From nobody Thu May 2 13:44:24 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) client-ip=205.139.110.61; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=octiron.net ARC-Seal: i=1; a=rsa-sha256; t=1590662718; cv=none; d=zohomail.com; s=zohoarc; b=TkVwfPW162Wo6YqrwngxpiJAtGGNOxj4a1lJLDKVKGOZbMOdamfCgYFCaHHuQ4W79Zu+MdDmF7OiHPTqRQt5PCl5jtPoYbb93LZGWf0Va4xlwvuBrin+H138nrzJMhH3iJbgLBC6fwguAqeipP6HjiL1+7KivnK1EIO9eiFyR1Y= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1590662718; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=JzW4//RJjlCLOMKEZXx0vHM7pc11UxZ6VOZ+WWGLQ90=; b=mLMcp+pU/3PAJ/HKCCwpZHeN31BiMLRb16lec9QUMHiuxGoxAuM+TIYnue3ku5/Dj6qd7ncYCEY7A1RBt6GTZj6raforiY89oBAWxogFrVo1Aw2JBA0Q/0D6mJ3itMi1hBFaADnkY9uBBq2ZrkLU7cOZjYw5Ah+ewBlakJskvWM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) by mx.zohomail.com with SMTPS id 1590662718716936.7567708245418; Thu, 28 May 2020 03:45:18 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-226-JHKohbWLMJCM08XoDBCXRA-1; Thu, 28 May 2020 06:45:15 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 6BD288018A5; Thu, 28 May 2020 10:45:08 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3A0415C241; Thu, 28 May 2020 10:45:07 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 7A6A26B4EC; Thu, 28 May 2020 10:45:03 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 04SAj083027000 for ; Thu, 28 May 2020 06:45:01 -0400 Received: by smtp.corp.redhat.com (Postfix) id DCF0010D1793; Thu, 28 May 2020 10:45:00 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast06.extmail.prod.ext.rdu2.redhat.com [10.11.55.22]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D8E2D10D1792 for ; Thu, 28 May 2020 10:44:58 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8F15D1859162 for ; Thu, 28 May 2020 10:44:58 +0000 (UTC) Received: from papylos.uuid.uk (papylos.uuid.uk [185.34.62.16]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-335-5E2ijv7HMkiwRtjDpvf8pw-1; Thu, 28 May 2020 06:44:56 -0400 Received: by papylos.uuid.uk with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jeG1n-0002rT-Va for libvir-list@redhat.com; Thu, 28 May 2020 11:44:55 +0100 Received: by tsort.uuid.uk with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jeG1l-0004Ib-92 for libvir-list@redhat.com; Thu, 28 May 2020 11:44:45 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1590662717; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=JzW4//RJjlCLOMKEZXx0vHM7pc11UxZ6VOZ+WWGLQ90=; b=fGPKLkc3xekkX4ulcdwLEDnQLIWXetZvFwiDpbsUZ8FTga0qDfPnuBAm16ZEqduh9nu5w8 l9V5bdetxzY7af9OsybCOdKEoqW3YXMHU2kvRsgmYWuevwUjkpSJwuK+9Vh/yEO9xBVM+N EajHEuy5EUbj+3EOs5PoyY0N7FULa64= X-MC-Unique: JHKohbWLMJCM08XoDBCXRA-1 X-MC-Unique: 5E2ijv7HMkiwRtjDpvf8pw-1 Subject: [PATCH v2] virt-aa-helper: disallow graphics socket read permissions From: Simon Arlott To: libvir-list@redhat.com References: <361bdcf9-7954-e1d8-017f-9beabb0bdb7d@0882a8b5-c6c3-11e9-b005-00805fc181fe> Message-ID: <3eb60829-6619-4e26-4886-bba458b5dd9e@0882a8b5-c6c3-11e9-b005-00805fc181fe> Date: Thu, 28 May 2020 11:44:45 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 MIME-Version: 1.0 In-Reply-To: <361bdcf9-7954-e1d8-017f-9beabb0bdb7d@0882a8b5-c6c3-11e9-b005-00805fc181fe> Content-Language: en-GB X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" The VM does not need read permission for its own sockets to create, bind(), listen(), accept() connections or to recv(), send(), etc. on those connections. This was fixed in ab9569e5460d1e4737fe8b625c67687dc2204665 (virt-aa-helper: disallow VNC socket read permissions), but then b6465e1aa49397367a9cd0f27110b9c2280a7385 (graphics: introduce new listen type 'socket') and acc83afe333bfadd3f7f79091d38ca3d7da1eeb2 (acc83afe333bfadd3f7f79091d38ca3d7da1eeb2) reverted it. Unless the read permission is omitted, VMs can connect to each other's VNC/graphics sockets. Signed-off-by: Simon Arlott --- Updated version that changes the test case too. src/security/virt-aa-helper.c | 2 +- tests/virt-aa-helper-test | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 6e6dd1b1db..fddbdafc41 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -1053,7 +1053,7 @@ get_files(vahControl * ctl) =20 if (listenObj.type =3D=3D VIR_DOMAIN_GRAPHICS_LISTEN_TYPE_SOCK= ET && listenObj.socket && - vah_add_file(&buf, listenObj.socket, "rw")) + vah_add_file(&buf, listenObj.socket, "w")) goto cleanup; } } diff --git a/tests/virt-aa-helper-test b/tests/virt-aa-helper-test index 6a6703ecf5..a3b3c01163 100755 --- a/tests/virt-aa-helper-test +++ b/tests/virt-aa-helper-test @@ -370,7 +370,7 @@ sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g= " "$template_xml" > "$tes testme "0" "hugepages" "-r -u $valid_uuid -F /run/hugepages/kvm/\*\*" "$te= st_xml" "/run/hugepages/kvm/.*rwk,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,,g" "$template_xml" > "$= test_xml" -testme "0" "vnc socket" "-r -u $valid_uuid" "$test_xml" "/var/lib/libvirt/= qemu/myself.vnc.*rw,$" +testme "0" "vnc socket" "-r -u $valid_uuid" "$test_xml" "/var/lib/libvirt/= qemu/myself.vnc.*\s\+w,$" =20 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,= ,g" "$template_xml" > "$test_xml" testme "0" "input dev passthrough" "-r -u $valid_uuid" "$test_xml" "$disk2= .*rw,$" --=20 2.17.1 --=20 Simon Arlott