From nobody Thu Sep 19 16:10:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1725031224723591.4502046024987; Fri, 30 Aug 2024 08:20:24 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 94A6A1350; Fri, 30 Aug 2024 11:20:23 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id EDF921326; Fri, 30 Aug 2024 11:14:36 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id A9509145B; Fri, 30 Aug 2024 11:14:29 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 40C2814CB for ; Fri, 30 Aug 2024 11:14:08 -0400 (EDT) Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-363-Gl9iGvscM1meQhz3e9zKOg-1; Fri, 30 Aug 2024 11:14:06 -0400 Received: from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id BE2361955F40 for ; Fri, 30 Aug 2024 15:14:05 +0000 (UTC) Received: from harajuku.usersys.redhat.com.homenet.telecomitalia.it (unknown [10.45.224.110]) by mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id E43E219560AA for ; Fri, 30 Aug 2024 15:14:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1725030847; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EKVXeBWxUkJPKJ8rltasEuPZJmJe+/VdvGjCBY0drgI=; b=c28ObyXmHMrrIyxDzlhZrJVMI64iVPuhDIbJAGYzmjAH8otNBSXfSUG85EwSwMmDK01JKC 81nILRqemNshTG24K9pruQfisfioTQlRvbj15ZS+26EZE1uJ+WMIrqEYD9DrBUCNzvOjDw x1HCFB94t2pf8w5NaLBPXg8PPDp6igY= X-MC-Unique: Gl9iGvscM1meQhz3e9zKOg-1 From: Andrea Bolognani To: devel@lists.libvirt.org Subject: [PATCH v6 12/13] security: Always forget labels for TPM state directory Date: Fri, 30 Aug 2024 17:13:44 +0200 Message-ID: <20240830151345.717568-13-abologna@redhat.com> In-Reply-To: <20240830151345.717568-1-abologna@redhat.com> References: <20240830151345.717568-1-abologna@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.12 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: QMRUS7NLCVV7V3PMFVMOB67WBILYVUZJ X-Message-ID-Hash: QMRUS7NLCVV7V3PMFVMOB67WBILYVUZJ X-MailFrom: abologna@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1725031226215116600 Content-Type: text/plain; charset="utf-8"; x-default="true" In the case of outgoing migration, we avoid restoring the remembered labels for the TPM state directory because doing so would risk cutting off storage access for the target node. Even in that case though, we should still forget (unref) the remembered labels: if we don't, the source node will keep thinking that the state directory is in use. Signed-off-by: Andrea Bolognani Reviewed-by: Peter Krempa --- src/security/security_selinux.c | 54 +++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 3e213a553b..4f13d305d9 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -210,6 +210,51 @@ virSecuritySELinuxRecallLabel(const char *path, } =20 =20 +/** + * virSecuritySELinuxForgetLabels: + * @path: file or directory to work on + * + * Forgets rememebered SELinux labels for @path, including its + * children if it is a directory. + * + * This is intended to be used in cleanup paths, so failure to forget + * a single label is not considered fatal; instead, a best-effort + * attempt to continue and forget as many labels as possible will be + * made. + * + * Returns: 0 on success, <0 on failure + */ +static int +virSecuritySELinuxForgetLabels(const char *path) +{ + int ret =3D 0; + struct dirent *ent; + g_autoptr(DIR) dir =3D NULL; + g_autofree char *con =3D NULL; + + if (virSecuritySELinuxRecallLabel(path, &con) < 0) + VIR_WARN("Failed to forget remembered SELinux labels for %s, ignor= ing", path); + + if (!virFileIsDir(path)) + return 0; + + if (virDirOpen(&dir, path) < 0) + return -1; + + while ((ret =3D virDirRead(dir, &ent, path)) > 0) { + g_autofree char *spath =3D NULL; + g_autofree char *scon =3D NULL; + + spath =3D g_strdup_printf("%s/%s", path, ent->d_name); + + if (virSecuritySELinuxRecallLabel(spath, &scon) < 0) + VIR_WARN("Failed to forget remembered SELinux labels for %s, i= gnoring", spath); + } + + return ret; +} + + static int virSecuritySELinuxSetFilecon(virSecurityManager *mgr, const char *path, const char *tcon, @@ -3709,6 +3754,15 @@ virSecuritySELinuxRestoreTPMLabels(virSecurityManage= r *mgr, if (restoreTPMStateLabel) { ret =3D virSecuritySELinuxRestoreFileLabels(mgr, def->tpms[i]->data.e= mulator.storagepath); + } else { + g_autofree char *oldlabel =3D NULL; + + /* Even if we're not restoring the original label for the + * TPM state directory, we should still forget any + * remembered label so that a subsequent attempt at TPM + * startup will not fail due to the state directory being + * considered as still in use */ + ignore_value(virSecuritySELinuxForgetLabels(def->tpms[i]->data= .emulator.storagepath)); } =20 if (ret =3D=3D 0 && --=20 2.46.0