From nobody Mon Feb  9 00:39:01 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1676647299; cv=none;
	d=zohomail.com; s=zohoarc;
	b=bWB1+U7eYd/acUrs1RgT3Gi1BzBmlxa72kwdujwXV0qpU6bHyg4IDW5b7USSfDBvn8sLp9wf/vfSmh0ULWhmP+xZ3OK/6baJz3F36R7GLkUtfqQANHjdhxSWOfHFla1untblgwUC8r1tJ2WXqjN5q3IR3nuSjNenjqSSAwX4x9w=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1676647299;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=nWneMlvlG6YVUcMqXKooyTFMTQ1OIP3ZM9dgSaRILPI=;
	b=AOtSxQTFKbt53HDeV5s4YcwoIT5Zwt4zP3N+tUY5/B4s5zEcj52lXa7PPy8PIg1ah+F2aNy9gGUBNbmvhV3+YHBPFiKEkBhvYL+aDqnLtOjqZOehfseM2jJcBiZoDNFPaUICXI6DPaOCMSISKdiFHbJfbvbqYjKQK2z+MOFhgj8=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mprivozn@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1676647298999381.94629461669945;
 Fri, 17 Feb 2023 07:21:38 -0800 (PST)
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-502-YtoZ-VJNOWCXOu5tFfk0hg-1; Fri, 17 Feb 2023 10:21:36 -0500
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
 [10.11.54.3])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 70FF21C426B9;
	Fri, 17 Feb 2023 15:21:33 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (unknown [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 563A11121314;
	Fri, 17 Feb 2023 15:21:33 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 450EA1946589;
	Fri, 17 Feb 2023 15:21:33 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com
 [10.11.54.4])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 67F9C1946588 for <libvir-list@listman.corp.redhat.com>;
 Fri, 17 Feb 2023 15:21:32 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id 4C60F2026D68; Fri, 17 Feb 2023 15:21:32 +0000 (UTC)
Received: from localhost.localdomain (ovpn-193-202.brq.redhat.com
 [10.40.193.202])
 by smtp.corp.redhat.com (Postfix) with ESMTP id C045B2026D4B
 for <libvir-list@redhat.com>; Fri, 17 Feb 2023 15:21:31 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1676647298;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=nWneMlvlG6YVUcMqXKooyTFMTQ1OIP3ZM9dgSaRILPI=;
	b=Z53fCE1zH6aG1oiWamHoApAlYDAAg0a/zSXJVyQedgKb/yrTLVFr1NA37gulABkZLT1a1n
	wu/KZJK9UZM1Cszh5Mmy0glXtVYpfTJccgKYACKWUyyYvCJRrW12FAdc2iHBMweL5nrFbw
	40l3T6IIiCiT5EiBNJq4YWlRgabYuj4=
X-MC-Unique: YtoZ-VJNOWCXOu5tFfk0hg-1
X-Original-To: libvir-list@listman.corp.redhat.com
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH v2 2/2] selinux: Don't ignore ENOENT in Permissive mode
Date: Fri, 17 Feb 2023 16:21:28 +0100
Message-Id: 
 <2669ef98ad8fb6a586034e51556de487b164094d.1676647236.git.mprivozn@redhat.com>
In-Reply-To: <cover.1676647236.git.mprivozn@redhat.com>
References: <cover.1676647236.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/libvir-list/>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
Errors-To: libvir-list-bounces@redhat.com
Sender: "libvir-list" <libvir-list-bounces@redhat.com>
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1676647299711100001
Content-Type: text/plain; charset="utf-8"; x-default="true"

In selinux driver there's virSecuritySELinuxSetFileconImpl()
which is responsible for actual setting of SELinux label on given
file and handling possible failures. In fhe failure handling code
we decide whether failure is fatal or not. But there is a bug:
depending on SELinux mode (Permissive vs. Enforcing) the ENOENT
is either ignored or considered fatal. This not correct - ENOENT
must always be fatal for couple of reasons:

- In virSecurityStackTransactionCommit() the seclabels are set
  for individual secdrivers (e.g. SELinux first and then DAC),
  but if one secdriver succeeds and another one fails, then no
  rollback is performed for the successful one leaking remembered
  labels.

- QEMU would fail opening the file anyways (if neither of
  secdrivers reported error and thus cancelled domain startup)

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=3D2004850
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/security/security_selinux.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinu=
x.c
index e9c4051a98..2e9efa78f4 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1280,9 +1280,11 @@ virSecuritySELinuxSetFileconImpl(const char *path,
         } else {
             /* However, don't claim error if SELinux is in Enforcing mode =
and
              * we are running as unprivileged user and we really did see E=
PERM.
-             * Otherwise we want to return error if SELinux is Enforcing. =
*/
-            if (security_getenforce() =3D=3D 1 &&
-                (setfilecon_errno !=3D EPERM || privileged)) {
+             * Otherwise we want to return error if SELinux is Enforcing, =
or we
+             * saw EPERM regardless of SELinux mode. */
+            if (setfilecon_errno =3D=3D ENOENT ||
+                (security_getenforce() =3D=3D 1 &&
+                 (setfilecon_errno !=3D EPERM || privileged))) {
                 virReportSystemError(setfilecon_errno,
                                      _("unable to set security context '%s=
' on '%s'"),
                                      tcon, path);
--=20
2.39.1