From nobody Thu Sep 19 16:43:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1725031203671450.2297721036184; Fri, 30 Aug 2024 08:20:03 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 4787C15B5; Fri, 30 Aug 2024 11:20:02 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 3A24714A3; Fri, 30 Aug 2024 11:14:34 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 1439F14B6; Fri, 30 Aug 2024 11:14:25 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id EB1A313CF for ; Fri, 30 Aug 2024 11:14:05 -0400 (EDT) Received: from mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-609-FDr2uS4jMd6WcPxhsbiKfQ-1; Fri, 30 Aug 2024 11:14:04 -0400 Received: from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 3B3F41955D4B for ; Fri, 30 Aug 2024 15:14:03 +0000 (UTC) Received: from harajuku.usersys.redhat.com.homenet.telecomitalia.it (unknown [10.45.224.110]) by mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 3EC4A19560AA for ; Fri, 30 Aug 2024 15:14:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1725030845; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Zb1M9QcCxCPNFldJ6J4iyCpUr3te+BNdAz74VH2vdmE=; b=ZazCWnvkjS3iZJKVeS+IHDhBCChMey9uDXALusgCGiqll9Do+z96oIHUTqVwn7WldFID3N GhxsLO7rjnsFNRA2uL8ONzUykDbE5rQBHIXjZlI+aMR4bp5wBToytg82o3uGwPhos3rrHt w+ymHOjGPdZG6O0Hm29rFmBJqT25B/Y= X-MC-Unique: FDr2uS4jMd6WcPxhsbiKfQ-1 From: Andrea Bolognani To: devel@lists.libvirt.org Subject: [PATCH v6 10/13] storage_source: Add field for skipping seclabel remembering Date: Fri, 30 Aug 2024 17:13:42 +0200 Message-ID: <20240830151345.717568-11-abologna@redhat.com> In-Reply-To: <20240830151345.717568-1-abologna@redhat.com> References: <20240830151345.717568-1-abologna@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.12 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: YKMLMXZMNCOZIGWCJ6XXLAAAQF76TMKR X-Message-ID-Hash: YKMLMXZMNCOZIGWCJ6XXLAAAQF76TMKR X-MailFrom: abologna@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1725031206025116600 Content-Type: text/plain; charset="utf-8"; x-default="true" From: Peter Krempa In case of incoming migration where a local directory is shared to other hosts we'll need to avoid seclabel remembering as the code would remember the seclabel already allowing access to the image. As the decision requires a lot of information not available in the security driver it would either require plumbing in unpleasant callbacks able to pass in the data or alternatively we can mark this in the 'virStorageSource' struct. This patch chose to do the latter approach by adding a field called 'seclabelSkipRemember' which will be filled before starting the process in cases when it will be required. Signed-off-by: Peter Krempa Reviewed-by: Andrea Bolognani Signed-off-by: Andrea Bolognani --- src/conf/storage_source_conf.c | 3 +++ src/conf/storage_source_conf.h | 9 +++++++++ src/security/security_dac.c | 3 +++ src/security/security_selinux.c | 3 +++ 4 files changed, 18 insertions(+) diff --git a/src/conf/storage_source_conf.c b/src/conf/storage_source_conf.c index 908bc5fab2..5b9a80f100 100644 --- a/src/conf/storage_source_conf.c +++ b/src/conf/storage_source_conf.c @@ -820,6 +820,9 @@ virStorageSourceCopy(const virStorageSource *src, /* storage driver metadata are not copied */ def->drv =3D NULL; =20 + /* flag to avoid seclabel remember is not copied */ + def->seclabelSkipRemember =3D false; + def->path =3D g_strdup(src->path); def->fdgroup =3D g_strdup(src->fdgroup); def->volume =3D g_strdup(src->volume); diff --git a/src/conf/storage_source_conf.h b/src/conf/storage_source_conf.h index 05b4bda16c..a507116007 100644 --- a/src/conf/storage_source_conf.h +++ b/src/conf/storage_source_conf.h @@ -431,6 +431,15 @@ struct _virStorageSource { bool thresholdEventWithIndex; =20 virStorageSourceFDTuple *fdtuple; + + /* Setting 'seclabelSkipRemember' to true will cause the security driv= er to + * not remember the security label even if it otherwise were to be + * remembered. This is needed in cases such as incoming migration for + * shared images where the existing security label may no longer be the + * correct. The security driver otherwise doesn't have enough informat= ion + * to do this decision. + */ + bool seclabelSkipRemember; }; =20 G_DEFINE_AUTOPTR_CLEANUP_FUNC(virStorageSource, virObjectUnref); diff --git a/src/security/security_dac.c b/src/security/security_dac.c index c327e4c9e0..fdc11876c9 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -940,6 +940,9 @@ virSecurityDACSetImageLabelInternal(virSecurityManager = *mgr, */ remember =3D isChainTop && !src->readonly && !src->shared; =20 + if (src->seclabelSkipRemember) + remember =3D false; + return virSecurityDACSetOwnership(mgr, src, NULL, user, group, remembe= r); } =20 diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 779a52ac11..3e213a553b 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1992,6 +1992,9 @@ virSecuritySELinuxSetImageLabelInternal(virSecurityMa= nager *mgr, =20 ret =3D virSecuritySELinuxFSetFilecon(src->fdtuple->fds[0], use_la= bel); } else { + if (src->seclabelSkipRemember) + remember =3D false; + ret =3D virSecuritySELinuxSetFilecon(mgr, path, use_label, remembe= r); } =20 --=20 2.46.0