From nobody Fri Dec 27 00:10:15 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=canonical.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1731508171899955.0193531755588; Wed, 13 Nov 2024 06:29:31 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id DE702180F; Wed, 13 Nov 2024 09:29:30 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id C015D176C; Wed, 13 Nov 2024 09:29:08 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id 8C8B31633; Wed, 13 Nov 2024 09:29:04 -0500 (EST) Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id A382C16FB for ; Wed, 13 Nov 2024 09:28:54 -0500 (EST) Received: from mail-oi1-f199.google.com (mail-oi1-f199.google.com [209.85.167.199]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id E8C2740593 for ; Wed, 13 Nov 2024 14:28:52 +0000 (UTC) Received: by mail-oi1-f199.google.com with SMTP id 5614622812f47-3e7a207b537so3229856b6e.2 for ; Wed, 13 Nov 2024 06:28:52 -0800 (PST) Received: from georgia.. ([2001:1284:f502:9d8:a684:3ba4:302a:698d]) by smtp.gmail.com with ESMTPSA id 5614622812f47-3e7b09b26f6sm574965b6e.37.2024.11.13.06.28.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Nov 2024 06:28:47 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1731508132; bh=Pk8Of/+sqckrlyameQNaRMqrwpBTCcfYRuSoBNFxNa0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=Ikdoi0p1cub2RlD/mrWGvIieNdS3PiG5puDegOoVCwsc+p058vzfcQWW5WU8YTc0N esWd424/jTYwNOLqVGDEfDpo/X2G0lNrCTnABriXjB30ByMA+w3sE2nesMOu2Zxp+u NELU66VmOK4MQ+ylpkn8GNJcD5MCOE+oTO8hctAu6RST8xepyElFhn8mQesvwiyjXL WgNpT9djRAx/a+8985LqgiDL+m4bX1Q3VrshxfyjVMUcVlnxd8XUnE52GyvhWDR5n9 H7+h7HsmbRHCKnOk2x46jxBVeYP4+IJOH7U1TbVliuaalmhj4KDGW6oV9cQMqPi4Zu yRqTYS8m9NOmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731508128; x=1732112928; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Pk8Of/+sqckrlyameQNaRMqrwpBTCcfYRuSoBNFxNa0=; b=b0Wm856nenQOWEKTWnUe8JZC6Ajf3ozZ4xZk6W8My5YHHiIs/6kFRWj9JRvMYw7JUj ZKNd85V7jb0FA0+DKYquhGtOz/HCsEq8na5yu68zY7+3r4AXJlPHK98ME5uTJJ+4AsBK bciEC6EwzUFLYItBdSv1R13c0RaYHU1g+NdfPPepMYCjzNUTU+77OblV9EdvWT7pEf/R yTxPgtOcUH2S/8jI1BE/1oIgHQOYLlci5DMw/1EqWHSea+63EPIFGs0gqVOY73AnD1vG 0rJvihdW9aSgQNr2fxesOgnJngqyZ90eO3Ov39baJ5hzLbc6foGd0iromh2VnmqejRla 1WAg== X-Gm-Message-State: AOJu0YzasqhRNEuhu70wgEpOa+zzGNQRufnYTspwwaLDfmZ5BsmwoIYb YNFkHuFf4OUa7RQh2NraPBpWpV8LjjgmDnkOIPcvY2favliLVSNSkXBkiYZaVLwxGTDtgMcIJFF Y2Ih6uS0a3SHANgJPKr9d+mNual5Ac01M4WBhm7zheFYB/N/FwdCg7ntbpFTfOO3q1QsgB7bsYj 0cwOJlgw== X-Received: by 2002:a05:6808:3194:b0:3e7:5ab1:35b4 with SMTP id 5614622812f47-3e794706397mr20137305b6e.30.1731508128497; Wed, 13 Nov 2024 06:28:48 -0800 (PST) X-Google-Smtp-Source: AGHT+IFcXrtfuR/wLckJ+IUFBsVRMSbBB1hrDqy0xAzwqWVMR4hUkRonXZH/0BkqDBhoCU+evIMqbQ== X-Received: by 2002:a05:6808:3194:b0:3e7:5ab1:35b4 with SMTP id 5614622812f47-3e794706397mr20137290b6e.30.1731508128231; Wed, 13 Nov 2024 06:28:48 -0800 (PST) From: Georgia Garcia To: devel@lists.libvirt.org Subject: [PATCH v2 1/4] security_apparmor: fix memleaks in AppArmorSetFDLabel Date: Wed, 13 Nov 2024 11:28:34 -0300 Message-Id: <20241113142837.529332-2-georgia.garcia@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241113142837.529332-1-georgia.garcia@canonical.com> References: <20241113142837.529332-1-georgia.garcia@canonical.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: U56KOMDQNHORSER6QYNJJJ7WBLXJSP2B X-Message-ID-Hash: U56KOMDQNHORSER6QYNJJJ7WBLXJSP2B X-MailFrom: georgia.garcia@canonical.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Georgia Garcia X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Computed bodyhash is different from the expected one) X-ZM-MESSAGEID: 1731508173201116600 Content-Type: text/plain; charset="utf-8" proc and fd_path are allocated but never freed. Fix by using g_autofree instead. Fixes: b9757fea30785a92aa95ea675b9bc371e4fb2e8c Signed-off-by: Georgia Garcia --- src/security/security_apparmor.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/security/security_apparmor.c b/src/security/security_appar= mor.c index 07e95ec81d..7092724563 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -1107,8 +1107,8 @@ AppArmorSetFDLabel(virSecurityManager *mgr, virDomainDef *def, int fd) { - char *proc =3D NULL; - char *fd_path =3D NULL; + g_autofree char *proc =3D NULL; + g_autofree char *fd_path =3D NULL; =20 virSecurityLabelDef *secdef =3D virDomainDefGetSecurityLabelDef(def, SECURITY_APPARMOR_NAME); --=20 2.34.1 From nobody Fri Dec 27 00:10:15 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=canonical.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1731508211142924.6668132248766; Wed, 13 Nov 2024 06:30:11 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id 08BA01793; Wed, 13 Nov 2024 09:30:10 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id EADDD173E; Wed, 13 Nov 2024 09:29:11 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id 7F2061720; Wed, 13 Nov 2024 09:29:05 -0500 (EST) Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 0F987190B for ; Wed, 13 Nov 2024 09:28:55 -0500 (EST) Received: from mail-oo1-f71.google.com (mail-oo1-f71.google.com [209.85.161.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 1A6EC3F336 for ; Wed, 13 Nov 2024 14:28:54 +0000 (UTC) Received: by mail-oo1-f71.google.com with SMTP id 006d021491bc7-5eb7ed1d6deso3734631eaf.3 for ; Wed, 13 Nov 2024 06:28:54 -0800 (PST) Received: from georgia.. ([2001:1284:f502:9d8:a684:3ba4:302a:698d]) by smtp.gmail.com with ESMTPSA id 5614622812f47-3e7b09b26f6sm574965b6e.37.2024.11.13.06.28.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Nov 2024 06:28:50 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1731508134; bh=jiGU7vKjWN+3hP4ymZlRPch11IhLpQWXR2sXBaMLLkI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=q23XZz44mY2ULjSWTIK7E6K/tYMTv51AjcQl/T6NBdfrok2kP2PS66SoiAtVSbm9O cvlEoQk9WUdgkWWPmvBZ7RPL1gVWQqlp8loUrt15qbgj/IvhWglsTPF9RhwqfA3JIC X7k32+Wf5PrOgZeXCxzTG0ysYczrs/0hbZqhMTliy01zFomNwI/IyZm47lwooRaAAE oXReT9zqsPIBE5mVWQO/H/bjD0IbizZFPAUh2NaGgoW7rV7zeqJ/LnCZPA3Yx3OIoU nDzOGFpB44bOePDFtPMDIv8Xkc6UkINbFwC6y46Xt5yK8/tG/jSA2xU4xMFFs8c/a1 irjayshFnxcnA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731508132; x=1732112932; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jiGU7vKjWN+3hP4ymZlRPch11IhLpQWXR2sXBaMLLkI=; b=fN8eIqrgie8TPraR/AioYsf9n/aXFGGNzvP44lqCyKk4q4H+Jw20c7Lwp9qthlsPQx VECa8zQeDUzIKvZ4/vC6KrRIZsXat+TQjvEe4ynpRS59NX5HLgPqT3Lh7MbDGWCUy5fn S/1+YnhKViuoQNlsph4VtTTUdw1NvY9vonDt1uvxGV7HzD+RB9PV094RAtiLw+m+xJkC 7M4KvQzxTxbRctKtanFEnoLhkSXROI+oEXfWpHa38FGChx8ErtHC8piAsK9RQvWrCn6G OCxM7mCB7XZUL7a7yLolBksshKkEwgRBXz2oRlK6ZmR93MDfUc4wT7Ez78BB1qEw1KHQ 2W0w== X-Gm-Message-State: AOJu0YwSI0fC+iwWUBgm65AMXWWKD4FRMXUvhqHxCMw27mfjbD57Bc5L /kthBGARArJFZVgE8onHxM0Kr/5ZGiRFIt9SO7FVZIReozm5YSlAAzSgaiD6q1GIcloCtzH5zT/ YPWPSUOY3y0EesGqaJp94WWNHky5ixHVhejTTcQqjmvQEKGEJ5oNJHKqK+A2LLRELSbxPLW51rm jONtUgOg== X-Received: by 2002:a05:6808:106:b0:3e6:143a:fadc with SMTP id 5614622812f47-3e794692a50mr16326990b6e.3.1731508131867; Wed, 13 Nov 2024 06:28:51 -0800 (PST) X-Google-Smtp-Source: AGHT+IHQ6WX+RMwgmdKjiOJUHtZf1Tew614kEqrHuzbogg+ifQ28GJQb33AehPMzksv81irbIe8jcg== X-Received: by 2002:a05:6808:106:b0:3e6:143a:fadc with SMTP id 5614622812f47-3e794692a50mr16326964b6e.3.1731508131474; Wed, 13 Nov 2024 06:28:51 -0800 (PST) From: Georgia Garcia To: devel@lists.libvirt.org Subject: [PATCH v2 2/4] security: replace uses of label and VIR_FREE by g_autofree Date: Wed, 13 Nov 2024 11:28:35 -0300 Message-Id: <20241113142837.529332-3-georgia.garcia@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241113142837.529332-1-georgia.garcia@canonical.com> References: <20241113142837.529332-1-georgia.garcia@canonical.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: PH3YCYTAWQQ4OJ5QJRIQXZMKTGSXESZP X-Message-ID-Hash: PH3YCYTAWQQ4OJ5QJRIQXZMKTGSXESZP X-MailFrom: georgia.garcia@canonical.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Georgia Garcia X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Computed bodyhash is different from the expected one) X-ZM-MESSAGEID: 1731508211511116600 Content-Type: text/plain; charset="utf-8" Moving towards full adoption of GLib APIs in the AppArmor code. Signed-off-by: Georgia Garcia --- src/security/security_apparmor.c | 41 ++++--------- src/security/virt-aa-helper.c | 100 ++++++++++--------------------- 2 files changed, 45 insertions(+), 96 deletions(-) diff --git a/src/security/security_apparmor.c b/src/security/security_appar= mor.c index 7092724563..9e578b2526 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -115,37 +115,28 @@ profile_loaded(const char *str) static int profile_status_file(const char *str) { - char *profile =3D NULL; - char *content =3D NULL; - char *tmp =3D NULL; - int rc =3D -1; + g_autofree char *profile =3D NULL; + g_autofree char *content =3D NULL; + g_autofree char *tmp =3D NULL; int len; =20 profile =3D g_strdup_printf("%s/%s", APPARMOR_DIR "/libvirt", str); =20 if (!virFileExists(profile)) - goto failed; + return -1; =20 if ((len =3D virFileReadAll(profile, MAX_FILE_LEN, &content)) < 0) { virReportSystemError(errno, _("Failed to read \'%1$s\'"), profile); - goto failed; + return -1; } =20 /* create string that is ' flags=3D(complain)\0' */ tmp =3D g_strdup_printf(" %s flags=3D(complain)", str); =20 if (strstr(content, tmp) !=3D NULL) - rc =3D 0; - else - rc =3D 1; - - failed: - VIR_FREE(tmp); - VIR_FREE(profile); - VIR_FREE(content); - - return rc; + return 0; + return 1; } =20 /* @@ -218,7 +209,7 @@ static int use_apparmor(void) { int rc =3D -1; - char *libvirt_daemon =3D NULL; + g_autofree char *libvirt_daemon =3D NULL; =20 if (virFileResolveLink("/proc/self/exe", &libvirt_daemon) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, @@ -232,7 +223,7 @@ use_apparmor(void) return 1; =20 if (access(APPARMOR_PROFILES_PATH, R_OK) !=3D 0) - goto cleanup; + return rc; =20 /* First check profile status using full binary path. If that fails * check using profile name. @@ -245,8 +236,6 @@ use_apparmor(void) rc =3D -1; } =20 - cleanup: - VIR_FREE(libvirt_daemon); return rc; } =20 @@ -948,7 +937,7 @@ AppArmorSetChardevLabel(virSecurityManager *mgr, virDomainChrSourceDef *dev_source, bool chardevStdioLogd G_GNUC_UNUSED) { - char *in =3D NULL, *out =3D NULL; + g_autofree char *in =3D NULL, *out =3D NULL; int ret =3D -1; virSecurityLabelDef *secdef; =20 @@ -969,11 +958,11 @@ AppArmorSetChardevLabel(virSecurityManager *mgr, out =3D g_strdup_printf("%s.out", dev_source->data.file.path); if (virFileExists(in)) { if (reload_profile(mgr, def, in, true) < 0) - goto done; + return ret; } if (virFileExists(out)) { if (reload_profile(mgr, def, out, true) < 0) - goto done; + return ret; } ret =3D reload_profile(mgr, def, dev_source->data.file.path, true); break; @@ -993,9 +982,6 @@ AppArmorSetChardevLabel(virSecurityManager *mgr, break; } =20 - done: - VIR_FREE(in); - VIR_FREE(out); return ret; } =20 @@ -1081,12 +1067,11 @@ AppArmorSetPathLabel(virSecurityManager *mgr, bool allowSubtree) { int rc =3D -1; - char *full_path =3D NULL; + g_autofree char *full_path =3D NULL; =20 if (allowSubtree) { full_path =3D g_strdup_printf("%s/{,**}", path); rc =3D reload_profile(mgr, def, full_path, true); - VIR_FREE(full_path); } else { rc =3D reload_profile(mgr, def, path, true); } diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 067a17f331..601f2d2581 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -146,9 +146,8 @@ vah_info(const char *str) static int parserCommand(const char *profile_name, const char cmd) { - int result =3D -1; char flag[3]; - char *profile; + g_autofree char *profile =3D NULL; int status; int ret; =20 @@ -163,7 +162,7 @@ parserCommand(const char *profile_name, const char cmd) =20 if (!virFileExists(profile)) { vah_error(NULL, 0, _("profile does not exist")); - goto cleanup; + return -1; } else { const char * const argv[] =3D { "/sbin/apparmor_parser", flag, profile, NULL @@ -175,23 +174,18 @@ parserCommand(const char *profile_name, const char cm= d) (WIFEXITED(status) && WEXITSTATUS(status) !=3D 0)) { if (ret !=3D 0) { vah_error(NULL, 0, _("failed to run apparmor_parser")); - goto cleanup; + return -1; } else if (cmd =3D=3D 'R' && WIFEXITED(status) && WEXITSTATUS(status) =3D=3D 234) { vah_warning(_("unable to unload already unloaded profile")= ); } else { vah_error(NULL, 0, _("apparmor_parser exited with error")); - goto cleanup; + return -1; } } } =20 - result =3D 0; - - cleanup: - VIR_FREE(profile); - - return result; + return 0; } =20 /* @@ -201,18 +195,17 @@ static int update_include_file(const char *include_file, const char *included_files, bool append) { - int rc =3D -1; int plen, flen =3D 0; int fd; - char *pcontent =3D NULL; - char *existing =3D NULL; + g_autofree char *pcontent =3D NULL; + g_autofree char *existing =3D NULL; const char *warning =3D "# DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.\n"; =20 if (virFileExists(include_file)) { flen =3D virFileReadAll(include_file, MAX_FILE_LEN, &existing); if (flen < 0) - return rc; + return -1; } =20 if (append && virFileExists(include_file)) @@ -223,38 +216,31 @@ update_include_file(const char *include_file, const c= har *included_files, plen =3D strlen(pcontent); if (plen > MAX_FILE_LEN) { vah_error(NULL, 0, _("invalid length for new profile")); - goto cleanup; + return -1; } =20 /* only update the disk profile if it is different */ if (flen > 0 && flen =3D=3D plen && STREQLEN(existing, pcontent, plen)= ) { - rc =3D 0; - goto cleanup; + return 0; } =20 /* write the file */ if ((fd =3D open(include_file, O_CREAT | O_TRUNC | O_WRONLY, 0644)) = =3D=3D -1) { vah_error(NULL, 0, _("failed to create include file")); - goto cleanup; + return -1; } =20 if (safewrite(fd, pcontent, plen) < 0) { /* don't write the '\0' */ VIR_FORCE_CLOSE(fd); vah_error(NULL, 0, _("failed to write to profile")); - goto cleanup; + return -1; } =20 if (VIR_CLOSE(fd) !=3D 0) { vah_error(NULL, 0, _("failed to close or write to profile")); - goto cleanup; + return -1; } - rc =3D 0; - - cleanup: - VIR_FREE(pcontent); - VIR_FREE(existing); - - return rc; + return 0; } =20 /* @@ -572,7 +558,7 @@ caps_mockup(vahControl * ctl, const char *xmlStr) { g_autoptr(xmlDoc) xml =3D NULL; g_autoptr(xmlXPathContext) ctxt =3D NULL; - char *arch; + g_autofree char *arch =3D NULL; =20 if (!(xml =3D virXMLParse(NULL, xmlStr, _("(domain_definition)"), "domain", &ctxt, NULL, false))) { @@ -598,7 +584,6 @@ caps_mockup(vahControl * ctl, const char *xmlStr) ctl->arch =3D virArchFromHost(); } else { ctl->arch =3D virArchFromString(arch); - VIR_FREE(arch); } =20 return 0; @@ -683,15 +668,15 @@ get_definition(vahControl * ctl, const char *xmlStr) static int vah_add_path(virBuffer *buf, const char *path, const char *perms, bool rec= ursive) { - char *tmp =3D NULL; int rc =3D -1; bool readonly =3D true; bool explicit_deny_rule =3D true; char *sub =3D NULL; - char *perms_new =3D NULL; - char *pathdir =3D NULL; - char *pathtmp =3D NULL; - char *pathreal =3D NULL; + g_autofree char *tmp =3D NULL; + g_autofree char *perms_new =3D NULL; + g_autofree char *pathdir =3D NULL; + g_autofree char *pathtmp =3D NULL; + g_autofree char *pathreal =3D NULL; =20 if (path =3D=3D NULL) return rc; @@ -728,7 +713,7 @@ vah_add_path(virBuffer *buf, const char *path, const ch= ar *perms, bool recursive if ((pathreal =3D realpath(pathdir, NULL)) =3D=3D NULL) { vah_error(NULL, 0, pathdir); vah_error(NULL, 0, _("could not find realpath")); - goto cleanup; + return rc; } tmp =3D g_strdup_printf("%s%s", pathreal, pathtmp); } @@ -752,7 +737,7 @@ vah_add_path(virBuffer *buf, const char *path, const ch= ar *perms, bool recursive vah_error(NULL, 0, path); vah_error(NULL, 0, _("skipped restricted file")); } - goto cleanup; + return rc; } =20 if (tmp[strlen(tmp) - 1] =3D=3D '/') @@ -769,13 +754,6 @@ vah_add_path(virBuffer *buf, const char *path, const c= har *perms, bool recursive virBufferAsprintf(buf, " \"%s/\" r,\n", tmp); } =20 - cleanup: - VIR_FREE(pathdir); - VIR_FREE(pathtmp); - VIR_FREE(pathreal); - VIR_FREE(perms_new); - VIR_FREE(tmp); - return rc; } =20 @@ -791,36 +769,28 @@ vah_add_file_chardev(virBuffer *buf, const char *perms, const int type) { - char *pipe_in; - char *pipe_out; - int rc =3D -1; + g_autofree char *pipe_in =3D NULL; + g_autofree char *pipe_out =3D NULL; =20 if (type =3D=3D VIR_DOMAIN_CHR_TYPE_PIPE) { /* add the pipe input */ pipe_in =3D g_strdup_printf("%s.in", path); =20 if (vah_add_file(buf, pipe_in, perms) !=3D 0) - goto clean_pipe_in; + return -1; =20 /* add the pipe output */ pipe_out =3D g_strdup_printf("%s.out", path); =20 if (vah_add_file(buf, pipe_out, perms) !=3D 0) - goto clean_pipe_out; - - rc =3D 0; - clean_pipe_out: - VIR_FREE(pipe_out); - clean_pipe_in: - VIR_FREE(pipe_in); + return -1; } else { /* add the file */ if (vah_add_file(buf, path, perms) !=3D 0) return -1; - rc =3D 0; } =20 - return rc; + return 0; } =20 static int @@ -1467,8 +1437,8 @@ main(int argc, char **argv) vahControl _ctl =3D { 0 }; vahControl *ctl =3D &_ctl; int rc =3D -1; - char *profile =3D NULL; - char *include_file =3D NULL; + g_autofree char *profile =3D NULL; + g_autofree char *include_file =3D NULL; off_t size; bool purged =3D 0; =20 @@ -1511,7 +1481,7 @@ main(int argc, char **argv) if (ctl->cmd =3D=3D 'D') unlink(include_file); } else if (ctl->cmd =3D=3D 'c' || ctl->cmd =3D=3D 'r') { - char *included_files =3D NULL; + g_autofree char *included_files =3D NULL; g_auto(virBuffer) buf =3D VIR_BUFFER_INITIALIZER; =20 if (ctl->cmd =3D=3D 'c' && virFileExists(profile)) @@ -1573,7 +1543,7 @@ main(int argc, char **argv) =20 /* create the profile from TEMPLATE */ if (ctl->cmd =3D=3D 'c' || purged) { - char *tmp =3D NULL; + g_autofree char *tmp =3D NULL; #if defined(WITH_APPARMOR_3) const char *ifexists =3D "if exists "; #else @@ -1591,7 +1561,6 @@ main(int argc, char **argv) vah_error(ctl, 0, _("could not create profile")); unlink(include_file); } - VIR_FREE(tmp); } =20 if (rc =3D=3D 0 && !ctl->dryrun) { @@ -1607,14 +1576,9 @@ main(int argc, char **argv) unlink(profile); } } - cleanup: - VIR_FREE(included_files); } - + cleanup: vahDeinit(ctl); =20 - VIR_FREE(profile); - VIR_FREE(include_file); - exit(rc =3D=3D 0 ? EXIT_SUCCESS : EXIT_FAILURE); } --=20 2.34.1 From nobody Fri Dec 27 00:10:15 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=canonical.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 173150823783118.8972935469817; Wed, 13 Nov 2024 06:30:37 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id C30B417D9; Wed, 13 Nov 2024 09:30:36 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 7B3971735; Wed, 13 Nov 2024 09:29:13 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id E1268172F; Wed, 13 Nov 2024 09:29:07 -0500 (EST) Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 616F01949 for ; Wed, 13 Nov 2024 09:28:57 -0500 (EST) Received: from mail-oi1-f197.google.com (mail-oi1-f197.google.com [209.85.167.197]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 989663F336 for ; Wed, 13 Nov 2024 14:28:56 +0000 (UTC) Received: by mail-oi1-f197.google.com with SMTP id 5614622812f47-3e5f7514c0bso535823b6e.0 for ; Wed, 13 Nov 2024 06:28:56 -0800 (PST) Received: from georgia.. ([2001:1284:f502:9d8:a684:3ba4:302a:698d]) by smtp.gmail.com with ESMTPSA id 5614622812f47-3e7b09b26f6sm574965b6e.37.2024.11.13.06.28.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Nov 2024 06:28:53 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1731508136; bh=MgHn0QZdgAzT3Xoi6pHsDavXqkx1daSdm9n6D+aqlM4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=vsRXWQslc77C4r+gSrwkTC5FF0r4q7o7LXZpd/o7WWDQpQ9bRZIiG3Lu30O08nOA0 9uYPEQrScXLYXwhKs2v9XhtOd07ZrmSf8SKumQYBlhNygg+hF6Rd23x0WmPjwtu3gz ZrrYuEjUNTSUr7th0xKEo3sMOPvN07ZvemNupjeZHxkSWkolY4I/cGI9DUJ66M10Qb vz67XL0ulhw/jemAqDkKiwzL8jXHSI7n2AGtuEixj6TSoAhqO/Y9mgtLwas7DnTI/Y YwZGrKg2t3RIg7M+wdlXb9Li7C4gzi3bCmJpdbZNjH/S7ytbRS39rBnZpNZFGt6jS6 FCk4vPlCBFtZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731508135; x=1732112935; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MgHn0QZdgAzT3Xoi6pHsDavXqkx1daSdm9n6D+aqlM4=; b=wx5FyXFzNKByKF7fjxHF2FH95Fw9jr5g5ONGNfs+nLisGlgG8QEwYi94ibA+SZxVb6 wuVxvIADAlW9ym3GfEpHdaXyPepRj2LYfhVopJwbv4aMVHR3ro7w8rhEM7hrKa7k/UdT kbaOyrysw5n/XENNnJuYmOvqHsST4D9AApzDLMJtPJpiuCCRr2T5+KGgEpPMCzV6hGXk 1XzN6bk2A5kKNJ2jwiHiMC4q9q1GZh+bN5n8TP2vWSykKXpzTkiL6pHlcdhfBoP8HGBD el/lJXCbLtqfjKxAzRgKbEn2fHq0pwnkZMKmHWKNgKohPL857a0LumgO6jv1P/NjAdrR E86A== X-Gm-Message-State: AOJu0YwjDb24o2/oN2MiUuDQjz/EZFQ5kEwJjSUModndaVix6oeoucQ4 YU6ek/A0bvkf+eHUysT+UtepE9M4G7YrXqwY4pH2Xdh6Uzf/GiktFn3fdvfktL878d1rEQGBc17 OpMyNUhFAz7FoGrF1clw4iPb/DhlcX0xMQEF1JLVkKqH75vKQyKgDL2kPSerw+wFCS7Ps/PczQK QtIbugsw== X-Received: by 2002:a05:6808:3c94:b0:3e7:65c7:f260 with SMTP id 5614622812f47-3e793ebdf69mr11432628b6e.1.1731508134990; Wed, 13 Nov 2024 06:28:54 -0800 (PST) X-Google-Smtp-Source: AGHT+IEH4LD0ZUVxpMb2i4sPHZ/qgrpj6PDOmoiq61JnmBdBQ3AJIWuu8eecj9O+NdNOTVbLLmUilw== X-Received: by 2002:a05:6808:3c94:b0:3e7:65c7:f260 with SMTP id 5614622812f47-3e793ebdf69mr11432609b6e.1.1731508134693; Wed, 13 Nov 2024 06:28:54 -0800 (PST) From: Georgia Garcia To: devel@lists.libvirt.org Subject: [PATCH v2 3/4] apparmor: fix UUID specification Date: Wed, 13 Nov 2024 11:28:36 -0300 Message-Id: <20241113142837.529332-4-georgia.garcia@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241113142837.529332-1-georgia.garcia@canonical.com> References: <20241113142837.529332-1-georgia.garcia@canonical.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: OXR7SZYJ47FFTIM2GM4IOJV77JMPOGTN X-Message-ID-Hash: OXR7SZYJ47FFTIM2GM4IOJV77JMPOGTN X-MailFrom: georgia.garcia@canonical.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Georgia Garcia X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Computed bodyhash is different from the expected one) X-ZM-MESSAGEID: 1731508239559116600 Content-Type: text/plain; charset="utf-8" There is a common misconception when writing AppArmor policy that [0-9]* applies * to the [0-9] class, but that's not the case. For this example, [0-9]* matches a single digit followed by any number of characters except for / Create a UUID variable that uses the following format 8-4-4-4-12. Signed-off-by: Georgia Garcia --- src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in | 5 ++++- src/security/apparmor/usr.sbin.libvirtd.in | 7 +++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in b/src/= security/apparmor/usr.lib.libvirt.virt-aa-helper.in index 44645c6989..90a8b7072c 100644 --- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in +++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in @@ -1,5 +1,8 @@ #include =20 +@{hextet}=3D[0-9a-f][0-9a-f][0-9a-f][0-9a-f] +@{UUID}=3D@{hextet}@{hextet}-@{hextet}-@{hextet}-@{hextet}-@{hextet}@{hext= et}@{hextet} + profile virt-aa-helper @libexecdir@/virt-aa-helper { #include #include @@ -44,7 +47,7 @@ profile virt-aa-helper @libexecdir@/virt-aa-helper { /{usr/,}{s,}bin/apparmor_parser Ux, =20 @sysconfdir@/apparmor.d/libvirt/* r, - @sysconfdir@/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0= -9a-f]*-[0-9a-f]* rw, + @sysconfdir@/apparmor.d/libvirt/libvirt-@{UUID}* rw, =20 # for backingstore -- allow access to non-hidden files in @{HOME} as well # as storage pools diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/appa= rmor/usr.sbin.libvirtd.in index 70e586895f..3659ddc219 100644 --- a/src/security/apparmor/usr.sbin.libvirtd.in +++ b/src/security/apparmor/usr.sbin.libvirtd.in @@ -1,4 +1,7 @@ #include + +@{hextet}=3D[0-9a-f][0-9a-f][0-9a-f][0-9a-f] +@{UUID}=3D@{hextet}@{hextet}-@{hextet}-@{hextet}-@{hextet}-@{hextet}@{hext= et}@{hextet} @{LIBVIRT}=3D"libvirt" =20 profile libvirtd @sbindir@/libvirtd flags=3D(attach_disconnected) { @@ -72,7 +75,7 @@ profile libvirtd @sbindir@/libvirtd flags=3D(attach_disco= nnected) { signal (send) set=3D("term") peer=3Dlibvirtd//qemu_bridge_helper, =20 # allow connect with openGraphicsFD, direction reversed in newer versions - unix (send, receive) type=3Dstream addr=3Dnone peer=3D(label=3Dlibvirt-[= 0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*), + unix (send, receive) type=3Dstream addr=3Dnone peer=3D(label=3Dlibvirt-@= {UUID}), # unconfined also required if guests run without security module unix (send, receive) type=3Dstream addr=3Dnone peer=3D(label=3Dunconfine= d), =20 @@ -115,7 +118,7 @@ profile libvirtd @sbindir@/libvirtd flags=3D(attach_dis= connected) { /etc/xen/scripts/** rmix, =20 # allow changing to our UUID-based named profiles - change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-= 9a-f]*, + change_profile -> @{LIBVIRT}-@{UUID}, =20 /usr/{lib,lib64,lib/qemu,libexec,libexec/qemu}/qemu-bridge-helper Cx -> = qemu_bridge_helper, # child profile for bridge helper process --=20 2.34.1 From nobody Fri Dec 27 00:10:15 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=canonical.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 173150828170884.39146568303488; Wed, 13 Nov 2024 06:31:21 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id 8F36B1724; Wed, 13 Nov 2024 09:31:20 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id C951D1995; Wed, 13 Nov 2024 09:29:17 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id 8F4FE1972; Wed, 13 Nov 2024 09:29:13 -0500 (EST) Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 34C271668 for ; Wed, 13 Nov 2024 09:29:02 -0500 (EST) Received: from mail-oi1-f197.google.com (mail-oi1-f197.google.com [209.85.167.197]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id E07683F206 for ; Wed, 13 Nov 2024 14:29:00 +0000 (UTC) Received: by mail-oi1-f197.google.com with SMTP id 5614622812f47-3e5f4437768so6453850b6e.3 for ; Wed, 13 Nov 2024 06:29:00 -0800 (PST) Received: from georgia.. ([2001:1284:f502:9d8:a684:3ba4:302a:698d]) by smtp.gmail.com with ESMTPSA id 5614622812f47-3e7b09b26f6sm574965b6e.37.2024.11.13.06.28.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Nov 2024 06:28:57 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1731508140; bh=UbLsFFkZG083nQHS7GOYPam7rJabql6ZeGzrDE32h/4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=AxxqOI8ZoRreU2WXQH5FYo844S3W+ZcNGHvUcELckWkzzwAVOO1CWLBHhekUL9Mns Ih9Odcxy0fq1yWP3iRebt1CPPy8YySLnS1dDcaJpL6O8Om7MDmN8SWVVfgRiolc3Nz LAU8kVpFCZfHAmgQwsXwcswvFjIoPakJ/xxvkH5G3sm82uaJkTOx4ZeJaA0MWt44d9 qu/nGT+wsNRehhGgEeOG1rcIJAHyEtLsTbQAyXOtU8RiXgSRSLViSZHc2GDpTlhbkT mn1u+IRlYkxXxZ0WUfeHVEk+T4m7rUbWWU1uk/9bN/FbcAN8n544z/A9UdbHMoBD1P eZesdKtVnKEgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731508139; x=1732112939; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UbLsFFkZG083nQHS7GOYPam7rJabql6ZeGzrDE32h/4=; b=hxDlMLaKFnMhOhsu92fSY/x8wdOowGCEGJpkE0j/tdSSbMwSknEoZodOGcR01UdEBc kFUi00LEBpwvuyiul8y5fqZso4kurg/MRIrMGNPKv3KgUNpg2BDrjWYW/gpELJvlNAY9 mt0TPhkvJLsgfjGWaMNlv5/1ld4IrDTghZzZc48bAyK0Whd37aUKoM/DZCerY+hXZIal NVlN0XLMBqzPLXFTq2DY95EoHR/h2K5tz4E10nlL103osaYl91T6uzXFDMjyJvvT1bpc bd/boqtTurVfFdJzSF7YjR9fSVOLrnGG0h4YxOU2oRSaJEfxK7lGuUDmkW9d5n++ciZQ DZjg== X-Gm-Message-State: AOJu0YwBfPh0K5kJWRxbw+kUaH2XF87SmnVKgJlUXFu1cQE6+wMEHjCq cz5na0PmObuwQEFLJaDDzNDlJSkYxl5vP9bpPLV6y7uDzMSsFed3b0FcnDsxQR6rVdI5c9AqbXB 1T5gxMd1+z66jIxnM6FQj/1tjZnajrUPXyXMPRYRF+JagPsD5V6/moey0onRKhHGgyQLZZAbj67 T2yM2wTA== X-Received: by 2002:a05:6808:318e:b0:3e7:b1a8:b29a with SMTP id 5614622812f47-3e7b1a8b88bmr2428916b6e.29.1731508138673; Wed, 13 Nov 2024 06:28:58 -0800 (PST) X-Google-Smtp-Source: AGHT+IG9w8nTBWu1wWInk9t9pJeQSGqR79ZIxImfujR6dr9BBr+MS2skaiS715J3tLZjOI6cssaiVQ== X-Received: by 2002:a05:6808:318e:b0:3e7:b1a8:b29a with SMTP id 5614622812f47-3e7b1a8b88bmr2428889b6e.29.1731508138317; Wed, 13 Nov 2024 06:28:58 -0800 (PST) From: Georgia Garcia To: devel@lists.libvirt.org Subject: [PATCH v2 4/4] virt-aa-helper: store dynamically generated rules Date: Wed, 13 Nov 2024 11:28:37 -0300 Message-Id: <20241113142837.529332-5-georgia.garcia@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241113142837.529332-1-georgia.garcia@canonical.com> References: <20241113142837.529332-1-georgia.garcia@canonical.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: N55BGJXQLFMXLATQSBFBUSQZXNSGXRTB X-Message-ID-Hash: N55BGJXQLFMXLATQSBFBUSQZXNSGXRTB X-MailFrom: georgia.garcia@canonical.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Georgia Garcia X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Computed bodyhash is different from the expected one) X-ZM-MESSAGEID: 1731508283961116600 Content-Type: text/plain; charset="utf-8" Some rules are generated dynamically during boot and added to the AppArmor policy. An example of that is macvtap devices that call the AppArmorSetFDLabel hook to add a rule for the tap device path. Since this information is dynamic, it is not available in the xml config, therefore whenever a "Restore" hook is called, the entire profile is regenerated by virt-aa-helper based only the information from the VM definition, so the dynamic/runtime information is lost. This patch stores the dynamically generated rules in a new file called libvirt-uuid.runtime_files which is included by the AppArmor policy. This file should exist while the domain is running and should be reloaded automatically whenever there's a restore operation. These rules only make sense when the VM is running, so the file is removed when the VM is shutdown. Note that there are no hooks for restoring FD labels, so that information is not removed from the set of rules while the domain is running. Closes: https://gitlab.com/libvirt/libvirt/-/issues/692 Signed-off-by: Georgia Garcia --- src/security/security_apparmor.c | 38 +++++++++++++++++++-------- src/security/virt-aa-helper.c | 45 ++++++++++++++++++++++++++------ 2 files changed, 64 insertions(+), 19 deletions(-) diff --git a/src/security/security_apparmor.c b/src/security/security_appar= mor.c index 9e578b2526..28f263ddd4 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -147,7 +147,8 @@ load_profile(virSecurityManager *mgr G_GNUC_UNUSED, const char *profile, virDomainDef *def, const char *fn, - bool append) + bool append, + bool runtime) { bool create =3D true; g_auto(virBuffer) buf =3D VIR_BUFFER_INITIALIZER; @@ -173,6 +174,8 @@ load_profile(virSecurityManager *mgr G_GNUC_UNUSED, } else { virCommandAddArgList(cmd, "-f", fn, NULL); } + if (runtime) + virCommandAddArgList(cmd, "-t", NULL); } =20 virCommandAddEnvFormat(cmd, @@ -243,10 +246,11 @@ use_apparmor(void) * NULL. */ static int -reload_profile(virSecurityManager *mgr, - virDomainDef *def, - const char *fn, - bool append) +reload_runtime_profile(virSecurityManager *mgr, + virDomainDef *def, + const char *fn, + bool append, + bool runtime) { virSecurityLabelDef *secdef =3D virDomainDefGetSecurityLabelDef( def, SECURITY_APPARMOR_NAM= E); @@ -256,7 +260,7 @@ reload_profile(virSecurityManager *mgr, =20 /* Update the profile only if it is loaded */ if (profile_loaded(secdef->imagelabel) >=3D 0) { - if (load_profile(mgr, secdef->imagelabel, def, fn, append) < 0) { + if (load_profile(mgr, secdef->imagelabel, def, fn, append, runtime= ) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("cannot update AppArmor profile \'%1$s\'"), secdef->imagelabel); @@ -266,6 +270,18 @@ reload_profile(virSecurityManager *mgr, return 0; } =20 +/* reload the profile, adding read/write file specified by fn if it is not + * NULL. + */ +static int +reload_profile(virSecurityManager *mgr, + virDomainDef *def, + const char *fn, + bool append) +{ + return reload_runtime_profile(mgr, def, fn, append, false); +} + static int AppArmorSetSecurityHostdevLabelHelper(const char *file, void *opaque) { @@ -386,7 +402,7 @@ AppArmorGenSecurityLabel(virSecurityManager *mgr G_GNUC= _UNUSED, secdef->model =3D g_strdup(SECURITY_APPARMOR_NAME); =20 /* Now that we have a label, load the profile into the kernel. */ - if (load_profile(mgr, secdef->label, def, NULL, false) < 0) { + if (load_profile(mgr, secdef->label, def, NULL, false, false) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("cannot load AppArmor profile \'%1$s\'"), secdef->label); @@ -418,7 +434,7 @@ AppArmorSetSecurityAllLabel(virSecurityManager *mgr, /* Reload the profile if incomingPath is specified. Note that GenSecurityLabel() will have already been run. */ if (incomingPath) - return reload_profile(mgr, def, incomingPath, true); + return reload_runtime_profile(mgr, def, incomingPath, true, true); =20 return 0; } @@ -1071,9 +1087,9 @@ AppArmorSetPathLabel(virSecurityManager *mgr, =20 if (allowSubtree) { full_path =3D g_strdup_printf("%s/{,**}", path); - rc =3D reload_profile(mgr, def, full_path, true); + rc =3D reload_runtime_profile(mgr, def, full_path, true, true); } else { - rc =3D reload_profile(mgr, def, path, true); + rc =3D reload_runtime_profile(mgr, def, path, true, true); } =20 return rc; @@ -1109,7 +1125,7 @@ AppArmorSetFDLabel(virSecurityManager *mgr, return 0; } =20 - return reload_profile(mgr, def, fd_path, true); + return reload_runtime_profile(mgr, def, fd_path, true, true); } =20 static char * diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 601f2d2581..98cf9411ea 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -71,6 +71,7 @@ typedef struct { virArch arch; /* machine architecture */ char *newfile; /* newly added file */ bool append; /* append to .files instead of rewrite */ + bool runtime; /* file should be added to .runtime_files = */ } vahControl; =20 static int @@ -110,6 +111,7 @@ vah_usage(void) " Extra File:\n" " -f | --add-file add file to a profile gene= rated from XML\n" " -F | --append-file append file to an existing= profile\n" + " -t | --runtime file is valid only during = runtime\n" "\n"), progname); =20 puts(_("This command is intended to be used by libvirtd and not used d= irectly.\n")); @@ -1350,10 +1352,11 @@ vahParseArgv(vahControl * ctl, int argc, char **arg= v) { "replace", 0, 0, 'r' }, { "remove", 0, 0, 'R' }, { "uuid", 1, 0, 'u' }, + { "runtime", 0, 0, 't' }, { 0, 0, 0, 0 }, }; =20 - while ((arg =3D getopt_long(argc, argv, "acdDhrRH:b:u:p:f:F:", opt, + while ((arg =3D getopt_long(argc, argv, "acdDhrRH:b:u:p:f:F:t", opt, &idx)) !=3D -1) { switch (arg) { case 'a': @@ -1390,6 +1393,9 @@ vahParseArgv(vahControl * ctl, int argc, char **argv) PROFILE_NAME_SIZE) < 0) vah_error(ctl, 1, _("error copying UUID")); break; + case 't': + ctl->runtime =3D true; + break; default: vah_error(ctl, 1, _("unsupported option")); break; @@ -1439,9 +1445,16 @@ main(int argc, char **argv) int rc =3D -1; g_autofree char *profile =3D NULL; g_autofree char *include_file =3D NULL; + g_autofree char *include_runtime_file =3D NULL; off_t size; bool purged =3D 0; =20 +#if defined(WITH_APPARMOR_3) + const char *ifexists =3D "if exists "; +#else + const char *ifexists =3D ""; +#endif + if (virGettextInitialize() < 0 || virErrorInitialize() < 0) { fprintf(stderr, _("%1$s: initialization failed\n"), argv[0]); @@ -1473,13 +1486,16 @@ main(int argc, char **argv) =20 profile =3D g_strdup_printf("%s/%s", APPARMOR_DIR "/libvirt", ctl->uui= d); include_file =3D g_strdup_printf("%s/%s.files", APPARMOR_DIR "/libvirt= ", ctl->uuid); + include_runtime_file =3D g_strdup_printf("%s/%s.runtime_files", APPARM= OR_DIR "/libvirt", ctl->uuid); =20 if (ctl->cmd =3D=3D 'a') { rc =3D parserLoad(ctl->uuid); } else if (ctl->cmd =3D=3D 'R' || ctl->cmd =3D=3D 'D') { rc =3D parserRemove(ctl->uuid); - if (ctl->cmd =3D=3D 'D') + if (ctl->cmd =3D=3D 'D') { unlink(include_file); + unlink(include_runtime_file); + } } else if (ctl->cmd =3D=3D 'c' || ctl->cmd =3D=3D 'r') { g_autofree char *included_files =3D NULL; g_auto(virBuffer) buf =3D VIR_BUFFER_INITIALIZER; @@ -1507,6 +1523,7 @@ main(int argc, char **argv) if (vah_add_file(&buf, ctl->newfile, "rwk") !=3D 0) goto cleanup; } else { + virBufferAsprintf(&buf, " #include %s\n", ifexists, ctl->uuid); if (ctl->def->virtType =3D=3D VIR_DOMAIN_VIRT_QEMU || ctl->def->virtType =3D=3D VIR_DOMAIN_VIRT_KQEMU || ctl->def->virtType =3D=3D VIR_DOMAIN_VIRT_KVM) { @@ -1529,11 +1546,20 @@ main(int argc, char **argv) =20 /* (re)create the include file using included_files */ if (ctl->dryrun) { - vah_info(include_file); + if (ctl->runtime) + vah_info(include_runtime_file); + else + vah_info(include_file); vah_info(included_files); rc =3D 0; } else if (ctl->def->virtType =3D=3D VIR_DOMAIN_VIRT_LXC) { rc =3D 0; + } else if (ctl->runtime) { + /* runtime should only update include_runtime_file */ + if ((rc =3D update_include_file(include_runtime_file, + included_files, + ctl->append)) !=3D 0) + goto cleanup; } else if ((rc =3D update_include_file(include_file, included_files, ctl->append)) !=3D 0) { @@ -1544,11 +1570,12 @@ main(int argc, char **argv) /* create the profile from TEMPLATE */ if (ctl->cmd =3D=3D 'c' || purged) { g_autofree char *tmp =3D NULL; -#if defined(WITH_APPARMOR_3) - const char *ifexists =3D "if exists "; -#else - const char *ifexists =3D ""; -#endif + + /* ideally libvirt-uuid.files and + * libvirt-uuid.runtime_files should be in libvirt-uuid.d/ + * and the directory should be included instead, but how + * to deal with running domains when the libvirt-uuid + * profile is not recreated? */ tmp =3D g_strdup_printf(" #include %s\n", i= fexists, ctl->uuid); =20 if (ctl->dryrun) { @@ -1560,6 +1587,7 @@ main(int argc, char **argv) ctl->def->virtType)) !=3D 0) { vah_error(ctl, 0, _("could not create profile")); unlink(include_file); + unlink(include_runtime_file); } } =20 @@ -1572,6 +1600,7 @@ main(int argc, char **argv) /* cleanup */ if (rc !=3D 0) { unlink(include_file); + unlink(include_runtime_file); if (ctl->cmd =3D=3D 'c') unlink(profile); } --=20 2.34.1