From nobody Sat Apr 27 13:52:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1553785710840875.3942244473737; Thu, 28 Mar 2019 08:08:30 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id DA0B6308CF92; Thu, 28 Mar 2019 15:08:28 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A2AA9187AC; Thu, 28 Mar 2019 15:08:28 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4A1003FB14; Thu, 28 Mar 2019 15:08:28 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x2SF4aQB027890 for ; Thu, 28 Mar 2019 11:04:36 -0400 Received: by smtp.corp.redhat.com (Postfix) id C2842600C4; Thu, 28 Mar 2019 15:04:36 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4A8802B9DB for ; Thu, 28 Mar 2019 15:04:36 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 28 Mar 2019 16:04:13 +0100 Message-Id: <71552ace1fc193366f53846f808efdefd85a24b7.1553785388.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH for v5.3.0 01/17] tools: Slightly rework libvirt_recover_xattrs.sh X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.44]); Thu, 28 Mar 2019 15:08:30 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Firstly, there's no reason to enumerate all XATTRs since they differ only in the prefix and we can construct them in a loop. Secondly, and more importantly, the script was still looking for just one prefix "trusted.libvirt.security" even on FreeBSD. Signed-off-by: Michal Privoznik Reviewed-by: Cole Robinson --- tools/libvirt_recover_xattrs.sh | 49 +++++++++++++++++---------------- 1 file changed, 25 insertions(+), 24 deletions(-) diff --git a/tools/libvirt_recover_xattrs.sh b/tools/libvirt_recover_xattrs= .sh index 69dfca0160..3302fca60e 100755 --- a/tools/libvirt_recover_xattrs.sh +++ b/tools/libvirt_recover_xattrs.sh @@ -23,14 +23,17 @@ EOF =20 QUIET=3D0 DRY_RUN=3D0 -P=3D"/" +DIR=3D"/" =20 # So far only qemu and lxc drivers use security driver. URI=3D("qemu:///system" "qemu:///session" "lxc:///system") =20 -LIBVIRT_XATTR_PREFIX=3D"trusted.libvirt.security" +# On Linux we use 'trusted' namespace, on FreeBSD we use 'system' +# as there is no 'trusted'. +LIBVIRT_XATTR_PREFIXES=3D("trusted.libvirt.security" + "system.libvirt.security") =20 if [ `whoami` !=3D "root" ]; then die "Must be run as root" @@ -57,7 +60,7 @@ done =20 shift $((OPTIND - 1)) if [ $# -gt 0 ]; then - P=3D$1 + DIR=3D$1 fi =20 if [ ${DRY_RUN} -eq 0 ]; then @@ -69,28 +72,26 @@ if [ ${DRY_RUN} -eq 0 ]; then fi =20 =20 -# On Linux we use 'trusted' namespace, on FreeBSD we use 'system' -# as there is no 'trusted'. -XATTRS=3D("trusted.libvirt.security.dac" - "trusted.libvirt.security.ref_dac" - "trusted.libvirt.security.selinux" - "trusted.libvirt.security.ref_selinux", - "system.libvirt.security.dac" - "system.libvirt.security.ref_dac" - "system.libvirt.security.selinux" - "system.libvirt.security.ref_selinux") +declare -a XATTRS +for i in "dac" "selinux"; do + for p in ${LIBVIRT_XATTR_PREFIXES[@]}; do + XATTRS+=3D("$p.$i" "$p.ref_$i") + done +done =20 -for i in $(getfattr -R -d -m ${LIBVIRT_XATTR_PREFIX} --absolute-names ${P}= 2>/dev/null | grep "^# file:" | cut -d':' -f 2); do - if [ ${DRY_RUN} -ne 0 ]; then - echo $i - getfattr -d -m ${LIBVIRT_XATTR_PREFIX} $i - continue - fi +for p in ${LIBVIRT_XATTR_PREFIXES[*]}; do + for i in $(getfattr -R -d -m ${p} --absolute-names ${DIR} 2>/dev/null = | grep "^# file:" | cut -d':' -f 2); do + echo $i; + if [ ${DRY_RUN} -ne 0 ]; then + getfattr -d -m $p --absolute-names $i | grep -v "^# file:" + continue + fi =20 - if [ ${QUIET} -eq 0 ]; then - echo "Fixing $i"; - fi - for x in ${XATTRS[*]}; do - setfattr -x $x $i + if [ ${QUIET} -eq 0 ]; then + echo "Fixing $i"; + fi + for x in ${XATTRS[*]}; do + setfattr -x $x $i + done done done --=20 2.19.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 27 13:52:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1553785645310261.9532080321534; Thu, 28 Mar 2019 08:07:25 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D4D0F307B49C; Thu, 28 Mar 2019 15:07:22 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 64EF62B9DB; Thu, 28 Mar 2019 15:07:22 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id F0F3C18033A2; Thu, 28 Mar 2019 15:07:21 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x2SF4bgv027898 for ; Thu, 28 Mar 2019 11:04:37 -0400 Received: by smtp.corp.redhat.com (Postfix) id 932D42B9DB; Thu, 28 Mar 2019 15:04:37 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1B86718A83 for ; Thu, 28 Mar 2019 15:04:36 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 28 Mar 2019 16:04:14 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH for v5.3.0 02/17] virSecuritySELinuxRestoreAllLabel: Print @migrated in the debug message too X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Thu, 28 Mar 2019 15:07:24 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Just like it's DAC counterpart is doing, virSecuritySELinuxRestoreAllLabel() could print @migrated in the debug message. Signed-off-by: Michal Privoznik Reviewed-by: Cole Robinson --- src/security/security_selinux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 2fceb547b4..fb631cd321 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -2597,7 +2597,7 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManagerP= tr mgr, size_t i; int rc =3D 0; =20 - VIR_DEBUG("Restoring security label on %s", def->name); + VIR_DEBUG("Restoring security label on %s migrated=3D%d", def->name, m= igrated); =20 secdef =3D virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); =20 --=20 2.19.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 27 13:52:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 155378565007936.40692040650515; Thu, 28 Mar 2019 08:07:30 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 31C91DF882; Thu, 28 Mar 2019 15:07:28 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id F3F0C5ED23; Thu, 28 Mar 2019 15:07:27 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id A1ADC181A000; Thu, 28 Mar 2019 15:07:27 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x2SF4cm3027903 for ; Thu, 28 Mar 2019 11:04:38 -0400 Received: by smtp.corp.redhat.com (Postfix) id 640AF18A83; Thu, 28 Mar 2019 15:04:38 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id DFBA483B06 for ; Thu, 28 Mar 2019 15:04:37 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 28 Mar 2019 16:04:15 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH for v5.3.0 03/17] virfile: Make virFileGetXAttr report errors X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Thu, 28 Mar 2019 15:07:29 +0000 (UTC) Content-Type: text/plain; charset="utf-8" The way that security drivers use XATTR is kind of verbose. If error reporting was left for caller then the caller would end up even more verbose. There are two places where we do not want to report error if virFileGetXAttr fails. Therefore virFileGetXAttrQuiet is introduced as an alternative that doesn't report errors. Signed-off-by: Michal Privoznik Reviewed-by: Cole Robinson --- src/libvirt_private.syms | 1 + src/security/security_util.c | 4 ++-- src/util/virfile.c | 42 ++++++++++++++++++++++++++++++------ src/util/virfile.h | 5 +++++ tests/qemusecuritymock.c | 6 +++--- 5 files changed, 46 insertions(+), 12 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 73ef24d66f..8792155312 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1866,6 +1866,7 @@ virFileGetHugepageSize; virFileGetMountReverseSubtree; virFileGetMountSubtree; virFileGetXAttr; +virFileGetXAttrQuiet; virFileInData; virFileIsAbsPath; virFileIsCDROM; diff --git a/src/security/security_util.c b/src/security/security_util.c index bfa78c6cca..f09a18a623 100644 --- a/src/security/security_util.c +++ b/src/security/security_util.c @@ -123,7 +123,7 @@ virSecurityGetRememberedLabel(const char *name, if (!(ref_name =3D virSecurityGetRefCountAttrName(name))) goto cleanup; =20 - if (virFileGetXAttr(path, ref_name, &value) < 0) { + if (virFileGetXAttrQuiet(path, ref_name, &value) < 0) { if (errno =3D=3D ENOSYS || errno =3D=3D ENODATA || errno =3D=3D EN= OTSUP) { ret =3D 0; } else { @@ -208,7 +208,7 @@ virSecuritySetRememberedLabel(const char *name, if (!(ref_name =3D virSecurityGetRefCountAttrName(name))) goto cleanup; =20 - if (virFileGetXAttr(path, ref_name, &value) < 0) { + if (virFileGetXAttrQuiet(path, ref_name, &value) < 0) { if (errno =3D=3D ENOSYS || errno =3D=3D ENOTSUP) { ret =3D 0; goto cleanup; diff --git a/src/util/virfile.c b/src/util/virfile.c index ec8d85929c..7ce4b1dbc2 100644 --- a/src/util/virfile.c +++ b/src/util/virfile.c @@ -4338,7 +4338,7 @@ virFileWaitForExists(const char *path, =20 #if HAVE_LIBATTR /** - * virFileGetXAttr; + * virFileGetXAttrQuiet; * @path: a filename * @name: name of xattr * @value: read value @@ -4350,9 +4350,9 @@ virFileWaitForExists(const char *path, * -1 otherwise (with errno set). */ int -virFileGetXAttr(const char *path, - const char *name, - char **value) +virFileGetXAttrQuiet(const char *path, + const char *name, + char **value) { char *buf =3D NULL; int ret =3D -1; @@ -4425,9 +4425,9 @@ virFileRemoveXAttr(const char *path, #else /* !HAVE_LIBATTR */ =20 int -virFileGetXAttr(const char *path ATTRIBUTE_UNUSED, - const char *name ATTRIBUTE_UNUSED, - char **value ATTRIBUTE_UNUSED) +virFileGetXAttrQuiet(const char *path ATTRIBUTE_UNUSED, + const char *name ATTRIBUTE_UNUSED, + char **value ATTRIBUTE_UNUSED) { errno =3D ENOSYS; return -1; @@ -4451,3 +4451,31 @@ virFileRemoveXAttr(const char *path ATTRIBUTE_UNUSED, } =20 #endif /* HAVE_LIBATTR */ + +/** + * virFileGetXAttr; + * @path: a filename + * @name: name of xattr + * @value: read value + * + * Reads xattr with @name for given @path and stores it into + * @value. Caller is responsible for freeing @value. + * + * Returns: 0 on success, + * -1 otherwise (with errno set AND error reported). + */ +int +virFileGetXAttr(const char *path, + const char *name, + char **value) +{ + int ret; + + if ((ret =3D virFileGetXAttrQuiet(path, name, value)) < 0) { + virReportSystemError(errno, + _("Unable to get XATTR %s on %s"), + name, path); + } + + return ret; +} diff --git a/src/util/virfile.h b/src/util/virfile.h index 3dedb7666a..099743f7f0 100644 --- a/src/util/virfile.h +++ b/src/util/virfile.h @@ -381,6 +381,11 @@ int virFileGetXAttr(const char *path, char **value) ATTRIBUTE_NOINLINE; =20 +int virFileGetXAttrQuiet(const char *path, + const char *name, + char **value) + ATTRIBUTE_NOINLINE; + int virFileSetXAttr(const char *path, const char *name, const char *value) diff --git a/tests/qemusecuritymock.c b/tests/qemusecuritymock.c index d1b17d8aa4..a54e5d426e 100644 --- a/tests/qemusecuritymock.c +++ b/tests/qemusecuritymock.c @@ -131,9 +131,9 @@ get_key(const char *path, =20 =20 int -virFileGetXAttr(const char *path, - const char *name, - char **value) +virFileGetXAttrQuiet(const char *path, + const char *name, + char **value) { int ret =3D -1; char *key; --=20 2.19.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 27 13:52:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1553785660785578.7445650536805; Thu, 28 Mar 2019 08:07:40 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 88B86308CF9B; Thu, 28 Mar 2019 15:07:33 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5777F2718C; Thu, 28 Mar 2019 15:07:33 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id F1E293FB13; Thu, 28 Mar 2019 15:07:32 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x2SF4dJP027910 for ; Thu, 28 Mar 2019 11:04:39 -0400 Received: by smtp.corp.redhat.com (Postfix) id 3439B83B06; Thu, 28 Mar 2019 15:04:39 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id B024A18A83 for ; Thu, 28 Mar 2019 15:04:38 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 28 Mar 2019 16:04:16 +0100 Message-Id: <1ee5d1c5f1eb5a8eaba73459c631a9becccce8e2.1553785388.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH for v5.3.0 04/17] virFileSetXAttr: Report error on failure X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.44]); Thu, 28 Mar 2019 15:07:34 +0000 (UTC) Content-Type: text/plain; charset="utf-8" It's better to have the function report errors, because none of the callers does. Signed-off-by: Michal Privoznik Reviewed-by: Cole Robinson --- src/util/virfile.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/src/util/virfile.c b/src/util/virfile.c index 7ce4b1dbc2..fbcab404e7 100644 --- a/src/util/virfile.c +++ b/src/util/virfile.c @@ -4395,14 +4395,21 @@ virFileGetXAttrQuiet(const char *path, * Sets xattr of @name and @value on @path. * * Returns: 0 on success, - * -1 otherwise (with errno set). + * -1 otherwise (with errno set AND error reported). */ int virFileSetXAttr(const char *path, const char *name, const char *value) { - return setxattr(path, name, value, strlen(value), 0); + if (setxattr(path, name, value, strlen(value), 0) < 0) { + virReportSystemError(errno, + _("Unable to set XATTR %s on %s"), + name, path); + return -1; + } + + return 0; } =20 /** @@ -4434,11 +4441,14 @@ virFileGetXAttrQuiet(const char *path ATTRIBUTE_UNU= SED, } =20 int -virFileSetXAttr(const char *path ATTRIBUTE_UNUSED, - const char *name ATTRIBUTE_UNUSED, +virFileSetXAttr(const char *path, + const char *name, const char *value ATTRIBUTE_UNUSED) { errno =3D ENOSYS; + virReportSystemError(errno, + _("Unable to set XATTR %s on %s"), + name, path); return -1; } =20 --=20 2.19.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 27 13:52:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1553785485751120.39214044170762; Thu, 28 Mar 2019 08:04:45 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 91336308A967; Thu, 28 Mar 2019 15:04:43 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2E62B18038; Thu, 28 Mar 2019 15:04:43 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D98473D84; Thu, 28 Mar 2019 15:04:40 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x2SF4esd027915 for ; Thu, 28 Mar 2019 11:04:40 -0400 Received: by smtp.corp.redhat.com (Postfix) id 0471483B06; Thu, 28 Mar 2019 15:04:40 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id 80C7518A83 for ; Thu, 28 Mar 2019 15:04:39 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 28 Mar 2019 16:04:17 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH for v5.3.0 05/17] virFileRemoveXAttr: Report error on failure X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Thu, 28 Mar 2019 15:04:44 +0000 (UTC) Content-Type: text/plain; charset="utf-8" It's better to have the function report errors, because none of the callers does. Signed-off-by: Michal Privoznik Reviewed-by: Cole Robinson --- src/util/virfile.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/src/util/virfile.c b/src/util/virfile.c index fbcab404e7..7e1452c6f2 100644 --- a/src/util/virfile.c +++ b/src/util/virfile.c @@ -4420,13 +4420,20 @@ virFileSetXAttr(const char *path, * Remove xattr of @name on @path. * * Returns: 0 on success, - * -1 otherwise (with errno set). + * -1 otherwise (with errno set AND error reported). */ int virFileRemoveXAttr(const char *path, const char *name) { - return removexattr(path, name); + if (removexattr(path, name) < 0) { + virReportSystemError(errno, + _("Unable to remove XATTR %s on %s"), + name, path); + return -1; + } + + return 0; } =20 #else /* !HAVE_LIBATTR */ @@ -4453,10 +4460,13 @@ virFileSetXAttr(const char *path, } =20 int -virFileRemoveXAttr(const char *path ATTRIBUTE_UNUSED, - const char *name ATTRIBUTE_UNUSED) +virFileRemoveXAttr(const char *path, + const char *name) { errno =3D ENOSYS; + virReportSystemError(errno, + _("Unable to remove XATTR %s on %s"), + name, path); return -1; } =20 --=20 2.19.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 27 13:52:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 155378571549545.86420918168835; Thu, 28 Mar 2019 08:08:35 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 42C80308FE62; Thu, 28 Mar 2019 15:08:34 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 111335ED36; Thu, 28 Mar 2019 15:08:33 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 647C318033A2; Thu, 28 Mar 2019 15:08:33 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x2SF4euM027920 for ; Thu, 28 Mar 2019 11:04:40 -0400 Received: by smtp.corp.redhat.com (Postfix) id CB8372B9DB; Thu, 28 Mar 2019 15:04:40 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id 53931600C4 for ; Thu, 28 Mar 2019 15:04:40 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 28 Mar 2019 16:04:18 +0100 Message-Id: <5b564ee0c98f8cbf528bebd5993764cce4c5a922.1553785388.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH for v5.3.0 06/17] security: Don't skip label restore on file systems lacking XATTRs X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.49]); Thu, 28 Mar 2019 15:08:34 +0000 (UTC) Content-Type: text/plain; charset="utf-8" The way that virSecurityDACRecallLabel is currently written is that if XATTRs are not supported for given path to the caller this is not different than if the path is still in use. The value of 1 is returned which makes secdrivers skip label restore. This is clearly a bug as we are not restoring labels on say NFS even though previously we were. Strictly speaking, changes to virSecurityDACRememberLabel are not needed, but they are done anyway so that getter and setter behave in the same fashion. Signed-off-by: Michal Privoznik Reviewed-by: Cole Robinson --- src/security/security_dac.c | 18 ++++++++++++------ src/security/security_selinux.c | 21 +++++++++++++++------ src/security/security_util.c | 6 ++++-- 3 files changed, 31 insertions(+), 14 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 6f8ca8cd54..72026646cf 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -458,10 +458,11 @@ virSecurityDACRecallLabel(virSecurityDACDataPtr priv = ATTRIBUTE_UNUSED, { char *label; int ret =3D -1; + int rv; =20 - if (virSecurityGetRememberedLabel(SECURITY_DAC_NAME, - path, &label) < 0) - goto cleanup; + rv =3D virSecurityGetRememberedLabel(SECURITY_DAC_NAME, path, &label); + if (rv < 0) + return rv; =20 if (!label) return 1; @@ -760,7 +761,9 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr, } =20 refcount =3D virSecurityDACRememberLabel(priv, path, sb.st_uid, sb= .st_gid); - if (refcount < 0) { + if (refcount =3D=3D -2) { + /* Not supported. Don't error though. */ + } else if (refcount < 0) { return -1; } else if (refcount > 1) { /* Refcount is greater than 1 which means that there @@ -827,10 +830,13 @@ virSecurityDACRestoreFileLabelInternal(virSecurityMan= agerPtr mgr, =20 if (recall && path) { rv =3D virSecurityDACRecallLabel(priv, path, &uid, &gid); - if (rv < 0) + if (rv =3D=3D -2) { + /* Not supported. Don't error though. */ + } else if (rv < 0) { return -1; - if (rv > 0) + } else if (rv > 0) { return 0; + } } =20 VIR_INFO("Restoring DAC user and group on '%s' to %ld:%ld", diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index fb631cd321..667ad0fbd4 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -207,9 +207,11 @@ static int virSecuritySELinuxRecallLabel(const char *path, security_context_t *con) { - if (virSecurityGetRememberedLabel(SECURITY_SELINUX_NAME, - path, con) < 0) - return -1; + int rv; + + rv =3D virSecurityGetRememberedLabel(SECURITY_SELINUX_NAME, path, con); + if (rv < 0) + return rv; =20 if (!*con) return 1; @@ -1337,7 +1339,9 @@ virSecuritySELinuxSetFileconHelper(virSecurityManager= Ptr mgr, =20 if (econ) { refcount =3D virSecuritySELinuxRememberLabel(path, econ); - if (refcount < 0) { + if (refcount =3D=3D -2) { + /* Not supported. Don't error though. */ + } else if (refcount < 0) { goto cleanup; } else if (refcount > 1) { /* Refcount is greater than 1 which means that there @@ -1485,13 +1489,18 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManag= erPtr mgr, } =20 if (recall) { - if ((rc =3D virSecuritySELinuxRecallLabel(newpath, &fcon)) < 0) { + rc =3D virSecuritySELinuxRecallLabel(newpath, &fcon); + if (rc =3D=3D -2) { + /* Not supported. Lookup the default label below. */ + } else if (rc < 0) { goto cleanup; } else if (rc > 0) { ret =3D 0; goto cleanup; } - } else { + } + + if (!recall || rc =3D=3D -2) { if (stat(newpath, &buf) !=3D 0) { VIR_WARN("cannot stat %s: %s", newpath, virStrerror(errno, ebuf, sizeof(ebuf))); diff --git a/src/security/security_util.c b/src/security/security_util.c index f09a18a623..3c24d7cded 100644 --- a/src/security/security_util.c +++ b/src/security/security_util.c @@ -105,6 +105,7 @@ virSecurityGetRefCountAttrName(const char *name ATTRIBU= TE_UNUSED) * zero) and returns zero. * * Returns: 0 on success, + * -2 if underlying file system doesn't support XATTRs, * -1 otherwise (with error reported) */ int @@ -125,7 +126,7 @@ virSecurityGetRememberedLabel(const char *name, =20 if (virFileGetXAttrQuiet(path, ref_name, &value) < 0) { if (errno =3D=3D ENOSYS || errno =3D=3D ENODATA || errno =3D=3D EN= OTSUP) { - ret =3D 0; + ret =3D -2; } else { virReportSystemError(errno, _("Unable to get XATTR %s on %s"), @@ -192,6 +193,7 @@ virSecurityGetRememberedLabel(const char *name, * See also virSecurityGetRememberedLabel. * * Returns: the new refcount value on success, + * -2 if underlying file system doesn't support XATTRs, * -1 otherwise (with error reported) */ int @@ -210,7 +212,7 @@ virSecuritySetRememberedLabel(const char *name, =20 if (virFileGetXAttrQuiet(path, ref_name, &value) < 0) { if (errno =3D=3D ENOSYS || errno =3D=3D ENOTSUP) { - ret =3D 0; + ret =3D -2; goto cleanup; } else if (errno !=3D ENODATA) { virReportSystemError(errno, --=20 2.19.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 27 13:52:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1553785574405404.7959984530577; Thu, 28 Mar 2019 08:06:14 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 50DE688306; Thu, 28 Mar 2019 15:05:52 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CD599600C4; Thu, 28 Mar 2019 15:05:44 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C5F0B3FB12; Thu, 28 Mar 2019 15:05:38 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x2SF4fhD027925 for ; Thu, 28 Mar 2019 11:04:41 -0400 Received: by smtp.corp.redhat.com (Postfix) id 9DAC0600C4; Thu, 28 Mar 2019 15:04:41 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id 24D5283B10 for ; Thu, 28 Mar 2019 15:04:40 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 28 Mar 2019 16:04:19 +0100 Message-Id: <0d9935b23ded5dbbed8ca3e88927a2dfed71e6ee.1553785388.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH for v5.3.0 07/17] security: Document @restore member of transaction list X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Thu, 28 Mar 2019 15:06:13 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Both DAC and SELinux drivers support transactions. Each item on the transaction list consists of various variables and @restore is one of them. Document it so that as the list of variables grow it's easier to spot which variable does what. Signed-off-by: Michal Privoznik Reviewed-by: Cole Robinson --- src/security/security_dac.c | 5 ++++- src/security/security_selinux.c | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 72026646cf..03c7f8363b 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -79,7 +79,7 @@ struct _virSecurityDACChownItem { const virStorageSource *src; uid_t uid; gid_t gid; - bool restore; + bool restore; /* Whether current operation is set or restore */ }; =20 typedef struct _virSecurityDACChownList virSecurityDACChownList; @@ -155,8 +155,11 @@ virSecurityDACChownListFree(void *opaque) * @src: disk source to chown * @uid: user ID * @gid: group ID + * @restore: if current operation is set or restore * * Appends an entry onto transaction list. + * The @restore should be true if the operation is restoring + * seclabel and false otherwise. * * Returns: 1 in case of successful append * 0 if there is no transaction enabled diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 667ad0fbd4..3cb7e1b3bc 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -82,7 +82,7 @@ struct _virSecuritySELinuxContextItem { char *path; char *tcon; bool optional; - bool restore; + bool restore; /* Whether current operation is set or restore */ }; =20 typedef struct _virSecuritySELinuxContextList virSecuritySELinuxContextLis= t; @@ -168,8 +168,11 @@ virSecuritySELinuxContextListFree(void *opaque) * @path: Path to chown * @tcon: target context * @optional: true if setting @tcon is optional + * @restore: if current operation is set or restore * * Appends an entry onto transaction list. + * The @restore should be true if the operation is restoring + * seclabel and false otherwise. * * Returns: 1 in case of successful append * 0 if there is no transaction enabled --=20 2.19.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 27 13:52:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1553785720996180.0446661623331; Thu, 28 Mar 2019 08:08:40 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 79003307B4A4; Thu, 28 Mar 2019 15:08:38 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4645F1838C; Thu, 28 Mar 2019 15:08:38 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 0237C180338C; Thu, 28 Mar 2019 15:08:38 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x2SF4gMY027933 for ; Thu, 28 Mar 2019 11:04:42 -0400 Received: by smtp.corp.redhat.com (Postfix) id 6D03A18A83; Thu, 28 Mar 2019 15:04:42 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id E986B600C4 for ; Thu, 28 Mar 2019 15:04:41 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 28 Mar 2019 16:04:20 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH for v5.3.0 08/17] security_dac: Allow caller to suppress owner remembering X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Thu, 28 Mar 2019 15:08:39 +0000 (UTC) Content-Type: text/plain; charset="utf-8" One caller in particular (virSecurityDACSetImageLabelInternal) will want to have the feature turned on only in some cases. Introduce @remember member to _virSecurityDACChownItem to track whether caller wants to do owner remembering or not. The actual remembering is then enabled if both caller wanted it and the feature is turned on in the config file. Technically, we could skip over paths that don't have remember enabled when creating a list of paths to lock. We won't touch their XATTRs after all. Well, I rather play it safe and keep them on the locking list for now. Signed-off-by: Michal Privoznik Reviewed-by: Cole Robinson --- src/security/security_dac.c | 63 ++++++++++++++++++++++--------------- 1 file changed, 37 insertions(+), 26 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 03c7f8363b..e47f0343e7 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -79,6 +79,7 @@ struct _virSecurityDACChownItem { const virStorageSource *src; uid_t uid; gid_t gid; + bool remember; /* Whether owner remembering should be done for @path/@= src */ bool restore; /* Whether current operation is set or restore */ }; =20 @@ -100,6 +101,7 @@ virSecurityDACChownListAppend(virSecurityDACChownListPt= r list, const virStorageSource *src, uid_t uid, gid_t gid, + bool remember, bool restore) { int ret =3D -1; @@ -116,6 +118,7 @@ virSecurityDACChownListAppend(virSecurityDACChownListPt= r list, item->src =3D src; item->uid =3D uid; item->gid =3D gid; + item->remember =3D remember; item->restore =3D restore; =20 if (VIR_APPEND_ELEMENT(list->items, list->nItems, item) < 0) @@ -155,9 +158,12 @@ virSecurityDACChownListFree(void *opaque) * @src: disk source to chown * @uid: user ID * @gid: group ID + * @remember: if the original owner should be recorded/recalled * @restore: if current operation is set or restore * * Appends an entry onto transaction list. + * The @remember should be true if caller wishes to record/recall + * the original owner of @path/@src. * The @restore should be true if the operation is restoring * seclabel and false otherwise. * @@ -170,13 +176,15 @@ virSecurityDACTransactionAppend(const char *path, const virStorageSource *src, uid_t uid, gid_t gid, + bool remember, bool restore) { virSecurityDACChownListPtr list =3D virThreadLocalGet(&chownList); if (!list) return 0; =20 - if (virSecurityDACChownListAppend(list, path, src, uid, gid, restore) = < 0) + if (virSecurityDACChownListAppend(list, path, src, + uid, gid, remember, restore) < 0) return -1; =20 return 1; @@ -235,6 +243,7 @@ virSecurityDACTransactionRun(pid_t pid ATTRIBUTE_UNUSED, =20 for (i =3D 0; i < list->nItems; i++) { virSecurityDACChownItemPtr item =3D list->items[i]; + const bool remember =3D item->remember && list->lock; =20 if (!item->restore) { rv =3D virSecurityDACSetOwnership(list->manager, @@ -242,12 +251,12 @@ virSecurityDACTransactionRun(pid_t pid ATTRIBUTE_UNUS= ED, item->path, item->uid, item->gid, - list->lock); + remember); } else { rv =3D virSecurityDACRestoreFileLabelInternal(list->manager, item->src, item->path, - list->lock); + remember); } =20 if (rv < 0) @@ -256,12 +265,13 @@ virSecurityDACTransactionRun(pid_t pid ATTRIBUTE_UNUS= ED, =20 for (; rv < 0 && i > 0; i--) { virSecurityDACChownItemPtr item =3D list->items[i - 1]; + const bool remember =3D item->remember && list->lock; =20 if (!item->restore) { virSecurityDACRestoreFileLabelInternal(list->manager, item->src, item->path, - list->lock); + remember); } else { VIR_WARN("Ignoring failed restore attempt on %s", NULLSTR(item->src ? item->src->path : item->path)); @@ -752,7 +762,8 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr, /* Be aware that this function might run in a separate process. * Therefore, any driver state changes would be thrown away. */ =20 - if ((rc =3D virSecurityDACTransactionAppend(path, src, uid, gid, false= )) < 0) + if ((rc =3D virSecurityDACTransactionAppend(path, src, + uid, gid, remember, false)) = < 0) return -1; else if (rc > 0) return 0; @@ -826,7 +837,7 @@ virSecurityDACRestoreFileLabelInternal(virSecurityManag= erPtr mgr, /* Be aware that this function might run in a separate process. * Therefore, any driver state changes would be thrown away. */ =20 - if ((rv =3D virSecurityDACTransactionAppend(path, src, uid, gid, true)= ) < 0) + if ((rv =3D virSecurityDACTransactionAppend(path, src, uid, gid, recal= l, true)) < 0) return -1; else if (rv > 0) return 0; @@ -853,7 +864,7 @@ static int virSecurityDACRestoreFileLabel(virSecurityManagerPtr mgr, const char *path) { - return virSecurityDACRestoreFileLabelInternal(mgr, NULL, path, false); + return virSecurityDACRestoreFileLabelInternal(mgr, NULL, path, true); } =20 =20 @@ -900,7 +911,7 @@ virSecurityDACSetImageLabelInternal(virSecurityManagerP= tr mgr, return -1; } =20 - return virSecurityDACSetOwnership(mgr, src, NULL, user, group, false); + return virSecurityDACSetOwnership(mgr, src, NULL, user, group, true); } =20 =20 @@ -967,7 +978,7 @@ virSecurityDACRestoreImageLabelInt(virSecurityManagerPt= r mgr, } } =20 - return virSecurityDACRestoreFileLabelInternal(mgr, src, NULL, false); + return virSecurityDACRestoreFileLabelInternal(mgr, src, NULL, true); } =20 =20 @@ -995,7 +1006,7 @@ virSecurityDACSetHostdevLabelHelper(const char *file, if (virSecurityDACGetIds(secdef, priv, &user, &group, NULL, NULL) < 0) return -1; =20 - return virSecurityDACSetOwnership(mgr, NULL, file, user, group, false); + return virSecurityDACSetOwnership(mgr, NULL, file, user, group, true); } =20 =20 @@ -1371,7 +1382,7 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr m= gr, case VIR_DOMAIN_CHR_TYPE_FILE: ret =3D virSecurityDACSetOwnership(mgr, NULL, dev_source->data.file.path, - user, group, false); + user, group, true); break; =20 case VIR_DOMAIN_CHR_TYPE_PIPE: @@ -1379,12 +1390,12 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr= mgr, virAsprintf(&out, "%s.out", dev_source->data.file.path) < 0) goto done; if (virFileExists(in) && virFileExists(out)) { - if (virSecurityDACSetOwnership(mgr, NULL, in, user, group, fal= se) < 0 || - virSecurityDACSetOwnership(mgr, NULL, out, user, group, fa= lse) < 0) + if (virSecurityDACSetOwnership(mgr, NULL, in, user, group, tru= e) < 0 || + virSecurityDACSetOwnership(mgr, NULL, out, user, group, tr= ue) < 0) goto done; } else if (virSecurityDACSetOwnership(mgr, NULL, dev_source->data.file.path, - user, group, false) < 0) { + user, group, true) < 0) { goto done; } ret =3D 0; @@ -1399,7 +1410,7 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr m= gr, * and passed via FD */ if (virSecurityDACSetOwnership(mgr, NULL, dev_source->data.nix.path, - user, group, false) < 0) + user, group, true) < 0) goto done; } ret =3D 0; @@ -1582,7 +1593,7 @@ virSecurityDACSetGraphicsLabel(virSecurityManagerPtr = mgr, if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < = 0) return -1; =20 - if (virSecurityDACSetOwnership(mgr, NULL, rendernode, user, group, fal= se) < 0) + if (virSecurityDACSetOwnership(mgr, NULL, rendernode, user, group, tru= e) < 0) return -1; =20 return 0; @@ -1625,7 +1636,7 @@ virSecurityDACSetInputLabel(virSecurityManagerPtr mgr, =20 ret =3D virSecurityDACSetOwnership(mgr, NULL, input->source.evdev, - user, group, false); + user, group, true); break; =20 case VIR_DOMAIN_INPUT_TYPE_MOUSE: @@ -1830,7 +1841,7 @@ virSecurityDACSetMemoryLabel(virSecurityManagerPtr mg= r, =20 ret =3D virSecurityDACSetOwnership(mgr, NULL, mem->nvdimmPath, - user, group, false); + user, group, true); break; =20 case VIR_DOMAIN_MEMORY_MODEL_DIMM: @@ -1867,7 +1878,7 @@ virSecurityDACSetSEVLabel(virSecurityManagerPtr mgr, return -1; =20 if (virSecurityDACSetOwnership(mgr, NULL, DEV_SEV, - user, group, false) < 0) + user, group, true) < 0) return -1; =20 return 0; @@ -1954,31 +1965,31 @@ virSecurityDACSetAllLabel(virSecurityManagerPtr mgr, if (def->os.loader && def->os.loader->nvram && virSecurityDACSetOwnership(mgr, NULL, def->os.loader->nvram, - user, group, false) < 0) + user, group, true) < 0) return -1; =20 if (def->os.kernel && virSecurityDACSetOwnership(mgr, NULL, def->os.kernel, - user, group, false) < 0) + user, group, true) < 0) return -1; =20 if (def->os.initrd && virSecurityDACSetOwnership(mgr, NULL, def->os.initrd, - user, group, false) < 0) + user, group, true) < 0) return -1; =20 if (def->os.dtb && virSecurityDACSetOwnership(mgr, NULL, def->os.dtb, - user, group, false) < 0) + user, group, true) < 0) return -1; =20 if (def->os.slic_table && virSecurityDACSetOwnership(mgr, NULL, def->os.slic_table, - user, group, false) < 0) + user, group, true) < 0) return -1; =20 return 0; @@ -2000,7 +2011,7 @@ virSecurityDACSetSavedStateLabel(virSecurityManagerPt= r mgr, if (virSecurityDACGetImageIds(secdef, priv, &user, &group) < 0) return -1; =20 - return virSecurityDACSetOwnership(mgr, NULL, savefile, user, group, fa= lse); + return virSecurityDACSetOwnership(mgr, NULL, savefile, user, group, tr= ue); } =20 =20 @@ -2320,7 +2331,7 @@ virSecurityDACDomainSetPathLabel(virSecurityManagerPt= r mgr, if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < = 0) return -1; =20 - return virSecurityDACSetOwnership(mgr, NULL, path, user, group, false); + return virSecurityDACSetOwnership(mgr, NULL, path, user, group, true); } =20 virSecurityDriver virSecurityDriverDAC =3D { --=20 2.19.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 27 13:52:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1553785726728377.4261216393754; Thu, 28 Mar 2019 08:08:46 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9F881C05242C; Thu, 28 Mar 2019 15:08:45 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7492261497; Thu, 28 Mar 2019 15:08:45 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3D8203FB30; Thu, 28 Mar 2019 15:08:45 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x2SF4h5B027938 for ; Thu, 28 Mar 2019 11:04:43 -0400 Received: by smtp.corp.redhat.com (Postfix) id 652EA18A83; Thu, 28 Mar 2019 15:04:43 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id BA8F0600C4 for ; Thu, 28 Mar 2019 15:04:42 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 28 Mar 2019 16:04:21 +0100 Message-Id: <92bc330f99b3b0954105635b997285486e7fd475.1553785388.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH for v5.3.0 09/17] security_selinux: Allow caller to suppress owner remembering X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Thu, 28 Mar 2019 15:08:46 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Just like previous commit allowed to enable or disable owner remembering for each individual path, do the same for SELinux driver. This is going to be needed in the next commit. Signed-off-by: Michal Privoznik Reviewed-by: Cole Robinson --- src/security/security_selinux.c | 163 ++++++++++++++++++-------------- 1 file changed, 94 insertions(+), 69 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 3cb7e1b3bc..e696311b09 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -82,6 +82,7 @@ struct _virSecuritySELinuxContextItem { char *path; char *tcon; bool optional; + bool remember; /* Whether owner remembering should be done for @path/@= src */ bool restore; /* Whether current operation is set or restore */ }; =20 @@ -122,6 +123,7 @@ virSecuritySELinuxContextListAppend(virSecuritySELinuxC= ontextListPtr list, const char *path, const char *tcon, bool optional, + bool remember, bool restore) { int ret =3D -1; @@ -134,6 +136,7 @@ virSecuritySELinuxContextListAppend(virSecuritySELinuxC= ontextListPtr list, goto cleanup; =20 item->optional =3D optional; + item->remember =3D remember; item->restore =3D restore; =20 if (VIR_APPEND_ELEMENT(list->items, list->nItems, item) < 0) @@ -168,9 +171,12 @@ virSecuritySELinuxContextListFree(void *opaque) * @path: Path to chown * @tcon: target context * @optional: true if setting @tcon is optional + * @remember: if the original owner should be recorded/recalled * @restore: if current operation is set or restore * * Appends an entry onto transaction list. + * The @remember should be true if caller wishes to record/recall + * the original owner of @path/@src. * The @restore should be true if the operation is restoring * seclabel and false otherwise. * @@ -182,6 +188,7 @@ static int virSecuritySELinuxTransactionAppend(const char *path, const char *tcon, bool optional, + bool remember, bool restore) { virSecuritySELinuxContextListPtr list; @@ -190,7 +197,8 @@ virSecuritySELinuxTransactionAppend(const char *path, if (!list) return 0; =20 - if (virSecuritySELinuxContextListAppend(list, path, tcon, optional, re= store) < 0) + if (virSecuritySELinuxContextListAppend(list, path, tcon, + optional, remember, restore) <= 0) return -1; =20 return 1; @@ -276,17 +284,18 @@ virSecuritySELinuxTransactionRun(pid_t pid ATTRIBUTE_= UNUSED, rv =3D 0; for (i =3D 0; i < list->nItems; i++) { virSecuritySELinuxContextItemPtr item =3D list->items[i]; + const bool remember =3D item->remember && list->lock; =20 if (!item->restore) { rv =3D virSecuritySELinuxSetFileconHelper(list->manager, item->path, item->tcon, item->optional, - list->lock); + remember); } else { rv =3D virSecuritySELinuxRestoreFileLabel(list->manager, item->path, - list->lock); + remember); } =20 if (rv < 0) @@ -295,11 +304,12 @@ virSecuritySELinuxTransactionRun(pid_t pid ATTRIBUTE_= UNUSED, =20 for (; rv < 0 && i > 0; i--) { virSecuritySELinuxContextItemPtr item =3D list->items[i - 1]; + const bool remember =3D item->remember && list->lock; =20 if (!item->restore) { virSecuritySELinuxRestoreFileLabel(list->manager, item->path, - list->lock); + remember); } else { VIR_WARN("Ignoring failed restore attempt on %s", item->path); } @@ -1326,7 +1336,8 @@ virSecuritySELinuxSetFileconHelper(virSecurityManager= Ptr mgr, int rc; int ret =3D -1; =20 - if ((rc =3D virSecuritySELinuxTransactionAppend(path, tcon, optional, = false)) < 0) + if ((rc =3D virSecuritySELinuxTransactionAppend(path, tcon, + optional, remember, fals= e)) < 0) return -1; else if (rc > 0) return 0; @@ -1389,16 +1400,20 @@ virSecuritySELinuxSetFileconHelper(virSecurityManag= erPtr mgr, =20 static int virSecuritySELinuxSetFileconOptional(virSecurityManagerPtr mgr, - const char *path, const char *tcon) + const char *path, + const char *tcon, + bool remember) { - return virSecuritySELinuxSetFileconHelper(mgr, path, tcon, true, false= ); + return virSecuritySELinuxSetFileconHelper(mgr, path, tcon, true, remem= ber); } =20 static int virSecuritySELinuxSetFilecon(virSecurityManagerPtr mgr, - const char *path, const char *tcon) + const char *path, + const char *tcon, + bool remember) { - return virSecuritySELinuxSetFileconHelper(mgr, path, tcon, false, fals= e); + return virSecuritySELinuxSetFileconHelper(mgr, path, tcon, false, reme= mber); } =20 static int @@ -1484,7 +1499,8 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManager= Ptr mgr, goto cleanup; } =20 - if ((rc =3D virSecuritySELinuxTransactionAppend(path, NULL, false, tru= e)) < 0) { + if ((rc =3D virSecuritySELinuxTransactionAppend(path, NULL, + false, recall, true)) < = 0) { goto cleanup; } else if (rc > 0) { ret =3D 0; @@ -1545,7 +1561,7 @@ virSecuritySELinuxSetInputLabel(virSecurityManagerPtr= mgr, switch ((virDomainInputType)input->type) { case VIR_DOMAIN_INPUT_TYPE_PASSTHROUGH: if (virSecuritySELinuxSetFilecon(mgr, input->source.evdev, - seclabel->imagelabel) < 0) + seclabel->imagelabel, true) < 0) return -1; break; =20 @@ -1574,7 +1590,7 @@ virSecuritySELinuxRestoreInputLabel(virSecurityManage= rPtr mgr, =20 switch ((virDomainInputType)input->type) { case VIR_DOMAIN_INPUT_TYPE_PASSTHROUGH: - rc =3D virSecuritySELinuxRestoreFileLabel(mgr, input->source.evdev= , false); + rc =3D virSecuritySELinuxRestoreFileLabel(mgr, input->source.evdev= , true); break; =20 case VIR_DOMAIN_INPUT_TYPE_MOUSE: @@ -1602,7 +1618,7 @@ virSecuritySELinuxSetMemoryLabel(virSecurityManagerPt= r mgr, return 0; =20 if (virSecuritySELinuxSetFilecon(mgr, mem->nvdimmPath, - seclabel->imagelabel) < 0) + seclabel->imagelabel, true) < 0) return -1; break; =20 @@ -1630,7 +1646,7 @@ virSecuritySELinuxRestoreMemoryLabel(virSecurityManag= erPtr mgr, if (!seclabel || !seclabel->relabel) return 0; =20 - ret =3D virSecuritySELinuxRestoreFileLabel(mgr, mem->nvdimmPath, f= alse); + ret =3D virSecuritySELinuxRestoreFileLabel(mgr, mem->nvdimmPath, t= rue); break; =20 case VIR_DOMAIN_MEMORY_MODEL_DIMM: @@ -1661,14 +1677,14 @@ virSecuritySELinuxSetTPMFileLabel(virSecurityManage= rPtr mgr, switch (tpm->type) { case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: tpmdev =3D tpm->data.passthrough.source.data.file.path; - rc =3D virSecuritySELinuxSetFilecon(mgr, tpmdev, seclabel->imagela= bel); + rc =3D virSecuritySELinuxSetFilecon(mgr, tpmdev, seclabel->imagela= bel, true); if (rc < 0) return -1; =20 if ((cancel_path =3D virTPMCreateCancelPath(tpmdev)) !=3D NULL) { rc =3D virSecuritySELinuxSetFilecon(mgr, cancel_path, - seclabel->imagelabel); + seclabel->imagelabel, true); VIR_FREE(cancel_path); if (rc < 0) { virSecuritySELinuxRestoreTPMFileLabelInt(mgr, def, tpm); @@ -1680,7 +1696,7 @@ virSecuritySELinuxSetTPMFileLabel(virSecurityManagerP= tr mgr, break; case VIR_DOMAIN_TPM_TYPE_EMULATOR: tpmdev =3D tpm->data.emulator.source.data.nix.path; - rc =3D virSecuritySELinuxSetFilecon(mgr, tpmdev, seclabel->imagela= bel); + rc =3D virSecuritySELinuxSetFilecon(mgr, tpmdev, seclabel->imagela= bel, true); if (rc < 0) return -1; break; @@ -1709,10 +1725,10 @@ virSecuritySELinuxRestoreTPMFileLabelInt(virSecurit= yManagerPtr mgr, switch (tpm->type) { case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: tpmdev =3D tpm->data.passthrough.source.data.file.path; - rc =3D virSecuritySELinuxRestoreFileLabel(mgr, tpmdev, false); + rc =3D virSecuritySELinuxRestoreFileLabel(mgr, tpmdev, true); =20 if ((cancel_path =3D virTPMCreateCancelPath(tpmdev)) !=3D NULL) { - if (virSecuritySELinuxRestoreFileLabel(mgr, cancel_path, false= ) < 0) + if (virSecuritySELinuxRestoreFileLabel(mgr, cancel_path, true)= < 0) rc =3D -1; VIR_FREE(cancel_path); } @@ -1779,7 +1795,7 @@ virSecuritySELinuxRestoreImageLabelInt(virSecurityMan= agerPtr mgr, } } =20 - return virSecuritySELinuxRestoreFileLabel(mgr, src->path, false); + return virSecuritySELinuxRestoreFileLabel(mgr, src->path, true); } =20 =20 @@ -1822,32 +1838,38 @@ virSecuritySELinuxSetImageLabelInternal(virSecurity= ManagerPtr mgr, if (!disk_seclabel->relabel) return 0; =20 - ret =3D virSecuritySELinuxSetFilecon(mgr, src->path, disk_seclabel= ->label); + ret =3D virSecuritySELinuxSetFilecon(mgr, src->path, + disk_seclabel->label, true); } else if (parent_seclabel && (!parent_seclabel->relabel || parent_sec= label->label)) { if (!parent_seclabel->relabel) return 0; =20 - ret =3D virSecuritySELinuxSetFilecon(mgr, src->path, parent_seclab= el->label); + ret =3D virSecuritySELinuxSetFilecon(mgr, src->path, + parent_seclabel->label, true); } else if (!parent || parent =3D=3D src) { if (src->shared) { ret =3D virSecuritySELinuxSetFileconOptional(mgr, src->path, - data->file_context); + data->file_context, + true); } else if (src->readonly) { ret =3D virSecuritySELinuxSetFileconOptional(mgr, src->path, - data->content_conte= xt); + data->content_conte= xt, + true); } else if (secdef->imagelabel) { ret =3D virSecuritySELinuxSetFileconOptional(mgr, src->path, - secdef->imagelabel); + secdef->imagelabel, + true); } else { ret =3D 0; } } else { ret =3D virSecuritySELinuxSetFileconOptional(mgr, src->path, - data->content_context); + data->content_context, + true); } =20 if (ret =3D=3D 1 && !disk_seclabel) { @@ -1900,7 +1922,7 @@ virSecuritySELinuxSetHostdevLabelHelper(const char *f= ile, void *opaque) secdef =3D virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); if (secdef =3D=3D NULL) return 0; - return virSecuritySELinuxSetFilecon(mgr, file, secdef->imagelabel); + return virSecuritySELinuxSetFilecon(mgr, file, secdef->imagelabel, tru= e); } =20 static int @@ -1932,13 +1954,13 @@ virSecuritySELinuxSetSCSILabel(virSCSIDevicePtr dev, =20 if (virSCSIDeviceGetShareable(dev)) return virSecuritySELinuxSetFileconOptional(mgr, file, - data->file_context); + data->file_context, tr= ue); else if (virSCSIDeviceGetReadonly(dev)) return virSecuritySELinuxSetFileconOptional(mgr, file, - data->content_context); + data->content_context,= true); else return virSecuritySELinuxSetFileconOptional(mgr, file, - secdef->imagelabel); + secdef->imagelabel, tr= ue); } =20 static int @@ -2093,7 +2115,7 @@ virSecuritySELinuxSetHostdevCapsLabel(virSecurityMana= gerPtr mgr, if (VIR_STRDUP(path, dev->source.caps.u.storage.block) < 0) return -1; } - ret =3D virSecuritySELinuxSetFilecon(mgr, path, secdef->imagelabel= ); + ret =3D virSecuritySELinuxSetFilecon(mgr, path, secdef->imagelabel= , true); VIR_FREE(path); break; } @@ -2107,7 +2129,7 @@ virSecuritySELinuxSetHostdevCapsLabel(virSecurityMana= gerPtr mgr, if (VIR_STRDUP(path, dev->source.caps.u.misc.chardev) < 0) return -1; } - ret =3D virSecuritySELinuxSetFilecon(mgr, path, secdef->imagelabel= ); + ret =3D virSecuritySELinuxSetFilecon(mgr, path, secdef->imagelabel= , true); VIR_FREE(path); break; } @@ -2153,7 +2175,7 @@ virSecuritySELinuxRestorePCILabel(virPCIDevicePtr dev= ATTRIBUTE_UNUSED, { virSecurityManagerPtr mgr =3D opaque; =20 - return virSecuritySELinuxRestoreFileLabel(mgr, file, false); + return virSecuritySELinuxRestoreFileLabel(mgr, file, true); } =20 static int @@ -2163,7 +2185,7 @@ virSecuritySELinuxRestoreUSBLabel(virUSBDevicePtr dev= ATTRIBUTE_UNUSED, { virSecurityManagerPtr mgr =3D opaque; =20 - return virSecuritySELinuxRestoreFileLabel(mgr, file, false); + return virSecuritySELinuxRestoreFileLabel(mgr, file, true); } =20 =20 @@ -2180,7 +2202,7 @@ virSecuritySELinuxRestoreSCSILabel(virSCSIDevicePtr d= ev, if (virSCSIDeviceGetShareable(dev) || virSCSIDeviceGetReadonly(dev)) return 0; =20 - return virSecuritySELinuxRestoreFileLabel(mgr, file, false); + return virSecuritySELinuxRestoreFileLabel(mgr, file, true); } =20 static int @@ -2190,7 +2212,7 @@ virSecuritySELinuxRestoreHostLabel(virSCSIVHostDevice= Ptr dev ATTRIBUTE_UNUSED, { virSecurityManagerPtr mgr =3D opaque; =20 - return virSecuritySELinuxRestoreFileLabel(mgr, file, false); + return virSecuritySELinuxRestoreFileLabel(mgr, file, true); } =20 =20 @@ -2294,7 +2316,7 @@ virSecuritySELinuxRestoreHostdevSubsysLabel(virSecuri= tyManagerPtr mgr, if (!(vfiodev =3D virMediatedDeviceGetIOMMUGroupDev(mdevsrc->uuids= tr))) goto done; =20 - ret =3D virSecuritySELinuxRestoreFileLabel(mgr, vfiodev, false); + ret =3D virSecuritySELinuxRestoreFileLabel(mgr, vfiodev, true); =20 VIR_FREE(vfiodev); break; @@ -2328,7 +2350,7 @@ virSecuritySELinuxRestoreHostdevCapsLabel(virSecurity= ManagerPtr mgr, if (VIR_STRDUP(path, dev->source.caps.u.storage.block) < 0) return -1; } - ret =3D virSecuritySELinuxRestoreFileLabel(mgr, path, false); + ret =3D virSecuritySELinuxRestoreFileLabel(mgr, path, true); VIR_FREE(path); break; } @@ -2342,7 +2364,7 @@ virSecuritySELinuxRestoreHostdevCapsLabel(virSecurity= ManagerPtr mgr, if (VIR_STRDUP(path, dev->source.caps.u.misc.chardev) < 0) return -1; } - ret =3D virSecuritySELinuxRestoreFileLabel(mgr, path, false); + ret =3D virSecuritySELinuxRestoreFileLabel(mgr, path, true); VIR_FREE(path); break; } @@ -2420,14 +2442,16 @@ virSecuritySELinuxSetChardevLabel(virSecurityManage= rPtr mgr, case VIR_DOMAIN_CHR_TYPE_FILE: ret =3D virSecuritySELinuxSetFilecon(mgr, dev_source->data.file.path, - imagelabel); + imagelabel, + true); break; =20 case VIR_DOMAIN_CHR_TYPE_UNIX: if (!dev_source->data.nix.listen) { if (virSecuritySELinuxSetFilecon(mgr, dev_source->data.nix.path, - imagelabel) < 0) + imagelabel, + true) < 0) goto done; } ret =3D 0; @@ -2438,13 +2462,14 @@ virSecuritySELinuxSetChardevLabel(virSecurityManage= rPtr mgr, (virAsprintf(&out, "%s.out", dev_source->data.file.path) < 0)) goto done; if (virFileExists(in) && virFileExists(out)) { - if ((virSecuritySELinuxSetFilecon(mgr, in, imagelabel) < 0) || - (virSecuritySELinuxSetFilecon(mgr, out, imagelabel) < 0)) { + if ((virSecuritySELinuxSetFilecon(mgr, in, imagelabel, true) <= 0) || + (virSecuritySELinuxSetFilecon(mgr, out, imagelabel, true) = < 0)) { goto done; } } else if (virSecuritySELinuxSetFilecon(mgr, dev_source->data.file.path, - imagelabel) < 0) { + imagelabel, + true) < 0) { goto done; } ret =3D 0; @@ -2492,7 +2517,7 @@ virSecuritySELinuxRestoreChardevLabel(virSecurityMana= gerPtr mgr, case VIR_DOMAIN_CHR_TYPE_FILE: if (virSecuritySELinuxRestoreFileLabel(mgr, dev_source->data.file.path, - false) < 0) + true) < 0) goto done; ret =3D 0; break; @@ -2501,7 +2526,7 @@ virSecuritySELinuxRestoreChardevLabel(virSecurityMana= gerPtr mgr, if (!dev_source->data.nix.listen) { if (virSecuritySELinuxRestoreFileLabel(mgr, dev_source->data.file.p= ath, - false) < 0) + true) < 0) goto done; } ret =3D 0; @@ -2512,13 +2537,13 @@ virSecuritySELinuxRestoreChardevLabel(virSecurityMa= nagerPtr mgr, (virAsprintf(&in, "%s.in", dev_source->data.file.path) < 0)) goto done; if (virFileExists(in) && virFileExists(out)) { - if ((virSecuritySELinuxRestoreFileLabel(mgr, out, false) < 0) = || - (virSecuritySELinuxRestoreFileLabel(mgr, in, false) < 0)) { + if ((virSecuritySELinuxRestoreFileLabel(mgr, out, true) < 0) || + (virSecuritySELinuxRestoreFileLabel(mgr, in, true) < 0)) { goto done; } } else if (virSecuritySELinuxRestoreFileLabel(mgr, dev_source->data.fil= e.path, - false) < 0) { + true) < 0) { goto done; } ret =3D 0; @@ -2570,7 +2595,7 @@ virSecuritySELinuxRestoreSecuritySmartcardCallback(vi= rDomainDefPtr def, database =3D dev->data.cert.database; if (!database) database =3D VIR_DOMAIN_SMARTCARD_DEFAULT_DATABASE; - return virSecuritySELinuxRestoreFileLabel(mgr, database, false); + return virSecuritySELinuxRestoreFileLabel(mgr, database, true); =20 case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH: return virSecuritySELinuxRestoreChardevLabel(mgr, def, @@ -2665,23 +2690,23 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManage= rPtr mgr, rc =3D -1; =20 if (def->os.loader && def->os.loader->nvram && - virSecuritySELinuxRestoreFileLabel(mgr, def->os.loader->nvram, fal= se) < 0) + virSecuritySELinuxRestoreFileLabel(mgr, def->os.loader->nvram, tru= e) < 0) rc =3D -1; =20 if (def->os.kernel && - virSecuritySELinuxRestoreFileLabel(mgr, def->os.kernel, false) < 0) + virSecuritySELinuxRestoreFileLabel(mgr, def->os.kernel, true) < 0) rc =3D -1; =20 if (def->os.initrd && - virSecuritySELinuxRestoreFileLabel(mgr, def->os.initrd, false) < 0) + virSecuritySELinuxRestoreFileLabel(mgr, def->os.initrd, true) < 0) rc =3D -1; =20 if (def->os.dtb && - virSecuritySELinuxRestoreFileLabel(mgr, def->os.dtb, false) < 0) + virSecuritySELinuxRestoreFileLabel(mgr, def->os.dtb, true) < 0) rc =3D -1; =20 if (def->os.slic_table && - virSecuritySELinuxRestoreFileLabel(mgr, def->os.slic_table, false)= < 0) + virSecuritySELinuxRestoreFileLabel(mgr, def->os.slic_table, true) = < 0) rc =3D -1; =20 return rc; @@ -2726,7 +2751,7 @@ virSecuritySELinuxSetSavedStateLabel(virSecurityManag= erPtr mgr, if (!secdef || !secdef->relabel) return 0; =20 - return virSecuritySELinuxSetFilecon(mgr, savefile, secdef->imagelabel); + return virSecuritySELinuxSetFilecon(mgr, savefile, secdef->imagelabel,= true); } =20 =20 @@ -2741,7 +2766,7 @@ virSecuritySELinuxRestoreSavedStateLabel(virSecurityM= anagerPtr mgr, if (!secdef || !secdef->relabel) return 0; =20 - return virSecuritySELinuxRestoreFileLabel(mgr, savefile, false); + return virSecuritySELinuxRestoreFileLabel(mgr, savefile, true); } =20 =20 @@ -2984,7 +3009,7 @@ virSecuritySELinuxSetSecuritySmartcardCallback(virDom= ainDefPtr def, database =3D dev->data.cert.database; if (!database) database =3D VIR_DOMAIN_SMARTCARD_DEFAULT_DATABASE; - return virSecuritySELinuxSetFilecon(mgr, database, data->content_c= ontext); + return virSecuritySELinuxSetFilecon(mgr, database, data->content_c= ontext, true); =20 case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH: return virSecuritySELinuxSetChardevLabel(mgr, def, @@ -3075,32 +3100,32 @@ virSecuritySELinuxSetAllLabel(virSecurityManagerPtr= mgr, if (def->os.loader && def->os.loader->nvram && secdef && secdef->imagelabel && virSecuritySELinuxSetFilecon(mgr, def->os.loader->nvram, - secdef->imagelabel) < 0) + secdef->imagelabel, true) < 0) return -1; =20 if (def->os.kernel && virSecuritySELinuxSetFilecon(mgr, def->os.kernel, - data->content_context) < 0) + data->content_context, true) < 0) return -1; =20 if (def->os.initrd && virSecuritySELinuxSetFilecon(mgr, def->os.initrd, - data->content_context) < 0) + data->content_context, true) < 0) return -1; =20 if (def->os.dtb && virSecuritySELinuxSetFilecon(mgr, def->os.dtb, - data->content_context) < 0) + data->content_context, true) < 0) return -1; =20 if (def->os.slic_table && virSecuritySELinuxSetFilecon(mgr, def->os.slic_table, - data->content_context) < 0) + data->content_context, true) < 0) return -1; =20 if (stdin_path && virSecuritySELinuxSetFilecon(mgr, stdin_path, - data->content_context) < 0) + data->content_context, true) < 0) return -1; =20 return 0; @@ -3259,7 +3284,7 @@ virSecuritySELinuxDomainSetPathLabel(virSecurityManag= erPtr mgr, if (!seclabel || !seclabel->relabel) return 0; =20 - return virSecuritySELinuxSetFilecon(mgr, path, seclabel->imagelabel); + return virSecuritySELinuxSetFilecon(mgr, path, seclabel->imagelabel, t= rue); } =20 =20 @@ -3284,7 +3309,7 @@ virSecuritySELinuxSetFileLabels(virSecurityManagerPtr= mgr, char *filename =3D NULL; DIR *dir; =20 - if ((ret =3D virSecuritySELinuxSetFilecon(mgr, path, seclabel->imagela= bel))) + if ((ret =3D virSecuritySELinuxSetFilecon(mgr, path, seclabel->imagela= bel, true))) return ret; =20 if (!virFileIsDir(path)) @@ -3302,7 +3327,7 @@ virSecuritySELinuxSetFileLabels(virSecurityManagerPtr= mgr, break; } ret =3D virSecuritySELinuxSetFilecon(mgr, filename, - seclabel->imagelabel); + seclabel->imagelabel, true); VIR_FREE(filename); if (ret < 0) break; @@ -3336,7 +3361,7 @@ virSecuritySELinuxRestoreFileLabels(virSecurityManage= rPtr mgr, char *filename =3D NULL; DIR *dir; =20 - if ((ret =3D virSecuritySELinuxRestoreFileLabel(mgr, path, false))) + if ((ret =3D virSecuritySELinuxRestoreFileLabel(mgr, path, true))) return ret; =20 if (!virFileIsDir(path)) @@ -3353,7 +3378,7 @@ virSecuritySELinuxRestoreFileLabels(virSecurityManage= rPtr mgr, ret =3D -1; break; } - ret =3D virSecuritySELinuxRestoreFileLabel(mgr, filename, false); + ret =3D virSecuritySELinuxRestoreFileLabel(mgr, filename, true); VIR_FREE(filename); if (ret < 0) break; --=20 2.19.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 27 13:52:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1553785588242543.5021119771296; Thu, 28 Mar 2019 08:06:28 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id CFC0A7BF17; Thu, 28 Mar 2019 15:06:18 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A57DD437F; Thu, 28 Mar 2019 15:06:14 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 258BA3FB13; Thu, 28 Mar 2019 15:06:10 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x2SF4iXa027948 for ; Thu, 28 Mar 2019 11:04:44 -0400 Received: by smtp.corp.redhat.com (Postfix) id 3741B600C4; Thu, 28 Mar 2019 15:04:44 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id B22CF18A83 for ; Thu, 28 Mar 2019 15:04:43 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 28 Mar 2019 16:04:22 +0100 Message-Id: <7b6246efd4c945fa40f67e31a1a0d07398050292.1553785388.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH for v5.3.0 10/17] security: Remember owner only for top level image X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Thu, 28 Mar 2019 15:06:27 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Here is the problem: If all disks had XATTRs (i.e. domains using them were started with owner remembering turned on) then refcounting implemented in XATTRs would work nicely and we could set the whole backing chain and restore it later. But world is not that simple. As soon as there is one domain that was started with the feature turned off (or simply by older libvirt), the XATTR refounting does not reflect the actual number of uses by running domains and therefore any attempt to restore might cut off the old domain. There is no simple way around this. Except artificially turning the feature off for the rest of the backing chain. Signed-off-by: Michal Privoznik Reviewed-by: Cole Robinson --- src/security/security_dac.c | 3 ++- src/security/security_selinux.c | 13 +++++++------ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index e47f0343e7..91e91e378e 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -911,7 +911,8 @@ virSecurityDACSetImageLabelInternal(virSecurityManagerP= tr mgr, return -1; } =20 - return virSecurityDACSetOwnership(mgr, src, NULL, user, group, true); + /* Remember label only for the top level image. */ + return virSecurityDACSetOwnership(mgr, src, NULL, user, group, src =3D= =3D parent); } =20 =20 diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index e696311b09..10585e9f8c 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1819,6 +1819,7 @@ virSecuritySELinuxSetImageLabelInternal(virSecurityMa= nagerPtr mgr, virSecurityLabelDefPtr secdef; virSecurityDeviceLabelDefPtr disk_seclabel; virSecurityDeviceLabelDefPtr parent_seclabel =3D NULL; + const bool remember =3D src =3D=3D parent; int ret; =20 if (!src->path || !virStorageSourceIsLocalStorage(src)) @@ -1839,29 +1840,29 @@ virSecuritySELinuxSetImageLabelInternal(virSecurity= ManagerPtr mgr, return 0; =20 ret =3D virSecuritySELinuxSetFilecon(mgr, src->path, - disk_seclabel->label, true); + disk_seclabel->label, remember); } else if (parent_seclabel && (!parent_seclabel->relabel || parent_sec= label->label)) { if (!parent_seclabel->relabel) return 0; =20 ret =3D virSecuritySELinuxSetFilecon(mgr, src->path, - parent_seclabel->label, true); + parent_seclabel->label, remembe= r); } else if (!parent || parent =3D=3D src) { if (src->shared) { ret =3D virSecuritySELinuxSetFileconOptional(mgr, src->path, data->file_context, - true); + remember); } else if (src->readonly) { ret =3D virSecuritySELinuxSetFileconOptional(mgr, src->path, data->content_conte= xt, - true); + remember); } else if (secdef->imagelabel) { ret =3D virSecuritySELinuxSetFileconOptional(mgr, src->path, secdef->imagelabel, - true); + remember); } else { ret =3D 0; } @@ -1869,7 +1870,7 @@ virSecuritySELinuxSetImageLabelInternal(virSecurityMa= nagerPtr mgr, ret =3D virSecuritySELinuxSetFileconOptional(mgr, src->path, data->content_context, - true); + remember); } =20 if (ret =3D=3D 1 && !disk_seclabel) { --=20 2.19.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 27 13:52:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1553785675112520.2010289811869; Thu, 28 Mar 2019 08:07:55 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 598386DDC3; Thu, 28 Mar 2019 15:07:47 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3241E19C77; Thu, 28 Mar 2019 15:07:46 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id DFF9C181A00D; Thu, 28 Mar 2019 15:07:41 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x2SF4j7Q027959 for ; Thu, 28 Mar 2019 11:04:45 -0400 Received: by smtp.corp.redhat.com (Postfix) id 090B8600C4; Thu, 28 Mar 2019 15:04:45 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8425E83B05 for ; Thu, 28 Mar 2019 15:04:44 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 28 Mar 2019 16:04:23 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH for v5.3.0 11/17] security: Introduce virSecurityManagerMoveImageMetadata X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Thu, 28 Mar 2019 15:07:54 +0000 (UTC) Content-Type: text/plain; charset="utf-8" The purpose of this API is to allow caller move XATTRs (or remove them) from one file to another. This will be needed when moving top level of disk chain (either by introducing new HEAD or removing it). Signed-off-by: Michal Privoznik --- src/libvirt_private.syms | 1 + src/security/security_driver.h | 5 +++++ src/security/security_manager.c | 39 +++++++++++++++++++++++++++++++++ src/security/security_manager.h | 4 ++++ src/security/security_nop.c | 10 +++++++++ src/security/security_stack.c | 20 +++++++++++++++++ 6 files changed, 79 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 8792155312..7b2a876ad4 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1381,6 +1381,7 @@ virSecurityManagerGetModel; virSecurityManagerGetMountOptions; virSecurityManagerGetNested; virSecurityManagerGetProcessLabel; +virSecurityManagerMoveImageMetadata; virSecurityManagerNew; virSecurityManagerNewDAC; virSecurityManagerNewStack; diff --git a/src/security/security_driver.h b/src/security/security_driver.h index 36cf9da037..998fe9697c 100644 --- a/src/security/security_driver.h +++ b/src/security/security_driver.h @@ -120,6 +120,10 @@ typedef int (*virSecurityDomainRestoreImageLabel) (vir= SecurityManagerPtr mgr, virDomainDefPtr def, virStorageSourcePtr src, virSecurityDomainImageL= abelFlags flags); +typedef int (*virSecurityDomainMoveImageMetadata) (virSecurityManagerPtr m= gr, + pid_t pid, + virStorageSourcePtr src, + virStorageSourcePtr dst= ); typedef int (*virSecurityDomainSetMemoryLabel) (virSecurityManagerPtr mgr, virDomainDefPtr def, virDomainMemoryDefPtr mem); @@ -170,6 +174,7 @@ struct _virSecurityDriver { =20 virSecurityDomainSetImageLabel domainSetSecurityImageLabel; virSecurityDomainRestoreImageLabel domainRestoreSecurityImageLabel; + virSecurityDomainMoveImageMetadata domainMoveImageMetadata; =20 virSecurityDomainSetMemoryLabel domainSetSecurityMemoryLabel; virSecurityDomainRestoreMemoryLabel domainRestoreSecurityMemoryLabel; diff --git a/src/security/security_manager.c b/src/security/security_manage= r.c index 74ab0d0dd3..c205c3bf17 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -432,6 +432,45 @@ virSecurityManagerRestoreImageLabel(virSecurityManager= Ptr mgr, } =20 =20 +/** + * virSecurityManagerMoveImageMetadata: + * @mgr: security manager + * @pid: domain's PID + * @src: source of metadata + * @dst: destination to move metadata to + * + * For given source @src, metadata is moved to destination @dst. + * + * If @dst is NULL then metadata is removed from @src and not + * stored anywhere. + * + * If @pid is not -1 enther the @pid mount namespace (usually + * @pid refers to a domain) and perform the move from there. If + * @pid is -1 then the move is performed from the caller's + * namespace. + * + * Returns: 0 on success, + * -1 otherwise. + */ +int +virSecurityManagerMoveImageMetadata(virSecurityManagerPtr mgr, + pid_t pid, + virStorageSourcePtr src, + virStorageSourcePtr dst) +{ + if (mgr->drv->domainMoveImageMetadata) { + int ret; + virObjectLock(mgr); + ret =3D mgr->drv->domainMoveImageMetadata(mgr, pid, src, dst); + virObjectUnlock(mgr); + return ret; + } + + virReportUnsupportedError(); + return -1; +} + + int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm) diff --git a/src/security/security_manager.h b/src/security/security_manage= r.h index 7e174a33ee..33e79b2095 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -160,6 +160,10 @@ int virSecurityManagerRestoreImageLabel(virSecurityMan= agerPtr mgr, virDomainDefPtr vm, virStorageSourcePtr src, virSecurityDomainImageLabelFlags f= lags); +int virSecurityManagerMoveImageMetadata(virSecurityManagerPtr mgr, + pid_t pid, + virStorageSourcePtr src, + virStorageSourcePtr dst); =20 int virSecurityManagerSetMemoryLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, diff --git a/src/security/security_nop.c b/src/security/security_nop.c index 9b3263ad77..966b9d41a1 100644 --- a/src/security/security_nop.c +++ b/src/security/security_nop.c @@ -224,6 +224,15 @@ virSecurityDomainSetImageLabelNop(virSecurityManagerPt= r mgr ATTRIBUTE_UNUSED, return 0; } =20 +static int +virSecurityDomainMoveImageMetadataNop(virSecurityManagerPtr mgr ATTRIBUTE_= UNUSED, + pid_t pid ATTRIBUTE_UNUSED, + virStorageSourcePtr src ATTRIBUTE_UN= USED, + virStorageSourcePtr dst ATTRIBUTE_UN= USED) +{ + return 0; +} + static int virSecurityDomainSetMemoryLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNU= SED, virDomainDefPtr def ATTRIBUTE_UNUSED, @@ -280,6 +289,7 @@ virSecurityDriver virSecurityDriverNop =3D { =20 .domainSetSecurityImageLabel =3D virSecurityDomainSetImageLabel= Nop, .domainRestoreSecurityImageLabel =3D virSecurityDomainRestoreImageL= abelNop, + .domainMoveImageMetadata =3D virSecurityDomainMoveImageMeta= dataNop, =20 .domainSetSecurityMemoryLabel =3D virSecurityDomainSetMemoryLabe= lNop, .domainRestoreSecurityMemoryLabel =3D virSecurityDomainRestoreMemory= LabelNop, diff --git a/src/security/security_stack.c b/src/security/security_stack.c index eba918e257..d445c0773e 100644 --- a/src/security/security_stack.c +++ b/src/security/security_stack.c @@ -599,6 +599,25 @@ virSecurityStackRestoreImageLabel(virSecurityManagerPt= r mgr, return rc; } =20 +static int +virSecurityStackMoveImageMetadata(virSecurityManagerPtr mgr, + pid_t pid, + virStorageSourcePtr src, + virStorageSourcePtr dst) +{ + virSecurityStackDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); + virSecurityStackItemPtr item =3D priv->itemsHead; + int rc =3D 0; + + for (; item; item =3D item->next) { + if (virSecurityManagerMoveImageMetadata(item->securityManager, + pid, src, dst) < 0) + rc =3D -1; + } + + return rc; +} + static int virSecurityStackSetMemoryLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, @@ -785,6 +804,7 @@ virSecurityDriver virSecurityDriverStack =3D { =20 .domainSetSecurityImageLabel =3D virSecurityStackSetImageLabel, .domainRestoreSecurityImageLabel =3D virSecurityStackRestoreImageLa= bel, + .domainMoveImageMetadata =3D virSecurityStackMoveImageMetad= ata, =20 .domainSetSecurityMemoryLabel =3D virSecurityStackSetMemoryLabel, .domainRestoreSecurityMemoryLabel =3D virSecurityStackRestoreMemoryL= abel, --=20 2.19.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 27 13:52:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1553785692693425.6201481275017; Thu, 28 Mar 2019 08:08:12 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 6E886307E06B; Thu, 28 Mar 2019 15:08:01 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4375260BE0; Thu, 28 Mar 2019 15:07:59 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id EFC5E181A135; Thu, 28 Mar 2019 15:07:56 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x2SF4jls027964 for ; Thu, 28 Mar 2019 11:04:45 -0400 Received: by smtp.corp.redhat.com (Postfix) id CD8D9600C4; Thu, 28 Mar 2019 15:04:45 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5577583B05 for ; Thu, 28 Mar 2019 15:04:45 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 28 Mar 2019 16:04:24 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH for v5.3.0 12/17] security_util: Introduce virSecurityMoveRememberedLabel X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]); Thu, 28 Mar 2019 15:08:12 +0000 (UTC) Content-Type: text/plain; charset="utf-8" A simple helper function that would be used from DAC and SELinux drivers. Signed-off-by: Michal Privoznik --- src/security/security_util.c | 75 ++++++++++++++++++++++++++++++++++++ src/security/security_util.h | 5 +++ 2 files changed, 80 insertions(+) diff --git a/src/security/security_util.c b/src/security/security_util.c index 3c24d7cded..64039ad4a4 100644 --- a/src/security/security_util.c +++ b/src/security/security_util.c @@ -256,3 +256,78 @@ virSecuritySetRememberedLabel(const char *name, VIR_FREE(ref_name); return ret; } + + +int +virSecurityMoveRememberedLabel(const char *name, + const char *src, + const char *dst) +{ + VIR_AUTOFREE(char *) ref_name =3D NULL; + VIR_AUTOFREE(char *) ref_value =3D NULL; + VIR_AUTOFREE(char *) attr_name =3D NULL; + VIR_AUTOFREE(char *) attr_value =3D NULL; + + if (!(ref_name =3D virSecurityGetRefCountAttrName(name)) | + !(attr_name =3D virSecurityGetAttrName(name))) + return -1; + + if (virFileGetXAttr(src, ref_name, &ref_value) < 0) { + if (errno =3D=3D ENOSYS || errno =3D=3D ENOTSUP) { + return -2; + } else if (errno !=3D ENODATA) { + virReportSystemError(errno, + _("Unable to get XATTR %s on %s"), + ref_name, src); + return -1; + } + } + + if (virFileGetXAttr(src, attr_name, &attr_value) < 0) { + if (errno =3D=3D ENOSYS || errno =3D=3D ENOTSUP) { + return -2; + } else if (errno !=3D ENODATA) { + virReportSystemError(errno, + _("Unable to get XATTR %s on %s"), + attr_name, src); + return -1; + } + } + + if (ref_value && + virFileRemoveXAttr(src, ref_name) < 0) { + virReportSystemError(errno, + _("Unable to remove XATTR %s on %s"), + ref_name, src); + return -1; + } + + if (attr_value && + virFileRemoveXAttr(src, attr_name) < 0) { + virReportSystemError(errno, + _("Unable to remove XATTR %s on %s"), + attr_name, src); + return -1; + } + + if (dst) { + if (ref_value && + virFileSetXAttr(dst, ref_name, ref_value) < 0) { + virReportSystemError(errno, + _("Unable to set XATTR %s on %s"), + ref_name, dst); + return -1; + } + + if (attr_value && + virFileSetXAttr(dst, attr_name, attr_value) < 0) { + virReportSystemError(errno, + _("Unable to set XATTR %s on %s"), + attr_name, dst); + ignore_value(virFileRemoveXAttr(dst, ref_name)); + return -1; + } + } + + return 0; +} diff --git a/src/security/security_util.h b/src/security/security_util.h index bc977ed65d..f727e2e3e5 100644 --- a/src/security/security_util.h +++ b/src/security/security_util.h @@ -29,4 +29,9 @@ virSecuritySetRememberedLabel(const char *name, const char *path, const char *label); =20 +int +virSecurityMoveRememberedLabel(const char *name, + const char *src, + const char *dst); + #endif /* LIBVIRT_SECURITY_UTIL_H */ --=20 2.19.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 27 13:52:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1553785732538562.303219778164; Thu, 28 Mar 2019 08:08:52 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 550117E9C5; Thu, 28 Mar 2019 15:08:51 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1FB4383B12; Thu, 28 Mar 2019 15:08:51 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D2A0E3FA45; Thu, 28 Mar 2019 15:08:50 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x2SF4msd027986 for ; Thu, 28 Mar 2019 11:04:48 -0400 Received: by smtp.corp.redhat.com (Postfix) id 8E8BE600C4; Thu, 28 Mar 2019 15:04:48 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1733CD1C6 for ; Thu, 28 Mar 2019 15:04:45 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 28 Mar 2019 16:04:25 +0100 Message-Id: <7369b4e00d421087471e9a425d92e6b4ec7afa01.1553785388.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH for v5.3.0 13/17] security_dac: Implement virSecurityManagerMoveImageMetadata X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Thu, 28 Mar 2019 15:08:52 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Signed-off-by: Michal Privoznik --- src/security/security_dac.c | 62 +++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 91e91e378e..1d3cb1d33f 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -993,6 +993,67 @@ virSecurityDACRestoreImageLabel(virSecurityManagerPtr = mgr, } =20 =20 +struct virSecurityDACMoveImageMetadataData { + virSecurityManagerPtr mgr; + const char *src; + const char *dst; +}; + + +static int +virSecurityDACMoveImageMetadataHelper(pid_t pid ATTRIBUTE_UNUSED, + void *opaque) +{ + struct virSecurityDACMoveImageMetadataData *data =3D opaque; + const char *paths[2] =3D { data->src, data->dst }; + virSecurityManagerMetadataLockStatePtr state; + int ret; + + if (!(state =3D virSecurityManagerMetadataLock(data->mgr, paths, ARRAY= _CARDINALITY(paths)))) + return -1; + + ret =3D virSecurityMoveRememberedLabel(SECURITY_DAC_NAME, data->src, d= ata->dst); + virSecurityManagerMetadataUnlock(data->mgr, &state); + return ret; +} + + +static int +virSecurityDACMoveImageMetadata(virSecurityManagerPtr mgr, + pid_t pid, + virStorageSourcePtr src, + virStorageSourcePtr dst) +{ + virSecurityDACDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); + struct virSecurityDACMoveImageMetadataData data =3D { .mgr =3D mgr, 0 = }; + int rc; + + /* If dynamicOwnership is turned off, or owner remembering is + * not enabled there's nothing for us to do. */ + if (!priv->dynamicOwnership) + return 0; + + if (src && virStorageSourceIsLocalStorage(src)) + data.src =3D src->path; + + if (dst && virStorageSourceIsLocalStorage(dst)) + data.dst =3D dst->path; + + if (!data.src) + return 0; + + if (pid =3D=3D -1) { + rc =3D virProcessRunInFork(virSecurityDACMoveImageMetadataHelper, = &data); + } else { + rc =3D virProcessRunInMountNamespace(pid, + virSecurityDACMoveImageMetadata= Helper, + &data); + } + + return rc; +} + + static int virSecurityDACSetHostdevLabelHelper(const char *file, void *opaque) @@ -2355,6 +2416,7 @@ virSecurityDriver virSecurityDriverDAC =3D { =20 .domainSetSecurityImageLabel =3D virSecurityDACSetImageLabel, .domainRestoreSecurityImageLabel =3D virSecurityDACRestoreImageLabe= l, + .domainMoveImageMetadata =3D virSecurityDACMoveImageMetadat= a, =20 .domainSetSecurityMemoryLabel =3D virSecurityDACSetMemoryLabel, .domainRestoreSecurityMemoryLabel =3D virSecurityDACRestoreMemoryLab= el, --=20 2.19.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 27 13:52:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1553785701819432.89952383010916; Thu, 28 Mar 2019 08:08:21 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D34F1C04B2F6; Thu, 28 Mar 2019 15:08:14 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A250A60BE0; Thu, 28 Mar 2019 15:08:12 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4E2743FB11; Thu, 28 Mar 2019 15:08:10 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x2SF4nLY027994 for ; Thu, 28 Mar 2019 11:04:49 -0400 Received: by smtp.corp.redhat.com (Postfix) id 5F89D18A83; Thu, 28 Mar 2019 15:04:49 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id DBF0B600C4 for ; Thu, 28 Mar 2019 15:04:48 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 28 Mar 2019 16:04:26 +0100 Message-Id: <60b8c594b2701e04221728a9404429473b400d38.1553785388.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH for v5.3.0 14/17] security_selinux: Implement virSecurityManagerMoveImageMetadata X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Thu, 28 Mar 2019 15:08:21 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Signed-off-by: Michal Privoznik --- src/security/security_selinux.c | 57 +++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 10585e9f8c..08933664da 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1912,6 +1912,62 @@ virSecuritySELinuxSetImageLabel(virSecurityManagerPt= r mgr, } =20 =20 +struct virSecuritySELinuxMoveImageMetadataData { + virSecurityManagerPtr mgr; + const char *src; + const char *dst; +}; + + +static int +virSecuritySELinuxMoveImageMetadataHelper(pid_t pid ATTRIBUTE_UNUSED, + void *opaque) +{ + struct virSecuritySELinuxMoveImageMetadataData *data =3D opaque; + const char *paths[2] =3D { data->src, data->dst }; + virSecurityManagerMetadataLockStatePtr state; + int ret; + + if (!(state =3D virSecurityManagerMetadataLock(data->mgr, paths, ARRAY= _CARDINALITY(paths)))) + return -1; + + ret =3D virSecurityMoveRememberedLabel(SECURITY_SELINUX_NAME, data->sr= c, data->dst); + virSecurityManagerMetadataUnlock(data->mgr, &state); + return ret; +} + + +static int +virSecuritySELinuxMoveImageMetadata(virSecurityManagerPtr mgr, + pid_t pid, + virStorageSourcePtr src, + virStorageSourcePtr dst) +{ + struct virSecuritySELinuxMoveImageMetadataData data =3D { .mgr =3D mgr= , 0 }; + int rc; + + if (src && virStorageSourceIsLocalStorage(src)) + data.src =3D src->path; + + if (dst && virStorageSourceIsLocalStorage(dst)) + data.dst =3D dst->path; + + if (!data.src) + return 0; + + if (pid =3D=3D -1) { + rc =3D virProcessRunInFork(virSecuritySELinuxMoveImageMetadataHelp= er, + &data); + } else { + rc =3D virProcessRunInMountNamespace(pid, + virSecuritySELinuxMoveImageMeta= dataHelper, + &data); + } + + return rc; +} + + static int virSecuritySELinuxSetHostdevLabelHelper(const char *file, void *opaque) { @@ -3467,6 +3523,7 @@ virSecurityDriver virSecurityDriverSELinux =3D { =20 .domainSetSecurityImageLabel =3D virSecuritySELinuxSetImageLabe= l, .domainRestoreSecurityImageLabel =3D virSecuritySELinuxRestoreImage= Label, + .domainMoveImageMetadata =3D virSecuritySELinuxMoveImageMet= adata, =20 .domainSetSecurityMemoryLabel =3D virSecuritySELinuxSetMemoryLab= el, .domainRestoreSecurityMemoryLabel =3D virSecuritySELinuxRestoreMemor= yLabel, --=20 2.19.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 27 13:52:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1553785708250400.01621820731486; Thu, 28 Mar 2019 08:08:28 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id DF5FDDC8FC; Thu, 28 Mar 2019 15:08:25 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A4E0A18FA6; Thu, 28 Mar 2019 15:08:25 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4F6FD1803389; Thu, 28 Mar 2019 15:08:25 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x2SF4q8W028004 for ; Thu, 28 Mar 2019 11:04:52 -0400 Received: by smtp.corp.redhat.com (Postfix) id 4D17DD1C6; Thu, 28 Mar 2019 15:04:52 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id C8564600C4 for ; Thu, 28 Mar 2019 15:04:49 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 28 Mar 2019 16:04:27 +0100 Message-Id: <7743a247e99ea96485bb1b5a9709751d74918c24.1553785388.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH for v5.3.0 15/17] qemu_security: Implement qemuSecurityMoveImageMetadata X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Thu, 28 Mar 2019 15:08:27 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Signed-off-by: Michal Privoznik --- src/qemu/qemu_security.c | 19 +++++++++++++++++++ src/qemu/qemu_security.h | 5 +++++ 2 files changed, 24 insertions(+) diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c index 229581a757..87209d3781 100644 --- a/src/qemu/qemu_security.c +++ b/src/qemu/qemu_security.c @@ -162,6 +162,25 @@ qemuSecurityRestoreImageLabel(virQEMUDriverPtr driver, } =20 =20 +int +qemuSecurityMoveImageMetadata(virQEMUDriverPtr driver, + virDomainObjPtr vm, + virStorageSourcePtr src, + virStorageSourcePtr dst) +{ + qemuDomainObjPrivatePtr priv =3D vm->privateData; + pid_t pid =3D -1; + + if (!priv->rememberOwner) + return 0; + + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) + pid =3D vm->pid; + + return virSecurityManagerMoveImageMetadata(driver->securityManager, pi= d, src, dst); +} + + int qemuSecuritySetHostdevLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h index 546a66f284..c62724ed05 100644 --- a/src/qemu/qemu_security.h +++ b/src/qemu/qemu_security.h @@ -44,6 +44,11 @@ int qemuSecurityRestoreImageLabel(virQEMUDriverPtr drive= r, virStorageSourcePtr src, bool backingChain); =20 +int qemuSecurityMoveImageMetadata(virQEMUDriverPtr driver, + virDomainObjPtr vm, + virStorageSourcePtr src, + virStorageSourcePtr dst); + int qemuSecuritySetHostdevLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, virDomainHostdevDefPtr hostdev); --=20 2.19.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 27 13:52:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1553785713023523.5794309834316; Thu, 28 Mar 2019 08:08:33 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C5EC9315879C; Thu, 28 Mar 2019 15:08:31 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8575D83B25; Thu, 28 Mar 2019 15:08:31 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 0AEAB3FB16; Thu, 28 Mar 2019 15:08:31 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x2SF4r6m028014 for ; Thu, 28 Mar 2019 11:04:53 -0400 Received: by smtp.corp.redhat.com (Postfix) id 1CC15D1C6; Thu, 28 Mar 2019 15:04:53 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id 995CE600C4 for ; Thu, 28 Mar 2019 15:04:52 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 28 Mar 2019 16:04:28 +0100 Message-Id: <408255c8dfe246e0f54b1763da46ba136e476741.1553785388.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH for v5.3.0 16/17] qemu: Move image security metadata on snapshot activity X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Thu, 28 Mar 2019 15:08:32 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Signed-off-by: Michal Privoznik --- src/qemu/qemu_blockjob.c | 6 ++++++ src/qemu/qemu_driver.c | 17 ++++++++++++++--- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_blockjob.c b/src/qemu/qemu_blockjob.c index fa7e4c8625..1b4e30ba01 100644 --- a/src/qemu/qemu_blockjob.c +++ b/src/qemu/qemu_blockjob.c @@ -37,6 +37,7 @@ #include "locking/domain_lock.h" #include "viralloc.h" #include "virstring.h" +#include "qemu_security.h" =20 #define VIR_FROM_THIS VIR_FROM_QEMU =20 @@ -275,6 +276,11 @@ qemuBlockJobEventProcessLegacyCompleted(virQEMUDriverP= tr driver, * want to only revoke the non-shared portion of the chain); so for * now, we leak the access to the original. */ virDomainLockImageDetach(driver->lockManager, vm, disk->src); + + /* Move secret driver metadata */ + if (qemuSecurityMoveImageMetadata(driver, vm, disk->src, disk->mir= ror) < 0) + VIR_WARN("Unable to move disk metadata on vm %s", vm->def->nam= e); + virObjectUnref(disk->src); disk->src =3D disk->mirror; } else { diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 62d8d977c5..1af6272c71 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -15173,22 +15173,33 @@ qemuDomainSnapshotUpdateDiskSourcesRenumber(virSt= orageSourcePtr src) =20 /** * qemuDomainSnapshotUpdateDiskSources: + * @driver: QEMU driver + * @vm: domain object * @dd: snapshot disk data object * @persist: set to true if persistent config of the VM was changed * * Updates disk definition after a successful snapshot. */ static void -qemuDomainSnapshotUpdateDiskSources(qemuDomainSnapshotDiskDataPtr dd, +qemuDomainSnapshotUpdateDiskSources(virQEMUDriverPtr driver, + virDomainObjPtr vm, + qemuDomainSnapshotDiskDataPtr dd, bool *persist) { - if (!dd->src) + if (!dd->src) { + /* Remove old metadata */ + if (qemuSecurityMoveImageMetadata(driver, vm, dd->disk->src, NULL)= < 0) + VIR_WARN("Unable to remove disk metadata on vm %s", vm->def->n= ame); return; + } =20 /* storage driver access won'd be needed */ if (dd->initialized) virStorageFileDeinit(dd->src); =20 + if (qemuSecurityMoveImageMetadata(driver, vm, dd->disk->src, dd->src) = < 0) + VIR_WARN("Unable to move disk metadata on vm %s", vm->def->name); + /* the old disk image is now readonly */ dd->disk->src->readonly =3D true; =20 @@ -15313,7 +15324,7 @@ qemuDomainSnapshotCreateDiskActive(virQEMUDriverPtr= driver, virDomainAuditDisk(vm, dd->disk->src, dd->src, "snapshot", ret= >=3D 0); =20 if (ret =3D=3D 0) - qemuDomainSnapshotUpdateDiskSources(dd, &persist); + qemuDomainSnapshotUpdateDiskSources(driver, vm, dd, &persi= st); } =20 if (ret < 0) --=20 2.19.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 27 13:52:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1553785717571100.12650846104168; Thu, 28 Mar 2019 08:08:37 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 45E2E806DA; Thu, 28 Mar 2019 15:08:36 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 191F7619DF; Thu, 28 Mar 2019 15:08:36 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id ADBE8181A00D; Thu, 28 Mar 2019 15:08:35 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x2SF4rCl028019 for ; Thu, 28 Mar 2019 11:04:53 -0400 Received: by smtp.corp.redhat.com (Postfix) id E1F4483B05; Thu, 28 Mar 2019 15:04:53 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id 69F6C600C4 for ; Thu, 28 Mar 2019 15:04:53 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 28 Mar 2019 16:04:29 +0100 Message-Id: <6e0320a612da590cdd0eac63059091c4c78c2415.1553785388.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH for v5.3.0 17/17] Revert "qemu: Temporary disable owner remembering" X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Thu, 28 Mar 2019 15:08:36 +0000 (UTC) Content-Type: text/plain; charset="utf-8" This reverts commit fc3990c7e64be1da1631952d3ec384ebef50e125. Now that all the reported bugs are fixed let's turn the feature back on. Signed-off-by: Michal Privoznik Reviewed-by: Cole Robinson --- docs/news.xml | 21 +++++++++++++++++++++ src/qemu/libvirtd_qemu.aug | 1 + src/qemu/qemu.conf | 5 +++++ src/qemu/qemu_conf.c | 4 ++++ src/qemu/test_libvirtd_qemu.aug.in | 1 + 5 files changed, 32 insertions(+) diff --git a/docs/news.xml b/docs/news.xml index 2067830848..0fd6e7be8b 100644 --- a/docs/news.xml +++ b/docs/news.xml @@ -33,6 +33,27 @@ --> =20 + +
+
+
+ + + Remember original owners and SELinux labels of files + + + When a domain is starting up libvirt changes DAC and + SELinux labels so that domain can access it. However, + it never remembered the original labels and therefore + the file was returned back to root:root. + With this release, the original labels are remembered + and restored properly. + + +
+
+
+
diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug index b311f02da6..868f7b313c 100644 --- a/src/qemu/libvirtd_qemu.aug +++ b/src/qemu/libvirtd_qemu.aug @@ -72,6 +72,7 @@ module Libvirtd_qemu =3D | str_entry "user" | str_entry "group" | bool_entry "dynamic_ownership" + | bool_entry "remember_owner" | str_array_entry "cgroup_controllers" | str_array_entry "cgroup_device_acl" | int_entry "seccomp_sandbox" diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index 334b4cd4ee..12357461c4 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -456,6 +456,11 @@ # Set to 0 to disable file ownership changes. #dynamic_ownership =3D 1 =20 +# Whether libvirt should remember and restore the original +# ownership over files it is relabeling. Defaults to 1, set +# to 0 to disable the feature. +#remember_owner =3D 1 + # What cgroup controllers to make use of with QEMU guests # # - 'cpu' - use for scheduler tunables diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index 42122dcd97..9de81f7763 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -145,6 +145,7 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool priv= ileged) cfg->group =3D (gid_t)-1; } cfg->dynamicOwnership =3D privileged; + cfg->rememberOwner =3D privileged; =20 cfg->cgroupControllers =3D -1; /* -1 =3D=3D auto-detect */ =20 @@ -908,6 +909,9 @@ virQEMUDriverConfigLoadSecurityEntry(virQEMUDriverConfi= gPtr cfg, if (virConfGetValueBool(conf, "dynamic_ownership", &cfg->dynamicOwners= hip) < 0) return -1; =20 + if (virConfGetValueBool(conf, "remember_owner", &cfg->rememberOwner) <= 0) + return -1; + if (virConfGetValueStringList(conf, "cgroup_controllers", false, &controllers) < 0) return -1; diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qe= mu.aug.in index fea1d308b7..f95496ce4d 100644 --- a/src/qemu/test_libvirtd_qemu.aug.in +++ b/src/qemu/test_libvirtd_qemu.aug.in @@ -44,6 +44,7 @@ module Test_libvirtd_qemu =3D { "user" =3D "root" } { "group" =3D "root" } { "dynamic_ownership" =3D "1" } +{ "remember_owner" =3D "1" } { "cgroup_controllers" { "1" =3D "cpu" } { "2" =3D "devices" } --=20 2.19.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list