From nobody Mon Feb 9 16:54:07 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1556180433; cv=none; d=zoho.com; s=zohoarc; b=n5er9jX0Wgj+dTojBXMKfuyNCPKAajymJr2ZajdJD8eE5WM5ZlOOiSe/P7CpC3iCrb+lNRR51uHXyRb45xRkqgCA6NIOcHP6Xadvl0g+jRse1jZNP+R07uVUuKCBSvPCU9cNz5vVFMoIDZ9ttBVX2voX1knr5NJgVfjgBt6KyT0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1556180433; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=5htR9PenIQWScbtyBDOOWjBVznQNLnvvhjaQsIan95Y=; b=eyKcQrFUf9pGojjoE2/FCQVnzT+yxr6kYzjX7cjL8psAxDYHPm2Ak+MLykVlmFgFActtkoIGw8/ncSsftQuIEvt6T9pG2V5pUFZzyMa9BBaJrV5LFFyLrAh0+wvsDjYmbPYBiKyVAPBqfYwPpk3Xo1ZjLQPXnfVuxeEOsLq/14A= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1556180433495671.7526417618421; Thu, 25 Apr 2019 01:20:33 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5E020C02493B; Thu, 25 Apr 2019 08:20:32 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 350345D9CD; Thu, 25 Apr 2019 08:20:32 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id EAA97181BA07; Thu, 25 Apr 2019 08:20:31 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x3P8KIYi013915 for ; Thu, 25 Apr 2019 04:20:18 -0400 Received: by smtp.corp.redhat.com (Postfix) id 0396260C70; Thu, 25 Apr 2019 08:20:18 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id 80FFA60C8E for ; Thu, 25 Apr 2019 08:20:17 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 25 Apr 2019 10:19:49 +0200 Message-Id: <76a71926c50cc9cd16a493b8b73937aec934d084.1556179410.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 13/25] security: Don't skip label restore on file systems lacking XATTRs X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Thu, 25 Apr 2019 08:20:32 +0000 (UTC) Content-Type: text/plain; charset="utf-8" The way that virSecurityDACRecallLabel is currently written is that if XATTRs are not supported for given path to the caller this is not different than if the path is still in use. The value of 1 is returned which makes secdrivers skip label restore. This is clearly a bug as we are not restoring labels on say NFS even though previously we were. Strictly speaking, changes to virSecurityDACRememberLabel are not needed, but they are done anyway so that getter and setter behave in the same fashion. Signed-off-by: Michal Privoznik Reviewed-by: Cole Robinson Reviewed-by: Daniel P. Berrang=C3=A9 --- src/security/security_dac.c | 18 ++++++++++++------ src/security/security_selinux.c | 21 +++++++++++++++------ src/security/security_util.c | 6 ++++-- 3 files changed, 31 insertions(+), 14 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 3c21dbbddb..300c383dd5 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -458,10 +458,11 @@ virSecurityDACRecallLabel(virSecurityDACDataPtr priv = ATTRIBUTE_UNUSED, { char *label; int ret =3D -1; + int rv; =20 - if (virSecurityGetRememberedLabel(SECURITY_DAC_NAME, - path, &label) < 0) - goto cleanup; + rv =3D virSecurityGetRememberedLabel(SECURITY_DAC_NAME, path, &label); + if (rv < 0) + return rv; =20 if (!label) return 1; @@ -760,7 +761,9 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr, } =20 refcount =3D virSecurityDACRememberLabel(priv, path, sb.st_uid, sb= .st_gid); - if (refcount < 0) { + if (refcount =3D=3D -2) { + /* Not supported. Don't error though. */ + } else if (refcount < 0) { return -1; } else if (refcount > 1) { /* Refcount is greater than 1 which means that there @@ -827,10 +830,13 @@ virSecurityDACRestoreFileLabelInternal(virSecurityMan= agerPtr mgr, =20 if (recall && path) { rv =3D virSecurityDACRecallLabel(priv, path, &uid, &gid); - if (rv < 0) + if (rv =3D=3D -2) { + /* Not supported. Don't error though. */ + } else if (rv < 0) { return -1; - if (rv > 0) + } else if (rv > 0) { return 0; + } } =20 VIR_INFO("Restoring DAC user and group on '%s' to %ld:%ld", diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index ec8d407351..ff54d47e23 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -207,9 +207,11 @@ static int virSecuritySELinuxRecallLabel(const char *path, security_context_t *con) { - if (virSecurityGetRememberedLabel(SECURITY_SELINUX_NAME, - path, con) < 0) - return -1; + int rv; + + rv =3D virSecurityGetRememberedLabel(SECURITY_SELINUX_NAME, path, con); + if (rv < 0) + return rv; =20 if (!*con) return 1; @@ -1337,7 +1339,9 @@ virSecuritySELinuxSetFileconHelper(virSecurityManager= Ptr mgr, =20 if (econ) { refcount =3D virSecuritySELinuxRememberLabel(path, econ); - if (refcount < 0) { + if (refcount =3D=3D -2) { + /* Not supported. Don't error though. */ + } else if (refcount < 0) { goto cleanup; } else if (refcount > 1) { /* Refcount is greater than 1 which means that there @@ -1485,13 +1489,18 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManag= erPtr mgr, } =20 if (recall) { - if ((rc =3D virSecuritySELinuxRecallLabel(newpath, &fcon)) < 0) { + rc =3D virSecuritySELinuxRecallLabel(newpath, &fcon); + if (rc =3D=3D -2) { + /* Not supported. Lookup the default label below. */ + } else if (rc < 0) { goto cleanup; } else if (rc > 0) { ret =3D 0; goto cleanup; } - } else { + } + + if (!recall || rc =3D=3D -2) { if (stat(newpath, &buf) !=3D 0) { VIR_WARN("cannot stat %s: %s", newpath, virStrerror(errno, ebuf, sizeof(ebuf))); diff --git a/src/security/security_util.c b/src/security/security_util.c index f09a18a623..3c24d7cded 100644 --- a/src/security/security_util.c +++ b/src/security/security_util.c @@ -105,6 +105,7 @@ virSecurityGetRefCountAttrName(const char *name ATTRIBU= TE_UNUSED) * zero) and returns zero. * * Returns: 0 on success, + * -2 if underlying file system doesn't support XATTRs, * -1 otherwise (with error reported) */ int @@ -125,7 +126,7 @@ virSecurityGetRememberedLabel(const char *name, =20 if (virFileGetXAttrQuiet(path, ref_name, &value) < 0) { if (errno =3D=3D ENOSYS || errno =3D=3D ENODATA || errno =3D=3D EN= OTSUP) { - ret =3D 0; + ret =3D -2; } else { virReportSystemError(errno, _("Unable to get XATTR %s on %s"), @@ -192,6 +193,7 @@ virSecurityGetRememberedLabel(const char *name, * See also virSecurityGetRememberedLabel. * * Returns: the new refcount value on success, + * -2 if underlying file system doesn't support XATTRs, * -1 otherwise (with error reported) */ int @@ -210,7 +212,7 @@ virSecuritySetRememberedLabel(const char *name, =20 if (virFileGetXAttrQuiet(path, ref_name, &value) < 0) { if (errno =3D=3D ENOSYS || errno =3D=3D ENOTSUP) { - ret =3D 0; + ret =3D -2; goto cleanup; } else if (errno !=3D ENODATA) { virReportSystemError(errno, --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list