From nobody Fri Dec 19 04:17:25 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1658918166; cv=none;
	d=zohomail.com; s=zohoarc;
	b=h2rzJJMjD34cktk/lzREw6x3ZRtJv2SpAIo8muzTk0b2jXRv0f0IAj+GbKud+LyopYZNftn7GlzWAN3hRfwZlCFyrq4B+ihZY5PKlr17UB6Ie6YICcI4BMzdN61KPtan5RbZOoT3QxBr/O1ezaXXTyFfGJMnXXY3Oj1AOXE2cWw=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1658918166;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=+BY1g1UsYcENGEPeH29ucGvMg7QwsV/fh8VFMS5eTlU=;
	b=S/nHij88m8aWeiItN+9714+jfj5do8WGhftwXDOxprJwrdrfSzBIuRyISArTcd/ToVtxtQWjlANnttKD9o4BfhrZledMiFU+KnXw1SsmTduLYcQksEzH6A+FPYFfObQQJaD0sAswdFipXLGWGP0ZTichRws5Nlp5/GJ8gPFL4q4=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mprivozn@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1658918166160886.5885356293106;
 Wed, 27 Jul 2022 03:36:06 -0700 (PDT)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-662-rDHbRG-fOSSoedLF5nh-gQ-1; Wed, 27 Jul 2022 06:35:22 -0400
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com
 [10.11.54.7])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 83E11801585;
	Wed, 27 Jul 2022 10:35:20 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (unknown [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 700F51415118;
	Wed, 27 Jul 2022 10:35:20 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 1BFCD1945DA2;
	Wed, 27 Jul 2022 10:35:20 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com
 [10.11.54.8])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id EA5CE1947046 for <libvir-list@listman.corp.redhat.com>;
 Wed, 27 Jul 2022 10:35:17 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id DBDA7C28130; Wed, 27 Jul 2022 10:35:17 +0000 (UTC)
Received: from maggie.redhat.com (unknown [10.43.2.88])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 2E5CDC15D67;
 Wed, 27 Jul 2022 10:35:17 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1658918165;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=+BY1g1UsYcENGEPeH29ucGvMg7QwsV/fh8VFMS5eTlU=;
	b=bPogMuRVCGf6RIhJKfatWtvXDHu8KMy0J4Q8BnP98dzRLN3GtWcs1B9WyCyQScODCgpbLe
	qy0LQweSwehhSQmkdGhLCnOgHKzS6w1D8cg6EjxhPcW4wYzXowzA+rku0KkcMSaLx79dEy
	mlimZCoGfrnynqPasE19O2wr5BA3uvI=
X-MC-Unique: rDHbRG-fOSSoedLF5nh-gQ-1
X-Original-To: libvir-list@listman.corp.redhat.com
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH v14 14/15] security_dac: Set DAC label on SGX /dev nodes
Date: Wed, 27 Jul 2022 12:35:00 +0200
Message-Id: 
 <75067b41c05a8282e45866bd3254ee85b5cb682e.1658917571.git.mprivozn@redhat.com>
In-Reply-To: <cover.1658917570.git.mprivozn@redhat.com>
References: <cover.1658917570.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.85 on 10.11.54.8
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/libvir-list/>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
Cc: lin.a.yang@intel.com, jian-feng.ding@intel.com, haibin.huang@intel.com
Errors-To: libvir-list-bounces@redhat.com
Sender: "libvir-list" <libvir-list-bounces@redhat.com>
X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1658918167949100007
Content-Type: text/plain; charset="utf-8"; x-default="true"

As advertised in previous commits, QEMU needs to access
/dev/sgx_vepc and /dev/sgx_provision files when SGX memory
backend is configured. And if it weren't for QEMU's namespaces,
we wouldn't dare to relabel them, because they are system wide
files. But if namespaces are used, then we can set label on
domain's private copies, just like we do for /dev/sev.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 src/security/security_dac.c | 46 ++++++++++++++++++++++---------------
 1 file changed, 28 insertions(+), 18 deletions(-)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index d94995c9cf..5ca63e30f4 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -48,6 +48,8 @@ VIR_LOG_INIT("security.security_dac");
=20
 #define SECURITY_DAC_NAME "dac"
 #define DEV_SEV "/dev/sev"
+#define DEV_SGX_VEPC "/dev/sgx_vepc"
+#define DEV_SGX_PROVISION "/dev/sgx_provision"
=20
 typedef struct _virSecurityDACData virSecurityDACData;
 struct _virSecurityDACData {
@@ -1843,24 +1845,24 @@ virSecurityDACRestoreMemoryLabel(virSecurityManager=
 *mgr,
                                  virDomainDef *def G_GNUC_UNUSED,
                                  virDomainMemoryDef *mem)
 {
-    int ret =3D -1;
-
     switch (mem->model) {
     case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
     case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
-        ret =3D virSecurityDACRestoreFileLabel(mgr, mem->nvdimmPath);
+        return virSecurityDACRestoreFileLabel(mgr, mem->nvdimmPath);
+
+    case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
+        /* We set label on SGX /dev nodes iff running with namespaces, so =
we
+         * don't need to restore anything. */
         break;
=20
     case VIR_DOMAIN_MEMORY_MODEL_DIMM:
     case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM:
-    case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
     case VIR_DOMAIN_MEMORY_MODEL_LAST:
     case VIR_DOMAIN_MEMORY_MODEL_NONE:
-        ret =3D 0;
         break;
     }
=20
-    return ret;
+    return 0;
 }
=20
=20
@@ -2020,35 +2022,43 @@ virSecurityDACSetMemoryLabel(virSecurityManager *mg=
r,
 {
     virSecurityDACData *priv =3D virSecurityManagerGetPrivateData(mgr);
     virSecurityLabelDef *seclabel;
-    int ret =3D -1;
     uid_t user;
     gid_t group;
=20
+    seclabel =3D virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
+    if (seclabel && !seclabel->relabel)
+        return 0;
+
+    if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < =
0)
+        return -1;
+
     switch (mem->model) {
     case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
     case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
-        seclabel =3D virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAM=
E);
-        if (seclabel && !seclabel->relabel)
-            return 0;
+        return virSecurityDACSetOwnership(mgr, NULL,
+                                          mem->nvdimmPath,
+                                          user, group, true);
=20
-        if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL=
) < 0)
+    case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
+        /* Skip chowning SGX if namespaces are disabled. */
+        if (priv->mountNamespace &&
+            (virSecurityDACSetOwnership(mgr, NULL,
+                                        DEV_SGX_VEPC,
+                                        user, group, true) < 0 ||
+             virSecurityDACSetOwnership(mgr, NULL,
+                                        DEV_SGX_PROVISION,
+                                        user, group, true) < 0))
             return -1;
-
-        ret =3D virSecurityDACSetOwnership(mgr, NULL,
-                                         mem->nvdimmPath,
-                                         user, group, true);
         break;
=20
     case VIR_DOMAIN_MEMORY_MODEL_DIMM:
     case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_MEM:
-    case VIR_DOMAIN_MEMORY_MODEL_SGX_EPC:
     case VIR_DOMAIN_MEMORY_MODEL_LAST:
     case VIR_DOMAIN_MEMORY_MODEL_NONE:
-        ret =3D 0;
         break;
     }
=20
-    return ret;
+    return 0;
 }
=20
=20
--=20
2.35.1