1. Patchew
  2. Libvirt
  3. [PATCH v6 00/13] qemu: Introduce shared_filesystems configuration option
  4. View patch

[PATCH v6 11/13] qemu: migration: Don't remember seclabel for images shared from current host

Andrea Bolognani posted 13 patches 2 weeks, 5 days ago
[PATCH v6 11/13] qemu: migration: Don't remember seclabel for images shared from current host
Posted by Andrea Bolognani 2 weeks, 5 days ago 
From: Peter Krempa <pkrempa@redhat.com>

In case when the user exports images from current host and there is an
incoming migration from a remote host, security label remembering would
be possible but would attempt to remember the label allowing access to
the image as the image is already used by a VM on remote host.

To prevent remembering the wrong label, we'll skip the remembering of
the label for any shared resource, so that the code behaves identically
regardless of how the image is accessed.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---
 src/qemu/qemu_migration.c | 63 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)

diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index e5c1784f0e..c3a6678e2f 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -533,6 +533,67 @@ qemuMigrationDstPrepareStorage(virDomainObj *vm,
 }
 
 
+static void
+qemuMigrationDstPrepareDiskSeclabelOne(virStorageSource *src,
+                                       char *const *sharedFilesystems)
+{
+    if (!virStorageSourceIsLocalStorage(src))
+        return;
+
+    /* We care only about existing local storage */
+    if (virStorageSourceIsEmpty(src))
+        return;
+
+    /* Only paths which are on local filesystem but shared elsewhere are relevant */
+    if (!virFileIsSharedFSOverride(src->path, sharedFilesystems))
+        return;
+
+    src->seclabelSkipRemember = true;
+}
+
+
+static void
+qemuMigrationDstPrepareDiskSeclabels(virDomainObj *vm,
+                                     size_t nmigrate_disks,
+                                     const char **migrate_disks,
+                                     unsigned int flags)
+{
+    qemuDomainObjPrivate *priv = vm->privateData;
+    g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(priv->driver);
+    size_t i;
+
+    /* In case when storage is exported from this host, security label
+     * remembering would behave differently compared to the host which mounts
+     * the exported filesystem. Specifically for incoming migration remembering
+     * a seclabel would remember a seclabel already allowing access to the image,
+     * which is not desired. Thus we skip remembering of seclabels for images
+     * which are local to this host but accessed in a shared way from another
+     * host.
+     */
+    if (!cfg->sharedFilesystems ||
+        cfg->sharedFilesystems[0] == NULL)
+        return;
+
+    for (i = 0; i < vm->def->ndisks; i++) {
+        virDomainDiskDef *disk = vm->def->disks[i];
+
+        /* Any storage that was migrated via NBD is technically fully local so
+         * we want seclabels remembered */
+        if (flags & (VIR_MIGRATE_NON_SHARED_DISK | VIR_MIGRATE_NON_SHARED_INC)) {
+            if (qemuMigrationAnyCopyDisk(disk, nmigrate_disks, migrate_disks))
+                continue;
+        }
+
+        qemuMigrationDstPrepareDiskSeclabelOne(disk->src, cfg->sharedFilesystems);
+    }
+
+    if (vm->def->os.loader && vm->def->os.loader->nvram) {
+        qemuMigrationDstPrepareDiskSeclabelOne(vm->def->os.loader->nvram,
+                                               cfg->sharedFilesystems);
+    }
+}
+
+
 /**
  * qemuMigrationDstStartNBDServer:
  * @driver: qemu driver
@@ -3171,6 +3232,8 @@ qemuMigrationDstPrepareActive(virQEMUDriver *driver,
                                              dataFD[0])))
         goto error;
 
+    qemuMigrationDstPrepareDiskSeclabels(vm, nmigrate_disks, migrate_disks, flags);
+
     if (qemuProcessPrepareDomain(driver, vm, startFlags) < 0)
         goto error;
 
-- 
2.46.0
Re: [PATCH v6 11/13] qemu: migration: Don't remember seclabel for images shared from current host
Posted by Peter Krempa 2 weeks, 2 days ago 
On Fri, Aug 30, 2024 at 17:13:43 +0200, Andrea Bolognani wrote:
> From: Peter Krempa <pkrempa@redhat.com>
> 
> In case when the user exports images from current host and there is an
> incoming migration from a remote host, security label remembering would
> be possible but would attempt to remember the label allowing access to
> the image as the image is already used by a VM on remote host.
> 
> To prevent remembering the wrong label, we'll skip the remembering of
> the label for any shared resource, so that the code behaves identically
> regardless of how the image is accessed.
> 
> Signed-off-by: Peter Krempa <pkrempa@redhat.com>
> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
> Signed-off-by: Andrea Bolognani <abologna@redhat.com>
> ---

For all patches above this one that I didn't author:

Reviewed-by: Peter Krempa <pkrempa@redhat.com>

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.