From nobody Sat Feb  7 13:51:03 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1542962629767538.2149558361392;
 Fri, 23 Nov 2018 00:43:49 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 655F530001EA;
	Fri, 23 Nov 2018 08:43:45 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id BD7145C21E;
	Fri, 23 Nov 2018 08:43:44 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id AA142181B9E4;
	Fri, 23 Nov 2018 08:43:43 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
	[10.5.11.23])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id wAN8hfBE003771 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 23 Nov 2018 03:43:41 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id E084917B26; Fri, 23 Nov 2018 08:43:41 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.2.192])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 6556D17797
	for <libvir-list@redhat.com>; Fri, 23 Nov 2018 08:43:41 +0000 (UTC)
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 23 Nov 2018 09:43:19 +0100
Message-Id: 
 <8dfec2b24ada3de372549717a8bc019f89c0d5f3.1542960893.git.mprivozn@redhat.com>
In-Reply-To: <cover.1542960893.git.mprivozn@redhat.com>
References: <cover.1542960893.git.mprivozn@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 01/18] security: Unify header conditionals
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]);
 Fri, 23 Nov 2018 08:43:46 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

To avoid including a header file twice the following pattern is
used:

 #ifndef __SOMETHING__
 # define __SOMETHING__

where __SOMETHING__ should correspond to the header file name.
However, some of our header files break that pattern.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/security/security_apparmor.h | 6 +++---
 src/security/security_dac.h      | 6 +++---
 src/security/security_driver.h   | 6 +++---
 src/security/security_manager.h  | 6 +++---
 src/security/security_nop.h      | 6 +++---
 src/security/security_selinux.h  | 6 +++---
 src/security/security_stack.h    | 6 +++---
 7 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/src/security/security_apparmor.h b/src/security/security_appar=
mor.h
index 7872588f64..6b454d1b5c 100644
--- a/src/security/security_apparmor.h
+++ b/src/security/security_apparmor.h
@@ -19,8 +19,8 @@
  *   Jamie Strandboge <jamie@canonical.com>
  *
  */
-#ifndef __VIR_SECURITY_APPARMOR_H__
-# define __VIR_SECURITY_APPARMOR_H__
+#ifndef __SECURITY_APPARMOR_H__
+# define __SECURITY_APPARMOR_H__
=20
 # include "security_driver.h"
=20
@@ -30,4 +30,4 @@ extern virSecurityDriver virAppArmorSecurityDriver;
 # define PROFILE_NAME_SIZE  8 + VIR_UUID_STRING_BUFLEN /* AA_PREFIX + uuid=
 */
 # define MAX_FILE_LEN       (1024*1024*10)  /* 10MB limit for sanity check=
 */
=20
-#endif /* __VIR_SECURITY_APPARMOR_H__ */
+#endif /* __SECURITY_APPARMOR_H__ */
diff --git a/src/security/security_dac.h b/src/security/security_dac.h
index 97681c9610..8007bde000 100644
--- a/src/security/security_dac.h
+++ b/src/security/security_dac.h
@@ -20,8 +20,8 @@
=20
 #include "security_driver.h"
=20
-#ifndef __VIR_SECURITY_DAC
-# define __VIR_SECURITY_DAC
+#ifndef __SECURITY_DAC__
+# define __SECURITY_DAC__
=20
 extern virSecurityDriver virSecurityDriverDAC;
=20
@@ -38,4 +38,4 @@ void virSecurityDACSetMountNamespace(virSecurityManagerPt=
r mgr,
 void virSecurityDACSetChownCallback(virSecurityManagerPtr mgr,
                                     virSecurityManagerDACChownCallback cho=
wnCallback);
=20
-#endif /* __VIR_SECURITY_DAC */
+#endif /* __SECURITY_DAC__ */
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index cd221f1c78..25d49bb0f4 100644
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -19,8 +19,8 @@
  *     James Morris <jmorris@namei.org>
  *
  */
-#ifndef __VIR_SECURITY_H__
-# define __VIR_SECURITY_H__
+#ifndef __SECURITY_DRIVER_H__
+# define __SECURITY_DRIVER_H__
=20
 # include "internal.h"
 # include "domain_conf.h"
@@ -226,4 +226,4 @@ struct _virSecurityDriver {
 virSecurityDriverPtr virSecurityDriverLookup(const char *name,
                                              const char *virtDriver);
=20
-#endif /* __VIR_SECURITY_H__ */
+#endif /* __SECURITY_DRIVER_H__ */
diff --git a/src/security/security_manager.h b/src/security/security_manage=
r.h
index 7e82304689..139b70ec10 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -20,8 +20,8 @@
  * Author: Daniel P. Berrange <berrange@redhat.com>
  */
=20
-#ifndef VIR_SECURITY_MANAGER_H__
-# define VIR_SECURITY_MANAGER_H__
+#ifndef __SECURITY_MANAGER_H__
+# define __SECURITY_MANAGER_H__
=20
 # include "domain_conf.h"
 # include "vircommand.h"
@@ -210,4 +210,4 @@ void
 virSecurityManagerMetadataUnlock(virSecurityManagerPtr mgr,
                                  virSecurityManagerMetadataLockStatePtr *s=
tate);
=20
-#endif /* VIR_SECURITY_MANAGER_H__ */
+#endif /* __SECURITY_MANAGER_H__ */
diff --git a/src/security/security_nop.h b/src/security/security_nop.h
index 514b339467..7b2ded2292 100644
--- a/src/security/security_nop.h
+++ b/src/security/security_nop.h
@@ -17,11 +17,11 @@
  *
  */
=20
-#ifndef __VIR_SECURITY_NOP_H__
-# define __VIR_SECURITY_NOP_H__
+#ifndef __SECURITY_NOP_H__
+# define __SECURITY_NOP_H__
=20
 # include "security_driver.h"
=20
 extern virSecurityDriver virSecurityDriverNop;
=20
-#endif /* __VIR_SECURITY_NOP_H__ */
+#endif /* __SECURITY_NOP_H__ */
diff --git a/src/security/security_selinux.h b/src/security/security_selinu=
x.h
index 1700d8c661..11b62acb52 100644
--- a/src/security/security_selinux.h
+++ b/src/security/security_selinux.h
@@ -19,9 +19,9 @@
  *     James Morris <jmorris@namei.org>
  *
  */
-#ifndef __VIR_SECURITY_SELINUX_H__
-# define __VIR_SECURITY_SELINUX_H__
+#ifndef __SECURITY_SELINUX_H__
+# define __SECURITY_SELINUX_H__
=20
 extern virSecurityDriver virSecurityDriverSELinux;
=20
-#endif /* __VIR_SECURITY_SELINUX_H__ */
+#endif /* __SECURITY_SELINUX_H__ */
diff --git a/src/security/security_stack.h b/src/security/security_stack.h
index b38f9a9481..7e6ab3d93e 100644
--- a/src/security/security_stack.h
+++ b/src/security/security_stack.h
@@ -20,8 +20,8 @@
=20
 #include "security_driver.h"
=20
-#ifndef __VIR_SECURITY_STACK
-# define __VIR_SECURITY_STACK
+#ifndef __SECURITY_STACK__
+# define __SECURITY_STACK__
=20
 extern virSecurityDriver virSecurityDriverStack;
=20
@@ -35,4 +35,4 @@ virSecurityStackGetPrimary(virSecurityManagerPtr mgr);
 virSecurityManagerPtr*
 virSecurityStackGetNested(virSecurityManagerPtr mgr);
=20
-#endif /* __VIR_SECURITY_STACK */
+#endif /* __SECURITY_STACK__ */
--=20
2.18.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Sat Feb  7 13:51:03 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1542962630969905.0777540383108;
 Fri, 23 Nov 2018 00:43:50 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
 [10.5.11.14])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 3741985546;
	Fri, 23 Nov 2018 08:43:46 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 6F25F5D9C7;
	Fri, 23 Nov 2018 08:43:45 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id AB4493F7D5;
	Fri, 23 Nov 2018 08:43:44 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
	[10.5.11.23])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id wAN8hgJV003778 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 23 Nov 2018 03:43:42 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id B6E2E17B26; Fri, 23 Nov 2018 08:43:42 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.2.192])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 3A4AA17797
	for <libvir-list@redhat.com>; Fri, 23 Nov 2018 08:43:42 +0000 (UTC)
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 23 Nov 2018 09:43:20 +0100
Message-Id: 
 <960a23a04469cfd468d41f3ab5a52580f3546657.1542960893.git.mprivozn@redhat.com>
In-Reply-To: <cover.1542960893.git.mprivozn@redhat.com>
References: <cover.1542960893.git.mprivozn@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 02/18] util: Introduce xattr getter/setter/remover
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]);
 Fri, 23 Nov 2018 08:43:46 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/libvirt_private.syms |   3 +
 src/util/virfile.c       | 121 +++++++++++++++++++++++++++++++++++++++
 src/util/virfile.h       |  11 ++++
 3 files changed, 135 insertions(+)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 8889aaa379..85580beb58 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1827,6 +1827,7 @@ virFileGetACLs;
 virFileGetHugepageSize;
 virFileGetMountReverseSubtree;
 virFileGetMountSubtree;
+virFileGetXAtrr;
 virFileHasSuffix;
 virFileInData;
 virFileIsAbsPath;
@@ -1866,6 +1867,7 @@ virFileReadValueUint;
 virFileRelLinkPointsTo;
 virFileRemove;
 virFileRemoveLastComponent;
+virFileRemoveXAttr;
 virFileResolveAllLinks;
 virFileResolveLink;
 virFileRewrite;
@@ -1873,6 +1875,7 @@ virFileRewriteStr;
 virFileSanitizePath;
 virFileSetACLs;
 virFileSetupDev;
+virFileSetXAtrr;
 virFileSkipRoot;
 virFileStripSuffix;
 virFileTouch;
diff --git a/src/util/virfile.c b/src/util/virfile.c
index f6f9e4ceda..9df5f70c60 100644
--- a/src/util/virfile.c
+++ b/src/util/virfile.c
@@ -64,6 +64,10 @@
 # include <linux/cdrom.h>
 #endif
=20
+#if HAVE_LIBATTR
+# include <sys/xattr.h>
+#endif
+
 #include "configmake.h"
 #include "intprops.h"
 #include "vircommand.h"
@@ -4354,3 +4358,120 @@ virFileWaitForExists(const char *path,
=20
     return 0;
 }
+
+
+#if HAVE_LIBATTR
+/**
+ * virFileGetXAtrr;
+ * @path: a filename
+ * @name: name of xattr
+ * @value: read value
+ *
+ * Reads xattr with @name for given @path and stores it into
+ * @value. Caller is responsible for freeing @value.
+ *
+ * Returns: 0 on success,
+ *         -1 otherwise (with errno set).
+ */
+int
+virFileGetXAtrr(const char *path,
+                const char *name,
+                char **value)
+{
+    char *buf =3D NULL;
+    int ret =3D -1;
+
+    /* We might be racing with somebody who sets the same attribute. */
+    do {
+        ssize_t need;
+        ssize_t got;
+
+        /* The first call determines how many bytes we need to allocate. */
+        if ((need =3D getxattr(path, name, NULL, 0)) < 0)
+            goto cleanup;
+
+        if (VIR_REALLOC_N_QUIET(buf, need + 1) < 0)
+            goto cleanup;
+
+        if ((got =3D getxattr(path, name, buf, need)) < 0) {
+            if (errno =3D=3D ERANGE)
+                continue;
+            goto cleanup;
+        }
+
+        buf[got] =3D '\0';
+        break;
+    } while (1);
+
+    VIR_STEAL_PTR(*value, buf);
+    ret =3D 0;
+ cleanup:
+    VIR_FREE(buf);
+    return ret;
+}
+
+/**
+ * virFileSetXAtrr:
+ * @path: a filename
+ * @name: name of xattr
+ * @value: value to set
+ *
+ * Sets xattr of @name and @value on @path.
+ *
+ * Returns: 0 on success,
+ *         -1 otherwise (with errno set).
+ */
+int
+virFileSetXAtrr(const char *path,
+                const char *name,
+                const char *value)
+{
+    return setxattr(path, name, value, strlen(value), 0);
+}
+
+/**
+ * virFileRemoveXAttr:
+ * @path: a filename
+ * @name: name of xattr
+ *
+ * Remove xattr of @name on @path.
+ *
+ * Returns: 0 on success,
+ *         -1 otherwise (with errno set).
+ */
+int
+virFileRemoveXAttr(const char *path,
+                   const char *name)
+{
+    return removexattr(path, name);
+}
+
+#else /* !HAVE_LIBATTR */
+
+int
+virFileGetXAtrr(const char *path ATTRIBUTE_UNUSED,
+                const char *name ATTRIBUTE_UNUSED,
+                char **value ATTRIBUTE_UNUSED)
+{
+    errno =3D ENOSYS;
+    return -1;
+}
+
+int
+virFileSetXAtrr(const char *path ATTRIBUTE_UNUSED,
+                const char *name ATTRIBUTE_UNUSED,
+                const char *value ATTRIBUTE_UNUSED)
+{
+    errno =3D ENOSYS;
+    return -1;
+}
+
+int
+virFileRemoveXAttr(const char *path ATTRIBUTE_UNUSED,
+                   const char *name ATTRIBUTE_UNUSED)
+{
+    errno =3D ENOSYS;
+    return -1;
+}
+
+#endif /* HAVE_LIBATTR */
diff --git a/src/util/virfile.h b/src/util/virfile.h
index 0f7dece958..9cd1bc3a5f 100644
--- a/src/util/virfile.h
+++ b/src/util/virfile.h
@@ -383,4 +383,15 @@ int virFileInData(int fd,
=20
 VIR_DEFINE_AUTOPTR_FUNC(virFileWrapperFd, virFileWrapperFdFree)
=20
+int virFileGetXAtrr(const char *path,
+                    const char *name,
+                    char **value);
+
+int virFileSetXAtrr(const char *path,
+                    const char *name,
+                    const char *value);
+
+int virFileRemoveXAttr(const char *path,
+                       const char *name);
+
 #endif /* __VIR_FILE_H */
--=20
2.18.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Sat Feb  7 13:51:03 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1542962643383384.17068461766974;
 Fri, 23 Nov 2018 00:44:03 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id E837B8830F;
	Fri, 23 Nov 2018 08:44:00 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id ABA2F604DA;
	Fri, 23 Nov 2018 08:44:00 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5F4C4181B9EA;
	Fri, 23 Nov 2018 08:44:00 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
	[10.5.11.23])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id wAN8hhrt003786 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 23 Nov 2018 03:43:43 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 8A80E17797; Fri, 23 Nov 2018 08:43:43 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.2.192])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 10869194AE
	for <libvir-list@redhat.com>; Fri, 23 Nov 2018 08:43:42 +0000 (UTC)
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 23 Nov 2018 09:43:21 +0100
Message-Id: 
 <e2fa2bc198af2a83df99efc41f27b4b21d79a395.1542960893.git.mprivozn@redhat.com>
In-Reply-To: <cover.1542960893.git.mprivozn@redhat.com>
References: <cover.1542960893.git.mprivozn@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 03/18] security: Include security_util
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]);
 Fri, 23 Nov 2018 08:44:01 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/security/Makefile.inc.am |   2 +
 src/security/security_util.c | 198 +++++++++++++++++++++++++++++++++++
 src/security/security_util.h |  32 ++++++
 3 files changed, 232 insertions(+)
 create mode 100644 src/security/security_util.c
 create mode 100644 src/security/security_util.h

diff --git a/src/security/Makefile.inc.am b/src/security/Makefile.inc.am
index f88b82df7b..0ade97d355 100644
--- a/src/security/Makefile.inc.am
+++ b/src/security/Makefile.inc.am
@@ -14,6 +14,8 @@ SECURITY_DRIVER_SOURCES =3D \
 	security/security_dac.c \
 	security/security_manager.h \
 	security/security_manager.c \
+	security/security_util.h \
+	security/security_util.c \
 	$(NULL)
=20
 SECURITY_DRIVER_SELINUX_SOURCES =3D \
diff --git a/src/security/security_util.c b/src/security/security_util.c
new file mode 100644
index 0000000000..4178fdff81
--- /dev/null
+++ b/src/security/security_util.c
@@ -0,0 +1,198 @@
+/*
+ * Copyright (C) 2018 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include "viralloc.h"
+#include "virfile.h"
+#include "virstring.h"
+
+#include "security_util.h"
+
+#define VIR_FROM_THIS VIR_FROM_SECURITY
+
+/* There are four namespaces available (xattr(7)):
+ *
+ *  user - can be modified by anybody,
+ *  system - used by ACLs
+ *  security - used by SELinux
+ *  trusted - accessibly by CAP_SYS_ADMIN processes only
+ *
+ * Looks like the last one is way to go.
+ */
+#define XATTR_NAMESPACE "trusted"
+
+static char *
+virSecurityGetAttrName(const char *name)
+{
+    char *ret;
+    ignore_value(virAsprintf(&ret, XATTR_NAMESPACE".libvirt.security.%s", =
name));
+    return ret;
+}
+
+
+static char *
+virSecurityGetRefCountAttrName(const char *name)
+{
+    char *ret;
+    ignore_value(virAsprintf(&ret, XATTR_NAMESPACE".libvirt.security.ref_%=
s", name));
+    return ret;
+}
+
+
+/**
+ * virSecurityGetRememberedLabel:
+ * @name: security driver name
+ * @path: file name
+ * @label: label
+ *
+ * For given @path and security driver (@name) fetch remembered
+ * @label. The caller must not restore label if an error is
+ * indicated or if @label is NULL upon return.
+ *
+ * Returns: 0 on success,
+ *         -1 otherwise (with error reported)
+ */
+int
+virSecurityGetRememberedLabel(const char *name,
+                              const char *path,
+                              char **label)
+{
+    char *ref_name =3D NULL;
+    char *attr_name =3D NULL;
+    char *value =3D NULL;
+    unsigned int refcount =3D 0;
+    int ret =3D -1;
+
+    *label =3D NULL;
+
+    if (!(ref_name =3D virSecurityGetRefCountAttrName(name)))
+        goto cleanup;
+
+    if (virFileGetXAtrr(path, ref_name, &value) < 0) {
+        if (errno =3D=3D ENOSYS || errno =3D=3D ENODATA || errno =3D=3D EN=
OTSUP) {
+            ret =3D 0;
+        } else {
+            virReportSystemError(errno,
+                                 _("Unable to get XATTR %s on %s"),
+                                 ref_name,
+                                 path);
+        }
+        goto cleanup;
+    }
+
+    if (virStrToLong_ui(value, NULL, 10, &refcount) < 0) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("malformed refcount %s on %s"),
+                       value, path);
+        goto cleanup;
+    }
+
+    VIR_FREE(value);
+
+    refcount--;
+
+    if (refcount > 0) {
+        if (virAsprintf(&value, "%u", refcount) < 0)
+            goto cleanup;
+
+        if (virFileSetXAtrr(path, ref_name, value) < 0)
+            goto cleanup;
+    } else {
+        if (virFileRemoveXAttr(path, ref_name) < 0)
+            goto cleanup;
+
+        if (!(attr_name =3D virSecurityGetAttrName(name)))
+            goto cleanup;
+
+        if (virFileGetXAtrr(path, attr_name, label) < 0)
+            goto cleanup;
+
+        if (virFileRemoveXAttr(path, attr_name) < 0)
+            goto cleanup;
+    }
+
+    ret =3D 0;
+ cleanup:
+    VIR_FREE(value);
+    VIR_FREE(attr_name);
+    VIR_FREE(ref_name);
+    return ret;
+}
+
+
+int
+virSecuritySetRememberedLabel(const char *name,
+                              const char *path,
+                              const char *label)
+{
+    char *ref_name =3D NULL;
+    char *attr_name =3D NULL;
+    char *value =3D NULL;
+    unsigned int refcount =3D 0;
+    int ret =3D -1;
+
+    if (!(ref_name =3D virSecurityGetRefCountAttrName(name)))
+        goto cleanup;
+
+    if (virFileGetXAtrr(path, ref_name, &value) < 0) {
+        if (errno =3D=3D ENOSYS || errno =3D=3D ENOTSUP) {
+            ret =3D 0;
+            goto cleanup;
+        } else if (errno !=3D ENODATA) {
+            virReportSystemError(errno,
+                                 _("Unable to get XATTR %s on %s"),
+                                 ref_name,
+                                 path);
+            goto cleanup;
+        }
+    }
+
+    if (value &&
+        virStrToLong_ui(value, NULL, 10, &refcount) < 0) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("malformed refcount %s on %s"),
+                       value, path);
+        goto cleanup;
+    }
+
+    VIR_FREE(value);
+
+    refcount++;
+
+    if (refcount =3D=3D 1) {
+        if (!(attr_name =3D virSecurityGetAttrName(name)))
+            goto cleanup;
+
+        if (virFileSetXAtrr(path, attr_name, label) < 0)
+            goto cleanup;
+    }
+
+    if (virAsprintf(&value, "%u", refcount) < 0)
+        goto cleanup;
+
+    if (virFileSetXAtrr(path, ref_name, value) < 0)
+        goto cleanup;
+
+    ret =3D 0;
+ cleanup:
+    VIR_FREE(value);
+    VIR_FREE(attr_name);
+    VIR_FREE(ref_name);
+    return ret;
+}
diff --git a/src/security/security_util.h b/src/security/security_util.h
new file mode 100644
index 0000000000..a6e67f4390
--- /dev/null
+++ b/src/security/security_util.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2018 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __SECURITY_UTIL_H__
+# define __SECURITY_UTIL_H__
+
+int
+virSecurityGetRememberedLabel(const char *name,
+                              const char *path,
+                              char **label);
+
+int
+virSecuritySetRememberedLabel(const char *name,
+                              const char *path,
+                              const char *label);
+
+#endif /* __SECURITY_UTIL_H__ */
--=20
2.18.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Sat Feb  7 13:51:03 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1542962642204172.05733735917056;
 Fri, 23 Nov 2018 00:44:02 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id DF7CE81DE2;
	Fri, 23 Nov 2018 08:44:00 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id A60B96013F;
	Fri, 23 Nov 2018 08:44:00 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5D4913F602;
	Fri, 23 Nov 2018 08:44:00 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
	[10.5.11.23])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id wAN8hilC003793 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 23 Nov 2018 03:43:44 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 5EC8B17797; Fri, 23 Nov 2018 08:43:44 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.2.192])
	by smtp.corp.redhat.com (Postfix) with ESMTP id D939F194AE
	for <libvir-list@redhat.com>; Fri, 23 Nov 2018 08:43:43 +0000 (UTC)
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 23 Nov 2018 09:43:22 +0100
Message-Id: 
 <96a1f86d054b8082a0a0916c3df7a8badeea704b.1542960893.git.mprivozn@redhat.com>
In-Reply-To: <cover.1542960893.git.mprivozn@redhat.com>
References: <cover.1542960893.git.mprivozn@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 04/18] security_dac: Restore label on failed
	chown() attempt
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]);
 Fri, 23 Nov 2018 08:44:01 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

It's important to keep XATTRs untouched (well, in the same state
they were in when entering the function). Otherwise our
refcounting would be messed up.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/security/security_dac.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 6b64d2c07a..8155c6d58a 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -718,7 +718,25 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr,
     VIR_INFO("Setting DAC user and group on '%s' to '%ld:%ld'",
              NULLSTR(src ? src->path : path), (long)uid, (long)gid);
=20
-    return virSecurityDACSetOwnershipInternal(priv, src, path, uid, gid);
+    if (virSecurityDACSetOwnershipInternal(priv, src, path, uid, gid) < 0)=
 {
+        virErrorPtr origerr;
+
+        virErrorPreserveLast(&origerr);
+        /* Try to restore the label. This is done so that XATTRs
+         * are left in the same state as when the control entered
+         * this function. However, if our attempt fails, there's
+         * not much we can do. XATTRs refcounting is fubar'ed and
+         * the only option we have is warn users. */
+        if (virSecurityDACRestoreFileLabelInternal(mgr, src, path) < 0)
+            VIR_WARN("Unable to restore label on '%s'. "
+                     "XATTRs might have been left in inconsistent state.",
+                     NULLSTR(src ? src->path : path));
+
+        virErrorRestore(&origerr);
+        return -1;
+    }
+
+    return 0;
 }
=20
=20
--=20
2.18.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Sat Feb  7 13:51:03 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1542962655429115.98226404737954;
 Fri, 23 Nov 2018 00:44:15 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 21A2580F7A;
	Fri, 23 Nov 2018 08:44:10 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id DDC6C17B3C;
	Fri, 23 Nov 2018 08:44:09 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5DD903F609;
	Fri, 23 Nov 2018 08:44:09 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
	[10.5.11.23])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id wAN8hjtn003802 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 23 Nov 2018 03:43:45 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 33A5917797; Fri, 23 Nov 2018 08:43:45 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.2.192])
	by smtp.corp.redhat.com (Postfix) with ESMTP id ADC70194AE
	for <libvir-list@redhat.com>; Fri, 23 Nov 2018 08:43:44 +0000 (UTC)
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 23 Nov 2018 09:43:23 +0100
Message-Id: 
 <37696ad9434e27ff2bd4aba742c6a7369cb3fe6c.1542960893.git.mprivozn@redhat.com>
In-Reply-To: <cover.1542960893.git.mprivozn@redhat.com>
References: <cover.1542960893.git.mprivozn@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 05/18] virSecurityDACTransactionRun: Implement
	rollback
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]);
 Fri, 23 Nov 2018 08:44:10 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

When iterating over list of paths/disk sources to relabel it may
happen that the process fails at some point. In that case, for
the sake of keeping seclabel refcount (stored in XATTRs) in sync
with reality we have to perform rollback. However, if that fails
too the only thing we can do is warn user.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/security/security_dac.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 8155c6d58a..82b16f96ee 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -229,7 +229,6 @@ virSecurityDACTransactionRun(pid_t pid ATTRIBUTE_UNUSED,
     for (i =3D 0; i < list->nItems; i++) {
         virSecurityDACChownItemPtr item =3D list->items[i];
=20
-        /* TODO Implement rollback */
         if (!item->restore) {
             rv =3D virSecurityDACSetOwnership(list->manager,
                                             item->src,
@@ -246,6 +245,19 @@ virSecurityDACTransactionRun(pid_t pid ATTRIBUTE_UNUSE=
D,
             break;
     }
=20
+    for (; rv < 0 && i > 0; i--) {
+        virSecurityDACChownItemPtr item =3D list->items[i - 1];
+
+        if (!item->restore) {
+            virSecurityDACRestoreFileLabelInternal(list->manager,
+                                                   item->src,
+                                                   item->path);
+        } else {
+            VIR_WARN("Ignoring failed restore attempt on %s",
+                     NULLSTR(item->src ? item->src->path : item->path));
+        }
+    }
+
     if (list->lock)
         virSecurityManagerMetadataUnlock(list->manager, &state);
=20
--=20
2.18.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Sat Feb  7 13:51:03 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1542962655207811.3137832452389;
 Fri, 23 Nov 2018 00:44:15 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
 [10.5.11.15])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id ECC249F733;
	Fri, 23 Nov 2018 08:44:13 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id B7BDB5D77E;
	Fri, 23 Nov 2018 08:44:13 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 6B1DB181B9F6;
	Fri, 23 Nov 2018 08:44:13 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
	[10.5.11.23])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id wAN8hkFt003812 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 23 Nov 2018 03:43:46 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 0BB8C17797; Fri, 23 Nov 2018 08:43:46 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.2.192])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 8573F194AE
	for <libvir-list@redhat.com>; Fri, 23 Nov 2018 08:43:45 +0000 (UTC)
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 23 Nov 2018 09:43:24 +0100
Message-Id: 
 <ac57b992cec91692eced2432e840ff5a63a5ea84.1542960893.git.mprivozn@redhat.com>
In-Reply-To: <cover.1542960893.git.mprivozn@redhat.com>
References: <cover.1542960893.git.mprivozn@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 06/18] virSecurityDACRestoreAllLabel: Reorder
	device relabeling
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]);
 Fri, 23 Nov 2018 08:44:14 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

It helps whe trying to match calls with virSecurityDACSetAllLabel
if the order in which devices are set/restored is the same in
both functions.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/security/security_dac.c | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 82b16f96ee..9b3069e60c 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1665,24 +1665,6 @@ virSecurityDACRestoreAllLabel(virSecurityManagerPtr =
mgr,
     VIR_DEBUG("Restoring security label on %s migrated=3D%d",
               def->name, migrated);
=20
-    for (i =3D 0; i < def->nhostdevs; i++) {
-        if (virSecurityDACRestoreHostdevLabel(mgr,
-                                              def,
-                                              def->hostdevs[i],
-                                              NULL) < 0)
-            rc =3D -1;
-    }
-
-    for (i =3D 0; i < def->ngraphics; i++) {
-        if (virSecurityDACRestoreGraphicsLabel(mgr, def, def->graphics[i])=
 < 0)
-            return -1;
-    }
-
-    for (i =3D 0; i < def->ninputs; i++) {
-        if (virSecurityDACRestoreInputLabel(mgr, def, def->inputs[i]) < 0)
-            rc =3D -1;
-    }
-
     for (i =3D 0; i < def->ndisks; i++) {
         if (virSecurityDACRestoreImageLabelInt(mgr,
                                                def,
@@ -1691,6 +1673,24 @@ virSecurityDACRestoreAllLabel(virSecurityManagerPtr =
mgr,
             rc =3D -1;
     }
=20
+    for (i =3D 0; i < def->ngraphics; i++) {
+        if (virSecurityDACRestoreGraphicsLabel(mgr, def, def->graphics[i])=
 < 0)
+            return -1;
+    }
+
+    for (i =3D 0; i < def->ninputs; i++) {
+        if (virSecurityDACRestoreInputLabel(mgr, def, def->inputs[i]) < 0)
+            rc =3D -1;
+    }
+
+    for (i =3D 0; i < def->nhostdevs; i++) {
+        if (virSecurityDACRestoreHostdevLabel(mgr,
+                                              def,
+                                              def->hostdevs[i],
+                                              NULL) < 0)
+            rc =3D -1;
+    }
+
     for (i =3D 0; i < def->nmems; i++) {
         if (virSecurityDACRestoreMemoryLabel(mgr,
                                              def,
--=20
2.18.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Sat Feb  7 13:51:03 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1542962647712423.5453877325415;
 Fri, 23 Nov 2018 00:44:07 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 1A2A13086249;
	Fri, 23 Nov 2018 08:44:06 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id D324E17B3C;
	Fri, 23 Nov 2018 08:44:05 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 86E7F181BA1A;
	Fri, 23 Nov 2018 08:44:05 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
	[10.5.11.23])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id wAN8hkAG003824 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 23 Nov 2018 03:43:46 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id D4BA617797; Fri, 23 Nov 2018 08:43:46 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.2.192])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 5B394194AE
	for <libvir-list@redhat.com>; Fri, 23 Nov 2018 08:43:46 +0000 (UTC)
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 23 Nov 2018 09:43:25 +0100
Message-Id: 
 <572ebcf150c1697dbf1c0b6f5102ddab4e5b880b.1542960893.git.mprivozn@redhat.com>
In-Reply-To: <cover.1542960893.git.mprivozn@redhat.com>
References: <cover.1542960893.git.mprivozn@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 07/18] virSecurityDACRestoreAllLabel: Restore more
	labels
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.49]);
 Fri, 23 Nov 2018 08:44:06 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

We are setting label on kernel, initrd, dtb and slic_table files.
But we never restored it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/security/security_dac.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 9b3069e60c..de12a1e351 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1720,6 +1720,22 @@ virSecurityDACRestoreAllLabel(virSecurityManagerPtr =
mgr,
         virSecurityDACRestoreFileLabel(mgr, def->os.loader->nvram) < 0)
         rc =3D -1;
=20
+    if (def->os.kernel &&
+        virSecurityDACRestoreFileLabel(mgr, def->os.kernel) < 0)
+        rc =3D -1;
+
+    if (def->os.initrd &&
+        virSecurityDACRestoreFileLabel(mgr, def->os.initrd) < 0)
+        rc =3D -1;
+
+    if (def->os.dtb &&
+        virSecurityDACRestoreFileLabel(mgr, def->os.dtb) < 0)
+        rc =3D -1;
+
+    if (def->os.slic_table &&
+        virSecurityDACRestoreFileLabel(mgr, def->os.slic_table) < 0)
+        rc =3D -1;
+
     return rc;
 }
=20
--=20
2.18.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Sat Feb  7 13:51:03 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1542962642334626.2976714699686;
 Fri, 23 Nov 2018 00:44:02 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
 [10.5.11.15])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id E19A33002E00;
	Fri, 23 Nov 2018 08:44:00 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id AAA625D77D;
	Fri, 23 Nov 2018 08:44:00 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5FA58181B9EB;
	Fri, 23 Nov 2018 08:44:00 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
	[10.5.11.23])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id wAN8hn4a003842 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 23 Nov 2018 03:43:49 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 58BCE17B26; Fri, 23 Nov 2018 08:43:49 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.2.192])
	by smtp.corp.redhat.com (Postfix) with ESMTP id D1F9D18510
	for <libvir-list@redhat.com>; Fri, 23 Nov 2018 08:43:47 +0000 (UTC)
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 23 Nov 2018 09:43:26 +0100
Message-Id: 
 <b896e43e2b29c6b04554bed1ecc06d53e2843401.1542960893.git.mprivozn@redhat.com>
In-Reply-To: <cover.1542960893.git.mprivozn@redhat.com>
References: <cover.1542960893.git.mprivozn@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 08/18] security_dac: Allow callers to
	enable/disable label remembering/recall
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]);
 Fri, 23 Nov 2018 08:44:01 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

Because the implementation that will be used for label
remembering/recall is not atomic we have to give callers a chance
to enable or disable it. That is, enable it if and only if
metadata locking is enabled. Otherwise the feature MUST be turned
off.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/security/security_dac.c | 74 ++++++++++++++++++++++---------------
 1 file changed, 45 insertions(+), 29 deletions(-)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index de12a1e351..cdbe07543c 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -182,11 +182,13 @@ static int virSecurityDACSetOwnership(virSecurityMana=
gerPtr mgr,
                                       const virStorageSource *src,
                                       const char *path,
                                       uid_t uid,
-                                      gid_t gid);
+                                      gid_t gid,
+                                      bool remember);
=20
 static int virSecurityDACRestoreFileLabelInternal(virSecurityManagerPtr mg=
r,
                                                   const virStorageSource *=
src,
-                                                  const char *path);
+                                                  const char *path,
+                                                  bool recall);
 /**
  * virSecurityDACTransactionRun:
  * @pid: process pid
@@ -234,11 +236,13 @@ virSecurityDACTransactionRun(pid_t pid ATTRIBUTE_UNUS=
ED,
                                             item->src,
                                             item->path,
                                             item->uid,
-                                            item->gid);
+                                            item->gid,
+                                            list->lock);
         } else {
             rv =3D virSecurityDACRestoreFileLabelInternal(list->manager,
                                                         item->src,
-                                                        item->path);
+                                                        item->path,
+                                                        list->lock);
         }
=20
         if (rv < 0)
@@ -251,7 +255,8 @@ virSecurityDACTransactionRun(pid_t pid ATTRIBUTE_UNUSED,
         if (!item->restore) {
             virSecurityDACRestoreFileLabelInternal(list->manager,
                                                    item->src,
-                                                   item->path);
+                                                   item->path,
+                                                   list->lock);
         } else {
             VIR_WARN("Ignoring failed restore attempt on %s",
                      NULLSTR(item->src ? item->src->path : item->path));
@@ -699,7 +704,8 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr,
                            const virStorageSource *src,
                            const char *path,
                            uid_t uid,
-                           gid_t gid)
+                           gid_t gid,
+                           bool remember)
 {
     virSecurityDACDataPtr priv =3D virSecurityManagerGetPrivateData(mgr);
     struct stat sb;
@@ -717,7 +723,7 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr,
     else if (rc > 0)
         return 0;
=20
-    if (path) {
+    if (remember && path) {
         if (stat(path, &sb) < 0) {
             virReportSystemError(errno, _("unable to stat: %s"), path);
             return -1;
@@ -739,7 +745,7 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr,
          * this function. However, if our attempt fails, there's
          * not much we can do. XATTRs refcounting is fubar'ed and
          * the only option we have is warn users. */
-        if (virSecurityDACRestoreFileLabelInternal(mgr, src, path) < 0)
+        if (virSecurityDACRestoreFileLabelInternal(mgr, src, path, remembe=
r) < 0)
             VIR_WARN("Unable to restore label on '%s'. "
                      "XATTRs might have been left in inconsistent state.",
                      NULLSTR(src ? src->path : path));
@@ -755,7 +761,8 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr,
 static int
 virSecurityDACRestoreFileLabelInternal(virSecurityManagerPtr mgr,
                                        const virStorageSource *src,
-                                       const char *path)
+                                       const char *path,
+                                       bool recall)
 {
     virSecurityDACDataPtr priv =3D virSecurityManagerGetPrivateData(mgr);
     int rv;
@@ -774,7 +781,7 @@ virSecurityDACRestoreFileLabelInternal(virSecurityManag=
erPtr mgr,
     else if (rv > 0)
         return 0;
=20
-    if (path) {
+    if (recall && path) {
         rv =3D virSecurityDACRecallLabel(priv, path, &uid, &gid);
         if (rv < 0)
             return -1;
@@ -793,7 +800,7 @@ static int
 virSecurityDACRestoreFileLabel(virSecurityManagerPtr mgr,
                                const char *path)
 {
-    return virSecurityDACRestoreFileLabelInternal(mgr, NULL, path);
+    return virSecurityDACRestoreFileLabelInternal(mgr, NULL, path, false);
 }
=20
=20
@@ -840,7 +847,7 @@ virSecurityDACSetImageLabelInternal(virSecurityManagerP=
tr mgr,
             return -1;
     }
=20
-    return virSecurityDACSetOwnership(mgr, src, NULL, user, group);
+    return virSecurityDACSetOwnership(mgr, src, NULL, user, group, false);
 }
=20
=20
@@ -920,7 +927,7 @@ virSecurityDACRestoreImageLabelInt(virSecurityManagerPt=
r mgr,
         }
     }
=20
-    return virSecurityDACRestoreFileLabelInternal(mgr, src, NULL);
+    return virSecurityDACRestoreFileLabelInternal(mgr, src, NULL, false);
 }
=20
=20
@@ -956,7 +963,7 @@ virSecurityDACSetHostdevLabelHelper(const char *file,
     if (virSecurityDACGetIds(secdef, priv, &user, &group, NULL, NULL) < 0)
         return -1;
=20
-    return virSecurityDACSetOwnership(mgr, NULL, file, user, group);
+    return virSecurityDACSetOwnership(mgr, NULL, file, user, group, false);
 }
=20
=20
@@ -1332,7 +1339,7 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr m=
gr,
     case VIR_DOMAIN_CHR_TYPE_FILE:
         ret =3D virSecurityDACSetOwnership(mgr, NULL,
                                          dev_source->data.file.path,
-                                         user, group);
+                                         user, group, false);
         break;
=20
     case VIR_DOMAIN_CHR_TYPE_PIPE:
@@ -1340,12 +1347,12 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr=
 mgr,
             virAsprintf(&out, "%s.out", dev_source->data.file.path) < 0)
             goto done;
         if (virFileExists(in) && virFileExists(out)) {
-            if (virSecurityDACSetOwnership(mgr, NULL, in, user, group) < 0=
 ||
-                virSecurityDACSetOwnership(mgr, NULL, out, user, group) < =
0)
+            if (virSecurityDACSetOwnership(mgr, NULL, in, user, group, fal=
se) < 0 ||
+                virSecurityDACSetOwnership(mgr, NULL, out, user, group, fa=
lse) < 0)
                 goto done;
         } else if (virSecurityDACSetOwnership(mgr, NULL,
                                               dev_source->data.file.path,
-                                              user, group) < 0) {
+                                              user, group, false) < 0) {
             goto done;
         }
         ret =3D 0;
@@ -1360,7 +1367,7 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr m=
gr,
              * and passed via FD */
             if (virSecurityDACSetOwnership(mgr, NULL,
                                            dev_source->data.nix.path,
-                                           user, group) < 0)
+                                           user, group, false) < 0)
                 goto done;
         }
         ret =3D 0;
@@ -1543,7 +1550,7 @@ virSecurityDACSetGraphicsLabel(virSecurityManagerPtr =
mgr,
         gfx->data.spice.rendernode) {
         if (virSecurityDACSetOwnership(mgr, NULL,
                                        gfx->data.spice.rendernode,
-                                       user, group) < 0)
+                                       user, group, false) < 0)
             return -1;
     }
=20
@@ -1585,7 +1592,9 @@ virSecurityDACSetInputLabel(virSecurityManagerPtr mgr,
         if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL=
) < 0)
             return -1;
=20
-        ret =3D virSecurityDACSetOwnership(mgr, NULL, input->source.evdev,=
 user, group);
+        ret =3D virSecurityDACSetOwnership(mgr, NULL,
+                                         input->source.evdev,
+                                         user, group, false);
         break;
=20
     case VIR_DOMAIN_INPUT_TYPE_MOUSE:
@@ -1773,7 +1782,9 @@ virSecurityDACSetMemoryLabel(virSecurityManagerPtr mg=
r,
         if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL=
) < 0)
             return -1;
=20
-        ret =3D virSecurityDACSetOwnership(mgr, NULL, mem->nvdimmPath, use=
r, group);
+        ret =3D virSecurityDACSetOwnership(mgr, NULL,
+                                         mem->nvdimmPath,
+                                         user, group, false);
         break;
=20
     case VIR_DOMAIN_MEMORY_MODEL_DIMM:
@@ -1862,27 +1873,32 @@ virSecurityDACSetAllLabel(virSecurityManagerPtr mgr,
=20
     if (def->os.loader && def->os.loader->nvram &&
         virSecurityDACSetOwnership(mgr, NULL,
-                                   def->os.loader->nvram, user, group) < 0)
+                                   def->os.loader->nvram,
+                                   user, group, false) < 0)
         return -1;
=20
     if (def->os.kernel &&
         virSecurityDACSetOwnership(mgr, NULL,
-                                   def->os.kernel, user, group) < 0)
+                                   def->os.kernel,
+                                   user, group, false) < 0)
         return -1;
=20
     if (def->os.initrd &&
         virSecurityDACSetOwnership(mgr, NULL,
-                                   def->os.initrd, user, group) < 0)
+                                   def->os.initrd,
+                                   user, group, false) < 0)
         return -1;
=20
     if (def->os.dtb &&
         virSecurityDACSetOwnership(mgr, NULL,
-                                   def->os.dtb, user, group) < 0)
+                                   def->os.dtb,
+                                   user, group, false) < 0)
         return -1;
=20
     if (def->os.slic_table &&
         virSecurityDACSetOwnership(mgr, NULL,
-                                   def->os.slic_table, user, group) < 0)
+                                   def->os.slic_table,
+                                   user, group, false) < 0)
         return -1;
=20
     return 0;
@@ -1904,7 +1920,7 @@ virSecurityDACSetSavedStateLabel(virSecurityManagerPt=
r mgr,
     if (virSecurityDACGetImageIds(secdef, priv, &user, &group) < 0)
         return -1;
=20
-    return virSecurityDACSetOwnership(mgr, NULL, savefile, user, group);
+    return virSecurityDACSetOwnership(mgr, NULL, savefile, user, group, fa=
lse);
 }
=20
=20
@@ -2224,7 +2240,7 @@ virSecurityDACDomainSetPathLabel(virSecurityManagerPt=
r mgr,
     if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < =
0)
         return -1;
=20
-    return virSecurityDACSetOwnership(mgr, NULL, path, user, group);
+    return virSecurityDACSetOwnership(mgr, NULL, path, user, group, false);
 }
=20
 virSecurityDriver virSecurityDriverDAC =3D {
--=20
2.18.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Sat Feb  7 13:51:03 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 15429626622981015.1862994746857;
 Fri, 23 Nov 2018 00:44:22 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
 [10.5.11.15])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id D791B3154863;
	Fri, 23 Nov 2018 08:44:18 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 785815D77E;
	Fri, 23 Nov 2018 08:44:18 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 317243F611;
	Fri, 23 Nov 2018 08:44:18 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
	[10.5.11.23])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id wAN8hobJ003849 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 23 Nov 2018 03:43:50 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 2EA9A17B26; Fri, 23 Nov 2018 08:43:50 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.2.192])
	by smtp.corp.redhat.com (Postfix) with ESMTP id A7EBE17B3A
	for <libvir-list@redhat.com>; Fri, 23 Nov 2018 08:43:49 +0000 (UTC)
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 23 Nov 2018 09:43:27 +0100
Message-Id: 
 <639153f17f8a986bfb5d12bff19a5dbef1c7327b.1542960893.git.mprivozn@redhat.com>
In-Reply-To: <cover.1542960893.git.mprivozn@redhat.com>
References: <cover.1542960893.git.mprivozn@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 09/18] security_dac: Remember old labels
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]);
 Fri, 23 Nov 2018 08:44:19 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/security/security_dac.c | 48 ++++++++++++++++++++++++++++++-------
 1 file changed, 40 insertions(+), 8 deletions(-)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index cdbe07543c..9d31faa9d4 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -29,6 +29,7 @@
 #endif
=20
 #include "security_dac.h"
+#include "security_util.h"
 #include "virerror.h"
 #include "virfile.h"
 #include "viralloc.h"
@@ -415,11 +416,26 @@ virSecurityDACGetImageIds(virSecurityLabelDefPtr secl=
abel,
  */
 static int
 virSecurityDACRememberLabel(virSecurityDACDataPtr priv ATTRIBUTE_UNUSED,
-                            const char *path ATTRIBUTE_UNUSED,
-                            uid_t uid ATTRIBUTE_UNUSED,
-                            gid_t gid ATTRIBUTE_UNUSED)
+                            const char *path,
+                            uid_t uid,
+                            gid_t gid)
 {
-    return 0;
+    char *label =3D NULL;
+    int ret =3D -1;
+
+    if (virAsprintf(&label, "+%u:+%u",
+                    (unsigned int)uid,
+                    (unsigned int)gid) < 0)
+        goto cleanup;
+
+    if (virSecuritySetRememberedLabel(SECURITY_DAC_NAME,
+                                      path, label) < 0)
+        goto cleanup;
+
+    ret =3D 0;
+ cleanup:
+    VIR_FREE(label);
+    return ret;
 }
=20
 /**
@@ -439,11 +455,27 @@ virSecurityDACRememberLabel(virSecurityDACDataPtr pri=
v ATTRIBUTE_UNUSED,
  */
 static int
 virSecurityDACRecallLabel(virSecurityDACDataPtr priv ATTRIBUTE_UNUSED,
-                          const char *path ATTRIBUTE_UNUSED,
-                          uid_t *uid ATTRIBUTE_UNUSED,
-                          gid_t *gid ATTRIBUTE_UNUSED)
+                          const char *path,
+                          uid_t *uid,
+                          gid_t *gid)
 {
-    return 0;
+    char *label;
+    int ret =3D -1;
+
+    if (virSecurityGetRememberedLabel(SECURITY_DAC_NAME,
+                                      path, &label) < 0)
+        goto cleanup;
+
+    if (!label)
+        return 1;
+
+    if (virParseOwnershipIds(label, uid, gid) < 0)
+        goto cleanup;
+
+    ret =3D 0;
+ cleanup:
+    VIR_FREE(label);
+    return ret;
 }
=20
 static virSecurityDriverStatus
--=20
2.18.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Sat Feb  7 13:51:03 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1542962652787576.5076611224214;
 Fri, 23 Nov 2018 00:44:12 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 864C63001869;
	Fri, 23 Nov 2018 08:44:10 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 4888A17DF6;
	Fri, 23 Nov 2018 08:44:10 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id DE7FE3F60C;
	Fri, 23 Nov 2018 08:44:09 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
	[10.5.11.23])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id wAN8hpae003857 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 23 Nov 2018 03:43:51 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 00D8117B26; Fri, 23 Nov 2018 08:43:51 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.2.192])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 7AFB4194AE
	for <libvir-list@redhat.com>; Fri, 23 Nov 2018 08:43:50 +0000 (UTC)
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 23 Nov 2018 09:43:28 +0100
Message-Id: 
 <cd189fe1f231a38fbcaa4b1eb8b40f145df31cdf.1542960893.git.mprivozn@redhat.com>
In-Reply-To: <cover.1542960893.git.mprivozn@redhat.com>
References: <cover.1542960893.git.mprivozn@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 10/18] virSecurityDACRestoreImageLabelInt: Restore
	even shared/RO disks
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]);
 Fri, 23 Nov 2018 08:44:11 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

Now that we have seclabel remembering we can safely restore
labels for shared and RO disks. In fact we need to do that to
keep seclabel refcount stored in XATTRs in sync with reality.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/security/security_dac.c | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 9d31faa9d4..60adfaf526 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -921,14 +921,6 @@ virSecurityDACRestoreImageLabelInt(virSecurityManagerP=
tr mgr,
     if (!priv->dynamicOwnership)
         return 0;
=20
-    /* Don't restore labels on readoly/shared disks, because other VMs may
-     * still be accessing these. Alternatively we could iterate over all
-     * running domains and try to figure out if it is in use, but this wou=
ld
-     * not work for clustered filesystems, since we can't see running VMs =
using
-     * the file on other nodes. Safest bet is thus to skip the restore ste=
p. */
-    if (src->readonly || src->shared)
-        return 0;
-
     secdef =3D virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
     if (secdef && !secdef->relabel)
         return 0;
--=20
2.18.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Sat Feb  7 13:51:03 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1542962664073587.5814503031717;
 Fri, 23 Nov 2018 00:44:24 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 98988300C22F;
	Fri, 23 Nov 2018 08:44:22 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 687181057042;
	Fri, 23 Nov 2018 08:44:22 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 1FB01184B54A;
	Fri, 23 Nov 2018 08:44:22 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
	[10.5.11.23])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id wAN8hpmi003864 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 23 Nov 2018 03:43:51 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id C99A417B26; Fri, 23 Nov 2018 08:43:51 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.2.192])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 4F610194AE
	for <libvir-list@redhat.com>; Fri, 23 Nov 2018 08:43:51 +0000 (UTC)
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 23 Nov 2018 09:43:29 +0100
Message-Id: 
 <210307695e8c590e99e1e468f4175e05a53c9bb2.1542960893.git.mprivozn@redhat.com>
In-Reply-To: <cover.1542960893.git.mprivozn@redhat.com>
References: <cover.1542960893.git.mprivozn@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 11/18] security_selinux: Track if transaction is
	restore
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]);
 Fri, 23 Nov 2018 08:44:23 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

It is going to be important to know if the current transaction we
are running is a restore operation or set label operation.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/security/security_selinux.c | 36 +++++++++++++++++++++++----------
 1 file changed, 25 insertions(+), 11 deletions(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinu=
x.c
index 95e9a1b0c7..715d9a428b 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -85,6 +85,7 @@ struct _virSecuritySELinuxContextItem {
     char *path;
     char *tcon;
     bool optional;
+    bool restore;
 };
=20
 typedef struct _virSecuritySELinuxContextList virSecuritySELinuxContextLis=
t;
@@ -123,7 +124,8 @@ static int
 virSecuritySELinuxContextListAppend(virSecuritySELinuxContextListPtr list,
                                     const char *path,
                                     const char *tcon,
-                                    bool optional)
+                                    bool optional,
+                                    bool restore)
 {
     int ret =3D -1;
     virSecuritySELinuxContextItemPtr item =3D NULL;
@@ -135,6 +137,7 @@ virSecuritySELinuxContextListAppend(virSecuritySELinuxC=
ontextListPtr list,
         goto cleanup;
=20
     item->optional =3D optional;
+    item->restore =3D restore;
=20
     if (VIR_APPEND_ELEMENT(list->items, list->nItems, item) < 0)
         goto cleanup;
@@ -178,7 +181,8 @@ virSecuritySELinuxContextListFree(void *opaque)
 static int
 virSecuritySELinuxTransactionAppend(const char *path,
                                     const char *tcon,
-                                    bool optional)
+                                    bool optional,
+                                    bool restore)
 {
     virSecuritySELinuxContextListPtr list;
=20
@@ -186,7 +190,7 @@ virSecuritySELinuxTransactionAppend(const char *path,
     if (!list)
         return 0;
=20
-    if (virSecuritySELinuxContextListAppend(list, path, tcon, optional) < =
0)
+    if (virSecuritySELinuxContextListAppend(list, path, tcon, optional, re=
store) < 0)
         return -1;
=20
     return 1;
@@ -198,6 +202,11 @@ static int virSecuritySELinuxSetFileconHelper(const ch=
ar *path,
                                               bool optional,
                                               bool privileged);
=20
+
+static int virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr,
+                                              const char *path);
+
+
 /**
  * virSecuritySELinuxTransactionRun:
  * @pid: process pid
@@ -242,13 +251,18 @@ virSecuritySELinuxTransactionRun(pid_t pid ATTRIBUTE_=
UNUSED,
         virSecuritySELinuxContextItemPtr item =3D list->items[i];
=20
         /* TODO Implement rollback */
-        if (virSecuritySELinuxSetFileconHelper(item->path,
-                                               item->tcon,
-                                               item->optional,
-                                               privileged) < 0) {
-            rv =3D -1;
-            break;
+        if (!item->restore) {
+            rv =3D virSecuritySELinuxSetFileconHelper(item->path,
+                                                    item->tcon,
+                                                    item->optional,
+                                                    privileged);
+        } else {
+            rv =3D virSecuritySELinuxRestoreFileLabel(list->manager,
+                                                    item->path);
         }
+
+        if (rv < 0)
+            break;
     }
=20
     if (list->lock)
@@ -1265,7 +1279,7 @@ virSecuritySELinuxSetFileconHelper(const char *path, =
const char *tcon,
 {
     int rc;
=20
-    if ((rc =3D virSecuritySELinuxTransactionAppend(path, tcon, optional))=
 < 0)
+    if ((rc =3D virSecuritySELinuxTransactionAppend(path, tcon, optional, =
false)) < 0)
         return -1;
     else if (rc > 0)
         return 0;
@@ -1387,7 +1401,7 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManager=
Ptr mgr,
         goto cleanup;
     }
=20
-    if ((rc =3D virSecuritySELinuxTransactionAppend(path, fcon, false)) < =
0)
+    if ((rc =3D virSecuritySELinuxTransactionAppend(path, fcon, false, tru=
e)) < 0)
         return -1;
     else if (rc > 0)
         return 0;
--=20
2.18.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Sat Feb  7 13:51:03 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1542962651336928.805099121628;
 Fri, 23 Nov 2018 00:44:11 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 1D65589AEF;
	Fri, 23 Nov 2018 08:44:06 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id D216E1057065;
	Fri, 23 Nov 2018 08:44:05 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 858343F606;
	Fri, 23 Nov 2018 08:44:05 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
	[10.5.11.23])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id wAN8hqrP003872 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 23 Nov 2018 03:43:52 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id C512317B26; Fri, 23 Nov 2018 08:43:52 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.2.192])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 244DF194AE
	for <libvir-list@redhat.com>; Fri, 23 Nov 2018 08:43:51 +0000 (UTC)
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 23 Nov 2018 09:43:30 +0100
Message-Id: 
 <caabba58fd5222a9a4a2a44da14eb31f9d8bb7b2.1542960893.git.mprivozn@redhat.com>
In-Reply-To: <cover.1542960893.git.mprivozn@redhat.com>
References: <cover.1542960893.git.mprivozn@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 12/18] security_selinux: Remember old labels
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]);
 Fri, 23 Nov 2018 08:44:07 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/security/security_selinux.c | 161 ++++++++++++++++++++++----------
 1 file changed, 114 insertions(+), 47 deletions(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinu=
x.c
index 715d9a428b..4990d94b5f 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -33,6 +33,7 @@
=20
 #include "security_driver.h"
 #include "security_selinux.h"
+#include "security_util.h"
 #include "virerror.h"
 #include "viralloc.h"
 #include "virlog.h"
@@ -197,14 +198,40 @@ virSecuritySELinuxTransactionAppend(const char *path,
 }
=20
=20
+static int
+virSecuritySELinuxRememberLabel(const char *path,
+                                const security_context_t con)
+{
+    return virSecuritySetRememberedLabel(SECURITY_SELINUX_NAME,
+                                         path, con);
+}
+
+
+static int
+virSecuritySELinuxRecallLabel(const char *path,
+                              security_context_t *con)
+{
+    if (virSecurityGetRememberedLabel(SECURITY_SELINUX_NAME,
+                                      path, con) < 0)
+        return -1;
+
+    if (!con)
+        return 1;
+
+    return 0;
+}
+
+
 static int virSecuritySELinuxSetFileconHelper(const char *path,
                                               const char *tcon,
                                               bool optional,
-                                              bool privileged);
+                                              bool privileged,
+                                              bool remember);
=20
=20
 static int virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr,
-                                              const char *path);
+                                              const char *path,
+                                              bool recall);
=20
=20
 /**
@@ -255,10 +282,12 @@ virSecuritySELinuxTransactionRun(pid_t pid ATTRIBUTE_=
UNUSED,
             rv =3D virSecuritySELinuxSetFileconHelper(item->path,
                                                     item->tcon,
                                                     item->optional,
-                                                    privileged);
+                                                    privileged,
+                                                    list->lock);
         } else {
             rv =3D virSecuritySELinuxRestoreFileLabel(list->manager,
-                                                    item->path);
+                                                    item->path,
+                                                    list->lock);
         }
=20
         if (rv < 0)
@@ -1275,16 +1304,38 @@ virSecuritySELinuxSetFileconImpl(const char *path, =
const char *tcon,
=20
 static int
 virSecuritySELinuxSetFileconHelper(const char *path, const char *tcon,
-                                   bool optional, bool privileged)
+                                   bool optional, bool privileged, bool re=
member)
 {
+    security_context_t econ =3D NULL;
     int rc;
+    int ret =3D -1;
=20
     if ((rc =3D virSecuritySELinuxTransactionAppend(path, tcon, optional, =
false)) < 0)
         return -1;
     else if (rc > 0)
         return 0;
=20
-    return virSecuritySELinuxSetFileconImpl(path, tcon, optional, privileg=
ed);
+    if (remember) {
+        if (getfilecon_raw(path, &econ) < 0 &&
+            errno !=3D ENOTSUP && errno !=3D ENODATA) {
+            virReportSystemError(errno,
+                                 _("unable to get SELinux context of %s"),
+                                 path);
+            goto cleanup;
+        }
+
+        if (econ &&
+            virSecuritySELinuxRememberLabel(path, econ) < 0)
+            goto cleanup;
+    }
+
+    if (virSecuritySELinuxSetFileconImpl(path, tcon, optional, privileged)=
 < 0)
+        goto cleanup;
+
+    ret =3D 0;
+ cleanup:
+    freecon(econ);
+    return ret;
 }
=20
=20
@@ -1293,7 +1344,7 @@ virSecuritySELinuxSetFileconOptional(virSecurityManag=
erPtr mgr,
                                      const char *path, const char *tcon)
 {
     bool privileged =3D virSecurityManagerGetPrivileged(mgr);
-    return virSecuritySELinuxSetFileconHelper(path, tcon, true, privileged=
);
+    return virSecuritySELinuxSetFileconHelper(path, tcon, true, privileged=
, false);
 }
=20
 static int
@@ -1301,7 +1352,7 @@ virSecuritySELinuxSetFilecon(virSecurityManagerPtr mg=
r,
                              const char *path, const char *tcon)
 {
     bool privileged =3D virSecurityManagerGetPrivileged(mgr);
-    return virSecuritySELinuxSetFileconHelper(path, tcon, false, privilege=
d);
+    return virSecuritySELinuxSetFileconHelper(path, tcon, false, privilege=
d, false);
 }
=20
 static int
@@ -1362,7 +1413,8 @@ getContext(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
  * errors that the caller(s) are already dealing with */
 static int
 virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr,
-                                   const char *path)
+                                   const char *path,
+                                   bool recall)
 {
     bool privileged =3D virSecurityManagerGetPrivileged(mgr);
     struct stat buf;
@@ -1386,26 +1438,35 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManag=
erPtr mgr,
         goto cleanup;
     }
=20
-    if (stat(newpath, &buf) !=3D 0) {
-        VIR_WARN("cannot stat %s: %s", newpath,
-                 virStrerror(errno, ebuf, sizeof(ebuf)));
-        goto cleanup;
-    }
-
-    if (getContext(mgr, newpath, buf.st_mode, &fcon) < 0) {
-        /* Any user created path likely does not have a default label,
-         * which makes this an expected non error
-         */
-        VIR_WARN("cannot lookup default selinux label for %s", newpath);
-        ret =3D 0;
-        goto cleanup;
-    }
-
-    if ((rc =3D virSecuritySELinuxTransactionAppend(path, fcon, false, tru=
e)) < 0)
+    if ((rc =3D virSecuritySELinuxTransactionAppend(path, NULL, false, tru=
e)) < 0)
         return -1;
     else if (rc > 0)
         return 0;
=20
+    if (recall) {
+        if ((rc =3D virSecuritySELinuxRecallLabel(newpath, &fcon)) < 0) {
+            goto cleanup;
+        } else if (rc > 0) {
+            ret =3D 0;
+            goto cleanup;
+        }
+    } else {
+        if (stat(newpath, &buf) !=3D 0) {
+            VIR_WARN("cannot stat %s: %s", newpath,
+                     virStrerror(errno, ebuf, sizeof(ebuf)));
+            goto cleanup;
+        }
+
+        if (getContext(mgr, newpath, buf.st_mode, &fcon) < 0) {
+            /* Any user created path likely does not have a default label,
+             * which makes this an expected non error
+             */
+            VIR_WARN("cannot lookup default selinux label for %s", newpath=
);
+            ret =3D 0;
+            goto cleanup;
+        }
+    }
+
     if (virSecuritySELinuxSetFileconImpl(newpath, fcon, false, privileged)=
 < 0)
         goto cleanup;
=20
@@ -1460,7 +1521,7 @@ virSecuritySELinuxRestoreInputLabel(virSecurityManage=
rPtr mgr,
=20
     switch ((virDomainInputType)input->type) {
     case VIR_DOMAIN_INPUT_TYPE_PASSTHROUGH:
-        rc =3D virSecuritySELinuxRestoreFileLabel(mgr, input->source.evdev=
);
+        rc =3D virSecuritySELinuxRestoreFileLabel(mgr, input->source.evdev=
, false);
         break;
=20
     case VIR_DOMAIN_INPUT_TYPE_MOUSE:
@@ -1516,7 +1577,7 @@ virSecuritySELinuxRestoreMemoryLabel(virSecurityManag=
erPtr mgr,
         if (!seclabel || !seclabel->relabel)
             return 0;
=20
-        ret =3D virSecuritySELinuxRestoreFileLabel(mgr, mem->nvdimmPath);
+        ret =3D virSecuritySELinuxRestoreFileLabel(mgr, mem->nvdimmPath, f=
alse);
         break;
=20
     case VIR_DOMAIN_MEMORY_MODEL_DIMM:
@@ -1595,10 +1656,10 @@ virSecuritySELinuxRestoreTPMFileLabelInt(virSecurit=
yManagerPtr mgr,
     switch (tpm->type) {
     case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
         tpmdev =3D tpm->data.passthrough.source.data.file.path;
-        rc =3D virSecuritySELinuxRestoreFileLabel(mgr, tpmdev);
+        rc =3D virSecuritySELinuxRestoreFileLabel(mgr, tpmdev, false);
=20
         if ((cancel_path =3D virTPMCreateCancelPath(tpmdev)) !=3D NULL) {
-            if (virSecuritySELinuxRestoreFileLabel(mgr, cancel_path) < 0)
+            if (virSecuritySELinuxRestoreFileLabel(mgr, cancel_path, false=
) < 0)
                 rc =3D -1;
             VIR_FREE(cancel_path);
         }
@@ -1665,7 +1726,7 @@ virSecuritySELinuxRestoreImageLabelInt(virSecurityMan=
agerPtr mgr,
         }
     }
=20
-    return virSecuritySELinuxRestoreFileLabel(mgr, src->path);
+    return virSecuritySELinuxRestoreFileLabel(mgr, src->path, false);
 }
=20
=20
@@ -2053,7 +2114,7 @@ virSecuritySELinuxRestorePCILabel(virPCIDevicePtr dev=
 ATTRIBUTE_UNUSED,
 {
     virSecurityManagerPtr mgr =3D opaque;
=20
-    return virSecuritySELinuxRestoreFileLabel(mgr, file);
+    return virSecuritySELinuxRestoreFileLabel(mgr, file, false);
 }
=20
 static int
@@ -2063,7 +2124,7 @@ virSecuritySELinuxRestoreUSBLabel(virUSBDevicePtr dev=
 ATTRIBUTE_UNUSED,
 {
     virSecurityManagerPtr mgr =3D opaque;
=20
-    return virSecuritySELinuxRestoreFileLabel(mgr, file);
+    return virSecuritySELinuxRestoreFileLabel(mgr, file, false);
 }
=20
=20
@@ -2080,7 +2141,7 @@ virSecuritySELinuxRestoreSCSILabel(virSCSIDevicePtr d=
ev,
     if (virSCSIDeviceGetShareable(dev) || virSCSIDeviceGetReadonly(dev))
         return 0;
=20
-    return virSecuritySELinuxRestoreFileLabel(mgr, file);
+    return virSecuritySELinuxRestoreFileLabel(mgr, file, false);
 }
=20
 static int
@@ -2090,7 +2151,7 @@ virSecuritySELinuxRestoreHostLabel(virSCSIVHostDevice=
Ptr dev ATTRIBUTE_UNUSED,
 {
     virSecurityManagerPtr mgr =3D opaque;
=20
-    return virSecuritySELinuxRestoreFileLabel(mgr, file);
+    return virSecuritySELinuxRestoreFileLabel(mgr, file, false);
 }
=20
=20
@@ -2194,7 +2255,7 @@ virSecuritySELinuxRestoreHostdevSubsysLabel(virSecuri=
tyManagerPtr mgr,
         if (!(vfiodev =3D virMediatedDeviceGetIOMMUGroupDev(mdevsrc->uuids=
tr)))
             goto done;
=20
-        ret =3D virSecuritySELinuxRestoreFileLabel(mgr, vfiodev);
+        ret =3D virSecuritySELinuxRestoreFileLabel(mgr, vfiodev, false);
=20
         VIR_FREE(vfiodev);
         break;
@@ -2228,7 +2289,7 @@ virSecuritySELinuxRestoreHostdevCapsLabel(virSecurity=
ManagerPtr mgr,
             if (VIR_STRDUP(path, dev->source.caps.u.storage.block) < 0)
                 return -1;
         }
-        ret =3D virSecuritySELinuxRestoreFileLabel(mgr, path);
+        ret =3D virSecuritySELinuxRestoreFileLabel(mgr, path, false);
         VIR_FREE(path);
         break;
     }
@@ -2242,7 +2303,7 @@ virSecuritySELinuxRestoreHostdevCapsLabel(virSecurity=
ManagerPtr mgr,
             if (VIR_STRDUP(path, dev->source.caps.u.misc.chardev) < 0)
                 return -1;
         }
-        ret =3D virSecuritySELinuxRestoreFileLabel(mgr, path);
+        ret =3D virSecuritySELinuxRestoreFileLabel(mgr, path, false);
         VIR_FREE(path);
         break;
     }
@@ -2390,14 +2451,18 @@ virSecuritySELinuxRestoreChardevLabel(virSecurityMa=
nagerPtr mgr,
     switch (dev_source->type) {
     case VIR_DOMAIN_CHR_TYPE_DEV:
     case VIR_DOMAIN_CHR_TYPE_FILE:
-        if (virSecuritySELinuxRestoreFileLabel(mgr, dev_source->data.file.=
path) < 0)
+        if (virSecuritySELinuxRestoreFileLabel(mgr,
+                                               dev_source->data.file.path,
+                                               false) < 0)
             goto done;
         ret =3D 0;
         break;
=20
     case VIR_DOMAIN_CHR_TYPE_UNIX:
         if (!dev_source->data.nix.listen) {
-            if (virSecuritySELinuxRestoreFileLabel(mgr, dev_source->data.f=
ile.path) < 0)
+            if (virSecuritySELinuxRestoreFileLabel(mgr,
+                                                   dev_source->data.file.p=
ath,
+                                                   false) < 0)
                 goto done;
         }
         ret =3D 0;
@@ -2408,11 +2473,13 @@ virSecuritySELinuxRestoreChardevLabel(virSecurityMa=
nagerPtr mgr,
             (virAsprintf(&in, "%s.in", dev_source->data.file.path) < 0))
             goto done;
         if (virFileExists(in) && virFileExists(out)) {
-            if ((virSecuritySELinuxRestoreFileLabel(mgr, out) < 0) ||
-                (virSecuritySELinuxRestoreFileLabel(mgr, in) < 0)) {
+            if ((virSecuritySELinuxRestoreFileLabel(mgr, out, false) < 0) =
||
+                (virSecuritySELinuxRestoreFileLabel(mgr, in, false) < 0)) {
                 goto done;
             }
-        } else if (virSecuritySELinuxRestoreFileLabel(mgr, dev_source->dat=
a.file.path) < 0) {
+        } else if (virSecuritySELinuxRestoreFileLabel(mgr,
+                                                      dev_source->data.fil=
e.path,
+                                                      false) < 0) {
             goto done;
         }
         ret =3D 0;
@@ -2464,7 +2531,7 @@ virSecuritySELinuxRestoreSecuritySmartcardCallback(vi=
rDomainDefPtr def,
         database =3D dev->data.cert.database;
         if (!database)
             database =3D VIR_DOMAIN_SMARTCARD_DEFAULT_DATABASE;
-        return virSecuritySELinuxRestoreFileLabel(mgr, database);
+        return virSecuritySELinuxRestoreFileLabel(mgr, database, false);
=20
     case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH:
         return virSecuritySELinuxRestoreChardevLabel(mgr, def,
@@ -2559,7 +2626,7 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManagerP=
tr mgr,
         rc =3D -1;
=20
     if (def->os.loader && def->os.loader->nvram &&
-        virSecuritySELinuxRestoreFileLabel(mgr, def->os.loader->nvram) < 0)
+        virSecuritySELinuxRestoreFileLabel(mgr, def->os.loader->nvram, fal=
se) < 0)
         rc =3D -1;
=20
     return rc;
@@ -2619,7 +2686,7 @@ virSecuritySELinuxRestoreSavedStateLabel(virSecurityM=
anagerPtr mgr,
     if (!secdef || !secdef->relabel)
         return 0;
=20
-    return virSecuritySELinuxRestoreFileLabel(mgr, savefile);
+    return virSecuritySELinuxRestoreFileLabel(mgr, savefile, false);
 }
=20
=20
@@ -3214,7 +3281,7 @@ virSecuritySELinuxRestoreFileLabels(virSecurityManage=
rPtr mgr,
     char *filename =3D NULL;
     DIR *dir;
=20
-    if ((ret =3D virSecuritySELinuxRestoreFileLabel(mgr, path)))
+    if ((ret =3D virSecuritySELinuxRestoreFileLabel(mgr, path, false)))
         return ret;
=20
     if (!virFileIsDir(path))
@@ -3231,7 +3298,7 @@ virSecuritySELinuxRestoreFileLabels(virSecurityManage=
rPtr mgr,
             ret =3D -1;
             break;
         }
-        ret =3D virSecuritySELinuxRestoreFileLabel(mgr, filename);
+        ret =3D virSecuritySELinuxRestoreFileLabel(mgr, filename, false);
         VIR_FREE(filename);
         if (ret < 0)
             break;
--=20
2.18.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Sat Feb  7 13:51:03 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1542962672545983.7589329904174;
 Fri, 23 Nov 2018 00:44:32 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 472AD3082141;
	Fri, 23 Nov 2018 08:44:26 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 13E1B17B35;
	Fri, 23 Nov 2018 08:44:26 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id C14AF181B9F6;
	Fri, 23 Nov 2018 08:44:25 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
	[10.5.11.23])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id wAN8i0bg003896 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 23 Nov 2018 03:44:00 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id CB91117B31; Fri, 23 Nov 2018 08:44:00 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.2.192])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 50CB518506
	for <libvir-list@redhat.com>; Fri, 23 Nov 2018 08:43:52 +0000 (UTC)
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 23 Nov 2018 09:43:31 +0100
Message-Id: 
 <69b3b1f853dba33f2f1871dcab28172464de6d93.1542960893.git.mprivozn@redhat.com>
In-Reply-To: <cover.1542960893.git.mprivozn@redhat.com>
References: <cover.1542960893.git.mprivozn@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 13/18] security_selinux: Restore label on failed
	setfilecon() attempt
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]);
 Fri, 23 Nov 2018 08:44:26 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

It's important to keep XATTRs untouched (well, in the same state
they were in when entering the function). Otherwise our
refcounting would be messed up.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/security/security_selinux.c | 40 +++++++++++++++++++++++----------
 1 file changed, 28 insertions(+), 12 deletions(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinu=
x.c
index 4990d94b5f..290faba9d6 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -222,10 +222,10 @@ virSecuritySELinuxRecallLabel(const char *path,
 }
=20
=20
-static int virSecuritySELinuxSetFileconHelper(const char *path,
+static int virSecuritySELinuxSetFileconHelper(virSecurityManagerPtr mgr,
+                                              const char *path,
                                               const char *tcon,
                                               bool optional,
-                                              bool privileged,
                                               bool remember);
=20
=20
@@ -252,7 +252,6 @@ virSecuritySELinuxTransactionRun(pid_t pid ATTRIBUTE_UN=
USED,
 {
     virSecuritySELinuxContextListPtr list =3D opaque;
     virSecurityManagerMetadataLockStatePtr state;
-    bool privileged =3D virSecurityManagerGetPrivileged(list->manager);
     const char **paths =3D NULL;
     size_t npaths =3D 0;
     size_t i;
@@ -279,10 +278,10 @@ virSecuritySELinuxTransactionRun(pid_t pid ATTRIBUTE_=
UNUSED,
=20
         /* TODO Implement rollback */
         if (!item->restore) {
-            rv =3D virSecuritySELinuxSetFileconHelper(item->path,
+            rv =3D virSecuritySELinuxSetFileconHelper(list->manager,
+                                                    item->path,
                                                     item->tcon,
                                                     item->optional,
-                                                    privileged,
                                                     list->lock);
         } else {
             rv =3D virSecuritySELinuxRestoreFileLabel(list->manager,
@@ -1303,9 +1302,13 @@ virSecuritySELinuxSetFileconImpl(const char *path, c=
onst char *tcon,
=20
=20
 static int
-virSecuritySELinuxSetFileconHelper(const char *path, const char *tcon,
-                                   bool optional, bool privileged, bool re=
member)
+virSecuritySELinuxSetFileconHelper(virSecurityManagerPtr mgr,
+                                   const char *path,
+                                   const char *tcon,
+                                   bool optional,
+                                   bool remember)
 {
+    bool privileged =3D virSecurityManagerGetPrivileged(mgr);
     security_context_t econ =3D NULL;
     int rc;
     int ret =3D -1;
@@ -1329,8 +1332,23 @@ virSecuritySELinuxSetFileconHelper(const char *path,=
 const char *tcon,
             goto cleanup;
     }
=20
-    if (virSecuritySELinuxSetFileconImpl(path, tcon, optional, privileged)=
 < 0)
+    if (virSecuritySELinuxSetFileconImpl(path, tcon, optional, privileged)=
 < 0) {
+        virErrorPtr origerr;
+
+        virErrorPreserveLast(&origerr);
+        /* Try to restore the label. This is done so that XATTRs
+         * are left in the same state as when the control entered
+         * this function. However, if our attempt fails, there's
+         * not much we can do. XATTRs refcounting is fubar'ed and
+         * the only option we have is warn users. */
+        if (virSecuritySELinuxRestoreFileLabel(mgr, path, remember) < 0)
+            VIR_WARN("Unable to restore label on '%s'. "
+                     "XATTRs might have been left in inconsistent state.",
+                     path);
+
+        virErrorRestore(&origerr);
         goto cleanup;
+    }
=20
     ret =3D 0;
  cleanup:
@@ -1343,16 +1361,14 @@ static int
 virSecuritySELinuxSetFileconOptional(virSecurityManagerPtr mgr,
                                      const char *path, const char *tcon)
 {
-    bool privileged =3D virSecurityManagerGetPrivileged(mgr);
-    return virSecuritySELinuxSetFileconHelper(path, tcon, true, privileged=
, false);
+    return virSecuritySELinuxSetFileconHelper(mgr, path, tcon, true, false=
);
 }
=20
 static int
 virSecuritySELinuxSetFilecon(virSecurityManagerPtr mgr,
                              const char *path, const char *tcon)
 {
-    bool privileged =3D virSecurityManagerGetPrivileged(mgr);
-    return virSecuritySELinuxSetFileconHelper(path, tcon, false, privilege=
d, false);
+    return virSecuritySELinuxSetFileconHelper(mgr, path, tcon, false, fals=
e);
 }
=20
 static int
--=20
2.18.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Sat Feb  7 13:51:03 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1542962656981959.3558496711556;
 Fri, 23 Nov 2018 00:44:16 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id B3C8C88310;
	Fri, 23 Nov 2018 08:44:15 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 83AB360920;
	Fri, 23 Nov 2018 08:44:15 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3D38618434BE;
	Fri, 23 Nov 2018 08:44:15 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
	[10.5.11.23])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id wAN8i5rH003908 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 23 Nov 2018 03:44:05 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 93B2117B31; Fri, 23 Nov 2018 08:44:05 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.2.192])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 199E4194AE
	for <libvir-list@redhat.com>; Fri, 23 Nov 2018 08:44:00 +0000 (UTC)
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 23 Nov 2018 09:43:32 +0100
Message-Id: 
 <43fdc21d22c259df7e76c57da126ece1948ff861.1542960893.git.mprivozn@redhat.com>
In-Reply-To: <cover.1542960893.git.mprivozn@redhat.com>
References: <cover.1542960893.git.mprivozn@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 14/18] virSecuritySELinuxTransactionRun: Implement
	rollback
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]);
 Fri, 23 Nov 2018 08:44:16 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

When iterating over list of paths/disk sources to relabel it may
happen that the process fails at some point. In that case, for
the sake of keeping seclabel refcount (stored in XATTRs) in sync
with reality we have to perform rollback. However, if that fails
too the only thing we can do is warn user.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/security/security_selinux.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinu=
x.c
index 290faba9d6..0cf8164265 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -276,7 +276,6 @@ virSecuritySELinuxTransactionRun(pid_t pid ATTRIBUTE_UN=
USED,
     for (i =3D 0; i < list->nItems; i++) {
         virSecuritySELinuxContextItemPtr item =3D list->items[i];
=20
-        /* TODO Implement rollback */
         if (!item->restore) {
             rv =3D virSecuritySELinuxSetFileconHelper(list->manager,
                                                     item->path,
@@ -293,6 +292,18 @@ virSecuritySELinuxTransactionRun(pid_t pid ATTRIBUTE_U=
NUSED,
             break;
     }
=20
+    for (; rv < 0 && i > 0; i--) {
+        virSecuritySELinuxContextItemPtr item =3D list->items[i - 1];
+
+        if (!item->restore) {
+            virSecuritySELinuxRestoreFileLabel(list->manager,
+                                               item->path,
+                                               list->lock);
+        } else {
+            VIR_WARN("Ignoring failed restore attempt on %s", item->path);
+        }
+    }
+
     if (list->lock)
         virSecurityManagerMetadataUnlock(list->manager, &state);
=20
--=20
2.18.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Sat Feb  7 13:51:03 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1542962662681913.7444423496923;
 Fri, 23 Nov 2018 00:44:22 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id DD4A34E915;
	Fri, 23 Nov 2018 08:44:19 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id A255A1057042;
	Fri, 23 Nov 2018 08:44:19 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4D50C3F614;
	Fri, 23 Nov 2018 08:44:19 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
	[10.5.11.23])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id wAN8iCaj003918 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 23 Nov 2018 03:44:12 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 9659517797; Fri, 23 Nov 2018 08:44:12 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.2.192])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 1AB4C18506
	for <libvir-list@redhat.com>; Fri, 23 Nov 2018 08:44:05 +0000 (UTC)
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 23 Nov 2018 09:43:33 +0100
Message-Id: 
 <d89a6ad6dddd7a243da0e78d5313332e4de8f305.1542960893.git.mprivozn@redhat.com>
In-Reply-To: <cover.1542960893.git.mprivozn@redhat.com>
References: <cover.1542960893.git.mprivozn@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 15/18] virSecuritySELinuxRestoreAllLabel: Reorder
	device relabeling
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]);
 Fri, 23 Nov 2018 08:44:20 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

It helps whe trying to match calls with virSecuritySELinuxSetAllLabel
if the order in which devices are set/restored is the same in
both functions.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/security/security_selinux.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinu=
x.c
index 0cf8164265..553fc852db 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2604,8 +2604,11 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager=
Ptr mgr,
     if (!secdef || !secdef->relabel || data->skipAllLabel)
         return 0;
=20
-    if (def->tpm) {
-        if (virSecuritySELinuxRestoreTPMFileLabelInt(mgr, def, def->tpm) <=
 0)
+    for (i =3D 0; i < def->ndisks; i++) {
+        virDomainDiskDefPtr disk =3D def->disks[i];
+
+        if (virSecuritySELinuxRestoreImageLabelInt(mgr, def, disk->src,
+                                                   migrated) < 0)
             rc =3D -1;
     }
=20
@@ -2627,11 +2630,8 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager=
Ptr mgr,
             return -1;
     }
=20
-    for (i =3D 0; i < def->ndisks; i++) {
-        virDomainDiskDefPtr disk =3D def->disks[i];
-
-        if (virSecuritySELinuxRestoreImageLabelInt(mgr, def, disk->src,
-                                                   migrated) < 0)
+    if (def->tpm) {
+        if (virSecuritySELinuxRestoreTPMFileLabelInt(mgr, def, def->tpm) <=
 0)
             rc =3D -1;
     }
=20
--=20
2.18.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Sat Feb  7 13:51:03 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1542962659890226.69619953808615;
 Fri, 23 Nov 2018 00:44:19 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
 [10.5.11.14])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 9996D12B9F;
	Fri, 23 Nov 2018 08:44:17 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 61A2C18526;
	Fri, 23 Nov 2018 08:44:17 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 1B1A03F60E;
	Fri, 23 Nov 2018 08:44:17 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
	[10.5.11.23])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id wAN8iF6S003929 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 23 Nov 2018 03:44:15 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 85CBD17B31; Fri, 23 Nov 2018 08:44:15 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.2.192])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 0B33017797
	for <libvir-list@redhat.com>; Fri, 23 Nov 2018 08:44:12 +0000 (UTC)
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 23 Nov 2018 09:43:34 +0100
Message-Id: 
 <e3e535d756b71fefbae340bfe0f480fae50fdd5e.1542960893.git.mprivozn@redhat.com>
In-Reply-To: <cover.1542960893.git.mprivozn@redhat.com>
References: <cover.1542960893.git.mprivozn@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 16/18] virSecuritySELinuxRestoreAllLabel: Restore
	more labels
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]);
 Fri, 23 Nov 2018 08:44:18 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

We are setting label on kernel, initrd, dtb and slic_table files.
But we never restored it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/security/security_selinux.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/security/security_selinux.c b/src/security/security_selinu=
x.c
index 553fc852db..5f2fab73bc 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2656,6 +2656,22 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager=
Ptr mgr,
         virSecuritySELinuxRestoreFileLabel(mgr, def->os.loader->nvram, fal=
se) < 0)
         rc =3D -1;
=20
+    if (def->os.kernel &&
+        virSecuritySELinuxRestoreFileLabel(mgr, def->os.kernel, false) < 0)
+        rc =3D -1;
+
+    if (def->os.initrd &&
+        virSecuritySELinuxRestoreFileLabel(mgr, def->os.initrd, false) < 0)
+        rc =3D -1;
+
+    if (def->os.dtb &&
+        virSecuritySELinuxRestoreFileLabel(mgr, def->os.dtb, false) < 0)
+        rc =3D -1;
+
+    if (def->os.slic_table &&
+        virSecuritySELinuxRestoreFileLabel(mgr, def->os.slic_table, false)=
 < 0)
+        rc =3D -1;
+
     return rc;
 }
=20
--=20
2.18.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Sat Feb  7 13:51:03 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1542962672536732.3906747039566;
 Fri, 23 Nov 2018 00:44:32 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 366EA88E50;
	Fri, 23 Nov 2018 08:44:30 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 06534105705B;
	Fri, 23 Nov 2018 08:44:30 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id B2D603F606;
	Fri, 23 Nov 2018 08:44:29 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
	[10.5.11.23])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id wAN8iKPe003977 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 23 Nov 2018 03:44:20 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 4190C17797; Fri, 23 Nov 2018 08:44:20 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.2.192])
	by smtp.corp.redhat.com (Postfix) with ESMTP id BB6F518510
	for <libvir-list@redhat.com>; Fri, 23 Nov 2018 08:44:15 +0000 (UTC)
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 23 Nov 2018 09:43:35 +0100
Message-Id: 
 <b3bdbe2e74cfe6d2c04a5f8bbbe078018c4e29a4.1542960893.git.mprivozn@redhat.com>
In-Reply-To: <cover.1542960893.git.mprivozn@redhat.com>
References: <cover.1542960893.git.mprivozn@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 17/18] tools: Provide a script to recover fubar'ed
	XATTRs setup
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]);
 Fri, 23 Nov 2018 08:44:30 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

Our code is not bug free. The refcounting I introduced will
almost certainly not work in some use cases. Provide a script
that will remove all the XATTRs set by libvirt so that it can
start cleanly.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 tools/Makefile.am               |  1 +
 tools/libvirt_recover_xattrs.sh | 89 +++++++++++++++++++++++++++++++++
 2 files changed, 90 insertions(+)
 create mode 100755 tools/libvirt_recover_xattrs.sh

diff --git a/tools/Makefile.am b/tools/Makefile.am
index f069167acc..1dc009c4fb 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -75,6 +75,7 @@ EXTRA_DIST =3D \
 	virt-login-shell.conf \
 	virsh-edit.c \
 	bash-completion/vsh \
+	libvirt_recover_xattrs.sh \
 	$(PODFILES) \
 	$(MANINFILES) \
 	$(NULL)
diff --git a/tools/libvirt_recover_xattrs.sh b/tools/libvirt_recover_xattrs=
.sh
new file mode 100755
index 0000000000..c4a8b27cbc
--- /dev/null
+++ b/tools/libvirt_recover_xattrs.sh
@@ -0,0 +1,89 @@
+#!/bin/bash
+
+function die {
+    echo $@ >&2
+    exit 1
+}
+
+function show_help {
+    cat << EOF
+Usage: ${0##*/} -[hqn] [PATH]
+
+Clear out any XATTRs set by libvirt on all files that have them.
+The idea is to reset refcounting, should it break.
+
+  -h    display this help and exit
+  -q    quiet (don't print which files are being fixed)
+  -n    dry run; don't remove any XATTR just report the file name
+
+PATH can be specified to refine search to only to given path
+instead of whole root ('/'), which is the default.
+EOF
+}
+
+QUIET=3D0
+DRY_RUN=3D0
+P=3D"/"
+
+# So far only qemu and lxc drivers use security driver.
+URI=3D("qemu:///system"
+     "qemu:///session"
+     "lxc:///system")
+
+LIBVIRT_XATTR_PREFIX=3D"trusted.libvirt.security"
+
+if [ `whoami` !=3D "root" ]; then
+    die "Must be run as root"
+fi
+
+while getopts hqn opt; do
+    case $opt in
+        h)
+            show_help
+            exit 0
+            ;;
+        q)
+            QUIET=3D1
+            ;;
+        n)
+            DRY_RUN=3D1
+            ;;
+        *)
+            show_help >&2
+            exit 1
+            ;;
+    esac
+done
+
+shift $((OPTIND - 1))
+if [ $# -gt 0 ]; then
+    P=3D$1
+fi
+
+if [ ${DRY_RUN} -eq 0 ]; then
+    for u in ${URI[*]} ; do
+        if [ -n "`virsh -q -c $u list 2>/dev/null`" ]; then
+            die "There are still some domains running for $u"
+        fi
+    done
+fi
+
+XATTRS=3D("trusted.libvirt.security.dac"
+        "trusted.libvirt.security.ref_dac"
+        "trusted.libvirt.security.selinux"
+        "trusted.libvirt.security.ref_selinux")
+
+for i in $(getfattr -R -d -m ${LIBVIRT_XATTR_PREFIX} --absolute-names ${P}=
 2>/dev/null | grep "^# file:" | cut -d':' -f 2); do
+    if [ ${DRY_RUN} -ne 0 ]; then
+        echo $i
+        getfattr -d -m ${LIBVIRT_XATTR_PREFIX} $i
+        continue
+    fi
+
+    if [ ${QUIET} -eq 0 ]; then
+        echo "Fixing $i";
+    fi
+    for x in ${XATTRS[*]}; do
+        setfattr -x $x $i
+    done
+done
--=20
2.18.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Sat Feb  7 13:51:03 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1542962665827369.8872988124949;
 Fri, 23 Nov 2018 00:44:25 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 81A4630842AB;
	Fri, 23 Nov 2018 08:44:24 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 5012F614DB;
	Fri, 23 Nov 2018 08:44:24 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 0E5C8184B54C;
	Fri, 23 Nov 2018 08:44:24 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
	[10.5.11.23])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id wAN8iMCx003987 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 23 Nov 2018 03:44:22 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 642C817797; Fri, 23 Nov 2018 08:44:22 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.2.192])
	by smtp.corp.redhat.com (Postfix) with ESMTP id D52F317B35
	for <libvir-list@redhat.com>; Fri, 23 Nov 2018 08:44:20 +0000 (UTC)
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 23 Nov 2018 09:43:36 +0100
Message-Id: 
 <aabae896c35ea4f1a0d85c8c3cb7015b91f2ccaf.1542960893.git.mprivozn@redhat.com>
In-Reply-To: <cover.1542960893.git.mprivozn@redhat.com>
References: <cover.1542960893.git.mprivozn@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 18/18] qemu.conf: Allow users to enable/disable
	label remembering
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]);
 Fri, 23 Nov 2018 08:44:25 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/qemu/libvirtd_qemu.aug         | 1 +
 src/qemu/qemu.conf                 | 6 ++++++
 src/qemu/qemu_conf.c               | 4 ++++
 src/qemu/test_libvirtd_qemu.aug.in | 1 +
 4 files changed, 12 insertions(+)

diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index ddc4bbfd1d..8a5b39e568 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -71,6 +71,7 @@ module Libvirtd_qemu =3D
                  | str_entry "user"
                  | str_entry "group"
                  | bool_entry "dynamic_ownership"
+                 | bool_entry "remember_owner"
                  | str_array_entry "cgroup_controllers"
                  | str_array_entry "cgroup_device_acl"
                  | int_entry "seccomp_sandbox"
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 8391332cb4..31e8d8476b 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -450,6 +450,12 @@
 # Set to 0 to disable file ownership changes.
 #dynamic_ownership =3D 1
=20
+# Whether libvirt should remember and restore the original
+# ownership over files it is relabeling. Be aware that with the
+# current implementation this requires exclusive access to the
+# files which might hurt performance a bit in some cases.
+# Defaults to 1, set to 0 to disable the feature.
+#remember_owner =3D 1
=20
 # What cgroup controllers to make use of with QEMU guests
 #
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index a946b05d5d..89491a37b7 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -147,6 +147,7 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool priv=
ileged)
         cfg->group =3D (gid_t)-1;
     }
     cfg->dynamicOwnership =3D privileged;
+    cfg->rememberOwner =3D true;
=20
     cfg->cgroupControllers =3D -1; /* -1 =3D=3D auto-detect */
=20
@@ -730,6 +731,9 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr =
cfg,
     if (virConfGetValueBool(conf, "dynamic_ownership", &cfg->dynamicOwners=
hip) < 0)
         goto cleanup;
=20
+    if (virConfGetValueBool(conf, "remember_owner", &cfg->rememberOwner) <=
 0)
+        goto cleanup;
+
     if (virConfGetValueStringList(conf,  "cgroup_controllers", false,
                                   &controllers) < 0)
         goto cleanup;
diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qe=
mu.aug.in
index f1e8806ad2..92a8ae1192 100644
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -43,6 +43,7 @@ module Test_libvirtd_qemu =3D
 { "user" =3D "root" }
 { "group" =3D "root" }
 { "dynamic_ownership" =3D "1" }
+{ "remember_owner" =3D "1" }
 { "cgroup_controllers"
     { "1" =3D "cpu" }
     { "2" =3D "devices" }
--=20
2.18.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list