From nobody Mon Feb 9 00:42:14 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) client-ip=205.139.110.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1585929507; cv=none; d=zohomail.com; s=zohoarc; b=KQzsCXWUUGXww0ems/Mme9zlB8wUaBZM9lNprq13tLlzvDmURBg4WZfN699Uj3jh7iCmEVvPMcfTWtpsWv/gGYOZ0t8pUkM657ThcS2gppcbCNk4yf6UuPX5Pup1Z9/vv5atVEdCHJYShhqKRthktj3HWOldW6bXJ7+fyZ1KS2M= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1585929507; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=sv1YgPaLSbsIQVXM56w/5WK6JvxlB4v7MxpGoYsMAr4=; b=L1eBPJr42v3ZIYd/MXj+wlp5sAuf+0U9VwYgQRBAsbrvKMnxswf/nWXVCsSiUINrnPNfvMMsJS6tF0j6H+nzQkeMEg6QNE7LYLlKe7xAREiEwnDXGTLS34oUi/oV6R6s85CCy48gaoxPlP44u66BrxsVYHLKmZkIRjzxg8EYCvg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) by mx.zohomail.com with SMTPS id 1585929507779690.1671994981438; Fri, 3 Apr 2020 08:58:27 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-316-Vw_NHKhbOf63Q02ZinEOHQ-1; Fri, 03 Apr 2020 11:58:23 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B6665800D53; Fri, 3 Apr 2020 15:58:15 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8C22B10027A3; Fri, 3 Apr 2020 15:58:15 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3DD084E460; Fri, 3 Apr 2020 15:58:15 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 033FwAiP030537 for ; Fri, 3 Apr 2020 11:58:10 -0400 Received: by smtp.corp.redhat.com (Postfix) id 8F30018A85; Fri, 3 Apr 2020 15:58:10 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.192.193]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0B4E31147DB for ; Fri, 3 Apr 2020 15:58:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1585929506; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=sv1YgPaLSbsIQVXM56w/5WK6JvxlB4v7MxpGoYsMAr4=; b=hvzOHYrJjk72nXdFxTRzSN/9kMmvejqsPbYfGdqAqJyCO0T8m030WV7C0TYBn8h/7i6YYt /MeFv0bdndE/QkNk9Q6lQCYvYAA0NSWDOx+zVlJxMD1dXVZ+vYfk5obzIYyPkflswO7o93 262ERCHb2+RPlkvXgq1KkzKkmI6SU2Y= X-MC-Unique: Vw_NHKhbOf63Q02ZinEOHQ-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 3/3] qemu: Label restore path outside of secdriver transactions Date: Fri, 3 Apr 2020 17:58:03 +0200 Message-Id: <5e6fd7cd5f4e9a122dc0d9fbfe6cb6393eaf620f.1585929444.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" As explained in the previous commit, we need to relabel the file we are restoring the domain from. That is the FD that is passed to QEMU. If the file is not under /dev then the file inside the namespace is the very same as the one in the host. And regardless of using transactions, the file will be relabeled. But, if the file is under /dev then when using transactions only the copy inside the namespace is relabeled and the one in the host is not. But QEMU is reading from the one in the host, actually. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=3D1772838 Signed-off-by: Michal Privoznik Reviewed-by: Erik Skultety --- src/qemu/qemu_security.c | 7 +++++++ src/security/security_selinux.c | 23 +++++++++++++++++------ 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c index 484fc34552..594a700ea3 100644 --- a/src/qemu/qemu_security.c +++ b/src/qemu/qemu_security.c @@ -39,6 +39,13 @@ qemuSecuritySetAllLabel(virQEMUDriverPtr driver, qemuDomainObjPrivatePtr priv =3D vm->privateData; pid_t pid =3D -1; =20 + /* Explicitly run this outside of transaction. We really want to relab= el + * the file in the host and not in the domain's namespace. */ + if (virSecurityManagerDomainSetIncomingPathLabel(driver->securityManag= er, + vm->def, + stdin_path) < 0) + goto cleanup; + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) pid =3D vm->pid; =20 diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index f47bfbdba9..4d8f755c10 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -3135,7 +3135,7 @@ virSecuritySELinuxSetSecuritySmartcardCallback(virDom= ainDefPtr def, static int virSecuritySELinuxSetAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - const char *stdin_path, + const char *stdin_path G_GNUC_UNUSED, bool chardevStdioLogd, bool migrated G_GNUC_UNUSED) { @@ -3231,11 +3231,6 @@ virSecuritySELinuxSetAllLabel(virSecurityManagerPtr = mgr, data->content_context, true) < 0) return -1; =20 - if (stdin_path && - virSecuritySELinuxSetFilecon(mgr, stdin_path, - data->content_context, false) < 0) - return -1; - return 0; } =20 @@ -3393,6 +3388,21 @@ virSecuritySELinuxDomainSetPathLabel(virSecurityMana= gerPtr mgr, return virSecuritySELinuxSetFilecon(mgr, path, seclabel->imagelabel, t= rue); } =20 +static int +virSecuritySELinuxDomainSetIncomingPathLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + const char *path) +{ + virSecuritySELinuxDataPtr data =3D virSecurityManagerGetPrivateData(mg= r); + virSecurityLabelDefPtr secdef; + + secdef =3D virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); + + if (!path || !secdef || !secdef->relabel || data->skipAllLabel) + return 0; + + return virSecuritySELinuxSetFilecon(mgr, path, data->content_context, = false); +} =20 /* * virSecuritySELinuxSetFileLabels: @@ -3596,6 +3606,7 @@ virSecurityDriver virSecurityDriverSELinux =3D { .getBaseLabel =3D virSecuritySELinuxGetBaseLabel, =20 .domainSetPathLabel =3D virSecuritySELinuxDomainSetPat= hLabel, + .domainSetIncomingPathLabel =3D virSecuritySELinuxDomainSetInc= omingPathLabel, =20 .domainSetSecurityChardevLabel =3D virSecuritySELinuxSetChardevLa= bel, .domainRestoreSecurityChardevLabel =3D virSecuritySELinuxRestoreChard= evLabel, --=20 2.24.1