMXSwVVdCQFBv2A-1; Mon, 11 Oct 2021 08:08:40 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1A949CC624; Mon, 11 Oct 2021 12:08:36 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EE0D210023AE; Mon, 11 Oct 2021 12:08:35 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id B58144EA3F; Mon, 11 Oct 2021 12:08:35 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 19BC8Y6e020842 for ; Mon, 11 Oct 2021 08:08:34 -0400 Received: by smtp.corp.redhat.com (Postfix) id 2E95940CFD11; Mon, 11 Oct 2021 12:08:34 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2955640CFD0F for ; Mon, 11 Oct 2021 12:08:34 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 0CDD9800C00 for ; Mon, 11 Oct 2021 12:08:34 +0000 (UTC) Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-161-D_eJHtY7NLO7XUHj2AOPBA-1; Mon, 11 Oct 2021 08:08:31 -0400 Received: from dggemv704-chm.china.huawei.com (unknown [172.30.72.55]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4HScsG1MXkzcbWM for ; Mon, 11 Oct 2021 20:04:02 +0800 (CST) Received: from dggema765-chm.china.huawei.com (10.1.198.207) by dggemv704-chm.china.huawei.com (10.3.19.47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.2308.8; Mon, 11 Oct 2021 20:08:01 +0800 Received: from localhost.localdomain (10.175.101.6) by dggema765-chm.china.huawei.com (10.1.198.207) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2308.8; Mon, 11 Oct 2021 20:08:01 +0800 X-MC-Unique: XIRTIq-NMXSwVVdCQFBv2A-1 X-MC-Unique: D_eJHtY7NLO7XUHj2AOPBA-1 From: Peng Liang To: Subject: [PATCH v2 08/10] security: don't remember image labels when migrating with shared fs Date: Mon, 11 Oct 2021 20:00:46 +0800 Message-ID: <20211011120048.243696-9-liangpeng10@huawei.com> In-Reply-To: <20211011120048.243696-1-liangpeng10@huawei.com> References: <20211011120048.243696-1-liangpeng10@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.175.101.6] X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To dggema765-chm.china.huawei.com (10.1.198.207) X-CFilter-Loop: Reflected X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 19BC8Y6e020842 X-loop: libvir-list@redhat.com Cc: yubihong@huawei.com, liangpeng10@huawei.com, xiexiangyou@huawei.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1633954126968100002 Content-Type: text/plain; charset="utf-8" When migrating with shared fs, the image labels has been remembered in the src host. If the dst host trys to remember image labels again, then the origin labels remembered in the src host will lost. Signed-off-by: Peng Liang --- src/security/security_dac.c | 32 +++++++++++++++++++++++--------- src/security/security_selinux.c | 33 ++++++++++++++++++++++++--------- 2 files changed, 47 insertions(+), 18 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 2c0e12a6f810..65cdf348e4c1 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -867,7 +867,8 @@ virSecurityDACSetImageLabelSingle(virSecurityManager *m= gr, virDomainDef *def, virStorageSource *src, virStorageSource *parent, - bool isChainTop) + bool isChainTop, + bool migrated) { virSecurityLabelDef *secdef; virSecurityDeviceLabelDef *disk_seclabel; @@ -931,7 +932,8 @@ virSecurityDACSetImageLabelSingle(virSecurityManager *m= gr, * but the top layer, or read only image, or disk explicitly * marked as shared. */ - remember =3D isChainTop && !src->readonly && !src->shared; + remember =3D isChainTop && !src->readonly && !src->shared && + !(migrated && virFileIsSharedFS(src->path) > 0); =20 return virSecurityDACSetOwnership(mgr, src, NULL, user, group, remembe= r); } @@ -942,14 +944,15 @@ virSecurityDACSetImageLabelRelative(virSecurityManage= r *mgr, virDomainDef *def, virStorageSource *src, virStorageSource *parent, - virSecurityDomainImageLabelFlags flags) + virSecurityDomainImageLabelFlags flags, + bool migrated) { virStorageSource *n; =20 for (n =3D src; virStorageSourceIsBacking(n); n =3D n->backingStore) { const bool isChainTop =3D flags & VIR_SECURITY_DOMAIN_IMAGE_PARENT= _CHAIN_TOP; =20 - if (virSecurityDACSetImageLabelSingle(mgr, def, n, parent, isChain= Top) < 0) + if (virSecurityDACSetImageLabelSingle(mgr, def, n, parent, isChain= Top, migrated) < 0) return -1; =20 if (!(flags & VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN)) @@ -961,13 +964,23 @@ virSecurityDACSetImageLabelRelative(virSecurityManage= r *mgr, return 0; } =20 +static int +virSecurityDACSetImageLabelInt(virSecurityManager *mgr, + virDomainDef *def, + virStorageSource *src, + virSecurityDomainImageLabelFlags flags, + bool migrated) +{ + return virSecurityDACSetImageLabelRelative(mgr, def, src, src, flags, = migrated); +} + static int virSecurityDACSetImageLabel(virSecurityManager *mgr, virDomainDef *def, virStorageSource *src, virSecurityDomainImageLabelFlags flags) { - return virSecurityDACSetImageLabelRelative(mgr, def, src, src, flags); + return virSecurityDACSetImageLabelInt(mgr, def, src, flags, false); } =20 static int @@ -2118,7 +2131,7 @@ virSecurityDACSetAllLabel(virSecurityManager *mgr, virDomainDef *def, const char *incomingPath G_GNUC_UNUSED, bool chardevStdioLogd, - bool migrated G_GNUC_UNUSED) + bool migrated) { virSecurityDACData *priv =3D virSecurityManagerGetPrivateData(mgr); virSecurityLabelDef *secdef; @@ -2140,9 +2153,10 @@ virSecurityDACSetAllLabel(virSecurityManager *mgr, /* XXX fixme - we need to recursively label the entire tree :-( */ if (virDomainDiskGetType(def->disks[i]) =3D=3D VIR_STORAGE_TYPE_DI= R) continue; - if (virSecurityDACSetImageLabel(mgr, def, def->disks[i]->src, - VIR_SECURITY_DOMAIN_IMAGE_LABEL_BA= CKING_CHAIN | - VIR_SECURITY_DOMAIN_IMAGE_PARENT_C= HAIN_TOP) < 0) + if (virSecurityDACSetImageLabelInt(mgr, def, def->disks[i]->src, + VIR_SECURITY_DOMAIN_IMAGE_LABEL= _BACKING_CHAIN | + VIR_SECURITY_DOMAIN_IMAGE_PAREN= T_CHAIN_TOP, + migrated) < 0) return -1; } =20 diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index f6fa412de89a..78d0e610f68c 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1809,7 +1809,8 @@ virSecuritySELinuxSetImageLabelSingle(virSecurityMana= ger *mgr, virDomainDef *def, virStorageSource *src, virStorageSource *parent, - bool isChainTop) + bool isChainTop, + bool migrated) { virSecuritySELinuxData *data =3D virSecurityManagerGetPrivateData(mgr); virSecurityLabelDef *secdef; @@ -1840,7 +1841,8 @@ virSecuritySELinuxSetImageLabelSingle(virSecurityMana= ger *mgr, * but the top layer, or read only image, or disk explicitly * marked as shared. */ - remember =3D isChainTop && !src->readonly && !src->shared; + remember =3D isChainTop && !src->readonly && !src->shared && + !(migrated && virFileIsSharedFS(src->path) > 0); =20 disk_seclabel =3D virStorageSourceGetSecurityLabelDef(src, SECURITY_SELINUX_N= AME); @@ -1905,14 +1907,15 @@ virSecuritySELinuxSetImageLabelRelative(virSecurity= Manager *mgr, virDomainDef *def, virStorageSource *src, virStorageSource *parent, - virSecurityDomainImageLabelFlags f= lags) + virSecurityDomainImageLabelFlags f= lags, + bool migrated) { virStorageSource *n; =20 for (n =3D src; virStorageSourceIsBacking(n); n =3D n->backingStore) { const bool isChainTop =3D flags & VIR_SECURITY_DOMAIN_IMAGE_PARENT= _CHAIN_TOP; =20 - if (virSecuritySELinuxSetImageLabelSingle(mgr, def, n, parent, isC= hainTop) < 0) + if (virSecuritySELinuxSetImageLabelSingle(mgr, def, n, parent, isC= hainTop, migrated) < 0) return -1; =20 if (!(flags & VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN)) @@ -1925,13 +1928,24 @@ virSecuritySELinuxSetImageLabelRelative(virSecurity= Manager *mgr, } =20 =20 +static int +virSecuritySELinuxSetImageLabelInt(virSecurityManager *mgr, + virDomainDef *def, + virStorageSource *src, + virSecurityDomainImageLabelFlags flags, + bool migrated) +{ + return virSecuritySELinuxSetImageLabelRelative(mgr, def, src, src, fla= gs, migrated); +} + + static int virSecuritySELinuxSetImageLabel(virSecurityManager *mgr, virDomainDef *def, virStorageSource *src, virSecurityDomainImageLabelFlags flags) { - return virSecuritySELinuxSetImageLabelRelative(mgr, def, src, src, fla= gs); + return virSecuritySELinuxSetImageLabelInt(mgr, def, src, flags, false); } =20 struct virSecuritySELinuxMoveImageMetadataData { @@ -3156,7 +3170,7 @@ virSecuritySELinuxSetAllLabel(virSecurityManager *mgr, virDomainDef *def, const char *incomingPath G_GNUC_UNUSED, bool chardevStdioLogd, - bool migrated G_GNUC_UNUSED) + bool migrated) { size_t i; virSecuritySELinuxData *data =3D virSecurityManagerGetPrivateData(mgr); @@ -3180,9 +3194,10 @@ virSecuritySELinuxSetAllLabel(virSecurityManager *mg= r, def->disks[i]->dst); continue; } - if (virSecuritySELinuxSetImageLabel(mgr, def, def->disks[i]->src, - VIR_SECURITY_DOMAIN_IMAGE_LABE= L_BACKING_CHAIN | - VIR_SECURITY_DOMAIN_IMAGE_PARE= NT_CHAIN_TOP) < 0) + if (virSecuritySELinuxSetImageLabelInt(mgr, def, def->disks[i]->sr= c, + VIR_SECURITY_DOMAIN_IMAGE_L= ABEL_BACKING_CHAIN | + VIR_SECURITY_DOMAIN_IMAGE_P= ARENT_CHAIN_TOP, + migrated) < 0) return -1; } /* XXX fixme process def->fss if relabel =3D=3D true */ --=20 2.31.1