From nobody Wed Apr 24 17:00:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 154349957648814.177943458123536; Thu, 29 Nov 2018 05:52:56 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4E442BAED; Thu, 29 Nov 2018 13:52:54 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 19BB07F37B; Thu, 29 Nov 2018 13:52:54 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C00D6181B9EB; Thu, 29 Nov 2018 13:52:53 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id wATDqicA030901 for ; Thu, 29 Nov 2018 08:52:44 -0500 Received: by smtp.corp.redhat.com (Postfix) id 29A0D4106; Thu, 29 Nov 2018 13:52:44 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id A35062633E for ; Thu, 29 Nov 2018 13:52:43 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 29 Nov 2018 14:52:16 +0100 Message-Id: <64e363739e758eaf06f12d2ed1ffb72acfad3e76.1543499286.git.mprivozn@redhat.com> In-Reply-To: References: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 01/18] security: Unify header conditionals X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Thu, 29 Nov 2018 13:52:55 +0000 (UTC) Content-Type: text/plain; charset="utf-8" To avoid including a header file twice the following pattern is used: #ifndef __SOMETHING__ # define __SOMETHING__ where __SOMETHING__ should correspond to the header file name. However, some of our header files break that pattern. Signed-off-by: Michal Privoznik --- src/security/security_apparmor.h | 6 +++--- src/security/security_dac.h | 6 +++--- src/security/security_driver.h | 6 +++--- src/security/security_manager.h | 6 +++--- src/security/security_nop.h | 6 +++--- src/security/security_selinux.h | 6 +++--- src/security/security_stack.h | 6 +++--- 7 files changed, 21 insertions(+), 21 deletions(-) diff --git a/src/security/security_apparmor.h b/src/security/security_appar= mor.h index 7872588f64..6b454d1b5c 100644 --- a/src/security/security_apparmor.h +++ b/src/security/security_apparmor.h @@ -19,8 +19,8 @@ * Jamie Strandboge * */ -#ifndef __VIR_SECURITY_APPARMOR_H__ -# define __VIR_SECURITY_APPARMOR_H__ +#ifndef __SECURITY_APPARMOR_H__ +# define __SECURITY_APPARMOR_H__ =20 # include "security_driver.h" =20 @@ -30,4 +30,4 @@ extern virSecurityDriver virAppArmorSecurityDriver; # define PROFILE_NAME_SIZE 8 + VIR_UUID_STRING_BUFLEN /* AA_PREFIX + uuid= */ # define MAX_FILE_LEN (1024*1024*10) /* 10MB limit for sanity check= */ =20 -#endif /* __VIR_SECURITY_APPARMOR_H__ */ +#endif /* __SECURITY_APPARMOR_H__ */ diff --git a/src/security/security_dac.h b/src/security/security_dac.h index 97681c9610..8007bde000 100644 --- a/src/security/security_dac.h +++ b/src/security/security_dac.h @@ -20,8 +20,8 @@ =20 #include "security_driver.h" =20 -#ifndef __VIR_SECURITY_DAC -# define __VIR_SECURITY_DAC +#ifndef __SECURITY_DAC__ +# define __SECURITY_DAC__ =20 extern virSecurityDriver virSecurityDriverDAC; =20 @@ -38,4 +38,4 @@ void virSecurityDACSetMountNamespace(virSecurityManagerPt= r mgr, void virSecurityDACSetChownCallback(virSecurityManagerPtr mgr, virSecurityManagerDACChownCallback cho= wnCallback); =20 -#endif /* __VIR_SECURITY_DAC */ +#endif /* __SECURITY_DAC__ */ diff --git a/src/security/security_driver.h b/src/security/security_driver.h index cd221f1c78..25d49bb0f4 100644 --- a/src/security/security_driver.h +++ b/src/security/security_driver.h @@ -19,8 +19,8 @@ * James Morris * */ -#ifndef __VIR_SECURITY_H__ -# define __VIR_SECURITY_H__ +#ifndef __SECURITY_DRIVER_H__ +# define __SECURITY_DRIVER_H__ =20 # include "internal.h" # include "domain_conf.h" @@ -226,4 +226,4 @@ struct _virSecurityDriver { virSecurityDriverPtr virSecurityDriverLookup(const char *name, const char *virtDriver); =20 -#endif /* __VIR_SECURITY_H__ */ +#endif /* __SECURITY_DRIVER_H__ */ diff --git a/src/security/security_manager.h b/src/security/security_manage= r.h index 7e82304689..139b70ec10 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -20,8 +20,8 @@ * Author: Daniel P. Berrange */ =20 -#ifndef VIR_SECURITY_MANAGER_H__ -# define VIR_SECURITY_MANAGER_H__ +#ifndef __SECURITY_MANAGER_H__ +# define __SECURITY_MANAGER_H__ =20 # include "domain_conf.h" # include "vircommand.h" @@ -210,4 +210,4 @@ void virSecurityManagerMetadataUnlock(virSecurityManagerPtr mgr, virSecurityManagerMetadataLockStatePtr *s= tate); =20 -#endif /* VIR_SECURITY_MANAGER_H__ */ +#endif /* __SECURITY_MANAGER_H__ */ diff --git a/src/security/security_nop.h b/src/security/security_nop.h index 514b339467..7b2ded2292 100644 --- a/src/security/security_nop.h +++ b/src/security/security_nop.h @@ -17,11 +17,11 @@ * */ =20 -#ifndef __VIR_SECURITY_NOP_H__ -# define __VIR_SECURITY_NOP_H__ +#ifndef __SECURITY_NOP_H__ +# define __SECURITY_NOP_H__ =20 # include "security_driver.h" =20 extern virSecurityDriver virSecurityDriverNop; =20 -#endif /* __VIR_SECURITY_NOP_H__ */ +#endif /* __SECURITY_NOP_H__ */ diff --git a/src/security/security_selinux.h b/src/security/security_selinu= x.h index 1700d8c661..11b62acb52 100644 --- a/src/security/security_selinux.h +++ b/src/security/security_selinux.h @@ -19,9 +19,9 @@ * James Morris * */ -#ifndef __VIR_SECURITY_SELINUX_H__ -# define __VIR_SECURITY_SELINUX_H__ +#ifndef __SECURITY_SELINUX_H__ +# define __SECURITY_SELINUX_H__ =20 extern virSecurityDriver virSecurityDriverSELinux; =20 -#endif /* __VIR_SECURITY_SELINUX_H__ */ +#endif /* __SECURITY_SELINUX_H__ */ diff --git a/src/security/security_stack.h b/src/security/security_stack.h index b38f9a9481..7e6ab3d93e 100644 --- a/src/security/security_stack.h +++ b/src/security/security_stack.h @@ -20,8 +20,8 @@ =20 #include "security_driver.h" =20 -#ifndef __VIR_SECURITY_STACK -# define __VIR_SECURITY_STACK +#ifndef __SECURITY_STACK__ +# define __SECURITY_STACK__ =20 extern virSecurityDriver virSecurityDriverStack; =20 @@ -35,4 +35,4 @@ virSecurityStackGetPrimary(virSecurityManagerPtr mgr); virSecurityManagerPtr* virSecurityStackGetNested(virSecurityManagerPtr mgr); =20 -#endif /* __VIR_SECURITY_STACK */ +#endif /* __SECURITY_STACK__ */ --=20 2.18.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed Apr 24 17:00:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1543499580525436.16419652595243; Thu, 29 Nov 2018 05:53:00 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 616D14E936; Thu, 29 Nov 2018 13:52:58 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2878218EE7; Thu, 29 Nov 2018 13:52:58 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D0B2B3F609; Thu, 29 Nov 2018 13:52:57 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id wATDqj5w030910 for ; Thu, 29 Nov 2018 08:52:45 -0500 Received: by smtp.corp.redhat.com (Postfix) id F3C481C949; Thu, 29 Nov 2018 13:52:44 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 79A684106 for ; Thu, 29 Nov 2018 13:52:44 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 29 Nov 2018 14:52:17 +0100 Message-Id: <9db8d7c65f0d398de36c584d062a7c4cc266f6c1.1543499286.git.mprivozn@redhat.com> In-Reply-To: References: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 02/18] util: Introduce xattr getter/setter/remover X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Thu, 29 Nov 2018 13:52:59 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Signed-off-by: Michal Privoznik --- src/libvirt_private.syms | 3 + src/util/virfile.c | 121 +++++++++++++++++++++++++++++++++++++++ src/util/virfile.h | 11 ++++ 3 files changed, 135 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 5018a13e9c..8e5b610ab1 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1827,6 +1827,7 @@ virFileGetACLs; virFileGetHugepageSize; virFileGetMountReverseSubtree; virFileGetMountSubtree; +virFileGetXAtrr; virFileHasSuffix; virFileInData; virFileIsAbsPath; @@ -1866,6 +1867,7 @@ virFileReadValueUint; virFileRelLinkPointsTo; virFileRemove; virFileRemoveLastComponent; +virFileRemoveXAttr; virFileResolveAllLinks; virFileResolveLink; virFileRewrite; @@ -1873,6 +1875,7 @@ virFileRewriteStr; virFileSanitizePath; virFileSetACLs; virFileSetupDev; +virFileSetXAtrr; virFileSkipRoot; virFileStripSuffix; virFileTouch; diff --git a/src/util/virfile.c b/src/util/virfile.c index f6f9e4ceda..9df5f70c60 100644 --- a/src/util/virfile.c +++ b/src/util/virfile.c @@ -64,6 +64,10 @@ # include #endif =20 +#if HAVE_LIBATTR +# include +#endif + #include "configmake.h" #include "intprops.h" #include "vircommand.h" @@ -4354,3 +4358,120 @@ virFileWaitForExists(const char *path, =20 return 0; } + + +#if HAVE_LIBATTR +/** + * virFileGetXAtrr; + * @path: a filename + * @name: name of xattr + * @value: read value + * + * Reads xattr with @name for given @path and stores it into + * @value. Caller is responsible for freeing @value. + * + * Returns: 0 on success, + * -1 otherwise (with errno set). + */ +int +virFileGetXAtrr(const char *path, + const char *name, + char **value) +{ + char *buf =3D NULL; + int ret =3D -1; + + /* We might be racing with somebody who sets the same attribute. */ + do { + ssize_t need; + ssize_t got; + + /* The first call determines how many bytes we need to allocate. */ + if ((need =3D getxattr(path, name, NULL, 0)) < 0) + goto cleanup; + + if (VIR_REALLOC_N_QUIET(buf, need + 1) < 0) + goto cleanup; + + if ((got =3D getxattr(path, name, buf, need)) < 0) { + if (errno =3D=3D ERANGE) + continue; + goto cleanup; + } + + buf[got] =3D '\0'; + break; + } while (1); + + VIR_STEAL_PTR(*value, buf); + ret =3D 0; + cleanup: + VIR_FREE(buf); + return ret; +} + +/** + * virFileSetXAtrr: + * @path: a filename + * @name: name of xattr + * @value: value to set + * + * Sets xattr of @name and @value on @path. + * + * Returns: 0 on success, + * -1 otherwise (with errno set). + */ +int +virFileSetXAtrr(const char *path, + const char *name, + const char *value) +{ + return setxattr(path, name, value, strlen(value), 0); +} + +/** + * virFileRemoveXAttr: + * @path: a filename + * @name: name of xattr + * + * Remove xattr of @name on @path. + * + * Returns: 0 on success, + * -1 otherwise (with errno set). + */ +int +virFileRemoveXAttr(const char *path, + const char *name) +{ + return removexattr(path, name); +} + +#else /* !HAVE_LIBATTR */ + +int +virFileGetXAtrr(const char *path ATTRIBUTE_UNUSED, + const char *name ATTRIBUTE_UNUSED, + char **value ATTRIBUTE_UNUSED) +{ + errno =3D ENOSYS; + return -1; +} + +int +virFileSetXAtrr(const char *path ATTRIBUTE_UNUSED, + const char *name ATTRIBUTE_UNUSED, + const char *value ATTRIBUTE_UNUSED) +{ + errno =3D ENOSYS; + return -1; +} + +int +virFileRemoveXAttr(const char *path ATTRIBUTE_UNUSED, + const char *name ATTRIBUTE_UNUSED) +{ + errno =3D ENOSYS; + return -1; +} + +#endif /* HAVE_LIBATTR */ diff --git a/src/util/virfile.h b/src/util/virfile.h index 0f7dece958..9cd1bc3a5f 100644 --- a/src/util/virfile.h +++ b/src/util/virfile.h @@ -383,4 +383,15 @@ int virFileInData(int fd, =20 VIR_DEFINE_AUTOPTR_FUNC(virFileWrapperFd, virFileWrapperFdFree) =20 +int virFileGetXAtrr(const char *path, + const char *name, + char **value); + +int virFileSetXAtrr(const char *path, + const char *name, + const char *value); + +int virFileRemoveXAttr(const char *path, + const char *name); + #endif /* __VIR_FILE_H */ --=20 2.18.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed Apr 24 17:00:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1543499570033521.8542858809881; Thu, 29 Nov 2018 05:52:50 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0447B88E57; Thu, 29 Nov 2018 13:52:48 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B9B5B5C6F8; Thu, 29 Nov 2018 13:52:47 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 725841808872; Thu, 29 Nov 2018 13:52:47 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id wATDqjFd030920 for ; Thu, 29 Nov 2018 08:52:45 -0500 Received: by smtp.corp.redhat.com (Postfix) id CBB5E1C949; Thu, 29 Nov 2018 13:52:45 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 513D94106 for ; Thu, 29 Nov 2018 13:52:45 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 29 Nov 2018 14:52:18 +0100 Message-Id: <57cb1d3ce592eb61de2bf8de0d3fedc88ea99574.1543499286.git.mprivozn@redhat.com> In-Reply-To: References: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 03/18] security: Include security_util X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Thu, 29 Nov 2018 13:52:48 +0000 (UTC) Content-Type: text/plain; charset="utf-8" This file implements wrappers over XATTR getter/setter. It ensures the proper XATTR namespace is used. Signed-off-by: Michal Privoznik --- src/security/Makefile.inc.am | 2 + src/security/security_util.c | 226 +++++++++++++++++++++++++++++++++++ src/security/security_util.h | 32 +++++ 3 files changed, 260 insertions(+) create mode 100644 src/security/security_util.c create mode 100644 src/security/security_util.h diff --git a/src/security/Makefile.inc.am b/src/security/Makefile.inc.am index f88b82df7b..0ade97d355 100644 --- a/src/security/Makefile.inc.am +++ b/src/security/Makefile.inc.am @@ -14,6 +14,8 @@ SECURITY_DRIVER_SOURCES =3D \ security/security_dac.c \ security/security_manager.h \ security/security_manager.c \ + security/security_util.h \ + security/security_util.c \ $(NULL) =20 SECURITY_DRIVER_SELINUX_SOURCES =3D \ diff --git a/src/security/security_util.c b/src/security/security_util.c new file mode 100644 index 0000000000..7b3cef5e1a --- /dev/null +++ b/src/security/security_util.c @@ -0,0 +1,226 @@ +/* + * Copyright (C) 2018 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * . + */ + +#include + +#include "viralloc.h" +#include "virfile.h" +#include "virstring.h" +#include "virerror.h" + +#include "security_util.h" + +#define VIR_FROM_THIS VIR_FROM_SECURITY + +/* There are four namespaces available on Linux (xattr(7)): + * + * user - can be modified by anybody, + * system - used by ACLs + * security - used by SELinux + * trusted - accessibly by CAP_SYS_ADMIN processes only + * + * Looks like the last one is way to go. + * Unfortunately, FreeBSD only supports: + * + * user - can be modified by anybody, + * system - accessible by CAP_SYS_ADMIN processes only + * + * Note that 'system' on FreeBSD corresponds to 'trusted' on + * Linux. So far the only point where FreeBSD and Linux can meet + * is NFS which still doesn't support XATTRs. Therefore we can + * use different namespace on each system. If NFS gains support + * for XATTRs then we have to find a way to deal with the + * different namespaces. But that is a problem for future me. + */ +#if defined(__linux__) +# define XATTR_NAMESPACE "trusted" +#elif defined(__FreeBSD__) +# define XATTR_NAMESPACE "system" +#endif + +static char * +virSecurityGetAttrName(const char *name ATTRIBUTE_UNUSED) +{ + char *ret =3D NULL; +#ifdef XATTR_NAMESPACE + ignore_value(virAsprintf(&ret, XATTR_NAMESPACE".libvirt.security.%s", = name)); +#else + errno =3D ENOSYS; + virReportSystemError(errno, "%s", + _("Extended attributes are not supported on this = system")); +#endif + return ret; +} + + +static char * +virSecurityGetRefCountAttrName(const char *name ATTRIBUTE_UNUSED) +{ + char *ret =3D NULL; +#ifdef XATTR_NAMESPACE + ignore_value(virAsprintf(&ret, XATTR_NAMESPACE".libvirt.security.ref_%= s", name)); +#else + errno =3D ENOSYS; + virReportSystemError(errno, "%s", + _("Extended attributes are not supported on this = system")); +#endif + return ret; +} + + +/** + * virSecurityGetRememberedLabel: + * @name: security driver name + * @path: file name + * @label: label + * + * For given @path and security driver (@name) fetch remembered + * @label. The caller must not restore label if an error is + * indicated or if @label is NULL upon return. + * + * Returns: 0 on success, + * -1 otherwise (with error reported) + */ +int +virSecurityGetRememberedLabel(const char *name, + const char *path, + char **label) +{ + char *ref_name =3D NULL; + char *attr_name =3D NULL; + char *value =3D NULL; + unsigned int refcount =3D 0; + int ret =3D -1; + + *label =3D NULL; + + if (!(ref_name =3D virSecurityGetRefCountAttrName(name))) + goto cleanup; + + if (virFileGetXAtrr(path, ref_name, &value) < 0) { + if (errno =3D=3D ENOSYS || errno =3D=3D ENODATA || errno =3D=3D EN= OTSUP) { + ret =3D 0; + } else { + virReportSystemError(errno, + _("Unable to get XATTR %s on %s"), + ref_name, + path); + } + goto cleanup; + } + + if (virStrToLong_ui(value, NULL, 10, &refcount) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("malformed refcount %s on %s"), + value, path); + goto cleanup; + } + + VIR_FREE(value); + + refcount--; + + if (refcount > 0) { + if (virAsprintf(&value, "%u", refcount) < 0) + goto cleanup; + + if (virFileSetXAtrr(path, ref_name, value) < 0) + goto cleanup; + } else { + if (virFileRemoveXAttr(path, ref_name) < 0) + goto cleanup; + + if (!(attr_name =3D virSecurityGetAttrName(name))) + goto cleanup; + + if (virFileGetXAtrr(path, attr_name, label) < 0) + goto cleanup; + + if (virFileRemoveXAttr(path, attr_name) < 0) + goto cleanup; + } + + ret =3D 0; + cleanup: + VIR_FREE(value); + VIR_FREE(attr_name); + VIR_FREE(ref_name); + return ret; +} + + +int +virSecuritySetRememberedLabel(const char *name, + const char *path, + const char *label) +{ + char *ref_name =3D NULL; + char *attr_name =3D NULL; + char *value =3D NULL; + unsigned int refcount =3D 0; + int ret =3D -1; + + if (!(ref_name =3D virSecurityGetRefCountAttrName(name))) + goto cleanup; + + if (virFileGetXAtrr(path, ref_name, &value) < 0) { + if (errno =3D=3D ENOSYS || errno =3D=3D ENOTSUP) { + ret =3D 0; + goto cleanup; + } else if (errno !=3D ENODATA) { + virReportSystemError(errno, + _("Unable to get XATTR %s on %s"), + ref_name, + path); + goto cleanup; + } + } + + if (value && + virStrToLong_ui(value, NULL, 10, &refcount) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("malformed refcount %s on %s"), + value, path); + goto cleanup; + } + + VIR_FREE(value); + + refcount++; + + if (refcount =3D=3D 1) { + if (!(attr_name =3D virSecurityGetAttrName(name))) + goto cleanup; + + if (virFileSetXAtrr(path, attr_name, label) < 0) + goto cleanup; + } + + if (virAsprintf(&value, "%u", refcount) < 0) + goto cleanup; + + if (virFileSetXAtrr(path, ref_name, value) < 0) + goto cleanup; + + ret =3D 0; + cleanup: + VIR_FREE(value); + VIR_FREE(attr_name); + VIR_FREE(ref_name); + return ret; +} diff --git a/src/security/security_util.h b/src/security/security_util.h new file mode 100644 index 0000000000..a6e67f4390 --- /dev/null +++ b/src/security/security_util.h @@ -0,0 +1,32 @@ +/* + * Copyright (C) 2018 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * . + */ + +#ifndef __SECURITY_UTIL_H__ +# define __SECURITY_UTIL_H__ + +int +virSecurityGetRememberedLabel(const char *name, + const char *path, + char **label); + +int +virSecuritySetRememberedLabel(const char *name, + const char *path, + const char *label); + +#endif /* __SECURITY_UTIL_H__ */ --=20 2.18.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed Apr 24 17:00:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 154349957619490.68833168989033; Thu, 29 Nov 2018 05:52:56 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 56E98307C81E; Thu, 29 Nov 2018 13:52:54 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1F1A95C7C8; Thu, 29 Nov 2018 13:52:54 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C4F20181B9F6; Thu, 29 Nov 2018 13:52:53 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id wATDqk9K030926 for ; Thu, 29 Nov 2018 08:52:46 -0500 Received: by smtp.corp.redhat.com (Postfix) id A6B222634F; Thu, 29 Nov 2018 13:52:46 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2A0192633E for ; Thu, 29 Nov 2018 13:52:45 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 29 Nov 2018 14:52:19 +0100 Message-Id: <56a63b666cc16b1350bde623ff3c124eb5a6ff14.1543499286.git.mprivozn@redhat.com> In-Reply-To: References: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 04/18] security_dac: Restore label on failed chown() attempt X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Thu, 29 Nov 2018 13:52:55 +0000 (UTC) Content-Type: text/plain; charset="utf-8" It's important to keep XATTRs untouched (well, in the same state they were in when entering the function). Otherwise our refcounting would be messed up. Signed-off-by: Michal Privoznik Reviewed-by: Daniel P. Berrang=C3=A9 --- src/security/security_dac.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 6b64d2c07a..8155c6d58a 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -718,7 +718,25 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr, VIR_INFO("Setting DAC user and group on '%s' to '%ld:%ld'", NULLSTR(src ? src->path : path), (long)uid, (long)gid); =20 - return virSecurityDACSetOwnershipInternal(priv, src, path, uid, gid); + if (virSecurityDACSetOwnershipInternal(priv, src, path, uid, gid) < 0)= { + virErrorPtr origerr; + + virErrorPreserveLast(&origerr); + /* Try to restore the label. This is done so that XATTRs + * are left in the same state as when the control entered + * this function. However, if our attempt fails, there's + * not much we can do. XATTRs refcounting is fubar'ed and + * the only option we have is warn users. */ + if (virSecurityDACRestoreFileLabelInternal(mgr, src, path) < 0) + VIR_WARN("Unable to restore label on '%s'. " + "XATTRs might have been left in inconsistent state.", + NULLSTR(src ? src->path : path)); + + virErrorRestore(&origerr); + return -1; + } + + return 0; } =20 =20 --=20 2.18.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed Apr 24 17:00:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1543499589086915.7557409624945; Thu, 29 Nov 2018 05:53:09 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1962141A51; Thu, 29 Nov 2018 13:53:07 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D68D019483; Thu, 29 Nov 2018 13:53:06 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 8F03918436BF; Thu, 29 Nov 2018 13:53:06 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id wATDql83030931 for ; Thu, 29 Nov 2018 08:52:47 -0500 Received: by smtp.corp.redhat.com (Postfix) id 7B4301C92C; Thu, 29 Nov 2018 13:52:47 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id F3E442633E for ; Thu, 29 Nov 2018 13:52:46 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 29 Nov 2018 14:52:20 +0100 Message-Id: <6450e0c5c1ce037da4e5f31f43caab4044782bc7.1543499286.git.mprivozn@redhat.com> In-Reply-To: References: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 05/18] virSecurityDACTransactionRun: Implement rollback X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Thu, 29 Nov 2018 13:53:07 +0000 (UTC) Content-Type: text/plain; charset="utf-8" When iterating over list of paths/disk sources to relabel it may happen that the process fails at some point. In that case, for the sake of keeping seclabel refcount (stored in XATTRs) in sync with reality we have to perform rollback. However, if that fails too the only thing we can do is warn user. Signed-off-by: Michal Privoznik Reviewed-by: Daniel P. Berrang=C3=A9 --- src/security/security_dac.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 8155c6d58a..82b16f96ee 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -229,7 +229,6 @@ virSecurityDACTransactionRun(pid_t pid ATTRIBUTE_UNUSED, for (i =3D 0; i < list->nItems; i++) { virSecurityDACChownItemPtr item =3D list->items[i]; =20 - /* TODO Implement rollback */ if (!item->restore) { rv =3D virSecurityDACSetOwnership(list->manager, item->src, @@ -246,6 +245,19 @@ virSecurityDACTransactionRun(pid_t pid ATTRIBUTE_UNUSE= D, break; } =20 + for (; rv < 0 && i > 0; i--) { + virSecurityDACChownItemPtr item =3D list->items[i - 1]; + + if (!item->restore) { + virSecurityDACRestoreFileLabelInternal(list->manager, + item->src, + item->path); + } else { + VIR_WARN("Ignoring failed restore attempt on %s", + NULLSTR(item->src ? item->src->path : item->path)); + } + } + if (list->lock) virSecurityManagerMetadataUnlock(list->manager, &state); =20 --=20 2.18.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed Apr 24 17:00:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1543499574879502.5016469117504; Thu, 29 Nov 2018 05:52:54 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1490B3154853; Thu, 29 Nov 2018 13:52:53 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D2E4B7E3FA; Thu, 29 Nov 2018 13:52:52 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 8A5803F605; Thu, 29 Nov 2018 13:52:52 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id wATDqm9A030939 for ; Thu, 29 Nov 2018 08:52:48 -0500 Received: by smtp.corp.redhat.com (Postfix) id 4D57726384; Thu, 29 Nov 2018 13:52:48 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id C86F5194BA for ; Thu, 29 Nov 2018 13:52:47 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 29 Nov 2018 14:52:21 +0100 Message-Id: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 06/18] virSecurityDACRestoreAllLabel: Reorder device relabeling X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Thu, 29 Nov 2018 13:52:53 +0000 (UTC) Content-Type: text/plain; charset="utf-8" It helps whe trying to match calls with virSecurityDACSetAllLabel if the order in which devices are set/restored is the same in both functions. Signed-off-by: Michal Privoznik Reviewed-by: Daniel P. Berrang=C3=A9 --- src/security/security_dac.c | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 82b16f96ee..9b3069e60c 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1665,24 +1665,6 @@ virSecurityDACRestoreAllLabel(virSecurityManagerPtr = mgr, VIR_DEBUG("Restoring security label on %s migrated=3D%d", def->name, migrated); =20 - for (i =3D 0; i < def->nhostdevs; i++) { - if (virSecurityDACRestoreHostdevLabel(mgr, - def, - def->hostdevs[i], - NULL) < 0) - rc =3D -1; - } - - for (i =3D 0; i < def->ngraphics; i++) { - if (virSecurityDACRestoreGraphicsLabel(mgr, def, def->graphics[i])= < 0) - return -1; - } - - for (i =3D 0; i < def->ninputs; i++) { - if (virSecurityDACRestoreInputLabel(mgr, def, def->inputs[i]) < 0) - rc =3D -1; - } - for (i =3D 0; i < def->ndisks; i++) { if (virSecurityDACRestoreImageLabelInt(mgr, def, @@ -1691,6 +1673,24 @@ virSecurityDACRestoreAllLabel(virSecurityManagerPtr = mgr, rc =3D -1; } =20 + for (i =3D 0; i < def->ngraphics; i++) { + if (virSecurityDACRestoreGraphicsLabel(mgr, def, def->graphics[i])= < 0) + return -1; + } + + for (i =3D 0; i < def->ninputs; i++) { + if (virSecurityDACRestoreInputLabel(mgr, def, def->inputs[i]) < 0) + rc =3D -1; + } + + for (i =3D 0; i < def->nhostdevs; i++) { + if (virSecurityDACRestoreHostdevLabel(mgr, + def, + def->hostdevs[i], + NULL) < 0) + rc =3D -1; + } + for (i =3D 0; i < def->nmems; i++) { if (virSecurityDACRestoreMemoryLabel(mgr, def, --=20 2.18.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed Apr 24 17:00:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1543499579361849.2907897228231; Thu, 29 Nov 2018 05:52:59 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 61CB6C05D40A; Thu, 29 Nov 2018 13:52:57 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2EF5418ED8; Thu, 29 Nov 2018 13:52:57 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id DFCD93F607; Thu, 29 Nov 2018 13:52:56 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id wATDqnDK030950 for ; Thu, 29 Nov 2018 08:52:49 -0500 Received: by smtp.corp.redhat.com (Postfix) id 23FEE1C94C; Thu, 29 Nov 2018 13:52:49 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9EDE9194BA for ; Thu, 29 Nov 2018 13:52:48 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 29 Nov 2018 14:52:22 +0100 Message-Id: <446d912aae3ddde0570ddd855cbeeb5e9ddb9746.1543499286.git.mprivozn@redhat.com> In-Reply-To: References: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 07/18] virSecurityDACRestoreAllLabel: Restore more labels X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Thu, 29 Nov 2018 13:52:58 +0000 (UTC) Content-Type: text/plain; charset="utf-8" We are setting label on kernel, initrd, dtb and slic_table files. But we never restored it. Signed-off-by: Michal Privoznik Reviewed-by: Daniel P. Berrang=C3=A9 --- src/security/security_dac.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 9b3069e60c..de12a1e351 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1720,6 +1720,22 @@ virSecurityDACRestoreAllLabel(virSecurityManagerPtr = mgr, virSecurityDACRestoreFileLabel(mgr, def->os.loader->nvram) < 0) rc =3D -1; =20 + if (def->os.kernel && + virSecurityDACRestoreFileLabel(mgr, def->os.kernel) < 0) + rc =3D -1; + + if (def->os.initrd && + virSecurityDACRestoreFileLabel(mgr, def->os.initrd) < 0) + rc =3D -1; + + if (def->os.dtb && + virSecurityDACRestoreFileLabel(mgr, def->os.dtb) < 0) + rc =3D -1; + + if (def->os.slic_table && + virSecurityDACRestoreFileLabel(mgr, def->os.slic_table) < 0) + rc =3D -1; + return rc; } =20 --=20 2.18.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed Apr 24 17:00:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1543499594598603.3128666246716; Thu, 29 Nov 2018 05:53:14 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5CBFA3001392; Thu, 29 Nov 2018 13:53:11 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2C4D165F4E; Thu, 29 Nov 2018 13:53:11 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id CF2C21888BBE; Thu, 29 Nov 2018 13:53:10 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id wATDqnTl030960 for ; Thu, 29 Nov 2018 08:52:50 -0500 Received: by smtp.corp.redhat.com (Postfix) id ECFC2194BA; Thu, 29 Nov 2018 13:52:49 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 71DFD1C94C for ; Thu, 29 Nov 2018 13:52:49 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 29 Nov 2018 14:52:23 +0100 Message-Id: <57d9d0ec4121c423e24e2a4e5705804a1dc6fc55.1543499286.git.mprivozn@redhat.com> In-Reply-To: References: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 08/18] security_dac: Allow callers to enable/disable label remembering/recall X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]); Thu, 29 Nov 2018 13:53:13 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Because the implementation that will be used for label remembering/recall is not atomic we have to give callers a chance to enable or disable it. That is, enable it if and only if metadata locking is enabled. Otherwise the feature MUST be turned off. Signed-off-by: Michal Privoznik Reviewed-by: Daniel P. Berrang=C3=A9 --- src/security/security_dac.c | 74 ++++++++++++++++++++++--------------- 1 file changed, 45 insertions(+), 29 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index de12a1e351..cdbe07543c 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -182,11 +182,13 @@ static int virSecurityDACSetOwnership(virSecurityMana= gerPtr mgr, const virStorageSource *src, const char *path, uid_t uid, - gid_t gid); + gid_t gid, + bool remember); =20 static int virSecurityDACRestoreFileLabelInternal(virSecurityManagerPtr mg= r, const virStorageSource *= src, - const char *path); + const char *path, + bool recall); /** * virSecurityDACTransactionRun: * @pid: process pid @@ -234,11 +236,13 @@ virSecurityDACTransactionRun(pid_t pid ATTRIBUTE_UNUS= ED, item->src, item->path, item->uid, - item->gid); + item->gid, + list->lock); } else { rv =3D virSecurityDACRestoreFileLabelInternal(list->manager, item->src, - item->path); + item->path, + list->lock); } =20 if (rv < 0) @@ -251,7 +255,8 @@ virSecurityDACTransactionRun(pid_t pid ATTRIBUTE_UNUSED, if (!item->restore) { virSecurityDACRestoreFileLabelInternal(list->manager, item->src, - item->path); + item->path, + list->lock); } else { VIR_WARN("Ignoring failed restore attempt on %s", NULLSTR(item->src ? item->src->path : item->path)); @@ -699,7 +704,8 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr, const virStorageSource *src, const char *path, uid_t uid, - gid_t gid) + gid_t gid, + bool remember) { virSecurityDACDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); struct stat sb; @@ -717,7 +723,7 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr, else if (rc > 0) return 0; =20 - if (path) { + if (remember && path) { if (stat(path, &sb) < 0) { virReportSystemError(errno, _("unable to stat: %s"), path); return -1; @@ -739,7 +745,7 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr, * this function. However, if our attempt fails, there's * not much we can do. XATTRs refcounting is fubar'ed and * the only option we have is warn users. */ - if (virSecurityDACRestoreFileLabelInternal(mgr, src, path) < 0) + if (virSecurityDACRestoreFileLabelInternal(mgr, src, path, remembe= r) < 0) VIR_WARN("Unable to restore label on '%s'. " "XATTRs might have been left in inconsistent state.", NULLSTR(src ? src->path : path)); @@ -755,7 +761,8 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr, static int virSecurityDACRestoreFileLabelInternal(virSecurityManagerPtr mgr, const virStorageSource *src, - const char *path) + const char *path, + bool recall) { virSecurityDACDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); int rv; @@ -774,7 +781,7 @@ virSecurityDACRestoreFileLabelInternal(virSecurityManag= erPtr mgr, else if (rv > 0) return 0; =20 - if (path) { + if (recall && path) { rv =3D virSecurityDACRecallLabel(priv, path, &uid, &gid); if (rv < 0) return -1; @@ -793,7 +800,7 @@ static int virSecurityDACRestoreFileLabel(virSecurityManagerPtr mgr, const char *path) { - return virSecurityDACRestoreFileLabelInternal(mgr, NULL, path); + return virSecurityDACRestoreFileLabelInternal(mgr, NULL, path, false); } =20 =20 @@ -840,7 +847,7 @@ virSecurityDACSetImageLabelInternal(virSecurityManagerP= tr mgr, return -1; } =20 - return virSecurityDACSetOwnership(mgr, src, NULL, user, group); + return virSecurityDACSetOwnership(mgr, src, NULL, user, group, false); } =20 =20 @@ -920,7 +927,7 @@ virSecurityDACRestoreImageLabelInt(virSecurityManagerPt= r mgr, } } =20 - return virSecurityDACRestoreFileLabelInternal(mgr, src, NULL); + return virSecurityDACRestoreFileLabelInternal(mgr, src, NULL, false); } =20 =20 @@ -956,7 +963,7 @@ virSecurityDACSetHostdevLabelHelper(const char *file, if (virSecurityDACGetIds(secdef, priv, &user, &group, NULL, NULL) < 0) return -1; =20 - return virSecurityDACSetOwnership(mgr, NULL, file, user, group); + return virSecurityDACSetOwnership(mgr, NULL, file, user, group, false); } =20 =20 @@ -1332,7 +1339,7 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr m= gr, case VIR_DOMAIN_CHR_TYPE_FILE: ret =3D virSecurityDACSetOwnership(mgr, NULL, dev_source->data.file.path, - user, group); + user, group, false); break; =20 case VIR_DOMAIN_CHR_TYPE_PIPE: @@ -1340,12 +1347,12 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr= mgr, virAsprintf(&out, "%s.out", dev_source->data.file.path) < 0) goto done; if (virFileExists(in) && virFileExists(out)) { - if (virSecurityDACSetOwnership(mgr, NULL, in, user, group) < 0= || - virSecurityDACSetOwnership(mgr, NULL, out, user, group) < = 0) + if (virSecurityDACSetOwnership(mgr, NULL, in, user, group, fal= se) < 0 || + virSecurityDACSetOwnership(mgr, NULL, out, user, group, fa= lse) < 0) goto done; } else if (virSecurityDACSetOwnership(mgr, NULL, dev_source->data.file.path, - user, group) < 0) { + user, group, false) < 0) { goto done; } ret =3D 0; @@ -1360,7 +1367,7 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr m= gr, * and passed via FD */ if (virSecurityDACSetOwnership(mgr, NULL, dev_source->data.nix.path, - user, group) < 0) + user, group, false) < 0) goto done; } ret =3D 0; @@ -1543,7 +1550,7 @@ virSecurityDACSetGraphicsLabel(virSecurityManagerPtr = mgr, gfx->data.spice.rendernode) { if (virSecurityDACSetOwnership(mgr, NULL, gfx->data.spice.rendernode, - user, group) < 0) + user, group, false) < 0) return -1; } =20 @@ -1585,7 +1592,9 @@ virSecurityDACSetInputLabel(virSecurityManagerPtr mgr, if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL= ) < 0) return -1; =20 - ret =3D virSecurityDACSetOwnership(mgr, NULL, input->source.evdev,= user, group); + ret =3D virSecurityDACSetOwnership(mgr, NULL, + input->source.evdev, + user, group, false); break; =20 case VIR_DOMAIN_INPUT_TYPE_MOUSE: @@ -1773,7 +1782,9 @@ virSecurityDACSetMemoryLabel(virSecurityManagerPtr mg= r, if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL= ) < 0) return -1; =20 - ret =3D virSecurityDACSetOwnership(mgr, NULL, mem->nvdimmPath, use= r, group); + ret =3D virSecurityDACSetOwnership(mgr, NULL, + mem->nvdimmPath, + user, group, false); break; =20 case VIR_DOMAIN_MEMORY_MODEL_DIMM: @@ -1862,27 +1873,32 @@ virSecurityDACSetAllLabel(virSecurityManagerPtr mgr, =20 if (def->os.loader && def->os.loader->nvram && virSecurityDACSetOwnership(mgr, NULL, - def->os.loader->nvram, user, group) < 0) + def->os.loader->nvram, + user, group, false) < 0) return -1; =20 if (def->os.kernel && virSecurityDACSetOwnership(mgr, NULL, - def->os.kernel, user, group) < 0) + def->os.kernel, + user, group, false) < 0) return -1; =20 if (def->os.initrd && virSecurityDACSetOwnership(mgr, NULL, - def->os.initrd, user, group) < 0) + def->os.initrd, + user, group, false) < 0) return -1; =20 if (def->os.dtb && virSecurityDACSetOwnership(mgr, NULL, - def->os.dtb, user, group) < 0) + def->os.dtb, + user, group, false) < 0) return -1; =20 if (def->os.slic_table && virSecurityDACSetOwnership(mgr, NULL, - def->os.slic_table, user, group) < 0) + def->os.slic_table, + user, group, false) < 0) return -1; =20 return 0; @@ -1904,7 +1920,7 @@ virSecurityDACSetSavedStateLabel(virSecurityManagerPt= r mgr, if (virSecurityDACGetImageIds(secdef, priv, &user, &group) < 0) return -1; =20 - return virSecurityDACSetOwnership(mgr, NULL, savefile, user, group); + return virSecurityDACSetOwnership(mgr, NULL, savefile, user, group, fa= lse); } =20 =20 @@ -2224,7 +2240,7 @@ virSecurityDACDomainSetPathLabel(virSecurityManagerPt= r mgr, if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < = 0) return -1; =20 - return virSecurityDACSetOwnership(mgr, NULL, path, user, group); + return virSecurityDACSetOwnership(mgr, NULL, path, user, group, false); } =20 virSecurityDriver virSecurityDriverDAC =3D { --=20 2.18.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed Apr 24 17:00:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1543499580643259.88303510330445; Thu, 29 Nov 2018 05:53:00 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3A2B63167E63; Thu, 29 Nov 2018 13:52:58 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0539718EE9; Thu, 29 Nov 2018 13:52:58 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id AA28F181BA1B; Thu, 29 Nov 2018 13:52:57 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id wATDqoPA030971 for ; Thu, 29 Nov 2018 08:52:50 -0500 Received: by smtp.corp.redhat.com (Postfix) id C6CCC26DC4; Thu, 29 Nov 2018 13:52:50 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 47CF11853A for ; Thu, 29 Nov 2018 13:52:50 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 29 Nov 2018 14:52:24 +0100 Message-Id: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 09/18] security_dac: Remember old labels X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Thu, 29 Nov 2018 13:52:58 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Signed-off-by: Michal Privoznik Reviewed-by: Daniel P. Berrang=C3=A9 --- src/security/security_dac.c | 48 ++++++++++++++++++++++++++++++------- 1 file changed, 40 insertions(+), 8 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index cdbe07543c..9d31faa9d4 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -29,6 +29,7 @@ #endif =20 #include "security_dac.h" +#include "security_util.h" #include "virerror.h" #include "virfile.h" #include "viralloc.h" @@ -415,11 +416,26 @@ virSecurityDACGetImageIds(virSecurityLabelDefPtr secl= abel, */ static int virSecurityDACRememberLabel(virSecurityDACDataPtr priv ATTRIBUTE_UNUSED, - const char *path ATTRIBUTE_UNUSED, - uid_t uid ATTRIBUTE_UNUSED, - gid_t gid ATTRIBUTE_UNUSED) + const char *path, + uid_t uid, + gid_t gid) { - return 0; + char *label =3D NULL; + int ret =3D -1; + + if (virAsprintf(&label, "+%u:+%u", + (unsigned int)uid, + (unsigned int)gid) < 0) + goto cleanup; + + if (virSecuritySetRememberedLabel(SECURITY_DAC_NAME, + path, label) < 0) + goto cleanup; + + ret =3D 0; + cleanup: + VIR_FREE(label); + return ret; } =20 /** @@ -439,11 +455,27 @@ virSecurityDACRememberLabel(virSecurityDACDataPtr pri= v ATTRIBUTE_UNUSED, */ static int virSecurityDACRecallLabel(virSecurityDACDataPtr priv ATTRIBUTE_UNUSED, - const char *path ATTRIBUTE_UNUSED, - uid_t *uid ATTRIBUTE_UNUSED, - gid_t *gid ATTRIBUTE_UNUSED) + const char *path, + uid_t *uid, + gid_t *gid) { - return 0; + char *label; + int ret =3D -1; + + if (virSecurityGetRememberedLabel(SECURITY_DAC_NAME, + path, &label) < 0) + goto cleanup; + + if (!label) + return 1; + + if (virParseOwnershipIds(label, uid, gid) < 0) + goto cleanup; + + ret =3D 0; + cleanup: + VIR_FREE(label); + return ret; } =20 static virSecurityDriverStatus --=20 2.18.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed Apr 24 17:00:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1543499585264314.45221166768886; Thu, 29 Nov 2018 05:53:05 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5D4F730820EE; Thu, 29 Nov 2018 13:53:02 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1B6D4600C6; Thu, 29 Nov 2018 13:53:02 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C5C9618433EE; Thu, 29 Nov 2018 13:53:01 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id wATDqtQw031003 for ; Thu, 29 Nov 2018 08:52:55 -0500 Received: by smtp.corp.redhat.com (Postfix) id 80B2F1C92C; Thu, 29 Nov 2018 13:52:55 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 079DD26E40 for ; Thu, 29 Nov 2018 13:52:50 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 29 Nov 2018 14:52:25 +0100 Message-Id: <4af15e2d2dd0c6fd1d3281b1ccf60535d8dccfd5.1543499286.git.mprivozn@redhat.com> In-Reply-To: References: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 10/18] virSecurityDACRestoreImageLabelInt: Restore even shared/RO disks X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]); Thu, 29 Nov 2018 13:53:03 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Now that we have seclabel remembering we can safely restore labels for shared and RO disks. In fact we need to do that to keep seclabel refcount stored in XATTRs in sync with reality. Signed-off-by: Michal Privoznik Reviewed-by: Daniel P. Berrang=C3=A9 --- src/security/security_dac.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 9d31faa9d4..60adfaf526 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -921,14 +921,6 @@ virSecurityDACRestoreImageLabelInt(virSecurityManagerP= tr mgr, if (!priv->dynamicOwnership) return 0; =20 - /* Don't restore labels on readoly/shared disks, because other VMs may - * still be accessing these. Alternatively we could iterate over all - * running domains and try to figure out if it is in use, but this wou= ld - * not work for clustered filesystems, since we can't see running VMs = using - * the file on other nodes. Safest bet is thus to skip the restore ste= p. */ - if (src->readonly || src->shared) - return 0; - secdef =3D virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME); if (secdef && !secdef->relabel) return 0; --=20 2.18.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed Apr 24 17:00:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1543499584120233.25227603904887; Thu, 29 Nov 2018 05:53:04 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id CD6A83078AAB; Thu, 29 Nov 2018 13:53:01 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 79C9B1C951; Thu, 29 Nov 2018 13:53:01 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id F1981181BA17; Thu, 29 Nov 2018 13:53:00 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id wATDquDs031010 for ; Thu, 29 Nov 2018 08:52:56 -0500 Received: by smtp.corp.redhat.com (Postfix) id 54ED926DDF; Thu, 29 Nov 2018 13:52:56 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id CFC8026DC4 for ; Thu, 29 Nov 2018 13:52:55 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 29 Nov 2018 14:52:26 +0100 Message-Id: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 11/18] security_selinux: Track if transaction is restore X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Thu, 29 Nov 2018 13:53:02 +0000 (UTC) Content-Type: text/plain; charset="utf-8" It is going to be important to know if the current transaction we are running is a restore operation or set label operation. Signed-off-by: Michal Privoznik Reviewed-by: Daniel P. Berrang=C3=A9 --- src/security/security_selinux.c | 36 +++++++++++++++++++++++---------- 1 file changed, 25 insertions(+), 11 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 95e9a1b0c7..715d9a428b 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -85,6 +85,7 @@ struct _virSecuritySELinuxContextItem { char *path; char *tcon; bool optional; + bool restore; }; =20 typedef struct _virSecuritySELinuxContextList virSecuritySELinuxContextLis= t; @@ -123,7 +124,8 @@ static int virSecuritySELinuxContextListAppend(virSecuritySELinuxContextListPtr list, const char *path, const char *tcon, - bool optional) + bool optional, + bool restore) { int ret =3D -1; virSecuritySELinuxContextItemPtr item =3D NULL; @@ -135,6 +137,7 @@ virSecuritySELinuxContextListAppend(virSecuritySELinuxC= ontextListPtr list, goto cleanup; =20 item->optional =3D optional; + item->restore =3D restore; =20 if (VIR_APPEND_ELEMENT(list->items, list->nItems, item) < 0) goto cleanup; @@ -178,7 +181,8 @@ virSecuritySELinuxContextListFree(void *opaque) static int virSecuritySELinuxTransactionAppend(const char *path, const char *tcon, - bool optional) + bool optional, + bool restore) { virSecuritySELinuxContextListPtr list; =20 @@ -186,7 +190,7 @@ virSecuritySELinuxTransactionAppend(const char *path, if (!list) return 0; =20 - if (virSecuritySELinuxContextListAppend(list, path, tcon, optional) < = 0) + if (virSecuritySELinuxContextListAppend(list, path, tcon, optional, re= store) < 0) return -1; =20 return 1; @@ -198,6 +202,11 @@ static int virSecuritySELinuxSetFileconHelper(const ch= ar *path, bool optional, bool privileged); =20 + +static int virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr, + const char *path); + + /** * virSecuritySELinuxTransactionRun: * @pid: process pid @@ -242,13 +251,18 @@ virSecuritySELinuxTransactionRun(pid_t pid ATTRIBUTE_= UNUSED, virSecuritySELinuxContextItemPtr item =3D list->items[i]; =20 /* TODO Implement rollback */ - if (virSecuritySELinuxSetFileconHelper(item->path, - item->tcon, - item->optional, - privileged) < 0) { - rv =3D -1; - break; + if (!item->restore) { + rv =3D virSecuritySELinuxSetFileconHelper(item->path, + item->tcon, + item->optional, + privileged); + } else { + rv =3D virSecuritySELinuxRestoreFileLabel(list->manager, + item->path); } + + if (rv < 0) + break; } =20 if (list->lock) @@ -1265,7 +1279,7 @@ virSecuritySELinuxSetFileconHelper(const char *path, = const char *tcon, { int rc; =20 - if ((rc =3D virSecuritySELinuxTransactionAppend(path, tcon, optional))= < 0) + if ((rc =3D virSecuritySELinuxTransactionAppend(path, tcon, optional, = false)) < 0) return -1; else if (rc > 0) return 0; @@ -1387,7 +1401,7 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManager= Ptr mgr, goto cleanup; } =20 - if ((rc =3D virSecuritySELinuxTransactionAppend(path, fcon, false)) < = 0) + if ((rc =3D virSecuritySELinuxTransactionAppend(path, fcon, false, tru= e)) < 0) return -1; else if (rc > 0) return 0; --=20 2.18.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed Apr 24 17:00:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 154349958808747.03384343723553; Thu, 29 Nov 2018 05:53:08 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D418630001E3; Thu, 29 Nov 2018 13:53:05 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 94A052634F; Thu, 29 Nov 2018 13:53:05 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 454F83F60F; Thu, 29 Nov 2018 13:53:05 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id wATDqvSg031020 for ; Thu, 29 Nov 2018 08:52:57 -0500 Received: by smtp.corp.redhat.com (Postfix) id 319A926E5A; Thu, 29 Nov 2018 13:52:57 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id AAF7626E40 for ; Thu, 29 Nov 2018 13:52:56 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 29 Nov 2018 14:52:27 +0100 Message-Id: <8b3ec1ac8cc6626acd70f15d68a68e4b7d26f4b0.1543499286.git.mprivozn@redhat.com> In-Reply-To: References: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 12/18] security_selinux: Remember old labels X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Thu, 29 Nov 2018 13:53:06 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Signed-off-by: Michal Privoznik Reviewed-by: Daniel P. Berrang=C3=A9 --- src/security/security_selinux.c | 161 ++++++++++++++++++++++---------- 1 file changed, 114 insertions(+), 47 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 715d9a428b..4990d94b5f 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -33,6 +33,7 @@ =20 #include "security_driver.h" #include "security_selinux.h" +#include "security_util.h" #include "virerror.h" #include "viralloc.h" #include "virlog.h" @@ -197,14 +198,40 @@ virSecuritySELinuxTransactionAppend(const char *path, } =20 =20 +static int +virSecuritySELinuxRememberLabel(const char *path, + const security_context_t con) +{ + return virSecuritySetRememberedLabel(SECURITY_SELINUX_NAME, + path, con); +} + + +static int +virSecuritySELinuxRecallLabel(const char *path, + security_context_t *con) +{ + if (virSecurityGetRememberedLabel(SECURITY_SELINUX_NAME, + path, con) < 0) + return -1; + + if (!con) + return 1; + + return 0; +} + + static int virSecuritySELinuxSetFileconHelper(const char *path, const char *tcon, bool optional, - bool privileged); + bool privileged, + bool remember); =20 =20 static int virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr, - const char *path); + const char *path, + bool recall); =20 =20 /** @@ -255,10 +282,12 @@ virSecuritySELinuxTransactionRun(pid_t pid ATTRIBUTE_= UNUSED, rv =3D virSecuritySELinuxSetFileconHelper(item->path, item->tcon, item->optional, - privileged); + privileged, + list->lock); } else { rv =3D virSecuritySELinuxRestoreFileLabel(list->manager, - item->path); + item->path, + list->lock); } =20 if (rv < 0) @@ -1275,16 +1304,38 @@ virSecuritySELinuxSetFileconImpl(const char *path, = const char *tcon, =20 static int virSecuritySELinuxSetFileconHelper(const char *path, const char *tcon, - bool optional, bool privileged) + bool optional, bool privileged, bool re= member) { + security_context_t econ =3D NULL; int rc; + int ret =3D -1; =20 if ((rc =3D virSecuritySELinuxTransactionAppend(path, tcon, optional, = false)) < 0) return -1; else if (rc > 0) return 0; =20 - return virSecuritySELinuxSetFileconImpl(path, tcon, optional, privileg= ed); + if (remember) { + if (getfilecon_raw(path, &econ) < 0 && + errno !=3D ENOTSUP && errno !=3D ENODATA) { + virReportSystemError(errno, + _("unable to get SELinux context of %s"), + path); + goto cleanup; + } + + if (econ && + virSecuritySELinuxRememberLabel(path, econ) < 0) + goto cleanup; + } + + if (virSecuritySELinuxSetFileconImpl(path, tcon, optional, privileged)= < 0) + goto cleanup; + + ret =3D 0; + cleanup: + freecon(econ); + return ret; } =20 =20 @@ -1293,7 +1344,7 @@ virSecuritySELinuxSetFileconOptional(virSecurityManag= erPtr mgr, const char *path, const char *tcon) { bool privileged =3D virSecurityManagerGetPrivileged(mgr); - return virSecuritySELinuxSetFileconHelper(path, tcon, true, privileged= ); + return virSecuritySELinuxSetFileconHelper(path, tcon, true, privileged= , false); } =20 static int @@ -1301,7 +1352,7 @@ virSecuritySELinuxSetFilecon(virSecurityManagerPtr mg= r, const char *path, const char *tcon) { bool privileged =3D virSecurityManagerGetPrivileged(mgr); - return virSecuritySELinuxSetFileconHelper(path, tcon, false, privilege= d); + return virSecuritySELinuxSetFileconHelper(path, tcon, false, privilege= d, false); } =20 static int @@ -1362,7 +1413,8 @@ getContext(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, * errors that the caller(s) are already dealing with */ static int virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr, - const char *path) + const char *path, + bool recall) { bool privileged =3D virSecurityManagerGetPrivileged(mgr); struct stat buf; @@ -1386,26 +1438,35 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManag= erPtr mgr, goto cleanup; } =20 - if (stat(newpath, &buf) !=3D 0) { - VIR_WARN("cannot stat %s: %s", newpath, - virStrerror(errno, ebuf, sizeof(ebuf))); - goto cleanup; - } - - if (getContext(mgr, newpath, buf.st_mode, &fcon) < 0) { - /* Any user created path likely does not have a default label, - * which makes this an expected non error - */ - VIR_WARN("cannot lookup default selinux label for %s", newpath); - ret =3D 0; - goto cleanup; - } - - if ((rc =3D virSecuritySELinuxTransactionAppend(path, fcon, false, tru= e)) < 0) + if ((rc =3D virSecuritySELinuxTransactionAppend(path, NULL, false, tru= e)) < 0) return -1; else if (rc > 0) return 0; =20 + if (recall) { + if ((rc =3D virSecuritySELinuxRecallLabel(newpath, &fcon)) < 0) { + goto cleanup; + } else if (rc > 0) { + ret =3D 0; + goto cleanup; + } + } else { + if (stat(newpath, &buf) !=3D 0) { + VIR_WARN("cannot stat %s: %s", newpath, + virStrerror(errno, ebuf, sizeof(ebuf))); + goto cleanup; + } + + if (getContext(mgr, newpath, buf.st_mode, &fcon) < 0) { + /* Any user created path likely does not have a default label, + * which makes this an expected non error + */ + VIR_WARN("cannot lookup default selinux label for %s", newpath= ); + ret =3D 0; + goto cleanup; + } + } + if (virSecuritySELinuxSetFileconImpl(newpath, fcon, false, privileged)= < 0) goto cleanup; =20 @@ -1460,7 +1521,7 @@ virSecuritySELinuxRestoreInputLabel(virSecurityManage= rPtr mgr, =20 switch ((virDomainInputType)input->type) { case VIR_DOMAIN_INPUT_TYPE_PASSTHROUGH: - rc =3D virSecuritySELinuxRestoreFileLabel(mgr, input->source.evdev= ); + rc =3D virSecuritySELinuxRestoreFileLabel(mgr, input->source.evdev= , false); break; =20 case VIR_DOMAIN_INPUT_TYPE_MOUSE: @@ -1516,7 +1577,7 @@ virSecuritySELinuxRestoreMemoryLabel(virSecurityManag= erPtr mgr, if (!seclabel || !seclabel->relabel) return 0; =20 - ret =3D virSecuritySELinuxRestoreFileLabel(mgr, mem->nvdimmPath); + ret =3D virSecuritySELinuxRestoreFileLabel(mgr, mem->nvdimmPath, f= alse); break; =20 case VIR_DOMAIN_MEMORY_MODEL_DIMM: @@ -1595,10 +1656,10 @@ virSecuritySELinuxRestoreTPMFileLabelInt(virSecurit= yManagerPtr mgr, switch (tpm->type) { case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: tpmdev =3D tpm->data.passthrough.source.data.file.path; - rc =3D virSecuritySELinuxRestoreFileLabel(mgr, tpmdev); + rc =3D virSecuritySELinuxRestoreFileLabel(mgr, tpmdev, false); =20 if ((cancel_path =3D virTPMCreateCancelPath(tpmdev)) !=3D NULL) { - if (virSecuritySELinuxRestoreFileLabel(mgr, cancel_path) < 0) + if (virSecuritySELinuxRestoreFileLabel(mgr, cancel_path, false= ) < 0) rc =3D -1; VIR_FREE(cancel_path); } @@ -1665,7 +1726,7 @@ virSecuritySELinuxRestoreImageLabelInt(virSecurityMan= agerPtr mgr, } } =20 - return virSecuritySELinuxRestoreFileLabel(mgr, src->path); + return virSecuritySELinuxRestoreFileLabel(mgr, src->path, false); } =20 =20 @@ -2053,7 +2114,7 @@ virSecuritySELinuxRestorePCILabel(virPCIDevicePtr dev= ATTRIBUTE_UNUSED, { virSecurityManagerPtr mgr =3D opaque; =20 - return virSecuritySELinuxRestoreFileLabel(mgr, file); + return virSecuritySELinuxRestoreFileLabel(mgr, file, false); } =20 static int @@ -2063,7 +2124,7 @@ virSecuritySELinuxRestoreUSBLabel(virUSBDevicePtr dev= ATTRIBUTE_UNUSED, { virSecurityManagerPtr mgr =3D opaque; =20 - return virSecuritySELinuxRestoreFileLabel(mgr, file); + return virSecuritySELinuxRestoreFileLabel(mgr, file, false); } =20 =20 @@ -2080,7 +2141,7 @@ virSecuritySELinuxRestoreSCSILabel(virSCSIDevicePtr d= ev, if (virSCSIDeviceGetShareable(dev) || virSCSIDeviceGetReadonly(dev)) return 0; =20 - return virSecuritySELinuxRestoreFileLabel(mgr, file); + return virSecuritySELinuxRestoreFileLabel(mgr, file, false); } =20 static int @@ -2090,7 +2151,7 @@ virSecuritySELinuxRestoreHostLabel(virSCSIVHostDevice= Ptr dev ATTRIBUTE_UNUSED, { virSecurityManagerPtr mgr =3D opaque; =20 - return virSecuritySELinuxRestoreFileLabel(mgr, file); + return virSecuritySELinuxRestoreFileLabel(mgr, file, false); } =20 =20 @@ -2194,7 +2255,7 @@ virSecuritySELinuxRestoreHostdevSubsysLabel(virSecuri= tyManagerPtr mgr, if (!(vfiodev =3D virMediatedDeviceGetIOMMUGroupDev(mdevsrc->uuids= tr))) goto done; =20 - ret =3D virSecuritySELinuxRestoreFileLabel(mgr, vfiodev); + ret =3D virSecuritySELinuxRestoreFileLabel(mgr, vfiodev, false); =20 VIR_FREE(vfiodev); break; @@ -2228,7 +2289,7 @@ virSecuritySELinuxRestoreHostdevCapsLabel(virSecurity= ManagerPtr mgr, if (VIR_STRDUP(path, dev->source.caps.u.storage.block) < 0) return -1; } - ret =3D virSecuritySELinuxRestoreFileLabel(mgr, path); + ret =3D virSecuritySELinuxRestoreFileLabel(mgr, path, false); VIR_FREE(path); break; } @@ -2242,7 +2303,7 @@ virSecuritySELinuxRestoreHostdevCapsLabel(virSecurity= ManagerPtr mgr, if (VIR_STRDUP(path, dev->source.caps.u.misc.chardev) < 0) return -1; } - ret =3D virSecuritySELinuxRestoreFileLabel(mgr, path); + ret =3D virSecuritySELinuxRestoreFileLabel(mgr, path, false); VIR_FREE(path); break; } @@ -2390,14 +2451,18 @@ virSecuritySELinuxRestoreChardevLabel(virSecurityMa= nagerPtr mgr, switch (dev_source->type) { case VIR_DOMAIN_CHR_TYPE_DEV: case VIR_DOMAIN_CHR_TYPE_FILE: - if (virSecuritySELinuxRestoreFileLabel(mgr, dev_source->data.file.= path) < 0) + if (virSecuritySELinuxRestoreFileLabel(mgr, + dev_source->data.file.path, + false) < 0) goto done; ret =3D 0; break; =20 case VIR_DOMAIN_CHR_TYPE_UNIX: if (!dev_source->data.nix.listen) { - if (virSecuritySELinuxRestoreFileLabel(mgr, dev_source->data.f= ile.path) < 0) + if (virSecuritySELinuxRestoreFileLabel(mgr, + dev_source->data.file.p= ath, + false) < 0) goto done; } ret =3D 0; @@ -2408,11 +2473,13 @@ virSecuritySELinuxRestoreChardevLabel(virSecurityMa= nagerPtr mgr, (virAsprintf(&in, "%s.in", dev_source->data.file.path) < 0)) goto done; if (virFileExists(in) && virFileExists(out)) { - if ((virSecuritySELinuxRestoreFileLabel(mgr, out) < 0) || - (virSecuritySELinuxRestoreFileLabel(mgr, in) < 0)) { + if ((virSecuritySELinuxRestoreFileLabel(mgr, out, false) < 0) = || + (virSecuritySELinuxRestoreFileLabel(mgr, in, false) < 0)) { goto done; } - } else if (virSecuritySELinuxRestoreFileLabel(mgr, dev_source->dat= a.file.path) < 0) { + } else if (virSecuritySELinuxRestoreFileLabel(mgr, + dev_source->data.fil= e.path, + false) < 0) { goto done; } ret =3D 0; @@ -2464,7 +2531,7 @@ virSecuritySELinuxRestoreSecuritySmartcardCallback(vi= rDomainDefPtr def, database =3D dev->data.cert.database; if (!database) database =3D VIR_DOMAIN_SMARTCARD_DEFAULT_DATABASE; - return virSecuritySELinuxRestoreFileLabel(mgr, database); + return virSecuritySELinuxRestoreFileLabel(mgr, database, false); =20 case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH: return virSecuritySELinuxRestoreChardevLabel(mgr, def, @@ -2559,7 +2626,7 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManagerP= tr mgr, rc =3D -1; =20 if (def->os.loader && def->os.loader->nvram && - virSecuritySELinuxRestoreFileLabel(mgr, def->os.loader->nvram) < 0) + virSecuritySELinuxRestoreFileLabel(mgr, def->os.loader->nvram, fal= se) < 0) rc =3D -1; =20 return rc; @@ -2619,7 +2686,7 @@ virSecuritySELinuxRestoreSavedStateLabel(virSecurityM= anagerPtr mgr, if (!secdef || !secdef->relabel) return 0; =20 - return virSecuritySELinuxRestoreFileLabel(mgr, savefile); + return virSecuritySELinuxRestoreFileLabel(mgr, savefile, false); } =20 =20 @@ -3214,7 +3281,7 @@ virSecuritySELinuxRestoreFileLabels(virSecurityManage= rPtr mgr, char *filename =3D NULL; DIR *dir; =20 - if ((ret =3D virSecuritySELinuxRestoreFileLabel(mgr, path))) + if ((ret =3D virSecuritySELinuxRestoreFileLabel(mgr, path, false))) return ret; =20 if (!virFileIsDir(path)) @@ -3231,7 +3298,7 @@ virSecuritySELinuxRestoreFileLabels(virSecurityManage= rPtr mgr, ret =3D -1; break; } - ret =3D virSecuritySELinuxRestoreFileLabel(mgr, filename); + ret =3D virSecuritySELinuxRestoreFileLabel(mgr, filename, false); VIR_FREE(filename); if (ret < 0) break; --=20 2.18.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed Apr 24 17:00:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1543499599099553.7694414471908; Thu, 29 Nov 2018 05:53:19 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 432CCA7FDD; Thu, 29 Nov 2018 13:53:16 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CDA4E18037; Thu, 29 Nov 2018 13:53:15 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 8114D181BA17; Thu, 29 Nov 2018 13:53:15 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id wATDqwrb031028 for ; Thu, 29 Nov 2018 08:52:58 -0500 Received: by smtp.corp.redhat.com (Postfix) id 09F821853A; Thu, 29 Nov 2018 13:52:58 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 81C4C26E6B for ; Thu, 29 Nov 2018 13:52:57 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 29 Nov 2018 14:52:28 +0100 Message-Id: <5288ed2e2bee00e2d6bd032a094d09aac745e908.1543499286.git.mprivozn@redhat.com> In-Reply-To: References: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 13/18] security_selinux: Restore label on failed setfilecon() attempt X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Thu, 29 Nov 2018 13:53:17 +0000 (UTC) Content-Type: text/plain; charset="utf-8" It's important to keep XATTRs untouched (well, in the same state they were in when entering the function). Otherwise our refcounting would be messed up. Signed-off-by: Michal Privoznik Reviewed-by: Daniel P. Berrang=C3=A9 --- src/security/security_selinux.c | 40 +++++++++++++++++++++++---------- 1 file changed, 28 insertions(+), 12 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 4990d94b5f..290faba9d6 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -222,10 +222,10 @@ virSecuritySELinuxRecallLabel(const char *path, } =20 =20 -static int virSecuritySELinuxSetFileconHelper(const char *path, +static int virSecuritySELinuxSetFileconHelper(virSecurityManagerPtr mgr, + const char *path, const char *tcon, bool optional, - bool privileged, bool remember); =20 =20 @@ -252,7 +252,6 @@ virSecuritySELinuxTransactionRun(pid_t pid ATTRIBUTE_UN= USED, { virSecuritySELinuxContextListPtr list =3D opaque; virSecurityManagerMetadataLockStatePtr state; - bool privileged =3D virSecurityManagerGetPrivileged(list->manager); const char **paths =3D NULL; size_t npaths =3D 0; size_t i; @@ -279,10 +278,10 @@ virSecuritySELinuxTransactionRun(pid_t pid ATTRIBUTE_= UNUSED, =20 /* TODO Implement rollback */ if (!item->restore) { - rv =3D virSecuritySELinuxSetFileconHelper(item->path, + rv =3D virSecuritySELinuxSetFileconHelper(list->manager, + item->path, item->tcon, item->optional, - privileged, list->lock); } else { rv =3D virSecuritySELinuxRestoreFileLabel(list->manager, @@ -1303,9 +1302,13 @@ virSecuritySELinuxSetFileconImpl(const char *path, c= onst char *tcon, =20 =20 static int -virSecuritySELinuxSetFileconHelper(const char *path, const char *tcon, - bool optional, bool privileged, bool re= member) +virSecuritySELinuxSetFileconHelper(virSecurityManagerPtr mgr, + const char *path, + const char *tcon, + bool optional, + bool remember) { + bool privileged =3D virSecurityManagerGetPrivileged(mgr); security_context_t econ =3D NULL; int rc; int ret =3D -1; @@ -1329,8 +1332,23 @@ virSecuritySELinuxSetFileconHelper(const char *path,= const char *tcon, goto cleanup; } =20 - if (virSecuritySELinuxSetFileconImpl(path, tcon, optional, privileged)= < 0) + if (virSecuritySELinuxSetFileconImpl(path, tcon, optional, privileged)= < 0) { + virErrorPtr origerr; + + virErrorPreserveLast(&origerr); + /* Try to restore the label. This is done so that XATTRs + * are left in the same state as when the control entered + * this function. However, if our attempt fails, there's + * not much we can do. XATTRs refcounting is fubar'ed and + * the only option we have is warn users. */ + if (virSecuritySELinuxRestoreFileLabel(mgr, path, remember) < 0) + VIR_WARN("Unable to restore label on '%s'. " + "XATTRs might have been left in inconsistent state.", + path); + + virErrorRestore(&origerr); goto cleanup; + } =20 ret =3D 0; cleanup: @@ -1343,16 +1361,14 @@ static int virSecuritySELinuxSetFileconOptional(virSecurityManagerPtr mgr, const char *path, const char *tcon) { - bool privileged =3D virSecurityManagerGetPrivileged(mgr); - return virSecuritySELinuxSetFileconHelper(path, tcon, true, privileged= , false); + return virSecuritySELinuxSetFileconHelper(mgr, path, tcon, true, false= ); } =20 static int virSecuritySELinuxSetFilecon(virSecurityManagerPtr mgr, const char *path, const char *tcon) { - bool privileged =3D virSecurityManagerGetPrivileged(mgr); - return virSecuritySELinuxSetFileconHelper(path, tcon, false, privilege= d, false); + return virSecuritySELinuxSetFileconHelper(mgr, path, tcon, false, fals= e); } =20 static int --=20 2.18.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed Apr 24 17:00:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1543499603494108.43735314087508; Thu, 29 Nov 2018 05:53:23 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 15AF6AB985; Thu, 29 Nov 2018 13:53:21 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 368411C937; Thu, 29 Nov 2018 13:53:20 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id DA0093F607; Thu, 29 Nov 2018 13:53:19 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id wATDr2T1031049 for ; Thu, 29 Nov 2018 08:53:02 -0500 Received: by smtp.corp.redhat.com (Postfix) id DB0D11C92C; Thu, 29 Nov 2018 13:53:02 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5F7FB19483 for ; Thu, 29 Nov 2018 13:52:58 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 29 Nov 2018 14:52:29 +0100 Message-Id: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 14/18] virSecuritySELinuxTransactionRun: Implement rollback X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Thu, 29 Nov 2018 13:53:22 +0000 (UTC) Content-Type: text/plain; charset="utf-8" When iterating over list of paths/disk sources to relabel it may happen that the process fails at some point. In that case, for the sake of keeping seclabel refcount (stored in XATTRs) in sync with reality we have to perform rollback. However, if that fails too the only thing we can do is warn user. Signed-off-by: Michal Privoznik Reviewed-by: Daniel P. Berrang=C3=A9 --- src/security/security_selinux.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 290faba9d6..0cf8164265 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -276,7 +276,6 @@ virSecuritySELinuxTransactionRun(pid_t pid ATTRIBUTE_UN= USED, for (i =3D 0; i < list->nItems; i++) { virSecuritySELinuxContextItemPtr item =3D list->items[i]; =20 - /* TODO Implement rollback */ if (!item->restore) { rv =3D virSecuritySELinuxSetFileconHelper(list->manager, item->path, @@ -293,6 +292,18 @@ virSecuritySELinuxTransactionRun(pid_t pid ATTRIBUTE_U= NUSED, break; } =20 + for (; rv < 0 && i > 0; i--) { + virSecuritySELinuxContextItemPtr item =3D list->items[i - 1]; + + if (!item->restore) { + virSecuritySELinuxRestoreFileLabel(list->manager, + item->path, + list->lock); + } else { + VIR_WARN("Ignoring failed restore attempt on %s", item->path); + } + } + if (list->lock) virSecurityManagerMetadataUnlock(list->manager, &state); =20 --=20 2.18.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed Apr 24 17:00:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1543499591692439.7047537030719; Thu, 29 Nov 2018 05:53:11 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id BED8F3168AA4; Thu, 29 Nov 2018 13:53:08 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 86D3619483; Thu, 29 Nov 2018 13:53:08 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3DDA2184B54D; Thu, 29 Nov 2018 13:53:08 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id wATDr31B031056 for ; Thu, 29 Nov 2018 08:53:03 -0500 Received: by smtp.corp.redhat.com (Postfix) id B54331C92C; Thu, 29 Nov 2018 13:53:03 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 38EA819483 for ; Thu, 29 Nov 2018 13:53:03 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 29 Nov 2018 14:52:30 +0100 Message-Id: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 15/18] virSecuritySELinuxRestoreAllLabel: Reorder device relabeling X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Thu, 29 Nov 2018 13:53:10 +0000 (UTC) Content-Type: text/plain; charset="utf-8" It helps whe trying to match calls with virSecuritySELinuxSetAllLabel if the order in which devices are set/restored is the same in both functions. Signed-off-by: Michal Privoznik Reviewed-by: Daniel P. Berrang=C3=A9 --- src/security/security_selinux.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 0cf8164265..553fc852db 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -2604,8 +2604,11 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager= Ptr mgr, if (!secdef || !secdef->relabel || data->skipAllLabel) return 0; =20 - if (def->tpm) { - if (virSecuritySELinuxRestoreTPMFileLabelInt(mgr, def, def->tpm) <= 0) + for (i =3D 0; i < def->ndisks; i++) { + virDomainDiskDefPtr disk =3D def->disks[i]; + + if (virSecuritySELinuxRestoreImageLabelInt(mgr, def, disk->src, + migrated) < 0) rc =3D -1; } =20 @@ -2627,11 +2630,8 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager= Ptr mgr, return -1; } =20 - for (i =3D 0; i < def->ndisks; i++) { - virDomainDiskDefPtr disk =3D def->disks[i]; - - if (virSecuritySELinuxRestoreImageLabelInt(mgr, def, disk->src, - migrated) < 0) + if (def->tpm) { + if (virSecuritySELinuxRestoreTPMFileLabelInt(mgr, def, def->tpm) <= 0) rc =3D -1; } =20 --=20 2.18.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed Apr 24 17:00:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1543499607256458.83872822122396; Thu, 29 Nov 2018 05:53:27 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id BCB5B804FA; Thu, 29 Nov 2018 13:53:24 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 893F665F66; Thu, 29 Nov 2018 13:53:24 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 376763F609; Thu, 29 Nov 2018 13:53:24 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id wATDr4nc031064 for ; Thu, 29 Nov 2018 08:53:04 -0500 Received: by smtp.corp.redhat.com (Postfix) id 8C1F019483; Thu, 29 Nov 2018 13:53:04 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 10B8A1C951 for ; Thu, 29 Nov 2018 13:53:03 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 29 Nov 2018 14:52:31 +0100 Message-Id: <4e7538dbe20f33cdc56b66f04597804c79492771.1543499286.git.mprivozn@redhat.com> In-Reply-To: References: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 16/18] virSecuritySELinuxRestoreAllLabel: Restore more labels X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Thu, 29 Nov 2018 13:53:26 +0000 (UTC) Content-Type: text/plain; charset="utf-8" We are setting label on kernel, initrd, dtb and slic_table files. But we never restored it. Signed-off-by: Michal Privoznik Reviewed-by: Daniel P. Berrang=C3=A9 --- src/security/security_selinux.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 553fc852db..5f2fab73bc 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -2656,6 +2656,22 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager= Ptr mgr, virSecuritySELinuxRestoreFileLabel(mgr, def->os.loader->nvram, fal= se) < 0) rc =3D -1; =20 + if (def->os.kernel && + virSecuritySELinuxRestoreFileLabel(mgr, def->os.kernel, false) < 0) + rc =3D -1; + + if (def->os.initrd && + virSecuritySELinuxRestoreFileLabel(mgr, def->os.initrd, false) < 0) + rc =3D -1; + + if (def->os.dtb && + virSecuritySELinuxRestoreFileLabel(mgr, def->os.dtb, false) < 0) + rc =3D -1; + + if (def->os.slic_table && + virSecuritySELinuxRestoreFileLabel(mgr, def->os.slic_table, false)= < 0) + rc =3D -1; + return rc; } =20 --=20 2.18.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed Apr 24 17:00:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1543499593781510.01859344031675; Thu, 29 Nov 2018 05:53:13 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A65063006049; Thu, 29 Nov 2018 13:53:10 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id BB1A27D87B; Thu, 29 Nov 2018 13:53:09 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5DA743F611; Thu, 29 Nov 2018 13:53:09 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id wATDr5kK031072 for ; Thu, 29 Nov 2018 08:53:05 -0500 Received: by smtp.corp.redhat.com (Postfix) id 679632617B; Thu, 29 Nov 2018 13:53:05 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id E036A1C92C for ; Thu, 29 Nov 2018 13:53:04 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 29 Nov 2018 14:52:32 +0100 Message-Id: <70693b8dfff77b5617aad3985926f288a0e5c03d.1543499286.git.mprivozn@redhat.com> In-Reply-To: References: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 17/18] tools: Provide a script to recover fubar'ed XATTRs setup X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Thu, 29 Nov 2018 13:53:12 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Our code is not bug free. The refcounting I introduced will almost certainly not work in some use cases. Provide a script that will remove all the XATTRs set by libvirt so that it can start cleanly. Signed-off-by: Michal Privoznik --- tools/Makefile.am | 1 + tools/libvirt_recover_xattrs.sh | 89 +++++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+) create mode 100755 tools/libvirt_recover_xattrs.sh diff --git a/tools/Makefile.am b/tools/Makefile.am index f069167acc..1dc009c4fb 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -75,6 +75,7 @@ EXTRA_DIST =3D \ virt-login-shell.conf \ virsh-edit.c \ bash-completion/vsh \ + libvirt_recover_xattrs.sh \ $(PODFILES) \ $(MANINFILES) \ $(NULL) diff --git a/tools/libvirt_recover_xattrs.sh b/tools/libvirt_recover_xattrs= .sh new file mode 100755 index 0000000000..c4a8b27cbc --- /dev/null +++ b/tools/libvirt_recover_xattrs.sh @@ -0,0 +1,89 @@ +#!/bin/bash + +function die { + echo $@ >&2 + exit 1 +} + +function show_help { + cat << EOF +Usage: ${0##*/} -[hqn] [PATH] + +Clear out any XATTRs set by libvirt on all files that have them. +The idea is to reset refcounting, should it break. + + -h display this help and exit + -q quiet (don't print which files are being fixed) + -n dry run; don't remove any XATTR just report the file name + +PATH can be specified to refine search to only to given path +instead of whole root ('/'), which is the default. +EOF +} + +QUIET=3D0 +DRY_RUN=3D0 +P=3D"/" + +# So far only qemu and lxc drivers use security driver. +URI=3D("qemu:///system" + "qemu:///session" + "lxc:///system") + +LIBVIRT_XATTR_PREFIX=3D"trusted.libvirt.security" + +if [ `whoami` !=3D "root" ]; then + die "Must be run as root" +fi + +while getopts hqn opt; do + case $opt in + h) + show_help + exit 0 + ;; + q) + QUIET=3D1 + ;; + n) + DRY_RUN=3D1 + ;; + *) + show_help >&2 + exit 1 + ;; + esac +done + +shift $((OPTIND - 1)) +if [ $# -gt 0 ]; then + P=3D$1 +fi + +if [ ${DRY_RUN} -eq 0 ]; then + for u in ${URI[*]} ; do + if [ -n "`virsh -q -c $u list 2>/dev/null`" ]; then + die "There are still some domains running for $u" + fi + done +fi + +XATTRS=3D("trusted.libvirt.security.dac" + "trusted.libvirt.security.ref_dac" + "trusted.libvirt.security.selinux" + "trusted.libvirt.security.ref_selinux") + +for i in $(getfattr -R -d -m ${LIBVIRT_XATTR_PREFIX} --absolute-names ${P}= 2>/dev/null | grep "^# file:" | cut -d':' -f 2); do + if [ ${DRY_RUN} -ne 0 ]; then + echo $i + getfattr -d -m ${LIBVIRT_XATTR_PREFIX} $i + continue + fi + + if [ ${QUIET} -eq 0 ]; then + echo "Fixing $i"; + fi + for x in ${XATTRS[*]}; do + setfattr -x $x $i + done +done --=20 2.18.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed Apr 24 17:00:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1543499610762315.85061889268775; Thu, 29 Nov 2018 05:53:30 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C4D54AB975; Thu, 29 Nov 2018 13:53:28 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 85B1826DDF; Thu, 29 Nov 2018 13:53:28 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2F0D63F60D; Thu, 29 Nov 2018 13:53:28 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id wATDr6xc031080 for ; Thu, 29 Nov 2018 08:53:06 -0500 Received: by smtp.corp.redhat.com (Postfix) id 46EE12617B; Thu, 29 Nov 2018 13:53:06 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id C16D226E40 for ; Thu, 29 Nov 2018 13:53:05 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 29 Nov 2018 14:52:33 +0100 Message-Id: <442a41a036618a1574d6d57f0dd53128ecf84cb6.1543499286.git.mprivozn@redhat.com> In-Reply-To: References: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 18/18] qemu.conf: Allow users to enable/disable label remembering X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Thu, 29 Nov 2018 13:53:29 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Signed-off-by: Michal Privoznik --- src/qemu/libvirtd_qemu.aug | 1 + src/qemu/qemu.conf | 6 ++++++ src/qemu/qemu_conf.c | 4 ++++ src/qemu/test_libvirtd_qemu.aug.in | 1 + 4 files changed, 12 insertions(+) diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug index ddc4bbfd1d..8a5b39e568 100644 --- a/src/qemu/libvirtd_qemu.aug +++ b/src/qemu/libvirtd_qemu.aug @@ -71,6 +71,7 @@ module Libvirtd_qemu =3D | str_entry "user" | str_entry "group" | bool_entry "dynamic_ownership" + | bool_entry "remember_owner" | str_array_entry "cgroup_controllers" | str_array_entry "cgroup_device_acl" | int_entry "seccomp_sandbox" diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index 8391332cb4..31e8d8476b 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -450,6 +450,12 @@ # Set to 0 to disable file ownership changes. #dynamic_ownership =3D 1 =20 +# Whether libvirt should remember and restore the original +# ownership over files it is relabeling. Be aware that with the +# current implementation this requires exclusive access to the +# files which might hurt performance a bit in some cases. +# Defaults to 1, set to 0 to disable the feature. +#remember_owner =3D 1 =20 # What cgroup controllers to make use of with QEMU guests # diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index a946b05d5d..89491a37b7 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -147,6 +147,7 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool priv= ileged) cfg->group =3D (gid_t)-1; } cfg->dynamicOwnership =3D privileged; + cfg->rememberOwner =3D true; =20 cfg->cgroupControllers =3D -1; /* -1 =3D=3D auto-detect */ =20 @@ -730,6 +731,9 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr = cfg, if (virConfGetValueBool(conf, "dynamic_ownership", &cfg->dynamicOwners= hip) < 0) goto cleanup; =20 + if (virConfGetValueBool(conf, "remember_owner", &cfg->rememberOwner) <= 0) + goto cleanup; + if (virConfGetValueStringList(conf, "cgroup_controllers", false, &controllers) < 0) goto cleanup; diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qe= mu.aug.in index f1e8806ad2..92a8ae1192 100644 --- a/src/qemu/test_libvirtd_qemu.aug.in +++ b/src/qemu/test_libvirtd_qemu.aug.in @@ -43,6 +43,7 @@ module Test_libvirtd_qemu =3D { "user" =3D "root" } { "group" =3D "root" } { "dynamic_ownership" =3D "1" } +{ "remember_owner" =3D "1" } { "cgroup_controllers" { "1" =3D "cpu" } { "2" =3D "devices" } --=20 2.18.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list