From nobody Wed May  1 23:01:43 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 216.205.24.124 as permitted sender) client-ip=216.205.24.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=canonical.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
	with SMTPS id 1635861922580853.379396637545;
 Tue, 2 Nov 2021 07:05:22 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-345-5WKMpD-HNmaoNs8C0afe0w-1; Tue, 02 Nov 2021 10:05:19 -0400
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 60F368B4286;
	Tue,  2 Nov 2021 14:05:01 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id E07BFE2C9;
	Tue,  2 Nov 2021 14:04:59 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id B74D0180BAD1;
	Tue,  2 Nov 2021 14:04:56 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com
	[10.11.54.1])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1A2E4tj3022234 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 2 Nov 2021 10:04:55 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id E892B400DEF8; Tue,  2 Nov 2021 14:04:54 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id E38384010E97
	for <libvir-list@redhat.com>; Tue,  2 Nov 2021 14:04:54 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C9C24811E85
	for <libvir-list@redhat.com>; Tue,  2 Nov 2021 14:04:54 +0000 (UTC)
Received: from smtp-relay-internal-1.canonical.com
	(smtp-relay-internal-1.canonical.com [185.125.188.123]) (Using TLS) by
	relay.mimecast.com with ESMTP id us-mta-97-UKh_dBjZMoaYUe_xa8bP3g-1;
	Tue, 02 Nov 2021 10:04:52 -0400
Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com
	[209.85.208.71])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
	SHA256) (No client certificate requested)
	by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id
	0FD1B3F1A6
	for <libvir-list@redhat.com>; Tue,  2 Nov 2021 14:04:50 +0000 (UTC)
Received: by mail-ed1-f71.google.com with SMTP id
	t18-20020a056402021200b003db9e6b0e57so18918090edv.10
	for <libvir-list@redhat.com>; Tue, 02 Nov 2021 07:04:50 -0700 (PDT)
Received: from localhost (o5wzrf.static.otenet.gr. [2.84.75.34])
	by smtp.gmail.com with ESMTPSA id
	j15sm10837163edl.34.2021.11.02.07.04.48
	(version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
	Tue, 02 Nov 2021 07:04:48 -0700 (PDT)
X-MC-Unique: 5WKMpD-HNmaoNs8C0afe0w-1
X-MC-Unique: UKh_dBjZMoaYUe_xa8bP3g-1
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20210112;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=THVEUw9V1fIOL8Y15NxyzCIWBpuM1oTHwgnOJZfMef8=;
	b=ugQXYkGIgpsw5Ihvo6UtOFkAxelb4epyNvjgIQA76//EyeRda2lUcuuwL6mU98He99
	U3HKhWMC+Jca4gPW0rU90LJ5Ml3L5oRci8eRWUv4WyFlOW/ymCdbyD1MKeEvBjxPX39P
	mUXYzjHUt1GcgYR6Z1oWiEbXIuvo9et6qowQX2wU9mOcviknTU7wySdTzzJWEfCNU+o1
	/SnGbFTBhQomX/A4fzUUMEQMd1qiunnuciJrdhHoWeMTy/d9WuilK3PADrXph3GWNv6O
	mYz3AfcGpd39xAFnJsvKdUDA3eZ30PnW7Fb48EMpWfbRkvlmmpLjTDq7hYBSp6/8JGG6
	psEQ==
X-Gm-Message-State: AOAM531BeCEXMJD4NLVi75KbtxRA5ngG3sk7MKWCVstdMdvWvRAW89jE
	Gp1tg3ApG4EnEfBQ5U323Pgm42TjQsquuq/BN16QVuWe9XjJNgfMnRtbyPSaWNvUXQCql2G47Bd
	eItkweaCt3PKZ7Tp3TRKQqyZvMrDSLPY8zA==
X-Received: by 2002:a05:6402:510c:: with SMTP id
	m12mr52455461edd.33.1635861889319;
	Tue, 02 Nov 2021 07:04:49 -0700 (PDT)
X-Google-Smtp-Source: 
 ABdhPJw5feYyo1snOypKJBxf8TKNGKgo7EKwqRmKrV0IGnjGu0vpVcrTvIzTWNx+jA4uilvDqkMDqw==
X-Received: by 2002:a05:6402:510c:: with SMTP id
	m12mr52455442edd.33.1635861889137;
	Tue, 02 Nov 2021 07:04:49 -0700 (PDT)
From: Ioanna Alifieraki <ioanna-maria.alifieraki@canonical.com>
To: libvir-list@redhat.com, christian.ehrhardt@canonical.com,
	alejandro.santoyo@canonical.com, jtomko@redhat.com
Subject: [PATCH v2 1/1] virt-aa-helper: Purge profile if corrupted
Date: Tue,  2 Nov 2021 16:04:45 +0200
Message-Id: <20211102140445.3266-2-ioanna-maria.alifieraki@canonical.com>
In-Reply-To: <20211102140445.3266-1-ioanna-maria.alifieraki@canonical.com>
References: <20211102140445.3266-1-ioanna-maria.alifieraki@canonical.com>
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 2
X-Mimecast-Originator: redhat.com
X-ZM-MESSAGEID: 1635861923588100003
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

This commit aims to address the bug reported in [1] and [2].
If the profile is corrupted (0-size) the VM cannot be launched.
To overcome this, check if the profile exists and if it has 0 size
remove it.

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D890084
[2] https://bugs.launchpad.net/bugs/1927519

Signed-off-by: Ioanna Alifieraki <ioanna-maria.alifieraki@canonical.com>
Reviewed-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Reviewed-by: J=C3=A1n Tomko <jtomko@redhat.com>
---
 src/security/virt-aa-helper.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 7c21ab9515..218e07bfb0 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1437,6 +1437,8 @@ main(int argc, char **argv)
     int rc =3D -1;
     char *profile =3D NULL;
     char *include_file =3D NULL;
+    off_t size;
+    bool purged =3D 0;
=20
     if (virGettextInitialize() < 0 ||
         virErrorInitialize() < 0) {
@@ -1484,6 +1486,22 @@ main(int argc, char **argv)
         if (ctl->cmd =3D=3D 'c' && virFileExists(profile))
             vah_error(ctl, 1, _("profile exists"));
=20
+        /*
+         * Rare cases can leave corrupted empty files behind breaking
+         * the guest. An empty file is never correct as virt-aa-helper
+         * would at least add the basic rules, therefore clean this up
+         * for a proper refresh.
+         */
+        if (virFileExists(profile)) {
+                size =3D virFileLength(profile, -1);
+                if (size =3D=3D 0) {
+                        vah_warning(_("Profile of 0 size detected, will at=
tempt to remove it"));
+                        if ((rc =3D parserRemove(ctl->uuid) !=3D 0))
+                                vah_error(ctl, 1, _("could not remove prof=
ile"));
+                        unlink(profile);
+                        purged =3D true;
+                }
+        }
         if (ctl->append && ctl->newfile) {
             if (vah_add_file(&buf, ctl->newfile, "rwk") !=3D 0)
                 goto cleanup;
@@ -1523,7 +1541,7 @@ main(int argc, char **argv)
=20
=20
         /* create the profile from TEMPLATE */
-        if (ctl->cmd =3D=3D 'c') {
+        if (ctl->cmd =3D=3D 'c' || purged) {
             char *tmp =3D NULL;
             tmp =3D g_strdup_printf("  #include <libvirt/%s.files>\n", ctl=
->uuid);
=20
--=20
2.17.1