From nobody Tue Jan 21 04:14:19 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=canonical.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1736263611999814.7252576505207; Tue, 7 Jan 2025 07:26:51 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id 1BFA9E77; Tue, 7 Jan 2025 10:26:51 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 520D4110A; Tue, 7 Jan 2025 10:24:26 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id A51DCC7C; Tue, 7 Jan 2025 10:24:23 -0500 (EST) Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id CC587C7C for ; Tue, 7 Jan 2025 10:24:19 -0500 (EST) Received: from mail-pl1-f197.google.com (mail-pl1-f197.google.com [209.85.214.197]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 0981B3F870 for ; Tue, 7 Jan 2025 15:24:19 +0000 (UTC) Received: by mail-pl1-f197.google.com with SMTP id d9443c01a7336-2166e907b5eso208131435ad.3 for ; Tue, 07 Jan 2025 07:24:18 -0800 (PST) Received: from georgia.. ([2001:1284:f502:1965:7bc6:bb4:7636:7bb1]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-842b85f00f9sm31048120a12.43.2025.01.07.07.24.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 07:24:16 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1736263459; bh=fS3ikCwqEEwFmExhPX06DJ+FISp/hnNuN8QV0pbpyT8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=aBl2TeEVM5026P14H+X+802fs/SY/3WGoF3zDFG5RZ6bz0uq/8RFrqwUBzDTTRBPk 5Bw5pWU4wKLN7sVQQZ0R+jr0vqaDD/HxjbDFOF7vX7uysYZnOFHbTk+zonBqm2kXi2 KbIYWA1d++OaWG1Y7yduEXORWMP237g2B+HqeYQDT8Nw2mWEOasAluBf5rMkvjfOCv zVn5iXqpQ6786bkzxKzUaKIfbPYP/c+raBSItIpAi82yLxO/9Fon4sxcI22wXHzOSt zmKtr0WAfwnOJ6yaJbPZco/TY3ANNK9wo9/jIFIXA+qZy0Tm7qj0Pa+r60OUlghIbr 94i3fGkVGSPiw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736263457; x=1736868257; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fS3ikCwqEEwFmExhPX06DJ+FISp/hnNuN8QV0pbpyT8=; b=JjgKuOJ6mU62/dSu1UmcCUsn7DT9jCi6RkQABZK3H+RTX52INdirQaDe5vX7Q1Ybo8 kfbJxwrzQ8lIafjSr2oLX+mwzp06CZQAvAf9KdaoCMxKvGYeBvuLNBlW+yoK3nPvN/+t MO+FWVvYTXPh8VNicdcyHrqATMjHFFPUNogUyLppA4ZrtMUNjZ+UVSUKUs4O65JrWDBu h11JVKXSXAOWp2hEXoQNXpdl8Q1PI+MHU3oGKGIVvg4lc+DLppPPNUqoTkaoIMaqtXuf /xKXKh04OfxQp3erbtY+nD9OGCPThYKKlMAqiv/0vPHdZ+nL2pJoHq+NP7oEH/4mJjVp 4ATQ== X-Gm-Message-State: AOJu0Yw3AWSgi1KSA7Y1MGewqBHfxdwKkiRixHaltZjaMrmnQAo2UV61 dgQOboA2sLQSCJ6d1uz+m3TQ82DRKgFFOtoq4WmeX1xjo680tW5L1F3DyWTI0G7DnTGjVwsPktP SZyh6OPiUcC6NAptCHUsL+huVcUaAHVCgzQO07icJQUjCWjcL34lZ3VgohJmMAMBJbhY8KILPvO w4laM= X-Gm-Gg: ASbGncv2ES/xBz9fW88MFpZ8HVjqCkN8Ja29ZdCj9S+dU6Hr5wdwA0DRHHC4c/j0SS2 YxakhmcxpEp50LkORnzgkGR4DPSapwT0oxs23ib6uldQPgV0p9yO8jbql8PmPiqCUAaEFbYPGQA daCKS6t2SfbIcRwlT5cQFutAYZx5lD8Kcon2TwqqaH8WGiiQuRGjfhWPY/WJccJ7ca5Kvk2sM/f F+RxBLRcw4MWJoa+mdPYRuHo+ZwNv295HxDu3yfsmovvuCkT5JIEcj74tBdysc4jfWw X-Received: by 2002:a05:6a21:3285:b0:1e1:aad7:d50d with SMTP id adf61e73a8af0-1e5e084b681mr111520648637.46.1736263457240; Tue, 07 Jan 2025 07:24:17 -0800 (PST) X-Google-Smtp-Source: AGHT+IGB2YkQAFDvy0TIjtOiqt4m+bOSl5S3wm1NsLNrKOyzCCNsQq2LlL3/IcpLVTCZkD0XCzfFfg== X-Received: by 2002:a05:6a21:3285:b0:1e1:aad7:d50d with SMTP id adf61e73a8af0-1e5e084b681mr111520620637.46.1736263456932; Tue, 07 Jan 2025 07:24:16 -0800 (PST) From: Georgia Garcia To: devel@lists.libvirt.org Subject: [PATCH v3 1/4] security_apparmor: fix memleaks in AppArmorSetFDLabel Date: Tue, 7 Jan 2025 12:23:36 -0300 Message-ID: <20250107152357.1026544-2-georgia.garcia@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250107152357.1026544-1-georgia.garcia@canonical.com> References: <20250107152357.1026544-1-georgia.garcia@canonical.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: X5XZ5XUSDZIFB76V5Z6EF7G2F4WHXGVM X-Message-ID-Hash: X5XZ5XUSDZIFB76V5Z6EF7G2F4WHXGVM X-MailFrom: georgia.garcia@canonical.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Georgia Garcia X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1736263613857116600 Content-Type: text/plain; charset="utf-8" proc and fd_path are allocated but never freed. Fix by using g_autofree instead. Fixes: b9757fea30785a92aa95ea675b9bc371e4fb2e8c Signed-off-by: Georgia Garcia Reviewed-by: Jim Fehlig --- src/security/security_apparmor.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/security/security_apparmor.c b/src/security/security_appar= mor.c index eed0f265d6..ae2175d334 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -1109,8 +1109,8 @@ AppArmorSetFDLabel(virSecurityManager *mgr, virDomainDef *def, int fd) { - char *proc =3D NULL; - char *fd_path =3D NULL; + g_autofree char *proc =3D NULL; + g_autofree char *fd_path =3D NULL; =20 virSecurityLabelDef *secdef =3D virDomainDefGetSecurityLabelDef(def, SECURITY_APPARMOR_NAME); --=20 2.43.0 From nobody Tue Jan 21 04:14:19 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=canonical.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1736263694452820.8162367013801; Tue, 7 Jan 2025 07:28:14 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id 83EB7E5C; Tue, 7 Jan 2025 10:28:13 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 8C66A1185; Tue, 7 Jan 2025 10:24:29 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id 8CE84C7C; Tue, 7 Jan 2025 10:24:26 -0500 (EST) Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 06FEFC6B for ; Tue, 7 Jan 2025 10:24:23 -0500 (EST) Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 183E13F2BD for ; Tue, 7 Jan 2025 15:24:22 +0000 (UTC) Received: by mail-pl1-f199.google.com with SMTP id d9443c01a7336-21632eacb31so167452065ad.0 for ; Tue, 07 Jan 2025 07:24:22 -0800 (PST) Received: from georgia.. ([2001:1284:f502:1965:7bc6:bb4:7636:7bb1]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-842b85f00f9sm31048120a12.43.2025.01.07.07.24.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 07:24:19 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1736263462; bh=17lQZKl+ciFe61HPR9L6kunP/iM/1XszbrSsGsku9vA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=SyKg2KTJGX0S0Z3vZF7e81M6SOtyi6YyqoYUT28jt+Y9k4eewkTOzggKrZXELOybm PbtzzE9EMzSxfJul4Lx3ccG7OTu6dT6902FMYkuIFwHXq+R0oj4MS+aHfZuU866SWJ EtgAnFfI9eSdDzTgzBWPFCZblE0ia9MLGvmcE2jXlr/K1Jb6RiZkHjFn42duycUTlw 9EHe+88houJ+pWZybsCCItAdOSSrcRR9Jle3wjUvHPu2zfcvWAEdktYywNkfrbfFqD Z69mk5/Ga5/ET9Yn/h8+buYWPASRMERYYiB4E3mQCJRdyYSwN4Pc/P0i4Plstuj0KP mBkLlor/zZA9A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736263460; x=1736868260; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=17lQZKl+ciFe61HPR9L6kunP/iM/1XszbrSsGsku9vA=; b=MgRWmo0SKwsJrnZbUrLkKDVuqJEIDu/3JK+3mTB/yBdnllGtz2hGt1MYZmma2vZyas 8V3EksnjXkQvMEI9LKwJrdK7W2xVjj3WXKr0f5GTb9ER7znpOoqrWGw2UU8XCfWqYQd1 S0cZ4PNNWYBhxjMvPGn6qXBlTkDf5uXW9L4qOL+ShEo4BVCTNF+DEoADKsxlYZOghm6F JgRt2u5cz4tb/WVL+De/Tfysmuh4BAfyIp811XyepQxwFUtpWG9R+frtOeYuq/BEqIg6 Ir+wgVgusjOMmtOj5XB7RkpTYErfTWrka51DELsnNt8WjOVWBiDp3UK9tFZxzfgS305g RceQ== X-Gm-Message-State: AOJu0Yx1kx+n7wHlK1lTDnT1X1xlStV/CaooCRPCo0MIXGH0XM7MV63i NoccGqkMQ7JS9QXMCt4Sym/y+348LihqXcIdQLVEuax2HFA0b2DjO+U9v3+xy0lX0kEahjpilkD ZfDiEKmTO2dSSleR+mnRK9Myppuw4iXENH7MQdlkHTWAUypD4CTn2mQNtHBqlejTYXnWP0irr3B n89d4= X-Gm-Gg: ASbGnctlIiof/DUIZQwzqy/YH7nFUJkS2qdYGX2jsm1yaj6Ua42SiBRu2UbwkhifjPQ FOd8twls5PaJrVvNFd3Vs8YUOyYfUZNF+i+uniw2pW8fKTSaCSXtg57Cb1o9J63bqIsN3OjoDHs TwiaLi86i1ChcbZSU+YlHgbMXAKlMnDW2hR/athDYJZWTgmGAt2FxPFCPGzST2WEObaeOtoRw9i OPZLvpjhy/GEZ4hINko7iuhXVvg9Kk5Gk4W+1cyY1Et6CrRHW0TkzezmNWssAeKlk7W X-Received: by 2002:a17:903:2310:b0:215:a190:ba10 with SMTP id d9443c01a7336-219e6ea23d7mr825999825ad.15.1736263460147; Tue, 07 Jan 2025 07:24:20 -0800 (PST) X-Google-Smtp-Source: AGHT+IFblI3HCBcXFPqOIaWUMPZd7dDwOz9aJH/vvR2ZDr1i66NhzWQJoAFp6iZD1VZbic+aGAh1ww== X-Received: by 2002:a17:903:2310:b0:215:a190:ba10 with SMTP id d9443c01a7336-219e6ea23d7mr825999485ad.15.1736263459726; Tue, 07 Jan 2025 07:24:19 -0800 (PST) From: Georgia Garcia To: devel@lists.libvirt.org Subject: [PATCH v3 2/4] security: replace uses of label and VIR_FREE by g_autofree Date: Tue, 7 Jan 2025 12:23:37 -0300 Message-ID: <20250107152357.1026544-3-georgia.garcia@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250107152357.1026544-1-georgia.garcia@canonical.com> References: <20250107152357.1026544-1-georgia.garcia@canonical.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: KUD3EVE72ZNJKB7QWAS3ETUGI5LGQOHB X-Message-ID-Hash: KUD3EVE72ZNJKB7QWAS3ETUGI5LGQOHB X-MailFrom: georgia.garcia@canonical.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Georgia Garcia X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1736263696379116600 Content-Type: text/plain; charset="utf-8" Moving towards full adoption of GLib APIs in the AppArmor code. Signed-off-by: Georgia Garcia Reviewed-by: Jim Fehlig --- src/security/security_apparmor.c | 42 +++++-------- src/security/virt-aa-helper.c | 100 ++++++++++--------------------- 2 files changed, 46 insertions(+), 96 deletions(-) diff --git a/src/security/security_apparmor.c b/src/security/security_appar= mor.c index ae2175d334..91c51f6395 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -115,37 +115,28 @@ profile_loaded(const char *str) static int profile_status_file(const char *str) { - char *profile =3D NULL; - char *content =3D NULL; - char *tmp =3D NULL; - int rc =3D -1; + g_autofree char *profile =3D NULL; + g_autofree char *content =3D NULL; + g_autofree char *tmp =3D NULL; int len; =20 profile =3D g_strdup_printf("%s/%s", APPARMOR_DIR "/libvirt", str); =20 if (!virFileExists(profile)) - goto failed; + return -1; =20 if ((len =3D virFileReadAll(profile, MAX_FILE_LEN, &content)) < 0) { virReportSystemError(errno, _("Failed to read \'%1$s\'"), profile); - goto failed; + return -1; } =20 /* create string that is ' flags=3D(complain)\0' */ tmp =3D g_strdup_printf(" %s flags=3D(complain)", str); =20 if (strstr(content, tmp) !=3D NULL) - rc =3D 0; - else - rc =3D 1; - - failed: - VIR_FREE(tmp); - VIR_FREE(profile); - VIR_FREE(content); - - return rc; + return 0; + return 1; } =20 /* @@ -218,7 +209,7 @@ static int use_apparmor(void) { int rc =3D -1; - char *libvirt_daemon =3D NULL; + g_autofree char *libvirt_daemon =3D NULL; =20 if (virFileResolveLink("/proc/self/exe", &libvirt_daemon) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, @@ -232,7 +223,7 @@ use_apparmor(void) return 1; =20 if (access(APPARMOR_PROFILES_PATH, R_OK) !=3D 0) - goto cleanup; + return rc; =20 /* First check profile status using full binary path. If that fails * check using profile name. @@ -247,8 +238,6 @@ use_apparmor(void) rc =3D -1; } =20 - cleanup: - VIR_FREE(libvirt_daemon); return rc; } =20 @@ -950,7 +939,8 @@ AppArmorSetChardevLabel(virSecurityManager *mgr, virDomainChrSourceDef *dev_source, bool chardevStdioLogd G_GNUC_UNUSED) { - char *in =3D NULL, *out =3D NULL; + g_autofree char *in =3D NULL; + g_autofree char *out =3D NULL; int ret =3D -1; virSecurityLabelDef *secdef; =20 @@ -971,11 +961,11 @@ AppArmorSetChardevLabel(virSecurityManager *mgr, out =3D g_strdup_printf("%s.out", dev_source->data.file.path); if (virFileExists(in)) { if (reload_profile(mgr, def, in, true) < 0) - goto done; + return ret; } if (virFileExists(out)) { if (reload_profile(mgr, def, out, true) < 0) - goto done; + return ret; } ret =3D reload_profile(mgr, def, dev_source->data.file.path, true); break; @@ -995,9 +985,6 @@ AppArmorSetChardevLabel(virSecurityManager *mgr, break; } =20 - done: - VIR_FREE(in); - VIR_FREE(out); return ret; } =20 @@ -1083,12 +1070,11 @@ AppArmorSetPathLabel(virSecurityManager *mgr, bool allowSubtree) { int rc =3D -1; - char *full_path =3D NULL; + g_autofree char *full_path =3D NULL; =20 if (allowSubtree) { full_path =3D g_strdup_printf("%s/{,**}", path); rc =3D reload_profile(mgr, def, full_path, true); - VIR_FREE(full_path); } else { rc =3D reload_profile(mgr, def, path, true); } diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 94a28bf331..1626d5a89c 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -146,9 +146,8 @@ vah_info(const char *str) static int parserCommand(const char *profile_name, const char cmd) { - int result =3D -1; char flag[3]; - char *profile; + g_autofree char *profile =3D NULL; int status; int ret; =20 @@ -163,7 +162,7 @@ parserCommand(const char *profile_name, const char cmd) =20 if (!virFileExists(profile)) { vah_error(NULL, 0, _("profile does not exist")); - goto cleanup; + return -1; } else { const char * const argv[] =3D { "/sbin/apparmor_parser", flag, profile, NULL @@ -175,23 +174,18 @@ parserCommand(const char *profile_name, const char cm= d) (WIFEXITED(status) && WEXITSTATUS(status) !=3D 0)) { if (ret !=3D 0) { vah_error(NULL, 0, _("failed to run apparmor_parser")); - goto cleanup; + return -1; } else if (cmd =3D=3D 'R' && WIFEXITED(status) && WEXITSTATUS(status) =3D=3D 234) { vah_warning(_("unable to unload already unloaded profile")= ); } else { vah_error(NULL, 0, _("apparmor_parser exited with error")); - goto cleanup; + return -1; } } } =20 - result =3D 0; - - cleanup: - VIR_FREE(profile); - - return result; + return 0; } =20 /* @@ -201,18 +195,17 @@ static int update_include_file(const char *include_file, const char *included_files, bool append) { - int rc =3D -1; int plen, flen =3D 0; int fd; - char *pcontent =3D NULL; - char *existing =3D NULL; + g_autofree char *pcontent =3D NULL; + g_autofree char *existing =3D NULL; const char *warning =3D "# DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.\n"; =20 if (virFileExists(include_file)) { flen =3D virFileReadAll(include_file, MAX_FILE_LEN, &existing); if (flen < 0) - return rc; + return -1; } =20 if (append && virFileExists(include_file)) @@ -223,38 +216,31 @@ update_include_file(const char *include_file, const c= har *included_files, plen =3D strlen(pcontent); if (plen > MAX_FILE_LEN) { vah_error(NULL, 0, _("invalid length for new profile")); - goto cleanup; + return -1; } =20 /* only update the disk profile if it is different */ if (flen > 0 && flen =3D=3D plen && STREQLEN(existing, pcontent, plen)= ) { - rc =3D 0; - goto cleanup; + return 0; } =20 /* write the file */ if ((fd =3D open(include_file, O_CREAT | O_TRUNC | O_WRONLY, 0644)) = =3D=3D -1) { vah_error(NULL, 0, _("failed to create include file")); - goto cleanup; + return -1; } =20 if (safewrite(fd, pcontent, plen) < 0) { /* don't write the '\0' */ VIR_FORCE_CLOSE(fd); vah_error(NULL, 0, _("failed to write to profile")); - goto cleanup; + return -1; } =20 if (VIR_CLOSE(fd) !=3D 0) { vah_error(NULL, 0, _("failed to close or write to profile")); - goto cleanup; + return -1; } - rc =3D 0; - - cleanup: - VIR_FREE(pcontent); - VIR_FREE(existing); - - return rc; + return 0; } =20 /* @@ -574,7 +560,7 @@ caps_mockup(vahControl * ctl, const char *xmlStr) { g_autoptr(xmlDoc) xml =3D NULL; g_autoptr(xmlXPathContext) ctxt =3D NULL; - char *arch; + g_autofree char *arch =3D NULL; =20 if (!(xml =3D virXMLParse(NULL, xmlStr, _("(domain_definition)"), "domain", &ctxt, NULL, false))) { @@ -600,7 +586,6 @@ caps_mockup(vahControl * ctl, const char *xmlStr) ctl->arch =3D virArchFromHost(); } else { ctl->arch =3D virArchFromString(arch); - VIR_FREE(arch); } =20 return 0; @@ -685,15 +670,15 @@ get_definition(vahControl * ctl, const char *xmlStr) static int vah_add_path(virBuffer *buf, const char *path, const char *perms, bool rec= ursive) { - char *tmp =3D NULL; int rc =3D -1; bool readonly =3D true; bool explicit_deny_rule =3D true; char *sub =3D NULL; - char *perms_new =3D NULL; - char *pathdir =3D NULL; - char *pathtmp =3D NULL; - char *pathreal =3D NULL; + g_autofree char *tmp =3D NULL; + g_autofree char *perms_new =3D NULL; + g_autofree char *pathdir =3D NULL; + g_autofree char *pathtmp =3D NULL; + g_autofree char *pathreal =3D NULL; =20 if (path =3D=3D NULL) return rc; @@ -730,7 +715,7 @@ vah_add_path(virBuffer *buf, const char *path, const ch= ar *perms, bool recursive if ((pathreal =3D realpath(pathdir, NULL)) =3D=3D NULL) { vah_error(NULL, 0, pathdir); vah_error(NULL, 0, _("could not find realpath")); - goto cleanup; + return rc; } tmp =3D g_strdup_printf("%s%s", pathreal, pathtmp); } @@ -754,7 +739,7 @@ vah_add_path(virBuffer *buf, const char *path, const ch= ar *perms, bool recursive vah_error(NULL, 0, path); vah_error(NULL, 0, _("skipped restricted file")); } - goto cleanup; + return rc; } =20 if (tmp[strlen(tmp) - 1] =3D=3D '/') @@ -771,13 +756,6 @@ vah_add_path(virBuffer *buf, const char *path, const c= har *perms, bool recursive virBufferAsprintf(buf, " \"%s/\" r,\n", tmp); } =20 - cleanup: - VIR_FREE(pathdir); - VIR_FREE(pathtmp); - VIR_FREE(pathreal); - VIR_FREE(perms_new); - VIR_FREE(tmp); - return rc; } =20 @@ -793,36 +771,28 @@ vah_add_file_chardev(virBuffer *buf, const char *perms, const int type) { - char *pipe_in; - char *pipe_out; - int rc =3D -1; + g_autofree char *pipe_in =3D NULL; + g_autofree char *pipe_out =3D NULL; =20 if (type =3D=3D VIR_DOMAIN_CHR_TYPE_PIPE) { /* add the pipe input */ pipe_in =3D g_strdup_printf("%s.in", path); =20 if (vah_add_file(buf, pipe_in, perms) !=3D 0) - goto clean_pipe_in; + return -1; =20 /* add the pipe output */ pipe_out =3D g_strdup_printf("%s.out", path); =20 if (vah_add_file(buf, pipe_out, perms) !=3D 0) - goto clean_pipe_out; - - rc =3D 0; - clean_pipe_out: - VIR_FREE(pipe_out); - clean_pipe_in: - VIR_FREE(pipe_in); + return -1; } else { /* add the file */ if (vah_add_file(buf, path, perms) !=3D 0) return -1; - rc =3D 0; } =20 - return rc; + return 0; } =20 static int @@ -1473,8 +1443,8 @@ main(int argc, char **argv) vahControl _ctl =3D { 0 }; vahControl *ctl =3D &_ctl; int rc =3D -1; - char *profile =3D NULL; - char *include_file =3D NULL; + g_autofree char *profile =3D NULL; + g_autofree char *include_file =3D NULL; off_t size; bool purged =3D 0; =20 @@ -1517,7 +1487,7 @@ main(int argc, char **argv) if (ctl->cmd =3D=3D 'D') unlink(include_file); } else if (ctl->cmd =3D=3D 'c' || ctl->cmd =3D=3D 'r') { - char *included_files =3D NULL; + g_autofree char *included_files =3D NULL; g_auto(virBuffer) buf =3D VIR_BUFFER_INITIALIZER; =20 if (ctl->cmd =3D=3D 'c' && virFileExists(profile)) @@ -1579,7 +1549,7 @@ main(int argc, char **argv) =20 /* create the profile from TEMPLATE */ if (ctl->cmd =3D=3D 'c' || purged) { - char *tmp =3D NULL; + g_autofree char *tmp =3D NULL; #if defined(WITH_APPARMOR_3) const char *ifexists =3D "if exists "; #else @@ -1597,7 +1567,6 @@ main(int argc, char **argv) vah_error(ctl, 0, _("could not create profile")); unlink(include_file); } - VIR_FREE(tmp); } =20 if (rc =3D=3D 0 && !ctl->dryrun) { @@ -1613,14 +1582,9 @@ main(int argc, char **argv) unlink(profile); } } - cleanup: - VIR_FREE(included_files); } - + cleanup: vahDeinit(ctl); =20 - VIR_FREE(profile); - VIR_FREE(include_file); - exit(rc =3D=3D 0 ? EXIT_SUCCESS : EXIT_FAILURE); } --=20 2.43.0 From nobody Tue Jan 21 04:14:19 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=canonical.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1736263841482917.1807151316451; Tue, 7 Jan 2025 07:30:41 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id 7F51FCEC; Tue, 7 Jan 2025 10:30:40 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id ED7F8EA1; Tue, 7 Jan 2025 10:25:03 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id 32AC01123; Tue, 7 Jan 2025 10:25:01 -0500 (EST) Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 43EE3CE3 for ; Tue, 7 Jan 2025 10:24:26 -0500 (EST) Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com [209.85.214.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 892393F2BD for ; Tue, 7 Jan 2025 15:24:25 +0000 (UTC) Received: by mail-pl1-f200.google.com with SMTP id d9443c01a7336-2166e907b5eso208132785ad.3 for ; Tue, 07 Jan 2025 07:24:25 -0800 (PST) Received: from georgia.. ([2001:1284:f502:1965:7bc6:bb4:7636:7bb1]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-842b85f00f9sm31048120a12.43.2025.01.07.07.24.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 07:24:21 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1736263465; bh=RLAcTU5rnttoRjS/0VotrjMEcq0PGHy/3yK+t6vnMMk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=twmHNBr2SYSohMEkItmug1Yx8RAecJYx/fsKgLkzIAg2Nd+8AkyG4ujDNMF8Bf11Q r97pdlRk3nx1n2EnFnM04rOf32CC3UJbSg+2h2qsc55isZL08EVNeD1bx3OtE5Ctyc 22k55xHS9ouUsFfuP3oEkwWwXukl2xaP5b69fP+CYnftWNH364f1R+HcR7Hwqp/QUQ LHiW66ZfM+Q6XRRDGaCZbjHPxqlELOL+bpYMWJJ0nV8GDKKFJ8xA7dn6yt7aAYxQ8y 8YPgjROGkb4rPo9INM8k630tg5HpIP8t3DWf+JhTG8B1NeuK3fMqDc1XFlpCAJ08ks iSgBQfPmhM+9A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736263463; x=1736868263; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RLAcTU5rnttoRjS/0VotrjMEcq0PGHy/3yK+t6vnMMk=; b=w7AVAqQL+kuwKUJwQLm6nYGgWtiNH53aNJfRgseW7LEFRR07jWt/9KQqfw+mznY+DM t6Eq3OM32uDJr4LppX5PCWNc9k0Zuu0ce4xnHVJoAZVL2dvy6BcDjml+YYPyghba0v6H 9Wo4JAtOPskffzkm4q1EQ45cL0IgynEi8R5Lt5Sd2XE+E/eyj+lPli2UXQc4nFW+zVDg 6rgAYXRZbGH0hcNGhO29u8h9TeVTQmfdKR9tOD1aUvlg8cSQS8/WvwXHH8yL9COsMuG/ 0Cjj/8Ug7IJG8tI2nftqEHpnllzMJJowzAzHXa10V5NiPS8rsRvSImuh5K5L4kTbWrhO eUgA== X-Gm-Message-State: AOJu0YwE9Mmtq7aewE73FcSB0vWF0JTkGVwoPX+kPrT88IeHSE8URDwW 8dnfA1/DDOT+mUhni9SJ2uuvSbGo6yVWJ9rVAi0+Kd5vtcJrljbw2FQOLHEWBTAnk7/70O0Ewzb WpusNgqnoHOVc4hgVQniVSTy6K6vUNzkkJLX1wWglW8Eqz6z848W/KzIDkB+OKYgpa0+hrjgn6r fMfzc= X-Gm-Gg: ASbGnctpl08eGnLxmCDeqmNuL+RP0WFx0ENm80UZSMnoGy+iTKKfKxKE5kui7JG31BT 8792YDWp07JwlpLCO5ih12epAHI2VkMc/prjJJv1focUW+Ii5nvpagFQf/ylmPPLoDDYPQ1gxhB WoxowC7vtEb63GJv0y1uCppvPvYGpPdcGwiKV7RgAJR7gaGGMehFx4YI7zEy7M2ILxSacFhJdKA exg2mz1p1iDY7YydQGZMqQv/VSqaFjoSIRmWTr7w6NQCn/fQCzufqahUPllIpQdeQO/ X-Received: by 2002:a05:6a20:8412:b0:1e1:a671:7122 with SMTP id adf61e73a8af0-1e5e044635dmr99520606637.2.1736263462672; Tue, 07 Jan 2025 07:24:22 -0800 (PST) X-Google-Smtp-Source: AGHT+IEBq81kPAZ4wP9b13di0S8OdoxXGh4eF93e+GQnEWFe16ggxvW5hvQ96Djbdha8gaTYYPZvnQ== X-Received: by 2002:a05:6a20:8412:b0:1e1:a671:7122 with SMTP id adf61e73a8af0-1e5e044635dmr99520578637.2.1736263462360; Tue, 07 Jan 2025 07:24:22 -0800 (PST) From: Georgia Garcia To: devel@lists.libvirt.org Subject: [PATCH v3 3/4] apparmor: fix UUID specification Date: Tue, 7 Jan 2025 12:23:38 -0300 Message-ID: <20250107152357.1026544-4-georgia.garcia@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250107152357.1026544-1-georgia.garcia@canonical.com> References: <20250107152357.1026544-1-georgia.garcia@canonical.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: LOE3XT3EHVZZOY2TCRXTIRDIH45QZY36 X-Message-ID-Hash: LOE3XT3EHVZZOY2TCRXTIRDIH45QZY36 X-MailFrom: georgia.garcia@canonical.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Georgia Garcia X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Computed bodyhash is different from the expected one) X-ZM-MESSAGEID: 1736263843172116600 Content-Type: text/plain; charset="utf-8" There is a common misconception when writing AppArmor policy that [0-9]* applies * to the [0-9] class, but that's not the case. For this example, [0-9]* matches a single digit followed by any number of characters except for / Create a UUID variable that uses the following format 8-4-4-4-12. Signed-off-by: Georgia Garcia Reviewed-by: Jim Fehlig --- src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in | 5 ++++- src/security/apparmor/usr.sbin.libvirtd.in | 7 +++++-- src/security/apparmor/usr.sbin.virtqemud.in | 6 ++++-- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in b/src/= security/apparmor/usr.lib.libvirt.virt-aa-helper.in index 44645c6989..90a8b7072c 100644 --- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in +++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in @@ -1,5 +1,8 @@ #include =20 +@{hextet}=3D[0-9a-f][0-9a-f][0-9a-f][0-9a-f] +@{UUID}=3D@{hextet}@{hextet}-@{hextet}-@{hextet}-@{hextet}-@{hextet}@{hext= et}@{hextet} + profile virt-aa-helper @libexecdir@/virt-aa-helper { #include #include @@ -44,7 +47,7 @@ profile virt-aa-helper @libexecdir@/virt-aa-helper { /{usr/,}{s,}bin/apparmor_parser Ux, =20 @sysconfdir@/apparmor.d/libvirt/* r, - @sysconfdir@/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0= -9a-f]*-[0-9a-f]* rw, + @sysconfdir@/apparmor.d/libvirt/libvirt-@{UUID}* rw, =20 # for backingstore -- allow access to non-hidden files in @{HOME} as well # as storage pools diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/appa= rmor/usr.sbin.libvirtd.in index 70e586895f..3659ddc219 100644 --- a/src/security/apparmor/usr.sbin.libvirtd.in +++ b/src/security/apparmor/usr.sbin.libvirtd.in @@ -1,4 +1,7 @@ #include + +@{hextet}=3D[0-9a-f][0-9a-f][0-9a-f][0-9a-f] +@{UUID}=3D@{hextet}@{hextet}-@{hextet}-@{hextet}-@{hextet}-@{hextet}@{hext= et}@{hextet} @{LIBVIRT}=3D"libvirt" =20 profile libvirtd @sbindir@/libvirtd flags=3D(attach_disconnected) { @@ -72,7 +75,7 @@ profile libvirtd @sbindir@/libvirtd flags=3D(attach_disco= nnected) { signal (send) set=3D("term") peer=3Dlibvirtd//qemu_bridge_helper, =20 # allow connect with openGraphicsFD, direction reversed in newer versions - unix (send, receive) type=3Dstream addr=3Dnone peer=3D(label=3Dlibvirt-[= 0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*), + unix (send, receive) type=3Dstream addr=3Dnone peer=3D(label=3Dlibvirt-@= {UUID}), # unconfined also required if guests run without security module unix (send, receive) type=3Dstream addr=3Dnone peer=3D(label=3Dunconfine= d), =20 @@ -115,7 +118,7 @@ profile libvirtd @sbindir@/libvirtd flags=3D(attach_dis= connected) { /etc/xen/scripts/** rmix, =20 # allow changing to our UUID-based named profiles - change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-= 9a-f]*, + change_profile -> @{LIBVIRT}-@{UUID}, =20 /usr/{lib,lib64,lib/qemu,libexec,libexec/qemu}/qemu-bridge-helper Cx -> = qemu_bridge_helper, # child profile for bridge helper process diff --git a/src/security/apparmor/usr.sbin.virtqemud.in b/src/security/app= armor/usr.sbin.virtqemud.in index 42fa4813da..86b23465b6 100644 --- a/src/security/apparmor/usr.sbin.virtqemud.in +++ b/src/security/apparmor/usr.sbin.virtqemud.in @@ -1,5 +1,7 @@ #include @{LIBVIRT}=3D"libvirt" +@{hextet}=3D[0-9a-f][0-9a-f][0-9a-f][0-9a-f] +@{UUID}=3D@{hextet}@{hextet}-@{hextet}-@{hextet}-@{hextet}-@{hextet}@{hext= et}@{hextet} =20 profile virtqemud @sbindir@/virtqemud flags=3D(attach_disconnected) { #include @@ -71,7 +73,7 @@ profile virtqemud @sbindir@/virtqemud flags=3D(attach_dis= connected) { signal (send) set=3D(term) peer=3Dlibvirtd//qemu_bridge_helper, =20 # allow connect with openGraphicsFD, direction reversed in newer versions - unix (send, receive) type=3Dstream addr=3Dnone peer=3D(label=3Dlibvirt-[= 0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*), + unix (send, receive) type=3Dstream addr=3Dnone peer=3D(label=3Dlibvirt-@= {UUID}), # unconfined also required if guests run without security module unix (send, receive) type=3Dstream addr=3Dnone peer=3D(label=3Dunconfine= d), =20 @@ -109,7 +111,7 @@ profile virtqemud @sbindir@/virtqemud flags=3D(attach_d= isconnected) { /etc/libvirt/hooks/** rmix, =20 # allow changing to our UUID-based named profiles - change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-= 9a-f]*, + change_profile -> @{LIBVIRT}-@{UUID}, =20 /usr/{lib,lib64,lib/qemu,libexec,libexec/qemu}/qemu-bridge-helper Cx -> = qemu_bridge_helper, # child profile for bridge helper process --=20 2.43.0 From nobody Tue Jan 21 04:14:19 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=canonical.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1736263953246753.7469472958841; Tue, 7 Jan 2025 07:32:33 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id 5A45E11AF; Tue, 7 Jan 2025 10:32:32 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 3D849DC6; Tue, 7 Jan 2025 10:25:26 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id 93FEBD10; Tue, 7 Jan 2025 10:25:22 -0500 (EST) Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 5594DD10 for ; Tue, 7 Jan 2025 10:24:29 -0500 (EST) Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 76070402EF for ; Tue, 7 Jan 2025 15:24:27 +0000 (UTC) Received: by mail-pl1-f199.google.com with SMTP id d9443c01a7336-2166e907b5eso208133295ad.3 for ; Tue, 07 Jan 2025 07:24:27 -0800 (PST) Received: from georgia.. ([2001:1284:f502:1965:7bc6:bb4:7636:7bb1]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-842b85f00f9sm31048120a12.43.2025.01.07.07.24.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 07:24:24 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1736263467; bh=i9094lAFRdFNmZjDrnZtVnhysg9PiGGCt7D7OGi4rEo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Mi6YfI/zM44DMakSj9aD3VFO4NNxail2I69bQgfiD4dvTHIRcIKObU5ywn4/ommVE jqQMDpbBj+4gXlQkOubk0qlLxO7oaLUWkr7wGEPYcTjJGKRUo3SAGXGvXzAxNEZNzZ wwGZEJqDo2d6l9HH0EFdVNQo4wGHQ/dZcwjU24Hy7IqqjkEYdyezK35On9mb89b1gQ hczadh4BWOkd4l1mBqZWAH8xUjpRUgTK1smOd+xnsQYONf1tKmvhsofDbRTvyzNeQH B/py9foePmSK9fRknuvmDMMHuwvLZBq3RWgs4UuN8TCe14+iGlTCKxbDce/bMY2xnD CbV1sF1c6SbRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736263466; x=1736868266; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=i9094lAFRdFNmZjDrnZtVnhysg9PiGGCt7D7OGi4rEo=; b=h4Bv0ocZ5t1qQCMXe3VZNfvkn21Di2qCNcmszTvDDY4xSMb7vhhZCxhcqxKujGRl5J bkxrk7umq/JKtlp/aUl4N+y2N+L7Eeqvm9gg+1NWWMh3zLtr3OKOA+T74TYEh2Iegnx6 7ReCxIqz0JWJhtQaOPf51/H1ofUauaA8lCmBlfxNoIlqm7C0nqu0IBPr3twmiuKnJO1Y QCyNGqJal3Matol0i1c7SUb6Qn1c1EBVkF/zm7/9AqqF2CsQ0JjJqvJAyVuI+iHPZcKL TAxPFauAyQo60SM0obvPwT72jRdQvHWFD5NZMkPpVtU9dEc7Hw3XXAoD7WYigxDHU/kE Y9zg== X-Gm-Message-State: AOJu0Yz0+f8HWk7y/symqsbQGy9PwztlOu2xkkjunlGyThkUjRZuuyBC 6f+9GZfnfZUIiJ2/WHhqi+6m4tHB9WptqXNRhSi4wheQnxqzPuU6TGXLSwSsCno8ac6VvMWJG7v WQWssfscWsjJRQiYZcOaeLmx+PvJ9/2xJJcyDdptVAQ8H0o1aZsEWetwu1G27vWcANlCqnjnGTL kCUqY= X-Gm-Gg: ASbGncuJTAKOddQ+bHTGtx+FOMJJwShT6c2o4Vr5zQEkazdxlYr3Gu4A2ZJQQ7yQPU2 tXG/FmKt4+IZjN/Q3v/lnpu3+CnOHKx4t8laoB0JROxZ5tyjIiivnqCxQJs7lTEatt1T2F935Py jjEU7gwHdQCBQ5MqC3Iv0fpUAfajhMn11vaLIQhRDW0o1k+QO09JQWxNBISNZ704Ai8kHNhiEeF S6opg1IBfWjinC7tPje8alt+a6tAD4UfpAGvmxg4TdS4NhOC7z7ZHLIUO9xIQDQlZjV X-Received: by 2002:a17:903:2281:b0:216:386e:dbf with SMTP id d9443c01a7336-219e6ea2660mr919474215ad.20.1736263465563; Tue, 07 Jan 2025 07:24:25 -0800 (PST) X-Google-Smtp-Source: AGHT+IEwL+L4Yu6gkeuH6L4kRpEj3GhoIfAVrVBJUTBvLS9I31S8uil4OM+NQH3cYgnWwuWHzvSIJA== X-Received: by 2002:a17:903:2281:b0:216:386e:dbf with SMTP id d9443c01a7336-219e6ea2660mr919473755ad.20.1736263465150; Tue, 07 Jan 2025 07:24:25 -0800 (PST) From: Georgia Garcia To: devel@lists.libvirt.org Subject: [PATCH v3 4/4] virt-aa-helper: store dynamically generated rules Date: Tue, 7 Jan 2025 12:23:39 -0300 Message-ID: <20250107152357.1026544-5-georgia.garcia@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250107152357.1026544-1-georgia.garcia@canonical.com> References: <20250107152357.1026544-1-georgia.garcia@canonical.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 5BXVTADPZLRHY5YPDX6BMQ24I63OJYTW X-Message-ID-Hash: 5BXVTADPZLRHY5YPDX6BMQ24I63OJYTW X-MailFrom: georgia.garcia@canonical.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Georgia Garcia X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Computed bodyhash is different from the expected one) X-ZM-MESSAGEID: 1736263955630116600 Content-Type: text/plain; charset="utf-8" Some rules are generated dynamically during boot and added to the AppArmor policy. An example of that is macvtap devices that call the AppArmorSetFDLabel hook to add a rule for the tap device path. Since this information is dynamic, it is not available in the xml config, therefore whenever a "Restore" hook is called, the entire profile is regenerated by virt-aa-helper based only the information from the VM definition, so the dynamic/runtime information is lost. This patch stores the dynamically generated rules in a new file called libvirt-uuid.runtime_files which is included by the AppArmor policy. This file should exist while the domain is running and should be reloaded automatically whenever there's a restore operation. These rules only make sense when the VM is running, so the file is removed when the VM is shutdown. Note that there are no hooks for restoring FD labels, so that information is not removed from the set of rules while the domain is running. Closes: https://gitlab.com/libvirt/libvirt/-/issues/692 Signed-off-by: Georgia Garcia --- src/security/security_apparmor.c | 38 +++++++++++++++++++-------- src/security/virt-aa-helper.c | 45 ++++++++++++++++++++++++++------ 2 files changed, 64 insertions(+), 19 deletions(-) diff --git a/src/security/security_apparmor.c b/src/security/security_appar= mor.c index 91c51f6395..907b01577c 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -147,7 +147,8 @@ load_profile(virSecurityManager *mgr G_GNUC_UNUSED, const char *profile, virDomainDef *def, const char *fn, - bool append) + bool append, + bool runtime) { bool create =3D true; g_auto(virBuffer) buf =3D VIR_BUFFER_INITIALIZER; @@ -173,6 +174,8 @@ load_profile(virSecurityManager *mgr G_GNUC_UNUSED, } else { virCommandAddArgList(cmd, "-f", fn, NULL); } + if (runtime) + virCommandAddArgList(cmd, "-t", NULL); } =20 virCommandAddEnvFormat(cmd, @@ -245,10 +248,11 @@ use_apparmor(void) * NULL. */ static int -reload_profile(virSecurityManager *mgr, - virDomainDef *def, - const char *fn, - bool append) +reload_runtime_profile(virSecurityManager *mgr, + virDomainDef *def, + const char *fn, + bool append, + bool runtime) { virSecurityLabelDef *secdef =3D virDomainDefGetSecurityLabelDef( def, SECURITY_APPARMOR_NAM= E); @@ -258,7 +262,7 @@ reload_profile(virSecurityManager *mgr, =20 /* Update the profile only if it is loaded */ if (profile_loaded(secdef->imagelabel) >=3D 0) { - if (load_profile(mgr, secdef->imagelabel, def, fn, append) < 0) { + if (load_profile(mgr, secdef->imagelabel, def, fn, append, runtime= ) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("cannot update AppArmor profile \'%1$s\'"), secdef->imagelabel); @@ -268,6 +272,18 @@ reload_profile(virSecurityManager *mgr, return 0; } =20 +/* reload the profile, adding read/write file specified by fn if it is not + * NULL. + */ +static int +reload_profile(virSecurityManager *mgr, + virDomainDef *def, + const char *fn, + bool append) +{ + return reload_runtime_profile(mgr, def, fn, append, false); +} + static int AppArmorSetSecurityHostdevLabelHelper(const char *file, void *opaque) { @@ -388,7 +404,7 @@ AppArmorGenSecurityLabel(virSecurityManager *mgr G_GNUC= _UNUSED, secdef->model =3D g_strdup(SECURITY_APPARMOR_NAME); =20 /* Now that we have a label, load the profile into the kernel. */ - if (load_profile(mgr, secdef->label, def, NULL, false) < 0) { + if (load_profile(mgr, secdef->label, def, NULL, false, false) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("cannot load AppArmor profile \'%1$s\'"), secdef->label); @@ -420,7 +436,7 @@ AppArmorSetSecurityAllLabel(virSecurityManager *mgr, /* Reload the profile if incomingPath is specified. Note that GenSecurityLabel() will have already been run. */ if (incomingPath) - return reload_profile(mgr, def, incomingPath, true); + return reload_runtime_profile(mgr, def, incomingPath, true, true); =20 return 0; } @@ -1074,9 +1090,9 @@ AppArmorSetPathLabel(virSecurityManager *mgr, =20 if (allowSubtree) { full_path =3D g_strdup_printf("%s/{,**}", path); - rc =3D reload_profile(mgr, def, full_path, true); + rc =3D reload_runtime_profile(mgr, def, full_path, true, true); } else { - rc =3D reload_profile(mgr, def, path, true); + rc =3D reload_runtime_profile(mgr, def, path, true, true); } =20 return rc; @@ -1112,7 +1128,7 @@ AppArmorSetFDLabel(virSecurityManager *mgr, return 0; } =20 - return reload_profile(mgr, def, fd_path, true); + return reload_runtime_profile(mgr, def, fd_path, true, true); } =20 static char * diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 1626d5a89c..3a217fa3d1 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -71,6 +71,7 @@ typedef struct { virArch arch; /* machine architecture */ char *newfile; /* newly added file */ bool append; /* append to .files instead of rewrite */ + bool runtime; /* file should be added to .runtime_files = */ } vahControl; =20 static int @@ -110,6 +111,7 @@ vah_usage(void) " Extra File:\n" " -f | --add-file add file to a profile gene= rated from XML\n" " -F | --append-file append file to an existing= profile\n" + " -t | --runtime file is valid only during = runtime\n" "\n"), progname); =20 puts(_("This command is intended to be used by libvirtd and not used d= irectly.\n")); @@ -1356,10 +1358,11 @@ vahParseArgv(vahControl * ctl, int argc, char **arg= v) { "replace", 0, 0, 'r' }, { "remove", 0, 0, 'R' }, { "uuid", 1, 0, 'u' }, + { "runtime", 0, 0, 't' }, { 0, 0, 0, 0 }, }; =20 - while ((arg =3D getopt_long(argc, argv, "acdDhrRH:b:u:p:f:F:", opt, + while ((arg =3D getopt_long(argc, argv, "acdDhrRH:b:u:p:f:F:t", opt, &idx)) !=3D -1) { switch (arg) { case 'a': @@ -1396,6 +1399,9 @@ vahParseArgv(vahControl * ctl, int argc, char **argv) PROFILE_NAME_SIZE) < 0) vah_error(ctl, 1, _("error copying UUID")); break; + case 't': + ctl->runtime =3D true; + break; default: vah_error(ctl, 1, _("unsupported option")); break; @@ -1445,9 +1451,16 @@ main(int argc, char **argv) int rc =3D -1; g_autofree char *profile =3D NULL; g_autofree char *include_file =3D NULL; + g_autofree char *include_runtime_file =3D NULL; off_t size; bool purged =3D 0; =20 +#if defined(WITH_APPARMOR_3) + const char *ifexists =3D "if exists "; +#else + const char *ifexists =3D ""; +#endif + if (virGettextInitialize() < 0 || virErrorInitialize() < 0) { fprintf(stderr, _("%1$s: initialization failed\n"), argv[0]); @@ -1479,13 +1492,16 @@ main(int argc, char **argv) =20 profile =3D g_strdup_printf("%s/%s", APPARMOR_DIR "/libvirt", ctl->uui= d); include_file =3D g_strdup_printf("%s/%s.files", APPARMOR_DIR "/libvirt= ", ctl->uuid); + include_runtime_file =3D g_strdup_printf("%s/%s.runtime_files", APPARM= OR_DIR "/libvirt", ctl->uuid); =20 if (ctl->cmd =3D=3D 'a') { rc =3D parserLoad(ctl->uuid); } else if (ctl->cmd =3D=3D 'R' || ctl->cmd =3D=3D 'D') { rc =3D parserRemove(ctl->uuid); - if (ctl->cmd =3D=3D 'D') + if (ctl->cmd =3D=3D 'D') { unlink(include_file); + unlink(include_runtime_file); + } } else if (ctl->cmd =3D=3D 'c' || ctl->cmd =3D=3D 'r') { g_autofree char *included_files =3D NULL; g_auto(virBuffer) buf =3D VIR_BUFFER_INITIALIZER; @@ -1513,6 +1529,7 @@ main(int argc, char **argv) if (vah_add_file(&buf, ctl->newfile, "rwk") !=3D 0) goto cleanup; } else { + virBufferAsprintf(&buf, " #include %s\n", ifexists, ctl->uuid); if (ctl->def->virtType =3D=3D VIR_DOMAIN_VIRT_QEMU || ctl->def->virtType =3D=3D VIR_DOMAIN_VIRT_KQEMU || ctl->def->virtType =3D=3D VIR_DOMAIN_VIRT_KVM) { @@ -1535,11 +1552,20 @@ main(int argc, char **argv) =20 /* (re)create the include file using included_files */ if (ctl->dryrun) { - vah_info(include_file); + if (ctl->runtime) + vah_info(include_runtime_file); + else + vah_info(include_file); vah_info(included_files); rc =3D 0; } else if (ctl->def->virtType =3D=3D VIR_DOMAIN_VIRT_LXC) { rc =3D 0; + } else if (ctl->runtime) { + /* runtime should only update include_runtime_file */ + if ((rc =3D update_include_file(include_runtime_file, + included_files, + ctl->append)) !=3D 0) + goto cleanup; } else if ((rc =3D update_include_file(include_file, included_files, ctl->append)) !=3D 0) { @@ -1550,11 +1576,12 @@ main(int argc, char **argv) /* create the profile from TEMPLATE */ if (ctl->cmd =3D=3D 'c' || purged) { g_autofree char *tmp =3D NULL; -#if defined(WITH_APPARMOR_3) - const char *ifexists =3D "if exists "; -#else - const char *ifexists =3D ""; -#endif + + /* ideally libvirt-uuid.files and + * libvirt-uuid.runtime_files should be in libvirt-uuid.d/ + * and the directory should be included instead, but how + * to deal with running domains when the libvirt-uuid + * profile is not recreated? */ tmp =3D g_strdup_printf(" #include %s\n", i= fexists, ctl->uuid); =20 if (ctl->dryrun) { @@ -1566,6 +1593,7 @@ main(int argc, char **argv) ctl->def->virtType)) !=3D 0) { vah_error(ctl, 0, _("could not create profile")); unlink(include_file); + unlink(include_runtime_file); } } =20 @@ -1578,6 +1606,7 @@ main(int argc, char **argv) /* cleanup */ if (rc !=3D 0) { unlink(include_file); + unlink(include_runtime_file); if (ctl->cmd =3D=3D 'c') unlink(profile); } --=20 2.43.0