From nobody Mon Nov 25 22:34:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=octiron.net ARC-Seal: i=1; a=rsa-sha256; t=1590658348; cv=none; d=zohomail.com; s=zohoarc; b=DI9NOVdMx13XjgpnZGyMf2Frtkvh8d3CPIvT6cEblAhvMzyo6WUBvcklCmZ/cWa5a+/alAnkeJ0x09VOUeMAv3gpJdbTQ16AS1rwV5iDBqDWinQNnb9mTGrQ901BdIYdpNCvLylo0Tr/YeVTu4UMIaEP0CC9y+4ABpdf9hCS5TQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1590658348; h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=X4M4PeszfXS/uEml6cBQZF1lD/97WyrUQjU5obM+iaE=; b=aiVo2N9uWhf9uJZAiqi8eql39h8ht39JEYpYv+49Lxiu6EFsvRR/7uEJ3ai+VtynKOhitvwbXvexovs9Mtn5zsvKrnyvTeR7KZ6kcwI/EzSsxNF1G0q1kofhCmy7ST9XN317MQ2xZPYoKGh+JpSX6q7kqKaplBJAK5+7bbiSJyI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by mx.zohomail.com with SMTPS id 1590658348804778.7611958389872; Thu, 28 May 2020 02:32:28 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-453-xgR0Jb0MODyCFLI0KF2K2A-1; Thu, 28 May 2020 05:32:23 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id F050D8005AA; Thu, 28 May 2020 09:32:17 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8C57E5C1B0; Thu, 28 May 2020 09:32:16 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id A5EE51809542; Thu, 28 May 2020 09:32:11 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 04S9WANd022049 for ; Thu, 28 May 2020 05:32:10 -0400 Received: by smtp.corp.redhat.com (Postfix) id 2CDCDDEE9D; Thu, 28 May 2020 09:32:10 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 291BADBB15 for ; Thu, 28 May 2020 09:32:08 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 257B182882B for ; Thu, 28 May 2020 09:32:08 +0000 (UTC) Received: from chalk.uuid.uk (chalk.uuid.uk [51.68.227.198]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-387-F6V25BmNPY-s2ZIvDlpUiQ-1; Thu, 28 May 2020 05:32:05 -0400 Received: by chalk.uuid.uk with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jeEtO-0005kp-1R for libvir-list@redhat.com; Thu, 28 May 2020 10:32:02 +0100 Received: by tsort.uuid.uk with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jeEtE-0003Ce-RL for libvir-list@redhat.com; Thu, 28 May 2020 10:32:00 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1590658345; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=X4M4PeszfXS/uEml6cBQZF1lD/97WyrUQjU5obM+iaE=; b=MX5jZJfW7SzGzVClpsV+E7/y9rJH3aWWh96/34YBlsOK1KBJXPdsOBXdjXeQl6qOXrFs7L S5md8F1sGVvf6zEs19OZli95CD/Zb9xSry14fyOK5XPHbAtMjPhsuZgL98C2lop7G23VuM uOv5j1lUmMDVuiqWXgBb44np0LDROB4= X-MC-Unique: xgR0Jb0MODyCFLI0KF2K2A-1 X-MC-Unique: F6V25BmNPY-s2ZIvDlpUiQ-1 To: libvir-list@redhat.com From: Simon Arlott Subject: [PATCH] virt-aa-helper: disallow graphics socket read permissions Message-ID: <361bdcf9-7954-e1d8-017f-9beabb0bdb7d@0882a8b5-c6c3-11e9-b005-00805fc181fe> Date: Thu, 28 May 2020 10:31:52 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 MIME-Version: 1.0 Content-Language: en-GB X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" The VM does not need read permission for its own sockets to create(), bind(), accept() connections or to recv(), send(), etc. on connections. This was fixed in ab9569e5460d1e4737fe8b625c67687dc2204665 (virt-aa-helper: disallow VNC socket read permissions), but then b6465e1aa49397367a9cd0f27110b9c2280a7385 (graphics: introduce new listen type 'socket') and acc83afe333bfadd3f7f79091d38ca3d7da1eeb2 (acc83afe333bfadd3f7f79091d38ca3d7da1eeb2) reverted it. Unless the read permission is omitted, VMs can connect to each other's VNC/graphics sockets. Signed-off-by: Simon Arlott --- src/security/virt-aa-helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 6e6dd1b1db..fddbdafc41 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -1053,7 +1053,7 @@ get_files(vahControl * ctl) =20 if (listenObj.type =3D=3D VIR_DOMAIN_GRAPHICS_LISTEN_TYPE_SOCK= ET && listenObj.socket && - vah_add_file(&buf, listenObj.socket, "rw")) + vah_add_file(&buf, listenObj.socket, "w")) goto cleanup; } } --=20 2.17.1 --=20 Simon Arlott