From nobody Tue Mar 3 05:27:00 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1771873336; cv=none; d=zohomail.com; s=zohoarc; b=e1lG1d9toU2F0DahIpf8FPwgxZ/zapJw5o0DsFmz33WDquvCbqnmCfKFgBZcdHTlCdxevMJq8Y6wL0+xJiJN1M2RZR1nasUgnSxGj/HQcVKfHEy+MrG2XMZS3mSfoM3eWJ8HaNgY/iXfBtlPm6Jglrn2LwwM+rCo6Jg0RKYsVXU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1771873336; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc; bh=/bwlfCuqFqHTc5GqkTKTgLey9LDJ9ROHyUCxksS6bmk=; b=fy6A33HGOoiZbdXt5+Yxygd0zcwQPVYJgsS8jAQvRTK82G8bih8Llju31/Z+tGQiNEnCsbPcUYzcL4Tqg2Ct94ujRhJMm8e2fi770eXfeYZdn9bPmcCAAR3wn+77xzaoS9P7lxCdBcEDoMdu7OlJVxyUG911V4ujJ26qzPMtBwI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 17718733365741014.4275507161396; Mon, 23 Feb 2026 11:02:16 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id B565841C87; Mon, 23 Feb 2026 14:02:15 -0500 (EST) Received: from [172.19.199.9] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id 7FC55442FF; Mon, 23 Feb 2026 13:36:59 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id 3885841A9D; Mon, 23 Feb 2026 13:36:48 -0500 (EST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 6DAFD41C86 for ; Mon, 23 Feb 2026 13:32:24 -0500 (EST) Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-569-hLX78XEyOfWHq-Lauv4MXw-1; Mon, 23 Feb 2026 13:32:22 -0500 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id C42AF18004A9 for ; Mon, 23 Feb 2026 18:32:21 +0000 (UTC) Received: from kinshicho.usersys.redhat.com (unknown [10.44.32.20]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 9FA7A1955D71 for ; Mon, 23 Feb 2026 18:32:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HELO_MISC_IP,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1771871544; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/bwlfCuqFqHTc5GqkTKTgLey9LDJ9ROHyUCxksS6bmk=; b=RHkKM8PM/pwILyVv7ek2s/OnPEWoYtpQB7GsmVC9uPBgVTPw8FucPxLQK4fMPn+OrpiWOf NpCw0IDewVyhayqoUo6n7QClYtgpncs1kp43SCIuSOGa0dr0/bSd/tT5Aw6lwTLyBlMWzG 1DQYe80LVEkULjQP7Fb76DhzdmFipkE= X-MC-Unique: hLX78XEyOfWHq-Lauv4MXw-1 X-Mimecast-MFC-AGG-ID: hLX78XEyOfWHq-Lauv4MXw_1771871541 To: devel@lists.libvirt.org Subject: [PATCH v4 31/36] security: Handle varstore file Date: Mon, 23 Feb 2026 19:31:14 +0100 Message-ID: <20260223183119.501349-32-abologna@redhat.com> In-Reply-To: <20260223183119.501349-1-abologna@redhat.com> References: <20260223183119.501349-1-abologna@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: gTH672sSUCa4MKMd4LoEYjaQR-3JJuqy_2kJkZVlFi4_1771871541 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 3HUPY2LC72GJLM5JJONCYJS6IVQZXDHE X-Message-ID-Hash: 3HUPY2LC72GJLM5JJONCYJS6IVQZXDHE X-MailFrom: abologna@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Andrea Bolognani via Devel Reply-To: Andrea Bolognani X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1771873336871158502 Signed-off-by: Andrea Bolognani Reviewed-by: Michal Privoznik Acked-by: Gerd Hoffmann Reviewed-by: Daniel P. Berrang=C3=A9 --- src/security/security_dac.c | 22 +++++++++++--- src/security/security_selinux.c | 53 +++++++++++++++++++++------------ src/security/virt-aa-helper.c | 44 ++++++++++++++++----------- 3 files changed, 78 insertions(+), 41 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 704c8dbfec..390dfc7578 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -2061,11 +2061,17 @@ virSecurityDACRestoreAllLabel(virSecurityManager *m= gr, rc =3D -1; } =20 - if (def->os.loader && def->os.loader->nvram) { - if (virSecurityDACRestoreImageLabelInt(mgr, sharedFilesystems, + if (def->os.loader) { + if (def->os.loader->nvram && + virSecurityDACRestoreImageLabelInt(mgr, sharedFilesystems, def, def->os.loader->nvram, migrated) < 0) rc =3D -1; + + if (def->os.varstore && + def->os.varstore->path && + virSecurityDACRestoreFileLabel(mgr, def->os.varstore->path) < = 0) + rc =3D -1; } =20 if (def->os.kernel && @@ -2310,12 +2316,20 @@ virSecurityDACSetAllLabel(virSecurityManager *mgr, return -1; } =20 - if (def->os.loader && def->os.loader->nvram) { - if (virSecurityDACSetImageLabel(mgr, sharedFilesystems, + if (def->os.loader) { + if (def->os.loader->nvram && + virSecurityDACSetImageLabel(mgr, sharedFilesystems, def, def->os.loader->nvram, VIR_SECURITY_DOMAIN_IMAGE_LABEL_BA= CKING_CHAIN | VIR_SECURITY_DOMAIN_IMAGE_PARENT_C= HAIN_TOP) < 0) return -1; + + if (def->os.varstore && + def->os.varstore->path && + virSecurityDACSetOwnership(mgr, NULL, + def->os.varstore->path, + user, group, true) < 0) + return -1; } =20 if (def->os.kernel && diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 4a5f61d16b..9c498ab5f8 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -2993,11 +2993,18 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManage= r *mgr, rc =3D -1; } =20 - if (def->os.loader && def->os.loader->nvram) { - if (virSecuritySELinuxRestoreImageLabelInt(mgr, sharedFilesystems, + if (def->os.loader) { + if (def->os.loader->nvram && + virSecuritySELinuxRestoreImageLabelInt(mgr, sharedFilesystems, def, def->os.loader->nv= ram, migrated) < 0) rc =3D -1; + + if (def->os.varstore && + def->os.varstore->path && + virSecuritySELinuxRestoreFileLabel(mgr, def->os.varstore->path, + true, false) < 0) + rc =3D -1; } =20 if (def->os.kernel && @@ -3341,6 +3348,22 @@ virSecuritySELinuxSetSysinfoLabel(virSecurityManager= *mgr, } =20 =20 +static int +virSecuritySELinuxDomainSetPathLabel(virSecurityManager *mgr, + virDomainDef *def, + const char *path, + bool allowSubtree G_GNUC_UNUSED) +{ + virSecurityLabelDef *seclabel; + + seclabel =3D virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAM= E); + if (!seclabel || !seclabel->relabel) + return 0; + + return virSecuritySELinuxSetFilecon(mgr, path, seclabel->imagelabel, t= rue); +} + + static int virSecuritySELinuxSetAllLabel(virSecurityManager *mgr, char *const *sharedFilesystems, @@ -3421,12 +3444,19 @@ virSecuritySELinuxSetAllLabel(virSecurityManager *m= gr, return -1; } =20 - if (def->os.loader && def->os.loader->nvram) { - if (virSecuritySELinuxSetImageLabel(mgr, sharedFilesystems, + if (def->os.loader) { + if (def->os.loader->nvram && + virSecuritySELinuxSetImageLabel(mgr, sharedFilesystems, def, def->os.loader->nvram, VIR_SECURITY_DOMAIN_IMAGE_LABE= L_BACKING_CHAIN | VIR_SECURITY_DOMAIN_IMAGE_PARE= NT_CHAIN_TOP) < 0) return -1; + + if (def->os.varstore && + def->os.varstore->path && + virSecuritySELinuxDomainSetPathLabel(mgr, def, + def->os.varstore->path, t= rue) < 0) + return -1; } =20 if (def->os.kernel && @@ -3593,21 +3623,6 @@ virSecuritySELinuxGetSecurityMountOptions(virSecurit= yManager *mgr, return opts; } =20 -static int -virSecuritySELinuxDomainSetPathLabel(virSecurityManager *mgr, - virDomainDef *def, - const char *path, - bool allowSubtree G_GNUC_UNUSED) -{ - virSecurityLabelDef *seclabel; - - seclabel =3D virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAM= E); - if (!seclabel || !seclabel->relabel) - return 0; - - return virSecuritySELinuxSetFilecon(mgr, path, seclabel->imagelabel, t= rue); -} - static int virSecuritySELinuxDomainSetPathLabelRO(virSecurityManager *mgr, virDomainDef *def, diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 3ac4740fb5..e932e79dab 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -1019,27 +1019,35 @@ get_files(vahControl * ctl) return -1; } =20 - if (ctl->def->os.loader && ctl->def->os.loader->path) { - bool readonly =3D false; - - /* Look at the readonly attribute, but also keep in mind that ROMs - * are always loaded read-only regardless of whether the attribute - * is present. Validation ensures that nonsensical configurations - * (type=3Drom readonly=3Dno) are rejected long before we get here= */ - virTristateBoolToBool(ctl->def->os.loader->readonly, &readonly); - if (ctl->def->os.loader->type =3D=3D VIR_DOMAIN_LOADER_TYPE_ROM) - readonly =3D true; - - if (vah_add_file(&buf, - ctl->def->os.loader->path, - readonly ? "rk" : "rwk") !=3D 0) { + if (ctl->def->os.loader) { + if (ctl->def->os.loader->path) { + bool readonly =3D false; + + /* Look at the readonly attribute, but also keep in mind that = ROMs + * are always loaded read-only regardless of whether the attri= bute + * is present. Validation ensures that nonsensical configurati= ons + * (type=3Drom readonly=3Dno) are rejected long before we get = here */ + virTristateBoolToBool(ctl->def->os.loader->readonly, &readonly= ); + if (ctl->def->os.loader->type =3D=3D VIR_DOMAIN_LOADER_TYPE_RO= M) + readonly =3D true; + + if (vah_add_file(&buf, + ctl->def->os.loader->path, + readonly ? "rk" : "rwk") !=3D 0) { + return -1; + } + } + + if (ctl->def->os.loader->nvram && + storage_source_add_files(ctl->def->os.loader->nvram, &buf, 0) = < 0) { return -1; } - } =20 - if (ctl->def->os.loader && ctl->def->os.loader->nvram && - storage_source_add_files(ctl->def->os.loader->nvram, &buf, 0) < 0)= { - return -1; + if (ctl->def->os.varstore && + ctl->def->os.varstore->path && + vah_add_file(&buf, ctl->def->os.varstore->path, "rw") !=3D 0) { + return -1; + } } =20 for (i =3D 0; i < ctl->def->ngraphics; i++) { --=20 2.53.0