From nobody Mon Feb 9 02:13:41 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1585929501; cv=none; d=zohomail.com; s=zohoarc; b=dg/8BwLFlwCen0Ai1ODul878W0gb3+7MdEUk+bv/rEkCkQC+yfn4eEoqE13mkzewROek9NT6JW3ENeZrpHmB0q0CtcUiTIcfdCs7QhSfTt4Kye9f+aVHydY70Y0M7XZ3Rs9nlnNO9YXNMhWfFiMtcPIiwOzcYSMm83OyGVX1ewg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1585929501; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=mnJiK0r/8MieoCdM2bt0xR9iL3WR75GIu/CEn+Uqv7o=; b=g/dAlMLWCXSXqAV/LbRfn900ie/ZgpyhOPrkNiRkz3kJ6jgEwlRb8rPL1cL1B0QJCMrUujj6NvtORULgT+33r4sOwwDmyZTdJAURSYJrRTWziIIx7IXYScKhxKmIvy54Oi4ZJCKJNSIRyqkc4+TJP/0Ixy/biveQRGhb+H52qz8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) by mx.zohomail.com with SMTPS id 1585929501515947.5494594567257; Fri, 3 Apr 2020 08:58:21 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-281-5Mw4F7iFP2ir-GT5Xr-NwQ-1; Fri, 03 Apr 2020 11:58:17 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C24A7107B7D5; Fri, 3 Apr 2020 15:58:11 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8D8155DA2C; Fri, 3 Apr 2020 15:58:11 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 12A024E455; Fri, 3 Apr 2020 15:58:11 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 033Fw9Ho030527 for ; Fri, 3 Apr 2020 11:58:09 -0400 Received: by smtp.corp.redhat.com (Postfix) id AAD2A90817; Fri, 3 Apr 2020 15:58:09 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.192.193]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2657318A85 for ; Fri, 3 Apr 2020 15:58:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1585929500; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=mnJiK0r/8MieoCdM2bt0xR9iL3WR75GIu/CEn+Uqv7o=; b=UlEUDbLfn72Iwf6mkzFvLu06vD6zLpKDRL0m3CcdW/LlHOSRIe1kpKNidAi1NJRT1kigIC 2v6l3VVpWyB0FzPCP/b3DL+HKmnnrUnzE4DKMjIb/JxOJ1FgPlF9mg3t1OxECJpvNmCEyN C9cxw3rOM6sZp1ah5ofWlDSfy64RImI= X-MC-Unique: 5Mw4F7iFP2ir-GT5Xr-NwQ-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 2/3] security: Introduce virSecurityManagerDomainSetIncomingPathLabel Date: Fri, 3 Apr 2020 17:58:02 +0200 Message-Id: <5f9f8cd9bf061852eb4e79eb7b119e702cac0324.1585929444.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" This API allows drivers to separate out handling of @stdin_path of virSecurityManagerSetAllLabel(). The thing is, the QEMU driver uses transactions for virSecurityManagerSetAllLabel() which relabels devices from inside of domain's namespace. This is what we usually want. Except when resuming domain from a file. The file is opened before any namespace is set up and the FD is passed to QEMU to read the migration stream from. Because of this, the file lives outside of the namespace and if it so happens that the file is a block device (i.e. it lives under /dev) its copy will be created in the namespace. But the FD that is passed to QEMU points to the original living in the host and not in the namespace. So relabeling the file inside the namespace helps nothing. But if we have a separate API for relabeling the restore file then the QEMU driver can continue calling virSecurityManagerSetAllLabel() with transactions enabled and call this new API without transactions. We already have an API for relabeling a single file (virSecurityManagerDomainSetPathLabel()) but in case of SELinux it uses @imagelabel (which allows RW access) and we want to use @content_context (which allows RO access). Signed-off-by: Michal Privoznik Reviewed-by: Erik Skultety --- src/libvirt_private.syms | 1 + src/security/security_driver.h | 4 ++++ src/security/security_manager.c | 29 +++++++++++++++++++++++++++++ src/security/security_manager.h | 4 ++++ src/security/security_stack.c | 21 +++++++++++++++++++++ 5 files changed, 59 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index e276f55bb1..2c63f37fc2 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1523,6 +1523,7 @@ virSecurityDriverLookup; # security/security_manager.h virSecurityManagerCheckAllLabel; virSecurityManagerClearSocketLabel; +virSecurityManagerDomainSetIncomingPathLabel; virSecurityManagerDomainSetPathLabel; virSecurityManagerGenLabel; virSecurityManagerGetBaseLabel; diff --git a/src/security/security_driver.h b/src/security/security_driver.h index 3353955813..6cbe8613c9 100644 --- a/src/security/security_driver.h +++ b/src/security/security_driver.h @@ -140,6 +140,9 @@ typedef int (*virSecurityDomainSetPathLabel) (virSecuri= tyManagerPtr mgr, virDomainDefPtr def, const char *path, bool allowSubtree); +typedef int (*virSecurityDomainSetIncomingPathLabel) (virSecurityManagerPt= r mgr, + virDomainDefPtr def, + const char *path); typedef int (*virSecurityDomainSetChardevLabel) (virSecurityManagerPtr mgr, virDomainDefPtr def, virDomainChrSourceDefPtr = dev_source, @@ -211,6 +214,7 @@ struct _virSecurityDriver { virSecurityDriverGetBaseLabel getBaseLabel; =20 virSecurityDomainSetPathLabel domainSetPathLabel; + virSecurityDomainSetIncomingPathLabel domainSetIncomingPathLabel; =20 virSecurityDomainSetChardevLabel domainSetSecurityChardevLabel; virSecurityDomainRestoreChardevLabel domainRestoreSecurityChardevLabel; diff --git a/src/security/security_manager.c b/src/security/security_manage= r.c index fe032746ff..a76b953ee4 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -1077,6 +1077,35 @@ virSecurityManagerDomainSetPathLabel(virSecurityMana= gerPtr mgr, } =20 =20 +/** + * virSecurityManagerDomainSetIncomingPathLabel: + * @mgr: security manager object + * @vm: domain definition object + * @path: path to label + * + * This function relabels given @path so that @vm can restore for + * it. This allows the driver backend to use different label than + * virSecurityManagerDomainSetPathLabel(). + * + * Returns: 0 on success, -1 on error. + */ +int +virSecurityManagerDomainSetIncomingPathLabel(virSecurityManagerPtr mgr, + virDomainDefPtr vm, + const char *path) +{ + if (mgr->drv->domainSetIncomingPathLabel) { + int ret; + virObjectLock(mgr); + ret =3D mgr->drv->domainSetIncomingPathLabel(mgr, vm, path); + virObjectUnlock(mgr); + return ret; + } + + return 0; +} + + /** * virSecurityManagerSetMemoryLabel: * @mgr: security manager object diff --git a/src/security/security_manager.h b/src/security/security_manage= r.h index 7699bcbc6f..465d71558f 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -189,6 +189,10 @@ int virSecurityManagerDomainSetPathLabel(virSecurityMa= nagerPtr mgr, const char *path, bool allowSubtree); =20 +int virSecurityManagerDomainSetIncomingPathLabel(virSecurityManagerPtr mgr, + virDomainDefPtr vm, + const char *path); + int virSecurityManagerSetChardevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, virDomainChrSourceDefPtr dev_source, diff --git a/src/security/security_stack.c b/src/security/security_stack.c index 073876daff..7782abaf9d 100644 --- a/src/security/security_stack.c +++ b/src/security/security_stack.c @@ -825,6 +825,26 @@ virSecurityStackDomainSetPathLabel(virSecurityManagerP= tr mgr, return rc; } =20 + +static int +virSecurityStackDomainSetIncomingPathLabel(virSecurityManagerPtr mgr, + virDomainDefPtr vm, + const char *path) +{ + virSecurityStackDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); + virSecurityStackItemPtr item =3D priv->itemsHead; + int rc =3D 0; + + for (; item; item =3D item->next) { + if (virSecurityManagerDomainSetIncomingPathLabel(item->securityMan= ager, + vm, path) < 0) + rc =3D -1; + } + + return rc; +} + + static int virSecurityStackDomainSetChardevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, @@ -985,6 +1005,7 @@ virSecurityDriver virSecurityDriverStack =3D { .getBaseLabel =3D virSecurityStackGetBaseLabel, =20 .domainSetPathLabel =3D virSecurityStackDomainSetPathL= abel, + .domainSetIncomingPathLabel =3D virSecurityStackDomainSetIncom= ingPathLabel, =20 .domainSetSecurityChardevLabel =3D virSecurityStackDomainSetChard= evLabel, .domainRestoreSecurityChardevLabel =3D virSecurityStackDomainRestoreC= hardevLabel, --=20 2.24.1