From nobody Fri May 10 20:11:57 2024 Delivered-To: importer@patchew.org Received-SPF: none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain of lists.libvirt.org) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; spf=none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain of lists.libvirt.org) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1710926523150461.94921382295547; Wed, 20 Mar 2024 02:22:03 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id EC1291C3D; Wed, 20 Mar 2024 05:22:01 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 027DB1BC1; Wed, 20 Mar 2024 05:19:43 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 9B3121B62; Wed, 20 Mar 2024 05:19:30 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 5B0811BAB for ; Wed, 20 Mar 2024 05:19:28 -0400 (EDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-609-oX-rELZ4Mb6ksWsHM32ymQ-1; Wed, 20 Mar 2024 05:19:23 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A144D185A789; Wed, 20 Mar 2024 09:19:22 +0000 (UTC) Received: from harajuku.usersys.redhat.com (unknown [10.45.225.41]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 100A6C1576F; Wed, 20 Mar 2024 09:19:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.4 X-MC-Unique: oX-rELZ4Mb6ksWsHM32ymQ-1 From: Andrea Bolognani To: devel@lists.libvirt.org Subject: [PATCH 01/10] security: Fix alignment Date: Wed, 20 Mar 2024 10:19:06 +0100 Message-ID: <20240320091915.369391-2-abologna@redhat.com> In-Reply-To: <20240320091915.369391-1-abologna@redhat.com> References: <20240320091915.369391-1-abologna@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Message-ID-Hash: JHJJNQUXQKFZIGPLZIVEYPJRK5KSU2PT X-Message-ID-Hash: JHJJNQUXQKFZIGPLZIVEYPJRK5KSU2PT X-MailFrom: abologna@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: Content-Type: text/plain; charset="utf-8"; x-default="true" Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1710926524361100001 Signed-off-by: Andrea Bolognani Reviewed-by: Peter Krempa Reviewed-by: Stefan Berger --- src/security/security_manager.c | 14 +++++++------- src/security/security_manager.h | 16 ++++++++-------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/src/security/security_manager.c b/src/security/security_manage= r.c index afd41f1c20..24f2f3d3dc 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -412,9 +412,9 @@ virSecurityManagerGetPrivileged(virSecurityManager *mgr) */ int virSecurityManagerRestoreImageLabel(virSecurityManager *mgr, - virDomainDef *vm, - virStorageSource *src, - virSecurityDomainImageLabelFlags flags) + virDomainDef *vm, + virStorageSource *src, + virSecurityDomainImageLabelFlags flags) { VIR_LOCK_GUARD lock =3D virObjectLockGuard(mgr); =20 @@ -1082,8 +1082,8 @@ virSecurityManagerDomainRestorePathLabel(virSecurityM= anager *mgr, */ int virSecurityManagerSetMemoryLabel(virSecurityManager *mgr, - virDomainDef *vm, - virDomainMemoryDef *mem) + virDomainDef *vm, + virDomainMemoryDef *mem) { VIR_LOCK_GUARD lock =3D virObjectLockGuard(mgr); =20 @@ -1108,8 +1108,8 @@ virSecurityManagerSetMemoryLabel(virSecurityManager *= mgr, */ int virSecurityManagerRestoreMemoryLabel(virSecurityManager *mgr, - virDomainDef *vm, - virDomainMemoryDef *mem) + virDomainDef *vm, + virDomainMemoryDef *mem) { VIR_LOCK_GUARD lock =3D virObjectLockGuard(mgr); =20 diff --git a/src/security/security_manager.h b/src/security/security_manage= r.h index 97add3294d..a416af3215 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -43,8 +43,8 @@ typedef enum { VIR_SECURITY_MANAGER_PRIVILEGED) =20 virSecurityManager *virSecurityManagerNew(const char *name, - const char *virtDriver, - unsigned int flags); + const char *virtDriver, + unsigned int flags); =20 virSecurityManager *virSecurityManagerNewStack(virSecurityManager *primary= ); int virSecurityManagerStackAddNested(virSecurityManager *stack, @@ -73,10 +73,10 @@ typedef int =20 =20 virSecurityManager *virSecurityManagerNewDAC(const char *virtDriver, - uid_t user, - gid_t group, - unsigned int flags, - virSecurityManagerDACChownC= allback chownCallback); + uid_t user, + gid_t group, + unsigned int flags, + virSecurityManagerDACChownCal= lback chownCallback); =20 int virSecurityManagerPreFork(virSecurityManager *mgr); void virSecurityManagerPostFork(virSecurityManager *mgr); @@ -184,8 +184,8 @@ int virSecurityManagerSetMemoryLabel(virSecurityManager= *mgr, virDomainDef *vm, virDomainMemoryDef *mem); int virSecurityManagerRestoreMemoryLabel(virSecurityManager *mgr, - virDomainDef *vm, - virDomainMemoryDef *mem); + virDomainDef *vm, + virDomainMemoryDef *mem); =20 int virSecurityManagerSetInputLabel(virSecurityManager *mgr, virDomainDef *vm, --=20 2.44.0 _______________________________________________ Devel mailing list -- devel@lists.libvirt.org To unsubscribe send an email to devel-leave@lists.libvirt.org From nobody Fri May 10 20:11:57 2024 Delivered-To: importer@patchew.org Received-SPF: none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain of lists.libvirt.org) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; spf=none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain of lists.libvirt.org) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1710926473457261.28917764703283; Wed, 20 Mar 2024 02:21:13 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 5012D1EFA; Wed, 20 Mar 2024 05:21:12 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 2F54C1C80; Wed, 20 Mar 2024 05:19:37 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id CA6CB1B62; Wed, 20 Mar 2024 05:19:29 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 7FE7B1B7E for ; Wed, 20 Mar 2024 05:19:27 -0400 (EDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-446-XFeMWliCNRau5p2TUSFaaQ-1; Wed, 20 Mar 2024 05:19:23 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 83CB1800265; Wed, 20 Mar 2024 09:19:23 +0000 (UTC) Received: from harajuku.usersys.redhat.com (unknown [10.45.225.41]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E6431C1576F; Wed, 20 Mar 2024 09:19:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.4 X-MC-Unique: XFeMWliCNRau5p2TUSFaaQ-1 From: Andrea Bolognani To: devel@lists.libvirt.org Subject: [PATCH 02/10] security: Fix name for _virSecurityDACChardevCallbackData Date: Wed, 20 Mar 2024 10:19:07 +0100 Message-ID: <20240320091915.369391-3-abologna@redhat.com> In-Reply-To: <20240320091915.369391-1-abologna@redhat.com> References: <20240320091915.369391-1-abologna@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Message-ID-Hash: T33CVW3I7VWANMCDTCNCWFWFE53FBAZI X-Message-ID-Hash: T33CVW3I7VWANMCDTCNCWFWFE53FBAZI X-MailFrom: abologna@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: Content-Type: text/plain; charset="utf-8"; x-default="true" Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1710926474215100001 It was clearly copied over from the SELinux driver without updating its name in the process. Signed-off-by: Andrea Bolognani Reviewed-by: Peter Krempa Reviewed-by: Stefan Berger --- src/security/security_dac.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 4b8130630f..7421496fc9 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1671,7 +1671,7 @@ virSecurityDACRestoreChardevLabel(virSecurityManager = *mgr, } =20 =20 -struct _virSecuritySELinuxChardevCallbackData { +struct _virSecurityDACChardevCallbackData { virSecurityManager *mgr; bool chardevStdioLogd; }; @@ -1682,7 +1682,7 @@ virSecurityDACRestoreChardevCallback(virDomainDef *de= f, virDomainChrDef *dev G_GNUC_UNUSED, void *opaque) { - struct _virSecuritySELinuxChardevCallbackData *data =3D opaque; + struct _virSecurityDACChardevCallbackData *data =3D opaque; =20 return virSecurityDACRestoreChardevLabel(data->mgr, def, dev->source, data->chardevStdioLogd); @@ -1916,7 +1916,7 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr, size_t i; int rc =3D 0; =20 - struct _virSecuritySELinuxChardevCallbackData chardevData =3D { + struct _virSecurityDACChardevCallbackData chardevData =3D { .mgr =3D mgr, .chardevStdioLogd =3D chardevStdioLogd, }; @@ -2018,7 +2018,7 @@ virSecurityDACSetChardevCallback(virDomainDef *def, virDomainChrDef *dev G_GNUC_UNUSED, void *opaque) { - struct _virSecuritySELinuxChardevCallbackData *data =3D opaque; + struct _virSecurityDACChardevCallbackData *data =3D opaque; =20 return virSecurityDACSetChardevLabel(data->mgr, def, dev->source, data->chardevStdioLogd); @@ -2141,7 +2141,7 @@ virSecurityDACSetAllLabel(virSecurityManager *mgr, uid_t user; gid_t group; =20 - struct _virSecuritySELinuxChardevCallbackData chardevData =3D { + struct _virSecurityDACChardevCallbackData chardevData =3D { .mgr =3D mgr, .chardevStdioLogd =3D chardevStdioLogd, }; --=20 2.44.0 _______________________________________________ Devel mailing list -- devel@lists.libvirt.org To unsubscribe send an email to devel-leave@lists.libvirt.org From nobody Fri May 10 20:11:57 2024 Delivered-To: importer@patchew.org Received-SPF: none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain of lists.libvirt.org) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; spf=none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain of lists.libvirt.org) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1710926976498528.9360872087123; Wed, 20 Mar 2024 02:29:36 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 69EA0217C; Wed, 20 Mar 2024 05:29:35 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 4619E1F40; Wed, 20 Mar 2024 05:20:19 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 267FF1C1E; Wed, 20 Mar 2024 05:19:36 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id BB9531B65 for ; Wed, 20 Mar 2024 05:19:31 -0400 (EDT) Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-104-wuYhqIn0NF-Ags-8yJRMCA-1; Wed, 20 Mar 2024 05:19:25 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 653E929AC00C; Wed, 20 Mar 2024 09:19:24 +0000 (UTC) Received: from harajuku.usersys.redhat.com (unknown [10.45.225.41]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C8229C1576F; Wed, 20 Mar 2024 09:19:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.4 X-MC-Unique: wuYhqIn0NF-Ags-8yJRMCA-1 From: Andrea Bolognani To: devel@lists.libvirt.org Subject: [PATCH 03/10] security: Drop virSecurity(DAC|SELinux)RestoreImageLabelSingle() Date: Wed, 20 Mar 2024 10:19:08 +0100 Message-ID: <20240320091915.369391-4-abologna@redhat.com> In-Reply-To: <20240320091915.369391-1-abologna@redhat.com> References: <20240320091915.369391-1-abologna@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Message-ID-Hash: 2AD5QESQ5TX7HDMELWSMHAILE52TKYSX X-Message-ID-Hash: 2AD5QESQ5TX7HDMELWSMHAILE52TKYSX X-MailFrom: abologna@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: Content-Type: text/plain; charset="utf-8"; x-default="true" Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1710926977750100001 Each one only has a single, trivial caller. Signed-off-by: Andrea Bolognani Reviewed-by: Peter Krempa Reviewed-by: Stefan Berger --- src/security/security_dac.c | 21 ++++----------------- src/security/security_selinux.c | 21 ++++----------------- 2 files changed, 8 insertions(+), 34 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 7421496fc9..9c24a1c4a8 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -972,10 +972,10 @@ virSecurityDACSetImageLabel(virSecurityManager *mgr, } =20 static int -virSecurityDACRestoreImageLabelSingle(virSecurityManager *mgr, - virDomainDef *def, - virStorageSource *src, - bool migrated) +virSecurityDACRestoreImageLabelInt(virSecurityManager *mgr, + virDomainDef *def, + virStorageSource *src, + bool migrated) { virSecurityDACData *priv =3D virSecurityManagerGetPrivateData(mgr); virSecurityLabelDef *secdef; @@ -1047,19 +1047,6 @@ virSecurityDACRestoreImageLabelSingle(virSecurityMan= ager *mgr, } =20 =20 -static int -virSecurityDACRestoreImageLabelInt(virSecurityManager *mgr, - virDomainDef *def, - virStorageSource *src, - bool migrated) -{ - if (virSecurityDACRestoreImageLabelSingle(mgr, def, src, migrated) < 0) - return -1; - - return 0; -} - - static int virSecurityDACRestoreImageLabel(virSecurityManager *mgr, virDomainDef *def, diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index ffad058d9a..d491435ae1 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1774,10 +1774,10 @@ virSecuritySELinuxRestoreTPMFileLabelInt(virSecurit= yManager *mgr, =20 =20 static int -virSecuritySELinuxRestoreImageLabelSingle(virSecurityManager *mgr, - virDomainDef *def, - virStorageSource *src, - bool migrated) +virSecuritySELinuxRestoreImageLabelInt(virSecurityManager *mgr, + virDomainDef *def, + virStorageSource *src, + bool migrated) { virSecurityLabelDef *seclabel; virSecurityDeviceLabelDef *disk_seclabel; @@ -1863,19 +1863,6 @@ virSecuritySELinuxRestoreImageLabelSingle(virSecurit= yManager *mgr, } =20 =20 -static int -virSecuritySELinuxRestoreImageLabelInt(virSecurityManager *mgr, - virDomainDef *def, - virStorageSource *src, - bool migrated) -{ - if (virSecuritySELinuxRestoreImageLabelSingle(mgr, def, src, migrated)= < 0) - return -1; - - return 0; -} - - static int virSecuritySELinuxRestoreImageLabel(virSecurityManager *mgr, virDomainDef *def, --=20 2.44.0 _______________________________________________ Devel mailing list -- devel@lists.libvirt.org To unsubscribe send an email to devel-leave@lists.libvirt.org From nobody Fri May 10 20:11:57 2024 Delivered-To: importer@patchew.org Received-SPF: none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain of lists.libvirt.org) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; spf=none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain of lists.libvirt.org) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1710926431576864.5131486935741; Wed, 20 Mar 2024 02:20:31 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 3BA4E1D00; Wed, 20 Mar 2024 05:20:30 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id B6EFF1BBA; Wed, 20 Mar 2024 05:19:33 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id C7BFC1BB6; Wed, 20 Mar 2024 05:19:29 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 2F0041B65 for ; Wed, 20 Mar 2024 05:19:27 -0400 (EDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-673-bJ2RIW6xNwyEMsc_uLqClQ-1; Wed, 20 Mar 2024 05:19:25 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 47EBD185A783; Wed, 20 Mar 2024 09:19:25 +0000 (UTC) Received: from harajuku.usersys.redhat.com (unknown [10.45.225.41]) by smtp.corp.redhat.com (Postfix) with ESMTPS id AA2EEC1576F; Wed, 20 Mar 2024 09:19:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.4 X-MC-Unique: bJ2RIW6xNwyEMsc_uLqClQ-1 From: Andrea Bolognani To: devel@lists.libvirt.org Subject: [PATCH 04/10] security: Drop virSecurity(DAC|SELinux)SetImageLabelRelative() Date: Wed, 20 Mar 2024 10:19:09 +0100 Message-ID: <20240320091915.369391-5-abologna@redhat.com> In-Reply-To: <20240320091915.369391-1-abologna@redhat.com> References: <20240320091915.369391-1-abologna@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Message-ID-Hash: 3NWXM77KDRU45QVEACQWEYFLOTBVGZOE X-Message-ID-Hash: 3NWXM77KDRU45QVEACQWEYFLOTBVGZOE X-MailFrom: abologna@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: Content-Type: text/plain; charset="utf-8"; x-default="true" Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1710926432162100001 The single caller for each function passes the same value for @src and @parent, which means that we don't really need the additional API. Signed-off-by: Andrea Bolognani Reviewed-by: Peter Krempa Reviewed-by: Stefan Berger --- src/security/security_dac.c | 19 +++++-------------- src/security/security_selinux.c | 19 +++++-------------- 2 files changed, 10 insertions(+), 28 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 9c24a1c4a8..567be4bd23 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -939,12 +939,12 @@ virSecurityDACSetImageLabelInternal(virSecurityManage= r *mgr, =20 =20 static int -virSecurityDACSetImageLabelRelative(virSecurityManager *mgr, - virDomainDef *def, - virStorageSource *src, - virStorageSource *parent, - virSecurityDomainImageLabelFlags flags) +virSecurityDACSetImageLabel(virSecurityManager *mgr, + virDomainDef *def, + virStorageSource *src, + virSecurityDomainImageLabelFlags flags) { + virStorageSource *parent =3D src; virStorageSource *n; =20 for (n =3D src; virStorageSourceIsBacking(n); n =3D n->backingStore) { @@ -962,15 +962,6 @@ virSecurityDACSetImageLabelRelative(virSecurityManager= *mgr, return 0; } =20 -static int -virSecurityDACSetImageLabel(virSecurityManager *mgr, - virDomainDef *def, - virStorageSource *src, - virSecurityDomainImageLabelFlags flags) -{ - return virSecurityDACSetImageLabelRelative(mgr, def, src, src, flags); -} - static int virSecurityDACRestoreImageLabelInt(virSecurityManager *mgr, virDomainDef *def, diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index d491435ae1..b49af26e49 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1980,12 +1980,12 @@ virSecuritySELinuxSetImageLabelInternal(virSecurity= Manager *mgr, =20 =20 static int -virSecuritySELinuxSetImageLabelRelative(virSecurityManager *mgr, - virDomainDef *def, - virStorageSource *src, - virStorageSource *parent, - virSecurityDomainImageLabelFlags f= lags) +virSecuritySELinuxSetImageLabel(virSecurityManager *mgr, + virDomainDef *def, + virStorageSource *src, + virSecurityDomainImageLabelFlags flags) { + virStorageSource *parent =3D src; virStorageSource *n; =20 for (n =3D src; virStorageSourceIsBacking(n); n =3D n->backingStore) { @@ -2004,15 +2004,6 @@ virSecuritySELinuxSetImageLabelRelative(virSecurityM= anager *mgr, } =20 =20 -static int -virSecuritySELinuxSetImageLabel(virSecurityManager *mgr, - virDomainDef *def, - virStorageSource *src, - virSecurityDomainImageLabelFlags flags) -{ - return virSecuritySELinuxSetImageLabelRelative(mgr, def, src, src, fla= gs); -} - struct virSecuritySELinuxMoveImageMetadataData { virSecurityManager *mgr; const char *src; --=20 2.44.0 _______________________________________________ Devel mailing list -- devel@lists.libvirt.org To unsubscribe send an email to devel-leave@lists.libvirt.org From nobody Fri May 10 20:11:57 2024 Delivered-To: importer@patchew.org Received-SPF: none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain of lists.libvirt.org) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; spf=none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain of lists.libvirt.org) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 171092667820115.934964730995262; Wed, 20 Mar 2024 02:24:38 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 0E4561E57; Wed, 20 Mar 2024 05:24:36 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 0C8C61F03; Wed, 20 Mar 2024 05:20:01 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 0E54D1B65; Wed, 20 Mar 2024 05:19:31 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 6360F1B65 for ; Wed, 20 Mar 2024 05:19:30 -0400 (EDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-647-GLeovF_DMSGX-Mjjb_iDWg-1; Wed, 20 Mar 2024 05:19:26 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2913A1869E20; Wed, 20 Mar 2024 09:19:26 +0000 (UTC) Received: from harajuku.usersys.redhat.com (unknown [10.45.225.41]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8C5B3C15771; Wed, 20 Mar 2024 09:19:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.4 X-MC-Unique: GLeovF_DMSGX-Mjjb_iDWg-1 From: Andrea Bolognani To: devel@lists.libvirt.org Subject: [PATCH 05/10] qemu: Tweak augeas schema Date: Wed, 20 Mar 2024 10:19:10 +0100 Message-ID: <20240320091915.369391-6-abologna@redhat.com> In-Reply-To: <20240320091915.369391-1-abologna@redhat.com> References: <20240320091915.369391-1-abologna@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Message-ID-Hash: 7PGRKERRIT6CKH4FSZQKUWQD7XB5HAVU X-Message-ID-Hash: 7PGRKERRIT6CKH4FSZQKUWQD7XB5HAVU X-MailFrom: abologna@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: Content-Type: text/plain; charset="utf-8"; x-default="true" Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1710926678802100001 Current entries should always be listed before obsolete ones. Signed-off-by: Andrea Bolognani Reviewed-by: Peter Krempa Reviewed-by: Stefan Berger --- src/qemu/libvirtd_qemu.aug | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug index 43485b43fb..2b6526538f 100644 --- a/src/qemu/libvirtd_qemu.aug +++ b/src/qemu/libvirtd_qemu.aug @@ -139,16 +139,16 @@ module Libvirtd_qemu =3D let swtpm_entry =3D str_entry "swtpm_user" | str_entry "swtpm_group" =20 + let capability_filters_entry =3D str_array_entry "capability_filters" + + let storage_entry =3D bool_entry "storage_use_nbdkit" + (* Entries that used to exist in the config which are now * deleted. We keep on parsing them so we don't break * ability to parse old configs after upgrade *) let obsolete_entry =3D bool_entry "clear_emulator_capabilities" =20 - let capability_filters_entry =3D str_array_entry "capability_filters" - - let storage_entry =3D bool_entry "storage_use_nbdkit" - (* Each entry in the config is one of the following ... *) let entry =3D default_tls_entry | vnc_entry --=20 2.44.0 _______________________________________________ Devel mailing list -- devel@lists.libvirt.org To unsubscribe send an email to devel-leave@lists.libvirt.org From nobody Fri May 10 20:11:57 2024 Delivered-To: importer@patchew.org Received-SPF: none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain of lists.libvirt.org) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; spf=none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain of lists.libvirt.org) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1710926643304517.9657553934703; Wed, 20 Mar 2024 02:24:03 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 1434E1F86; Wed, 20 Mar 2024 05:24:02 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 9A33F1BA4; Wed, 20 Mar 2024 05:19:55 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id B2D431B85; Wed, 20 Mar 2024 05:19:30 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 060A01BB1 for ; Wed, 20 Mar 2024 05:19:29 -0400 (EDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-92-iJQI2Ry9MiWVxBGJgkphxg-1; Wed, 20 Mar 2024 05:19:27 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 0BF38101A586; Wed, 20 Mar 2024 09:19:27 +0000 (UTC) Received: from harajuku.usersys.redhat.com (unknown [10.45.225.41]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6DB3BC15771; Wed, 20 Mar 2024 09:19:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.4 X-MC-Unique: iJQI2Ry9MiWVxBGJgkphxg-1 From: Andrea Bolognani To: devel@lists.libvirt.org Subject: [PATCH 06/10] qemu: Introduce shared_filesystems configuration option Date: Wed, 20 Mar 2024 10:19:11 +0100 Message-ID: <20240320091915.369391-7-abologna@redhat.com> In-Reply-To: <20240320091915.369391-1-abologna@redhat.com> References: <20240320091915.369391-1-abologna@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Message-ID-Hash: MXJC2IGBGSSFYCMX34TUAN3ZHRYI3ATC X-Message-ID-Hash: MXJC2IGBGSSFYCMX34TUAN3ZHRYI3ATC X-MailFrom: abologna@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: Content-Type: text/plain; charset="utf-8"; x-default="true" Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1710926644722100001 As explained in the comment, this can help in scenarios where a shared filesystem can't be detected as such by libvirt, by giving the admin the opportunity to provide this information manually. Signed-off-by: Andrea Bolognani --- src/qemu/libvirtd_qemu.aug | 3 +++ src/qemu/qemu.conf.in | 17 +++++++++++++++++ src/qemu/qemu_conf.c | 17 +++++++++++++++++ src/qemu/qemu_conf.h | 2 ++ src/qemu/test_libvirtd_qemu.aug.in | 5 +++++ 5 files changed, 44 insertions(+) diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug index 2b6526538f..1377fd89cc 100644 --- a/src/qemu/libvirtd_qemu.aug +++ b/src/qemu/libvirtd_qemu.aug @@ -143,6 +143,8 @@ module Libvirtd_qemu =3D =20 let storage_entry =3D bool_entry "storage_use_nbdkit" =20 + let filesystem_entry =3D str_array_entry "shared_filesystems" + (* Entries that used to exist in the config which are now * deleted. We keep on parsing them so we don't break * ability to parse old configs after upgrade @@ -173,6 +175,7 @@ module Libvirtd_qemu =3D | swtpm_entry | capability_filters_entry | storage_entry + | filesystem_entry | obsolete_entry =20 let comment =3D [ label "#comment" . del /#[ \t]*/ "# " . store /([^ \= t\n][^\n]*)?/ . del /\n/ "\n" ] diff --git a/src/qemu/qemu.conf.in b/src/qemu/qemu.conf.in index f406df8749..db42448239 100644 --- a/src/qemu/qemu.conf.in +++ b/src/qemu/qemu.conf.in @@ -986,3 +986,20 @@ # note that the default might change in future releases. # #storage_use_nbdkit =3D @USE_NBDKIT_DEFAULT@ + +# libvirt will normally prevent migration if the storage backing the VM is= not +# on a shared filesystems. Sometimes, however, the storage *is* shared des= pite +# not being detected as such: for example, this is the case when one of the +# hosts involved in the migration is exporting its local storage to the ot= her +# one via NFS. +# +# Any directory listed here will be assumed to live on a shared filesystem, +# making migration possible in scenarios such as the one described above. +# +# If you need this feature, you probably want to set remember_owner=3D0 to= o. +# +#shared_filesystems =3D [ +# "/var/lib/libvirt/images", +# "/var/lib/libvirt/qemu/nvram", +# "/var/lib/libvirt/swtpm" +#] diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index 4050a82341..01c6bcc793 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -374,6 +374,8 @@ static void virQEMUDriverConfigDispose(void *obj) =20 g_strfreev(cfg->capabilityfilters); =20 + g_strfreev(cfg->sharedFilesystems); + g_free(cfg->deprecationBehavior); } =20 @@ -1084,6 +1086,18 @@ virQEMUDriverConfigLoadStorageEntry(virQEMUDriverCon= fig *cfg, } =20 =20 +static int +virQEMUDriverConfigLoadFilesystemEntry(virQEMUDriverConfig *cfg, + virConf *conf) +{ + if (virConfGetValueStringList(conf, "shared_filesystems", false, + &cfg->sharedFilesystems) < 0) + return -1; + + return 0; +} + + int virQEMUDriverConfigLoadFile(virQEMUDriverConfig *cfg, const char *filename, bool privileged) @@ -1158,6 +1172,9 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfig *= cfg, if (virQEMUDriverConfigLoadStorageEntry(cfg, conf) < 0) return -1; =20 + if (virQEMUDriverConfigLoadFilesystemEntry(cfg, conf) < 0) + return -1; + return 0; } =20 diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h index 36049b4bfa..b53d56be02 100644 --- a/src/qemu/qemu_conf.h +++ b/src/qemu/qemu_conf.h @@ -233,6 +233,8 @@ struct _virQEMUDriverConfig { bool storageUseNbdkit; =20 virQEMUSchedCore schedCore; + + char **sharedFilesystems; }; =20 G_DEFINE_AUTOPTR_CLEANUP_FUNC(virQEMUDriverConfig, virObjectUnref); diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qe= mu.aug.in index b97e6de11e..f0a7a2a30e 100644 --- a/src/qemu/test_libvirtd_qemu.aug.in +++ b/src/qemu/test_libvirtd_qemu.aug.in @@ -119,3 +119,8 @@ module Test_libvirtd_qemu =3D { "deprecation_behavior" =3D "none" } { "sched_core" =3D "none" } { "storage_use_nbdkit" =3D "@USE_NBDKIT_DEFAULT@" } +{ "shared_filesystems" + { "1" =3D "/var/lib/libvirt/images" } + { "2" =3D "/var/lib/libvirt/qemu/nvram" } + { "3" =3D "/var/lib/libvirt/swtpm" } +} --=20 2.44.0 _______________________________________________ Devel mailing list -- devel@lists.libvirt.org To unsubscribe send an email to devel-leave@lists.libvirt.org From nobody Fri May 10 20:11:57 2024 Delivered-To: importer@patchew.org Received-SPF: none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain of lists.libvirt.org) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; spf=none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain of lists.libvirt.org) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 171092682561841.18844146621802; Wed, 20 Mar 2024 02:27:05 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 5BAF9219A; Wed, 20 Mar 2024 05:27:04 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 766071F10; Wed, 20 Mar 2024 05:20:06 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id CF3781BCE; Wed, 20 Mar 2024 05:19:33 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 49D0C1B62 for ; Wed, 20 Mar 2024 05:19:31 -0400 (EDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-454-3KTGP3RcNh6TmvuodDME_w-1; Wed, 20 Mar 2024 05:19:28 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 37C58811E81; Wed, 20 Mar 2024 09:19:28 +0000 (UTC) Received: from harajuku.usersys.redhat.com (unknown [10.45.225.41]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 51BD3C1576F; Wed, 20 Mar 2024 09:19:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.4 X-MC-Unique: 3KTGP3RcNh6TmvuodDME_w-1 From: Andrea Bolognani To: devel@lists.libvirt.org Subject: [PATCH 07/10] qemu: Propagate shared_filesystems Date: Wed, 20 Mar 2024 10:19:12 +0100 Message-ID: <20240320091915.369391-8-abologna@redhat.com> In-Reply-To: <20240320091915.369391-1-abologna@redhat.com> References: <20240320091915.369391-1-abologna@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Message-ID-Hash: M2WIJE5WIMRRLWDKBHH72RGBOYFE2SSL X-Message-ID-Hash: M2WIJE5WIMRRLWDKBHH72RGBOYFE2SSL X-MailFrom: abologna@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: Content-Type: text/plain; charset="utf-8"; x-default="true" Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1710926827315100001 virFileIsSharedFS() is the function that ultimately decides whether a filesystem should be considered shared, but the list of manually configured shared filesystems is part of the QEMU driver's configuration, so we need to pass the information through several layers in order to make use of it. Note that with this change the list is propagated all the way through, but its contents are still ignored, so the behavior remains the same for now. Signed-off-by: Andrea Bolognani --- src/lxc/lxc_controller.c | 2 +- src/lxc/lxc_driver.c | 2 +- src/lxc/lxc_process.c | 4 ++-- src/qemu/qemu_domain.c | 2 +- src/qemu/qemu_extdevice.c | 2 +- src/qemu/qemu_migration.c | 12 ++++++++---- src/qemu/qemu_security.c | 14 ++++++++++++-- src/qemu/qemu_tpm.c | 27 ++++++++++++++++++--------- src/qemu/qemu_tpm.h | 8 +++++--- src/security/security_apparmor.c | 2 ++ src/security/security_dac.c | 17 +++++++++++++---- src/security/security_driver.h | 4 ++++ src/security/security_manager.c | 20 ++++++++++++++------ src/security/security_manager.h | 4 ++++ src/security/security_nop.c | 4 ++++ src/security/security_selinux.c | 18 +++++++++++++++--- src/security/security_stack.c | 16 ++++++++++++---- src/util/virfile.c | 5 +++-- src/util/virfile.h | 3 ++- tests/securityselinuxlabeltest.c | 2 +- tests/virfiletest.c | 2 +- 21 files changed, 124 insertions(+), 46 deletions(-) diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index 505b71d05e..0b82fb9624 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -1919,7 +1919,7 @@ static int virLXCControllerSetupDisk(virLXCController= *ctrl, /* Labelling normally operates on src, but we need * to actually label the dst here, so hack the config */ def->src->path =3D dst; - if (virSecurityManagerSetImageLabel(securityDriver, ctrl->def, def->sr= c, + if (virSecurityManagerSetImageLabel(securityDriver, ctrl->def, def->sr= c, NULL, VIR_SECURITY_DOMAIN_IMAGE_LABEL_BA= CKING_CHAIN) < 0) goto cleanup; =20 diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index 39992bdf96..701d22efef 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -3260,7 +3260,7 @@ lxcDomainAttachDeviceMknodHelper(pid_t pid G_GNUC_UNU= SED, char *tmpsrc =3D def->src->path; def->src->path =3D data->file; if (virSecurityManagerSetImageLabel(data->driver->securityManager, - data->vm->def, def->src, + data->vm->def, def->src, NULL, VIR_SECURITY_DOMAIN_IMAGE_LABE= L_BACKING_CHAIN) < 0) { def->src->path =3D tmpsrc; goto cleanup; diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c index bfdcefd01b..a426d915ab 100644 --- a/src/lxc/lxc_process.c +++ b/src/lxc/lxc_process.c @@ -171,7 +171,7 @@ static void virLXCProcessCleanup(virLXCDriver *driver, =20 if (flags & VIR_LXC_PROCESS_CLEANUP_RESTORE_SECLABEL) { virSecurityManagerRestoreAllLabel(driver->securityManager, - vm->def, false, false); + vm->def, NULL, false, false); } =20 if (flags & VIR_LXC_PROCESS_CLEANUP_RELEASE_SECLABEL) { @@ -1327,7 +1327,7 @@ int virLXCProcessStart(virLXCDriver * driver, =20 VIR_DEBUG("Setting domain security labels"); if (virSecurityManagerSetAllLabel(driver->securityManager, - vm->def, NULL, false, false) < 0) + vm->def, NULL, NULL, false, false) <= 0) goto cleanup; stopFlags |=3D VIR_LXC_PROCESS_CLEANUP_RESTORE_SECLABEL; =20 diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index bc6cf133d4..a2f22dafe8 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -11877,7 +11877,7 @@ virQEMUFileOpenAs(uid_t fallback_uid, bool need_unlink =3D false; unsigned int vfoflags =3D 0; int fd =3D -1; - int path_shared =3D virFileIsSharedFS(path); + int path_shared =3D virFileIsSharedFS(path, NULL); uid_t uid =3D geteuid(); gid_t gid =3D getegid(); =20 diff --git a/src/qemu/qemu_extdevice.c b/src/qemu/qemu_extdevice.c index ed5976d1f7..dc1bb56237 100644 --- a/src/qemu/qemu_extdevice.c +++ b/src/qemu/qemu_extdevice.c @@ -165,7 +165,7 @@ qemuExtDevicesCleanupHost(virQEMUDriver *driver, virDomainTPMDef *tpm =3D def->tpms[i]; =20 if (tpm->type =3D=3D VIR_DOMAIN_TPM_TYPE_EMULATOR) - qemuExtTPMCleanupHost(tpm, flags, outgoingMigration); + qemuExtTPMCleanupHost(driver, tpm, flags, outgoingMigration); } } =20 diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index 1faab5dd23..330efb069b 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -1429,6 +1429,8 @@ qemuMigrationSrcIsAllowed(virDomainObj *vm, unsigned int flags) { qemuDomainObjPrivate *priv =3D vm->privateData; + virQEMUDriver *driver =3D priv->driver; + g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver); int nsnapshots; int pauseReason; size_t i; @@ -1599,7 +1601,7 @@ qemuMigrationSrcIsAllowed(virDomainObj *vm, } } =20 - if (qemuTPMHasSharedStorage(vm->def)&& + if (qemuTPMHasSharedStorage(vm->def, cfg->sharedFilesystems) && !qemuTPMCanMigrateSharedStorage(vm->def)) { virReportError(VIR_ERR_NO_SUPPORT, "%s", _("the running swtpm does not support migration= with shared storage")); @@ -1612,6 +1614,7 @@ qemuMigrationSrcIsAllowed(virDomainObj *vm, =20 static bool qemuMigrationSrcIsSafe(virDomainDef *def, + virQEMUDriverConfig *cfg, virQEMUCaps *qemuCaps, size_t nmigrate_disks, const char **migrate_disks, @@ -1643,7 +1646,7 @@ qemuMigrationSrcIsSafe(virDomainDef *def, /* However, disks on local FS (e.g. ext4) are not safe. */ switch (actualType) { case VIR_STORAGE_TYPE_FILE: - if ((rc =3D virFileIsSharedFS(src)) < 0) { + if ((rc =3D virFileIsSharedFS(src, cfg->sharedFilesystems)) < = 0) { return false; } else if (rc =3D=3D 0) { unsafe =3D true; @@ -2582,6 +2585,7 @@ qemuMigrationSrcBeginPhase(virQEMUDriver *driver, const char **migrate_disks, unsigned int flags) { + g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver); qemuDomainObjPrivate *priv =3D vm->privateData; unsigned int cookieFlags =3D QEMU_MIGRATION_COOKIE_LOCKSTATE; =20 @@ -2604,7 +2608,7 @@ qemuMigrationSrcBeginPhase(virQEMUDriver *driver, return NULL; =20 if (!(flags & (VIR_MIGRATE_UNSAFE | VIR_MIGRATE_OFFLINE)) && - !qemuMigrationSrcIsSafe(vm->def, priv->qemuCaps, + !qemuMigrationSrcIsSafe(vm->def, cfg, priv->qemuCaps, nmigrate_disks, migrate_disks, flags)) return NULL; =20 @@ -6091,7 +6095,7 @@ qemuMigrationSrcPerformJob(virQEMUDriver *driver, goto endjob; =20 if (!(flags & (VIR_MIGRATE_UNSAFE | VIR_MIGRATE_OFFLINE)) && - !qemuMigrationSrcIsSafe(vm->def, priv->qemuCaps, + !qemuMigrationSrcIsSafe(vm->def, cfg, priv->qemuCaps, nmigrate_disks, migrate_disks, flags)) goto endjob; =20 diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c index 4aaa863ae9..3aaa93a76c 100644 --- a/src/qemu/qemu_security.c +++ b/src/qemu/qemu_security.c @@ -38,6 +38,7 @@ qemuSecuritySetAllLabel(virQEMUDriver *driver, { int ret =3D -1; qemuDomainObjPrivate *priv =3D vm->privateData; + g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver); pid_t pid =3D -1; =20 if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) @@ -48,6 +49,7 @@ qemuSecuritySetAllLabel(virQEMUDriver *driver, =20 if (virSecurityManagerSetAllLabel(driver->securityManager, vm->def, + cfg->sharedFilesystems, incomingPath, priv->chardevStdioLogd, migrated) < 0) @@ -70,6 +72,7 @@ qemuSecurityRestoreAllLabel(virQEMUDriver *driver, bool migrated) { qemuDomainObjPrivate *priv =3D vm->privateData; + g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver); bool transactionStarted =3D false; =20 /* In contrast to qemuSecuritySetAllLabel, do not use vm->pid @@ -83,6 +86,7 @@ qemuSecurityRestoreAllLabel(virQEMUDriver *driver, =20 virSecurityManagerRestoreAllLabel(driver->securityManager, vm->def, + cfg->sharedFilesystems, migrated, priv->chardevStdioLogd); =20 @@ -103,6 +107,7 @@ qemuSecuritySetImageLabel(virQEMUDriver *driver, bool chainTop) { qemuDomainObjPrivate *priv =3D vm->privateData; + g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver); pid_t pid =3D -1; int ret =3D -1; virSecurityDomainImageLabelFlags labelFlags =3D 0; @@ -120,7 +125,9 @@ qemuSecuritySetImageLabel(virQEMUDriver *driver, goto cleanup; =20 if (virSecurityManagerSetImageLabel(driver->securityManager, - vm->def, src, labelFlags) < 0) + vm->def, src, + cfg->sharedFilesystems, + labelFlags) < 0) goto cleanup; =20 if (virSecurityManagerTransactionCommit(driver->securityManager, @@ -141,6 +148,7 @@ qemuSecurityRestoreImageLabel(virQEMUDriver *driver, bool backingChain) { qemuDomainObjPrivate *priv =3D vm->privateData; + g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver); pid_t pid =3D -1; int ret =3D -1; virSecurityDomainImageLabelFlags labelFlags =3D 0; @@ -155,7 +163,9 @@ qemuSecurityRestoreImageLabel(virQEMUDriver *driver, goto cleanup; =20 if (virSecurityManagerRestoreImageLabel(driver->securityManager, - vm->def, src, labelFlags) < 0) + vm->def, src, + cfg->sharedFilesystems, + labelFlags) < 0) goto cleanup; =20 if (virSecurityManagerTransactionCommit(driver->securityManager, diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index bf0c6bcb0d..f1b4283a70 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -538,6 +538,7 @@ qemuTPMEmulatorReconfigure(const char *storagepath, * @privileged: whether we are running in privileged mode * @swtpm_user: The uid for the swtpm to run as (drop privileges to from r= oot) * @swtpm_group: The gid for the swtpm to run as + * @sharedFilesystems: list of filesystem to consider shared * @incomingMigration: whether we have an incoming migration * * Create the virCommand use for starting the emulator @@ -551,6 +552,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, bool privileged, uid_t swtpm_user, gid_t swtpm_group, + char *const *sharedFilesystems, bool incomingMigration) { g_autoptr(virCommand) cmd =3D NULL; @@ -568,7 +570,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, /* Do not create storage and run swtpm_setup on incoming migration over * shared storage */ - on_shared_storage =3D virFileIsSharedFS(tpm->data.emulator.storagepath= ) =3D=3D 1; + on_shared_storage =3D virFileIsSharedFS(tpm->data.emulator.storagepath= , sharedFilesystems) =3D=3D 1; if (incomingMigration && on_shared_storage) create_storage =3D false; =20 @@ -734,6 +736,7 @@ qemuTPMEmulatorInitPaths(virDomainTPMDef *tpm, =20 /** * qemuTPMEmulatorCleanupHost: + * @driver: QEMU driver * @tpm: TPM definition * @flags: flags indicating whether to keep or remove TPM persistent state * @outgoingMigration: whether cleanup is due to an outgoing migration @@ -741,15 +744,18 @@ qemuTPMEmulatorInitPaths(virDomainTPMDef *tpm, * Clean up persistent storage for the swtpm. */ static void -qemuTPMEmulatorCleanupHost(virDomainTPMDef *tpm, +qemuTPMEmulatorCleanupHost(virQEMUDriver *driver, + virDomainTPMDef *tpm, virDomainUndefineFlagsValues flags, bool outgoingMigration) { + g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver); + /* Never remove the state in case of outgoing migration with shared * storage. */ if (outgoingMigration && - virFileIsSharedFS(tpm->data.emulator.storagepath) =3D=3D 1) + virFileIsSharedFS(tpm->data.emulator.storagepath, cfg->sharedFiles= ystems) =3D=3D 1) return; =20 /* @@ -935,6 +941,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver, driver->privileged, cfg->swtpm_user, cfg->swtpm_group, + cfg->sharedFilesystems, incomingMigration))) return -1; =20 @@ -950,7 +957,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver, virCommandSetErrorFD(cmd, &errfd); =20 if (incomingMigration && - virFileIsSharedFS(tpm->data.emulator.storagepath) =3D=3D 1) { + virFileIsSharedFS(tpm->data.emulator.storagepath, cfg->sharedFiles= ystems) =3D=3D 1) { /* security labels must have been set up on source already */ setTPMStateLabel =3D false; } @@ -1010,7 +1017,8 @@ qemuTPMEmulatorStart(virQEMUDriver *driver, =20 =20 bool -qemuTPMHasSharedStorage(virDomainDef *def) +qemuTPMHasSharedStorage(virDomainDef *def, + char *const *sharedFilesystems) { size_t i; =20 @@ -1019,7 +1027,7 @@ qemuTPMHasSharedStorage(virDomainDef *def) =20 switch (tpm->type) { case VIR_DOMAIN_TPM_TYPE_EMULATOR: - return virFileIsSharedFS(tpm->data.emulator.storagepath) =3D= =3D 1; + return virFileIsSharedFS(tpm->data.emulator.storagepath, share= dFilesystems) =3D=3D 1; case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: case VIR_DOMAIN_TPM_TYPE_EXTERNAL: case VIR_DOMAIN_TPM_TYPE_LAST: @@ -1097,11 +1105,12 @@ qemuExtTPMPrepareHost(virQEMUDriver *driver, =20 =20 void -qemuExtTPMCleanupHost(virDomainTPMDef *tpm, +qemuExtTPMCleanupHost(virQEMUDriver *driver, + virDomainTPMDef *tpm, virDomainUndefineFlagsValues flags, bool outgoingMigration) { - qemuTPMEmulatorCleanupHost(tpm, flags, outgoingMigration); + qemuTPMEmulatorCleanupHost(driver, tpm, flags, outgoingMigration); } =20 =20 @@ -1133,7 +1142,7 @@ qemuExtTPMStop(virQEMUDriver *driver, return; =20 qemuTPMEmulatorStop(cfg->swtpmStateDir, shortName); - if (outgoingMigration && qemuTPMHasSharedStorage(vm->def)) + if (outgoingMigration && qemuTPMHasSharedStorage(vm->def, cfg->sharedF= ilesystems)) restoreTPMStateLabel =3D false; =20 if (qemuSecurityRestoreTPMLabels(driver, vm, restoreTPMStateLabel) < 0) diff --git a/src/qemu/qemu_tpm.h b/src/qemu/qemu_tpm.h index 33ba5d2268..709e956fce 100644 --- a/src/qemu/qemu_tpm.h +++ b/src/qemu/qemu_tpm.h @@ -35,10 +35,11 @@ int qemuExtTPMPrepareHost(virQEMUDriver *driver, ATTRIBUTE_NONNULL(3) G_GNUC_WARN_UNUSED_RESULT; =20 -void qemuExtTPMCleanupHost(virDomainTPMDef *tpm, +void qemuExtTPMCleanupHost(virQEMUDriver *driver, + virDomainTPMDef *tpm, virDomainUndefineFlagsValues flags, bool outgoingMigration) - ATTRIBUTE_NONNULL(1); + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2); =20 int qemuExtTPMStart(virQEMUDriver *driver, virDomainObj *vm, @@ -59,7 +60,8 @@ int qemuExtTPMSetupCgroup(virQEMUDriver *driver, ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3) G_GNUC_WARN_UNUSED_RESULT; =20 -bool qemuTPMHasSharedStorage(virDomainDef *def) +bool qemuTPMHasSharedStorage(virDomainDef *def, + char *const *sharedFilesystems) ATTRIBUTE_NONNULL(1) G_GNUC_WARN_UNUSED_RESULT; =20 diff --git a/src/security/security_apparmor.c b/src/security/security_appar= mor.c index c1dc859751..8746c96275 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -508,6 +508,7 @@ AppArmorReleaseSecurityLabel(virSecurityManager *mgr G_= GNUC_UNUSED, static int AppArmorRestoreSecurityAllLabel(virSecurityManager *mgr G_GNUC_UNUSED, virDomainDef *def, + char *const *sharedFilesystems G_GNUC_UNUS= ED, bool migrated G_GNUC_UNUSED, bool chardevStdioLogd G_GNUC_UNUSED) { @@ -627,6 +628,7 @@ static int AppArmorRestoreSecurityImageLabel(virSecurityManager *mgr, virDomainDef *def, virStorageSource *src, + char *const *sharedFilesystems G_GNUC_UN= USED, virSecurityDomainImageLabelFlags flags G= _GNUC_UNUSED) { if (!virStorageSourceIsLocalStorage(src)) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 567be4bd23..376b364beb 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -864,6 +864,7 @@ virSecurityDACSetImageLabelInternal(virSecurityManager = *mgr, virDomainDef *def, virStorageSource *src, virStorageSource *parent, + char *const *sharedFilesystems G_GNUC_= UNUSED, bool isChainTop) { virSecurityLabelDef *secdef; @@ -942,6 +943,7 @@ static int virSecurityDACSetImageLabel(virSecurityManager *mgr, virDomainDef *def, virStorageSource *src, + char *const *sharedFilesystems, virSecurityDomainImageLabelFlags flags) { virStorageSource *parent =3D src; @@ -950,7 +952,7 @@ virSecurityDACSetImageLabel(virSecurityManager *mgr, for (n =3D src; virStorageSourceIsBacking(n); n =3D n->backingStore) { const bool isChainTop =3D flags & VIR_SECURITY_DOMAIN_IMAGE_PARENT= _CHAIN_TOP; =20 - if (virSecurityDACSetImageLabelInternal(mgr, def, n, parent, isCha= inTop) < 0) + if (virSecurityDACSetImageLabelInternal(mgr, def, n, parent, share= dFilesystems, isChainTop) < 0) return -1; =20 if (!(flags & VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN)) @@ -966,6 +968,7 @@ static int virSecurityDACRestoreImageLabelInt(virSecurityManager *mgr, virDomainDef *def, virStorageSource *src, + char *const *sharedFilesystems, bool migrated) { virSecurityDACData *priv =3D virSecurityManagerGetPrivateData(mgr); @@ -1006,7 +1009,7 @@ virSecurityDACRestoreImageLabelInt(virSecurityManager= *mgr, if (!src->path) return 0; =20 - if ((rc =3D virFileIsSharedFS(src->path)) < 0) + if ((rc =3D virFileIsSharedFS(src->path, sharedFilesystems)) <= 0) return -1; } =20 @@ -1042,9 +1045,10 @@ static int virSecurityDACRestoreImageLabel(virSecurityManager *mgr, virDomainDef *def, virStorageSource *src, + char *const *sharedFilesystems, virSecurityDomainImageLabelFlags flags G_G= NUC_UNUSED) { - return virSecurityDACRestoreImageLabelInt(mgr, def, src, false); + return virSecurityDACRestoreImageLabelInt(mgr, def, src, sharedFilesys= tems, false); } =20 =20 @@ -1886,6 +1890,7 @@ virSecurityDACRestoreSysinfoLabel(virSecurityManager = *mgr, static int virSecurityDACRestoreAllLabel(virSecurityManager *mgr, virDomainDef *def, + char *const *sharedFilesystems, bool migrated, bool chardevStdioLogd) { @@ -1911,6 +1916,7 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr, if (virSecurityDACRestoreImageLabelInt(mgr, def, def->disks[i]->src, + sharedFilesystems, migrated) < 0) rc =3D -1; } @@ -1967,7 +1973,7 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr, =20 if (def->os.loader && def->os.loader->nvram) { if (virSecurityDACRestoreImageLabelInt(mgr, def, def->os.loader->n= vram, - migrated) < 0) + sharedFilesystems, migrated= ) < 0) rc =3D -1; } =20 @@ -2109,6 +2115,7 @@ virSecurityDACSetSysinfoLabel(virSecurityManager *mgr, static int virSecurityDACSetAllLabel(virSecurityManager *mgr, virDomainDef *def, + char *const *sharedFilesystems, const char *incomingPath G_GNUC_UNUSED, bool chardevStdioLogd, bool migrated G_GNUC_UNUSED) @@ -2134,6 +2141,7 @@ virSecurityDACSetAllLabel(virSecurityManager *mgr, if (virDomainDiskGetType(def->disks[i]) =3D=3D VIR_STORAGE_TYPE_DI= R) continue; if (virSecurityDACSetImageLabel(mgr, def, def->disks[i]->src, + sharedFilesystems, VIR_SECURITY_DOMAIN_IMAGE_LABEL_BA= CKING_CHAIN | VIR_SECURITY_DOMAIN_IMAGE_PARENT_C= HAIN_TOP) < 0) return -1; @@ -2193,6 +2201,7 @@ virSecurityDACSetAllLabel(virSecurityManager *mgr, =20 if (def->os.loader && def->os.loader->nvram) { if (virSecurityDACSetImageLabel(mgr, def, def->os.loader->nvram, + sharedFilesystems, VIR_SECURITY_DOMAIN_IMAGE_LABEL_BA= CKING_CHAIN | VIR_SECURITY_DOMAIN_IMAGE_PARENT_C= HAIN_TOP) < 0) return -1; diff --git a/src/security/security_driver.h b/src/security/security_driver.h index aa1fb2125d..ea990d7210 100644 --- a/src/security/security_driver.h +++ b/src/security/security_driver.h @@ -81,11 +81,13 @@ typedef int (*virSecurityDomainReleaseLabel) (virSecuri= tyManager *mgr, virDomainDef *sec); typedef int (*virSecurityDomainSetAllLabel) (virSecurityManager *mgr, virDomainDef *sec, + char *const *sharedFilesystem= s, const char *incomingPath, bool chardevStdioLogd, bool migrated); typedef int (*virSecurityDomainRestoreAllLabel) (virSecurityManager *mgr, virDomainDef *def, + char *const *sharedFilesy= stems, bool migrated, bool chardevStdioLogd); typedef int (*virSecurityDomainGetProcessLabel) (virSecurityManager *mgr, @@ -115,10 +117,12 @@ typedef int (*virSecurityDomainSetHugepages) (virSecu= rityManager *mgr, typedef int (*virSecurityDomainSetImageLabel) (virSecurityManager *mgr, virDomainDef *def, virStorageSource *src, + char *const *sharedFilesyst= ems, virSecurityDomainImageLabel= Flags flags); typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManager *mgr, virDomainDef *def, virStorageSource *src, + char *const *sharedFile= systems, virSecurityDomainImageL= abelFlags flags); typedef int (*virSecurityDomainMoveImageMetadata) (virSecurityManager *mgr, pid_t pid, diff --git a/src/security/security_manager.c b/src/security/security_manage= r.c index 24f2f3d3dc..57de40ef65 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -404,6 +404,7 @@ virSecurityManagerGetPrivileged(virSecurityManager *mgr) * @mgr: security manager object * @vm: domain definition object * @src: disk source definition to operate on + * @sharedFilesystems: list of filesystem to consider shared * @flags: bitwise or of 'virSecurityDomainImageLabelFlags' * * Removes security label from @src according to @flags. @@ -414,6 +415,7 @@ int virSecurityManagerRestoreImageLabel(virSecurityManager *mgr, virDomainDef *vm, virStorageSource *src, + char *const *sharedFilesystems, virSecurityDomainImageLabelFlags flags) { VIR_LOCK_GUARD lock =3D virObjectLockGuard(mgr); @@ -423,7 +425,7 @@ virSecurityManagerRestoreImageLabel(virSecurityManager = *mgr, return -1; } =20 - return mgr->drv->domainRestoreSecurityImageLabel(mgr, vm, src, flags); + return mgr->drv->domainRestoreSecurityImageLabel(mgr, vm, src, sharedF= ilesystems, flags); } =20 =20 @@ -512,6 +514,7 @@ virSecurityManagerClearSocketLabel(virSecurityManager *= mgr, * @mgr: security manager object * @vm: domain definition object * @src: disk source definition to operate on + * @sharedFilesystems: list of filesystem to consider shared * @flags: bitwise or of 'virSecurityDomainImageLabelFlags' * * Labels a storage image with the configured security label according to = @flags. @@ -522,6 +525,7 @@ int virSecurityManagerSetImageLabel(virSecurityManager *mgr, virDomainDef *vm, virStorageSource *src, + char *const *sharedFilesystems, virSecurityDomainImageLabelFlags flags) { VIR_LOCK_GUARD lock =3D virObjectLockGuard(mgr); @@ -531,7 +535,8 @@ virSecurityManagerSetImageLabel(virSecurityManager *mgr, return -1; } =20 - return mgr->drv->domainSetSecurityImageLabel(mgr, vm, src, flags); + return mgr->drv->domainSetSecurityImageLabel(mgr, vm, src, + sharedFilesystems, flags); } =20 =20 @@ -817,6 +822,7 @@ int virSecurityManagerCheckAllLabel(virSecurityManager = *mgr, int virSecurityManagerSetAllLabel(virSecurityManager *mgr, virDomainDef *vm, + char *const *sharedFilesystems, const char *incomingPath, bool chardevStdioLogd, bool migrated) @@ -828,7 +834,8 @@ virSecurityManagerSetAllLabel(virSecurityManager *mgr, return -1; } =20 - return mgr->drv->domainSetSecurityAllLabel(mgr, vm, incomingPath, + return mgr->drv->domainSetSecurityAllLabel(mgr, vm, sharedFilesystems, + incomingPath, chardevStdioLogd, migrated); } =20 @@ -836,6 +843,7 @@ virSecurityManagerSetAllLabel(virSecurityManager *mgr, int virSecurityManagerRestoreAllLabel(virSecurityManager *mgr, virDomainDef *vm, + char *const *sharedFilesystems, bool migrated, bool chardevStdioLogd) { @@ -846,8 +854,8 @@ virSecurityManagerRestoreAllLabel(virSecurityManager *m= gr, return -1; } =20 - return mgr->drv->domainRestoreSecurityAllLabel(mgr, vm, migrated, - chardevStdioLogd); + return mgr->drv->domainRestoreSecurityAllLabel(mgr, vm, sharedFilesyst= ems, + migrated, chardevStdioL= ogd); } =20 int @@ -1355,7 +1363,7 @@ virSecurityManagerMetadataLock(virSecurityManager *mg= r G_GNUC_UNUSED, } #endif /* !WIN32 */ =20 - if (virFileIsSharedFS(p)) { + if (virFileIsSharedFS(p, NULL)) { /* Probably a root squashed NFS. */ continue; } diff --git a/src/security/security_manager.h b/src/security/security_manage= r.h index a416af3215..da2ab7f584 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -130,11 +130,13 @@ int virSecurityManagerCheckAllLabel(virSecurityManage= r *mgr, virDomainDef *sec); int virSecurityManagerSetAllLabel(virSecurityManager *mgr, virDomainDef *sec, + char *const *sharedFilesystems, const char *incomingPath, bool chardevStdioLogd, bool migrated); int virSecurityManagerRestoreAllLabel(virSecurityManager *mgr, virDomainDef *def, + char *const *sharedFilesystems, bool migrated, bool chardevStdioLogd); int virSecurityManagerGetProcessLabel(virSecurityManager *mgr, @@ -170,10 +172,12 @@ typedef enum { int virSecurityManagerSetImageLabel(virSecurityManager *mgr, virDomainDef *vm, virStorageSource *src, + char *const *sharedFilesystems, virSecurityDomainImageLabelFlags flags= ); int virSecurityManagerRestoreImageLabel(virSecurityManager *mgr, virDomainDef *vm, virStorageSource *src, + char *const *sharedFilesystems, virSecurityDomainImageLabelFlags f= lags); int virSecurityManagerMoveImageMetadata(virSecurityManager *mgr, pid_t pid, diff --git a/src/security/security_nop.c b/src/security/security_nop.c index 1413f43d57..f9c0d3cad1 100644 --- a/src/security/security_nop.c +++ b/src/security/security_nop.c @@ -117,6 +117,7 @@ virSecurityDomainReleaseLabelNop(virSecurityManager *mg= r G_GNUC_UNUSED, static int virSecurityDomainSetAllLabelNop(virSecurityManager *mgr G_GNUC_UNUSED, virDomainDef *sec G_GNUC_UNUSED, + char *const *sharedFilesystems G_GNUC_UNUS= ED, const char *incomingPath G_GNUC_UNUSED, bool chardevStdioLogd G_GNUC_UNUSED, bool migrated G_GNUC_UNUSED) @@ -127,6 +128,7 @@ virSecurityDomainSetAllLabelNop(virSecurityManager *mgr= G_GNUC_UNUSED, static int virSecurityDomainRestoreAllLabelNop(virSecurityManager *mgr G_GNUC_UNUSED, virDomainDef *vm G_GNUC_UNUSED, + char *const *sharedFilesystems G_GNUC_= UNUSED, bool migrated G_GNUC_UNUSED, bool chardevStdioLogd G_GNUC_UNUSED) { @@ -191,6 +193,7 @@ static int virSecurityDomainRestoreImageLabelNop(virSecurityManager *mgr G_GNUC_UNUSE= D, virDomainDef *def G_GNUC_UNUSED, virStorageSource *src G_GNUC_UNUSED, + char *const *sharedFilesystems G_GNU= C_UNUSED, virSecurityDomainImageLabelFlags fla= gs G_GNUC_UNUSED) { return 0; @@ -200,6 +203,7 @@ static int virSecurityDomainSetImageLabelNop(virSecurityManager *mgr G_GNUC_UNUSED, virDomainDef *def G_GNUC_UNUSED, virStorageSource *src G_GNUC_UNUSED, + char *const *sharedFilesystems G_GNUC_UN= USED, virSecurityDomainImageLabelFlags flags G= _GNUC_UNUSED) { return 0; diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index b49af26e49..a891ad5839 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1777,6 +1777,7 @@ static int virSecuritySELinuxRestoreImageLabelInt(virSecurityManager *mgr, virDomainDef *def, virStorageSource *src, + char *const *sharedFilesystems, bool migrated) { virSecurityLabelDef *seclabel; @@ -1833,7 +1834,7 @@ virSecuritySELinuxRestoreImageLabelInt(virSecurityMan= ager *mgr, if (!src->path) return 0; =20 - if ((rc =3D virFileIsSharedFS(src->path)) < 0) + if ((rc =3D virFileIsSharedFS(src->path, sharedFilesystems)) <= 0) return -1; } =20 @@ -1867,9 +1868,10 @@ static int virSecuritySELinuxRestoreImageLabel(virSecurityManager *mgr, virDomainDef *def, virStorageSource *src, + char *const *sharedFilesystems, virSecurityDomainImageLabelFlags flags= G_GNUC_UNUSED) { - return virSecuritySELinuxRestoreImageLabelInt(mgr, def, src, false); + return virSecuritySELinuxRestoreImageLabelInt(mgr, def, src, sharedFil= esystems, false); } =20 =20 @@ -1878,6 +1880,7 @@ virSecuritySELinuxSetImageLabelInternal(virSecurityMa= nager *mgr, virDomainDef *def, virStorageSource *src, virStorageSource *parent, + char *const *sharedFilesystems G_G= NUC_UNUSED, bool isChainTop) { virSecuritySELinuxData *data =3D virSecurityManagerGetPrivateData(mgr); @@ -1983,6 +1986,7 @@ static int virSecuritySELinuxSetImageLabel(virSecurityManager *mgr, virDomainDef *def, virStorageSource *src, + char *const *sharedFilesystems, virSecurityDomainImageLabelFlags flags) { virStorageSource *parent =3D src; @@ -1991,7 +1995,9 @@ virSecuritySELinuxSetImageLabel(virSecurityManager *m= gr, for (n =3D src; virStorageSourceIsBacking(n); n =3D n->backingStore) { const bool isChainTop =3D flags & VIR_SECURITY_DOMAIN_IMAGE_PARENT= _CHAIN_TOP; =20 - if (virSecuritySELinuxSetImageLabelInternal(mgr, def, n, parent, i= sChainTop) < 0) + if (virSecuritySELinuxSetImageLabelInternal(mgr, def, n, parent, + sharedFilesystems, + isChainTop) < 0) return -1; =20 if (!(flags & VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN)) @@ -2819,6 +2825,7 @@ virSecuritySELinuxRestoreSysinfoLabel(virSecurityMana= ger *mgr, static int virSecuritySELinuxRestoreAllLabel(virSecurityManager *mgr, virDomainDef *def, + char *const *sharedFilesystems, bool migrated, bool chardevStdioLogd) { @@ -2843,6 +2850,7 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager = *mgr, virDomainDiskDef *disk =3D def->disks[i]; =20 if (virSecuritySELinuxRestoreImageLabelInt(mgr, def, disk->src, + sharedFilesystems, migrated) < 0) rc =3D -1; } @@ -2889,6 +2897,7 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager = *mgr, =20 if (def->os.loader && def->os.loader->nvram) { if (virSecuritySELinuxRestoreImageLabelInt(mgr, def, def->os.loade= r->nvram, + sharedFilesystems, migrated) < 0) rc =3D -1; } @@ -3231,6 +3240,7 @@ virSecuritySELinuxSetSysinfoLabel(virSecurityManager = *mgr, static int virSecuritySELinuxSetAllLabel(virSecurityManager *mgr, virDomainDef *def, + char *const *sharedFilesystems, const char *incomingPath G_GNUC_UNUSED, bool chardevStdioLogd, bool migrated G_GNUC_UNUSED) @@ -3258,6 +3268,7 @@ virSecuritySELinuxSetAllLabel(virSecurityManager *mgr, continue; } if (virSecuritySELinuxSetImageLabel(mgr, def, def->disks[i]->src, + sharedFilesystems, VIR_SECURITY_DOMAIN_IMAGE_LABE= L_BACKING_CHAIN | VIR_SECURITY_DOMAIN_IMAGE_PARE= NT_CHAIN_TOP) < 0) return -1; @@ -3308,6 +3319,7 @@ virSecuritySELinuxSetAllLabel(virSecurityManager *mgr, =20 if (def->os.loader && def->os.loader->nvram) { if (virSecuritySELinuxSetImageLabel(mgr, def, def->os.loader->nvra= m, + sharedFilesystems, VIR_SECURITY_DOMAIN_IMAGE_LABE= L_BACKING_CHAIN | VIR_SECURITY_DOMAIN_IMAGE_PARE= NT_CHAIN_TOP) < 0) return -1; diff --git a/src/security/security_stack.c b/src/security/security_stack.c index 369b5dd3a6..dc52df0bff 100644 --- a/src/security/security_stack.c +++ b/src/security/security_stack.c @@ -338,6 +338,7 @@ virSecurityStackRestoreHostdevLabel(virSecurityManager = *mgr, static int virSecurityStackSetAllLabel(virSecurityManager *mgr, virDomainDef *vm, + char *const *sharedFilesystems, const char *incomingPath, bool chardevStdioLogd, bool migrated) @@ -347,8 +348,8 @@ virSecurityStackSetAllLabel(virSecurityManager *mgr, =20 for (; item; item =3D item->next) { if (virSecurityManagerSetAllLabel(item->securityManager, vm, - incomingPath, chardevStdioLogd, - migrated) < 0) + sharedFilesystems, incomingPath, + chardevStdioLogd, migrated) < 0) goto rollback; } =20 @@ -358,6 +359,7 @@ virSecurityStackSetAllLabel(virSecurityManager *mgr, for (item =3D item->prev; item; item =3D item->prev) { if (virSecurityManagerRestoreAllLabel(item->securityManager, vm, + sharedFilesystems, migrated, chardevStdioLogd) < 0) { VIR_WARN("Unable to restore all labels after failed set label = call " @@ -374,6 +376,7 @@ virSecurityStackSetAllLabel(virSecurityManager *mgr, static int virSecurityStackRestoreAllLabel(virSecurityManager *mgr, virDomainDef *vm, + char *const *sharedFilesystems, bool migrated, bool chardevStdioLogd) { @@ -383,6 +386,7 @@ virSecurityStackRestoreAllLabel(virSecurityManager *mgr, =20 for (; item; item =3D item->next) { if (virSecurityManagerRestoreAllLabel(item->securityManager, vm, + sharedFilesystems, migrated, chardevStdioLogd) = < 0) rc =3D -1; } @@ -640,6 +644,7 @@ static int virSecurityStackSetImageLabel(virSecurityManager *mgr, virDomainDef *vm, virStorageSource *src, + char *const *sharedFilesystems, virSecurityDomainImageLabelFlags flags) { virSecurityStackData *priv =3D virSecurityManagerGetPrivateData(mgr); @@ -647,7 +652,7 @@ virSecurityStackSetImageLabel(virSecurityManager *mgr, =20 for (; item; item =3D item->next) { if (virSecurityManagerSetImageLabel(item->securityManager, vm, src, - flags) < 0) + sharedFilesystems, flags) < 0) goto rollback; } =20 @@ -658,6 +663,7 @@ virSecurityStackSetImageLabel(virSecurityManager *mgr, if (virSecurityManagerRestoreImageLabel(item->securityManager, vm, src, + sharedFilesystems, flags) < 0) { VIR_WARN("Unable to restore image label after failed set label= " "call virDriver=3D%s driver=3D%s domain=3D%s src=3D%p= (path=3D%s) " @@ -674,6 +680,7 @@ static int virSecurityStackRestoreImageLabel(virSecurityManager *mgr, virDomainDef *vm, virStorageSource *src, + char *const *sharedFilesystems, virSecurityDomainImageLabelFlags flags) { virSecurityStackData *priv =3D virSecurityManagerGetPrivateData(mgr); @@ -682,7 +689,8 @@ virSecurityStackRestoreImageLabel(virSecurityManager *m= gr, =20 for (; item; item =3D item->next) { if (virSecurityManagerRestoreImageLabel(item->securityManager, - vm, src, flags) < 0) + vm, src, sharedFilesystems, + flags) < 0) rc =3D -1; } =20 diff --git a/src/util/virfile.c b/src/util/virfile.c index deaf4555fd..a6a7de9829 100644 --- a/src/util/virfile.c +++ b/src/util/virfile.c @@ -2598,7 +2598,7 @@ virFileOpenAs(const char *path, int openflags, mode_t= mode, =20 /* On Linux we can also verify the FS-type of the * directory. (this is a NOP on other platforms). */ - if (virFileIsSharedFS(path) <=3D 0) + if (virFileIsSharedFS(path, NULL) <=3D 0) goto error; } =20 @@ -3795,7 +3795,8 @@ virFileGetDefaultHugepage(virHugeTLBFS *fs, return NULL; } =20 -int virFileIsSharedFS(const char *path) +int virFileIsSharedFS(const char *path, + char *const *overrides G_GNUC_UNUSED) { return virFileIsSharedFSType(path, VIR_FILE_SHFS_NFS | diff --git a/src/util/virfile.h b/src/util/virfile.h index 56fe309bce..3fdd7f526c 100644 --- a/src/util/virfile.h +++ b/src/util/virfile.h @@ -235,7 +235,8 @@ enum { }; =20 int virFileIsSharedFSType(const char *path, unsigned int fstypes) ATTRIBUT= E_NONNULL(1); -int virFileIsSharedFS(const char *path) ATTRIBUTE_NONNULL(1); +int virFileIsSharedFS(const char *path, + char *const *overrides) ATTRIBUTE_NONNULL(1); int virFileIsClusterFS(const char *path) ATTRIBUTE_NONNULL(1); int virFileIsMountPoint(const char *file) ATTRIBUTE_NONNULL(1); int virFileIsCDROM(const char *path) diff --git a/tests/securityselinuxlabeltest.c b/tests/securityselinuxlabelt= est.c index 04bffe4356..f23772dcde 100644 --- a/tests/securityselinuxlabeltest.c +++ b/tests/securityselinuxlabeltest.c @@ -270,7 +270,7 @@ testSELinuxLabeling(const void *opaque) if (!(def =3D testSELinuxLoadDef(testname))) goto cleanup; =20 - if (virSecurityManagerSetAllLabel(mgr, def, NULL, false, false) < 0) + if (virSecurityManagerSetAllLabel(mgr, def, NULL, NULL, false, false) = < 0) goto cleanup; =20 if (testSELinuxCheckLabels(files, nfiles) < 0) diff --git a/tests/virfiletest.c b/tests/virfiletest.c index 9fbfc37e56..e05925a321 100644 --- a/tests/virfiletest.c +++ b/tests/virfiletest.c @@ -313,7 +313,7 @@ testFileIsSharedFSType(const void *opaque G_GNUC_UNUSED) goto cleanup; } =20 - actual =3D virFileIsSharedFS(data->filename); + actual =3D virFileIsSharedFS(data->filename, NULL); =20 if (actual !=3D data->expected) { fprintf(stderr, "Unexpected FS type. Expected %d got %d\n", --=20 2.44.0 _______________________________________________ Devel mailing list -- devel@lists.libvirt.org To unsubscribe send an email to devel-leave@lists.libvirt.org From nobody Fri May 10 20:11:57 2024 Delivered-To: importer@patchew.org Received-SPF: none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain of lists.libvirt.org) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; spf=none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain of lists.libvirt.org) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1710927015102944.4440681491567; Wed, 20 Mar 2024 02:30:15 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id D49311A93; Wed, 20 Mar 2024 05:30:13 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 9873A1EE7; Wed, 20 Mar 2024 05:20:23 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 2902E1B65; Wed, 20 Mar 2024 05:19:36 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 2DE9D1BB1 for ; Wed, 20 Mar 2024 05:19:33 -0400 (EDT) Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-437-4sZxNtoUNKixnJ02cTi4Qw-1; Wed, 20 Mar 2024 05:19:29 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 18D5B1C00B8E; Wed, 20 Mar 2024 09:19:29 +0000 (UTC) Received: from harajuku.usersys.redhat.com (unknown [10.45.225.41]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7AB82C1576F; Wed, 20 Mar 2024 09:19:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.4 X-MC-Unique: 4sZxNtoUNKixnJ02cTi4Qw-1 From: Andrea Bolognani To: devel@lists.libvirt.org Subject: [PATCH 08/10] utils: Use overrides in virFileIsSharedFS() Date: Wed, 20 Mar 2024 10:19:13 +0100 Message-ID: <20240320091915.369391-9-abologna@redhat.com> In-Reply-To: <20240320091915.369391-1-abologna@redhat.com> References: <20240320091915.369391-1-abologna@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Message-ID-Hash: HKDDJHTZEZ2MV3OGYT47WKAB3OC2AR64 X-Message-ID-Hash: HKDDJHTZEZ2MV3OGYT47WKAB3OC2AR64 X-MailFrom: abologna@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: Content-Type: text/plain; charset="utf-8"; x-default="true" Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1710927015873100001 If the filesystem wasn't determined to be a shared one via the type check, try comparing it with the additional paths that have been configured by the local admin. Signed-off-by: Andrea Bolognani --- src/util/virfile.c | 86 ++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 72 insertions(+), 14 deletions(-) diff --git a/src/util/virfile.c b/src/util/virfile.c index a6a7de9829..ac9b5a77a6 100644 --- a/src/util/virfile.c +++ b/src/util/virfile.c @@ -3795,22 +3795,80 @@ virFileGetDefaultHugepage(virHugeTLBFS *fs, return NULL; } =20 +static int +virFileIsSharedFSOverrideCompare(const char *path, + char *const *overrides) +{ + char *const *iter =3D overrides; + + while (*iter !=3D NULL) { + if (STREQ(path, *iter)) + return 1; + iter++; + } + + return 0; +} + +static int +virFileIsSharedFSOverride(const char *path, + char *const *overrides) +{ + g_autofree char *dirpath =3D NULL; + char *p =3D NULL; + int ret =3D 0; + + if (!path || path[0] !=3D '/' || !overrides) + return ret; + + dirpath =3D g_strdup(path); + + ret =3D virFileIsSharedFSOverrideCompare(dirpath, overrides); + + /* Continue until we've scanned the entire path or found a match */ + while (p !=3D dirpath && ret =3D=3D 0) { + + /* Find the last slash */ + if ((p =3D strrchr(dirpath, '/')) =3D=3D NULL) + break; + + /* Truncate the path by overwriting the slash that we've just + * found with a null byte. If it is the very first slash in + * the path, we need to handle things slightly differently */ + if (p =3D=3D dirpath) + *(p+1) =3D '\0'; + else + *p =3D '\0'; + + ret =3D virFileIsSharedFSOverrideCompare(dirpath, overrides); + } + + return ret; +} + int virFileIsSharedFS(const char *path, - char *const *overrides G_GNUC_UNUSED) + char *const *overrides) { - return virFileIsSharedFSType(path, - VIR_FILE_SHFS_NFS | - VIR_FILE_SHFS_GFS2 | - VIR_FILE_SHFS_OCFS | - VIR_FILE_SHFS_AFS | - VIR_FILE_SHFS_SMB | - VIR_FILE_SHFS_CIFS | - VIR_FILE_SHFS_CEPH | - VIR_FILE_SHFS_GPFS| - VIR_FILE_SHFS_QB | - VIR_FILE_SHFS_ACFS | - VIR_FILE_SHFS_GLUSTERFS | - VIR_FILE_SHFS_BEEGFS); + int ret; + + ret =3D virFileIsSharedFSType(path, + VIR_FILE_SHFS_NFS | + VIR_FILE_SHFS_GFS2 | + VIR_FILE_SHFS_OCFS | + VIR_FILE_SHFS_AFS | + VIR_FILE_SHFS_SMB | + VIR_FILE_SHFS_CIFS | + VIR_FILE_SHFS_CEPH | + VIR_FILE_SHFS_GPFS| + VIR_FILE_SHFS_QB | + VIR_FILE_SHFS_ACFS | + VIR_FILE_SHFS_GLUSTERFS | + VIR_FILE_SHFS_BEEGFS); + + if (ret =3D=3D 0) + ret =3D virFileIsSharedFSOverride(path, overrides); + + return ret; } =20 =20 --=20 2.44.0 _______________________________________________ Devel mailing list -- devel@lists.libvirt.org To unsubscribe send an email to devel-leave@lists.libvirt.org From nobody Fri May 10 20:11:57 2024 Delivered-To: importer@patchew.org Received-SPF: none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain of lists.libvirt.org) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; spf=none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain of lists.libvirt.org) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1710926934972673.8747083883679; Wed, 20 Mar 2024 02:28:54 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id D148321C5; Wed, 20 Mar 2024 05:28:53 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id CDD851F27; Wed, 20 Mar 2024 05:20:14 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id D93991BAB; Wed, 20 Mar 2024 05:19:35 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 4F91D1B82 for ; Wed, 20 Mar 2024 05:19:32 -0400 (EDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-458-enIsE2HJPRW5XcIN8Z4H6w-1; Wed, 20 Mar 2024 05:19:30 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id EECC2101A56C; Wed, 20 Mar 2024 09:19:29 +0000 (UTC) Received: from harajuku.usersys.redhat.com (unknown [10.45.225.41]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5D222C1576F; Wed, 20 Mar 2024 09:19:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.4 X-MC-Unique: enIsE2HJPRW5XcIN8Z4H6w-1 From: Andrea Bolognani To: devel@lists.libvirt.org Subject: [PATCH 09/10] qemu: Always set labels for TPM state Date: Wed, 20 Mar 2024 10:19:14 +0100 Message-ID: <20240320091915.369391-10-abologna@redhat.com> In-Reply-To: <20240320091915.369391-1-abologna@redhat.com> References: <20240320091915.369391-1-abologna@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Message-ID-Hash: BMFCTCAA2QFWH76PXW7HAHOLPBEDTF24 X-Message-ID-Hash: BMFCTCAA2QFWH76PXW7HAHOLPBEDTF24 X-MailFrom: abologna@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: Content-Type: text/plain; charset="utf-8"; x-default="true" Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1710926935605100001 Up until this point, we have avoided setting labels for incoming migration when the TPM state is stored on a shared filesystem. This seems to make sense, because since the underlying storage is shared surely the labels will be as well. There's one problem, though: when a guest is migrated, the SELinux context for the destination process is different from the one of the source process. We haven't hit any issues with the current approach so far because NFS doesn't support SELinux, so effectively it doesn't matter whether relabeling happens or not: even if the SELinux contexts of the source and target processes are different, both will be able to access the storage. Now that it's possible for the local admin to manually mark exported directories as shared filesystems, however, things can get problematic. Consider the case in which one host (mig-one) exports its local filesystem /srv/nfs/libvirt/swtpm via NFS, and at the same time bind-mounts it to /var/lib/libvirt/swtpm; another host (mig-two) mounts the same filesystem to the same location, this time via NFS. Additionally, in order to allow migration in both directions, on mig-one the /var/lib/libvirt/swtpm directory is listed in the shared_filesystems qemu.conf option. When migrating from mig-one to mig-two, things work just fine; going in the opposite direction, however, results in an error: # virsh migrate cirros qemu+ssh://mig-one/system error: internal error: QEMU unexpectedly closed the monitor (vm=3D'cirros= '): qemu-system-x86_64: tpm-emulator: Setting the stateblob (type 1) failed w= ith a TPM error 0x1f qemu-system-x86_64: error while loading state for instance 0x0 of device = 'tpm-emulator' qemu-system-x86_64: load of migration failed: Input/output error This is because the directory on mig-one is considered a shared filesystem and thus labeling is skipped, resulting in a SELinux denial. The solution is quite simple: remove the check and always relabel. We know that it's okay to do so not just because it makes the error seen above go away, but also because no such check currently exists for disks and other types of persistent storage such as NVRAM files, which always get relabeled. Signed-off-by: Andrea Bolognani --- src/qemu/qemu_tpm.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index f1b4283a70..e522c460aa 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -929,7 +929,6 @@ qemuTPMEmulatorStart(virQEMUDriver *driver, g_autofree char *pidfile =3D NULL; virTimeBackOffVar timebackoff; const unsigned long long timeout =3D 1000; /* ms */ - bool setTPMStateLabel =3D true; pid_t pid =3D -1; =20 cfg =3D virQEMUDriverGetConfig(driver); @@ -956,13 +955,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver, virCommandSetPidFile(cmd, pidfile); virCommandSetErrorFD(cmd, &errfd); =20 - if (incomingMigration && - virFileIsSharedFS(tpm->data.emulator.storagepath, cfg->sharedFiles= ystems) =3D=3D 1) { - /* security labels must have been set up on source already */ - setTPMStateLabel =3D false; - } - - if (qemuSecuritySetTPMLabels(driver, vm, setTPMStateLabel) < 0) + if (qemuSecuritySetTPMLabels(driver, vm, true) < 0) return -1; =20 if (qemuSecurityCommandRun(driver, vm, cmd, cfg->swtpm_user, @@ -1011,7 +1004,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver, virProcessKillPainfully(pid, true); if (pidfile) unlink(pidfile); - qemuSecurityRestoreTPMLabels(driver, vm, setTPMStateLabel); + qemuSecurityRestoreTPMLabels(driver, vm, true); return -1; } =20 --=20 2.44.0 _______________________________________________ Devel mailing list -- devel@lists.libvirt.org To unsubscribe send an email to devel-leave@lists.libvirt.org From nobody Fri May 10 20:11:57 2024 Delivered-To: importer@patchew.org Received-SPF: none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain of lists.libvirt.org) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; spf=none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain of lists.libvirt.org) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1710926893109448.97282967015485; Wed, 20 Mar 2024 02:28:13 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id EA6A1176E; Wed, 20 Mar 2024 05:28:11 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id D93091E8F; Wed, 20 Mar 2024 05:20:10 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 96C261BF2; Wed, 20 Mar 2024 05:19:35 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id BF4F81BAB for ; Wed, 20 Mar 2024 05:19:32 -0400 (EDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-304-OLcy77R4NKa5uu-7tPDTag-1; Wed, 20 Mar 2024 05:19:31 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D057685A58B; Wed, 20 Mar 2024 09:19:30 +0000 (UTC) Received: from harajuku.usersys.redhat.com (unknown [10.45.225.41]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3EE81C1576F; Wed, 20 Mar 2024 09:19:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.4 X-MC-Unique: OLcy77R4NKa5uu-7tPDTag-1 From: Andrea Bolognani To: devel@lists.libvirt.org Subject: [PATCH 10/10] NEWS: Document qemu shared_filesystems option Date: Wed, 20 Mar 2024 10:19:15 +0100 Message-ID: <20240320091915.369391-11-abologna@redhat.com> In-Reply-To: <20240320091915.369391-1-abologna@redhat.com> References: <20240320091915.369391-1-abologna@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Message-ID-Hash: 4N55XR3YMS52UI5VLZYQCYMMKAXZULBN X-Message-ID-Hash: 4N55XR3YMS52UI5VLZYQCYMMKAXZULBN X-MailFrom: abologna@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: Content-Type: text/plain; charset="utf-8"; x-default="true" Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1710926893426100001 Signed-off-by: Andrea Bolognani --- NEWS.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/NEWS.rst b/NEWS.rst index 489201d3fc..7e17043c2a 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -17,6 +17,13 @@ v10.2.0 (unreleased) =20 * **New features** =20 + * qemu: Add ``shared_filesystems`` configuration option + + This option can be used to configure libvirt so that migration between= two + hosts, one of which exports a shared filesystem via NFS and the other = one + which mounts it, is allowed in both directions. Without it, libvirt wo= uld + block migration from the host that is accessing the data locally. + * **Improvements** =20 * **Bug fixes** --=20 2.44.0 _______________________________________________ Devel mailing list -- devel@lists.libvirt.org To unsubscribe send an email to devel-leave@lists.libvirt.org