Some secdrivers (typically SELinux driver) generate unique
dynamic seclabel for each domain (unless a static one is
requested in domain XML). This is achieved by calling
qemuSecurityGenLabel() from qemuProcessPrepareDomain() which
allocates unique seclabel and stores it in domain def->seclabels.
The counterpart is qemuSecurityReleaseLabel() which releases the
label and removes it from def->seclabels. Problem is, that with
current code the qemuProcessStop() may still want to use the
seclabel after it was released, e.g. when it wants to restore the
label of a disk mirror.
What is happening now, is that in qemuProcessStop() the
qemuSecurityReleaseLabel() is called, which removes the SELinux
seclabel from def->seclabels, yada yada yada and eventually
qemuSecurityRestoreImageLabel() is called. This bubbles down to
virSecuritySELinuxRestoreImageLabelSingle() which find no SELinux
seclabel (using virDomainDefGetSecurityLabelDef()) and this
returns early doing nothing.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1751664
Fixes: 8fa0374c5b8e834fcbdeae674cc6cc9e6bf9019f
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_process.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 3b64caa619..15cf8cb666 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -7702,8 +7702,6 @@ void qemuProcessStop(virQEMUDriverPtr driver,
qemuSecurityRestoreAllLabel(driver, vm,
!!(flags & VIR_QEMU_PROCESS_STOP_MIGRATED));
- qemuSecurityReleaseLabel(driver->securityManager, vm->def);
-
for (i = 0; i < vm->def->ndisks; i++) {
virDomainDeviceDef dev;
virDomainDiskDefPtr disk = vm->def->disks[i];
@@ -7891,6 +7889,8 @@ void qemuProcessStop(virQEMUDriverPtr driver,
}
}
+ qemuSecurityReleaseLabel(driver->securityManager, vm->def);
+
/* clear all private data entries which are no longer needed */
qemuDomainObjPrivateDataClear(priv);
--
2.26.2
On 12/9/20 11:26 AM, Michal Privoznik wrote: > Polite ping. Michal
On Wed, Dec 09, 2020 at 11:26:52AM +0100, Michal Privoznik wrote: > Some secdrivers (typically SELinux driver) generate unique > dynamic seclabel for each domain (unless a static one is > requested in domain XML). This is achieved by calling > qemuSecurityGenLabel() from qemuProcessPrepareDomain() which > allocates unique seclabel and stores it in domain def->seclabels. > The counterpart is qemuSecurityReleaseLabel() which releases the > label and removes it from def->seclabels. Problem is, that with > current code the qemuProcessStop() may still want to use the > seclabel after it was released, e.g. when it wants to restore the > label of a disk mirror. > > What is happening now, is that in qemuProcessStop() the > qemuSecurityReleaseLabel() is called, which removes the SELinux > seclabel from def->seclabels, yada yada yada and eventually > qemuSecurityRestoreImageLabel() is called. This bubbles down to > virSecuritySELinuxRestoreImageLabelSingle() which find no SELinux > seclabel (using virDomainDefGetSecurityLabelDef()) and this > returns early doing nothing. > > Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1751664 > Fixes: 8fa0374c5b8e834fcbdeae674cc6cc9e6bf9019f > Signed-off-by: Michal Privoznik <mprivozn@redhat.com> > --- > src/qemu/qemu_process.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
© 2016 - 2024 Red Hat, Inc.