From nobody Sun Feb  8 13:28:03 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 63.128.21.124 as permitted sender) client-ip=63.128.21.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1604409230; cv=none;
	d=zohomail.com; s=zohoarc;
	b=QyvbYyoS4SSvX1HP23a3KvPhKLvwC4gTbaHrBL6jwcP4FIjLpg7T6SeqETgLipqoWQArgCA2Y5uZMS1FQmw0Dugs0oTBj2xwC3jW1Y3iFykzBtU6g584FksbR3kB4xLRgNYuNMKEbKgZEzxc9iuuHdN9iL59Kwz7lYNHYzEIzJE=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1604409230;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=Djn4gpsEkbTXo4B4pVa+4EVh/535HBtE6iEYq00qtNg=;
	b=Ssp6H0AYARH6cejHzGy1ZbGVff5qpKtrqB2BsuJGAepLpykQziq0dN9au8RzKsH+0OIhdNtzgjSbHCUxSybT/edbd+LDoTqwULly87qvhtdoMmQgigAwkLgXMM3kwqEcF32YXD5+uECz0IGO3s5Iiv5afzUm1aiLgUp9RtQgEa4=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mprivozn@redhat.com> (p=none dis=none)
 header.from=<mprivozn@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.zohomail.com
	with SMTPS id 1604409230849564.8475938265922;
 Tue, 3 Nov 2020 05:13:50 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-108-bEafNEr1NS6LcmW9ChbPtQ-1; Tue, 03 Nov 2020 08:13:48 -0500
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 98EF810B9CA3;
	Tue,  3 Nov 2020 13:13:42 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 6F5F16CE4E;
	Tue,  3 Nov 2020 13:13:42 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 0FB1186BE9;
	Tue,  3 Nov 2020 13:13:41 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
	[10.5.11.22])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 0A3DDehD020165 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 3 Nov 2020 08:13:40 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 37B141002C29; Tue,  3 Nov 2020 13:13:40 +0000 (UTC)
Received: from localhost.localdomain (unknown [10.40.195.148])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 810321002C1F;
	Tue,  3 Nov 2020 13:13:39 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1604409229;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=Djn4gpsEkbTXo4B4pVa+4EVh/535HBtE6iEYq00qtNg=;
	b=DjJUe20vTDyPnwVfn6+RbOaunETKVB6Lm4ZII4Zx+9qQPiJaij4gZVBqE8+Ii6D+UZbswQ
	pZl9DSP1zJXSjj8W3h/Xt//z4mbQzOnI3VaXZ9XFsxdxR2avcPWmqRGLxgSHxSZrAIPeSG
	Xmub1uPxnk1FBEvlp+grlsIva67yYss=
X-MC-Unique: bEafNEr1NS6LcmW9ChbPtQ-1
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH 4/4] qemu_conf: Don't even attempt to enable rememberOwner if
	unsupported
Date: Tue,  3 Nov 2020 14:13:29 +0100
Message-Id: 
 <954dbef6fe2b3f1617066eb2901d8f30036f211f.1604409134.git.mprivozn@redhat.com>
In-Reply-To: <cover.1604409134.git.mprivozn@redhat.com>
References: <cover.1604409134.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-loop: libvir-list@redhat.com
Cc: r.bolshakov@yadro.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
Content-Type: text/plain; charset="utf-8"

The remember owner feature uses XATTRs to store original
seclabels. But that means we don't want a regular user to be able
to change what we stored and thus trick us into setting different
seclabel. Therefore, we use namespaces that are reserved to
CAP_SYS_ADMIN only. Such namespaces exist on Linux and FreeBSD.
That also means, that the whole feature is enabled only for
qemu:///system. Now, while the secdriver code is capable of
dealing with XATTRs being unsupported (it has to, not all
filesystems support them) if the feature is enabled users will
get an harmless error message in the logs and the feature
disables itself.

Since we have virSecurityXATTRNamespaceDefined() we can use it to
make a wiser decision on the default state of the feature.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com>
---
 src/qemu/qemu_conf.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index ead9d1ee99..923aea8bd7 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -49,6 +49,7 @@
 #include "storage_conf.h"
 #include "virutil.h"
 #include "configmake.h"
+#include "security/security_util.h"
=20
 #define VIR_FROM_THIS VIR_FROM_QEMU
=20
@@ -131,7 +132,11 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool pri=
vileged,
         cfg->group =3D (gid_t)-1;
     }
     cfg->dynamicOwnership =3D privileged;
-    cfg->rememberOwner =3D privileged;
+
+    if (privileged)
+        cfg->rememberOwner =3D virSecurityXATTRNamespaceDefined();
+    else
+        cfg->rememberOwner =3D false;
=20
     cfg->cgroupControllers =3D -1; /* -1 =3D=3D auto-detect */
=20
--=20
2.26.2