From nobody Sat May 4 04:48:48 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1569942053; cv=none; d=zoho.com; s=zohoarc; b=eDZrEbWEpA8TrYmvxQSXnwuo5gdP4qOnw+MvcyfmzUZ1RdTsLHxEPiTy8lKgQOr9cs0M44WrK+kWVKJC0bIr/JRHPctAPA8TxsZZLj3Pfydacp/e98bEntovbukSRxREFVWGxZzAlXrKfJ2ZPFTuYvFlVE00ZCfx54+lXNdgFSA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1569942053; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=7EGS6v/EGUNrjOAPHun6aqZqdnHT+iQgV3Pfvlo/6+0=; b=h0YUa6r4WQ9hdeGXxXjBoJN4xSJsvIR/h4r57lxgc9+zQez679nAACUznda/CT7CA0wwzp6ZnxnkgqH8OKKMNmH1cSlqFivhOZrrAf9K5T0KmrZUve8ZOWqCWGaEbthQ1xrRWujSGEHNaocXkDXmHzTwTi7a6/V2tz8PP9zgjYg= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1569942053713462.4271884848997; Tue, 1 Oct 2019 08:00:53 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id BEAE010C0946; Tue, 1 Oct 2019 15:00:51 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 65FEE1001B13; Tue, 1 Oct 2019 15:00:51 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9194062D0E; Tue, 1 Oct 2019 15:00:50 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x91F0nKO032368 for ; Tue, 1 Oct 2019 11:00:49 -0400 Received: by smtp.corp.redhat.com (Postfix) id C420A5D717; Tue, 1 Oct 2019 15:00:49 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4D7585D713 for ; Tue, 1 Oct 2019 15:00:49 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Tue, 1 Oct 2019 17:00:42 +0200 Message-Id: <8ad4e6d10520ac462d23c1e451d4964ed0e4bd65.1569941501.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 1/3] security: Try to lock only paths with remember == true X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (mx1.redhat.com [10.5.110.66]); Tue, 01 Oct 2019 15:00:52 +0000 (UTC) Content-Type: text/plain; charset="utf-8" So far all items on the chown/setfilecon list have the same .remember value. But this will change shortly. Therefore, don't try to lock paths which we won't manipulate XATTRs for. Signed-off-by: Michal Privoznik Reviewed-by: Cole Robinson --- src/security/security_dac.c | 6 ++++-- src/security/security_selinux.c | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 4b4afef18a..5df50bdcf5 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -232,9 +232,11 @@ virSecurityDACTransactionRun(pid_t pid ATTRIBUTE_UNUSE= D, return -1; =20 for (i =3D 0; i < list->nItems; i++) { - const char *p =3D list->items[i]->path; + virSecurityDACChownItemPtr item =3D list->items[i]; + const char *p =3D item->path; =20 - VIR_APPEND_ELEMENT_COPY_INPLACE(paths, npaths, p); + if (item->remember) + VIR_APPEND_ELEMENT_COPY_INPLACE(paths, npaths, p); } =20 if (!(state =3D virSecurityManagerMetadataLock(list->manager, path= s, npaths))) diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index e879fa39ab..e3be724a2b 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -266,9 +266,11 @@ virSecuritySELinuxTransactionRun(pid_t pid ATTRIBUTE_U= NUSED, return -1; =20 for (i =3D 0; i < list->nItems; i++) { - const char *p =3D list->items[i]->path; + virSecuritySELinuxContextItemPtr item =3D list->items[i]; + const char *p =3D item->path; =20 - VIR_APPEND_ELEMENT_COPY_INPLACE(paths, npaths, p); + if (item->remember) + VIR_APPEND_ELEMENT_COPY_INPLACE(paths, npaths, p); } =20 if (!(state =3D virSecurityManagerMetadataLock(list->manager, path= s, npaths))) --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat May 4 04:48:48 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1569942060; cv=none; d=zoho.com; s=zohoarc; b=NznB0CPfR6h+5ymM9dipZt4X8a9kT4r1ODNlpzLFYMWW/tCHM19wsJFAwIlvhGBUZkEvm9wueBiPqUihWEAwvao2nFHcYUai2KvojYtXMFCLN9xwhWahZVND6gEuabA+wf+3vpRmYSqcrZM6zGYZE04EM6fv/N1ngeW1Pl0HTBI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1569942060; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=0QrYhmkqW8y9HfJZODcZ0epz/lH5ngYFuZyIn3ayey4=; b=L8pWEpTtgVc4pMHar10cAWT4NKW0ET+VffuTvGlXuwNM6hQEbgM+QeyOcvEC1wmjcQgFY0aF0YoPXwk97KF/AsXGSBltAYZbMBD9j1ZDhs7sJdbghjpq2WqUb8uBXXpCN5U0kYHn99cJxNBYJ8gPSoOE/2kkraTeUzDV/glyX+U= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1569942060952671.8992494093266; Tue, 1 Oct 2019 08:01:00 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 04504A44AF5; Tue, 1 Oct 2019 15:00:59 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7DC6B60167; Tue, 1 Oct 2019 15:00:58 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2CFD06B49D; Tue, 1 Oct 2019 15:00:58 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x91F0orB032379 for ; Tue, 1 Oct 2019 11:00:50 -0400 Received: by smtp.corp.redhat.com (Postfix) id 95C455D784; Tue, 1 Oct 2019 15:00:50 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1E0405D713 for ; Tue, 1 Oct 2019 15:00:49 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Tue, 1 Oct 2019 17:00:43 +0200 Message-Id: <00ef213caa2d279f4ccf436ddc334b4549898012.1569941501.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 2/3] security_dac: Allow selective remember/recall for chardevs X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (mx1.redhat.com [10.5.110.68]); Tue, 01 Oct 2019 15:00:59 +0000 (UTC) Content-Type: text/plain; charset="utf-8" While in most cases we want to remember/recall label for a chardev, there are some special ones (like /dev/tpm0) where we don't want to remember the seclabel nor recall it. See next commit for rationale behind. While the easiest way to implement this would be to just add new argument to virSecurityDACSetChardevLabel() this one is also a callback for virSecurityManagerSetChardevLabel() and thus has more or less stable set of arguments. Therefore, the current virSecurityDACSetChardevLabel() is renamed to virSecurityDACSetChardevLabelHelper() and the original function is set to call the new one. Signed-off-by: Michal Privoznik Reviewed-by: Cole Robinson --- src/security/security_dac.c | 67 +++++++++++++++++++++++++++---------- 1 file changed, 49 insertions(+), 18 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 5df50bdcf5..2733fa664f 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1431,10 +1431,11 @@ virSecurityDACRestoreHostdevLabel(virSecurityManage= rPtr mgr, =20 =20 static int -virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainChrSourceDefPtr dev_source, - bool chardevStdioLogd) +virSecurityDACSetChardevLabelHelper(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainChrSourceDefPtr dev_source, + bool chardevStdioLogd, + bool remember) =20 { virSecurityDACDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); @@ -1471,7 +1472,7 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr m= gr, case VIR_DOMAIN_CHR_TYPE_FILE: ret =3D virSecurityDACSetOwnership(mgr, NULL, dev_source->data.file.path, - user, group, true); + user, group, remember); break; =20 case VIR_DOMAIN_CHR_TYPE_PIPE: @@ -1479,12 +1480,12 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr= mgr, virAsprintf(&out, "%s.out", dev_source->data.file.path) < 0) goto done; if (virFileExists(in) && virFileExists(out)) { - if (virSecurityDACSetOwnership(mgr, NULL, in, user, group, tru= e) < 0 || - virSecurityDACSetOwnership(mgr, NULL, out, user, group, tr= ue) < 0) + if (virSecurityDACSetOwnership(mgr, NULL, in, user, group, rem= ember) < 0 || + virSecurityDACSetOwnership(mgr, NULL, out, user, group, re= member) < 0) goto done; } else if (virSecurityDACSetOwnership(mgr, NULL, dev_source->data.file.path, - user, group, true) < 0) { + user, group, remember) < 0) { goto done; } ret =3D 0; @@ -1499,7 +1500,7 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr m= gr, * and passed via FD */ if (virSecurityDACSetOwnership(mgr, NULL, dev_source->data.nix.path, - user, group, true) < 0) + user, group, remember) < 0) goto done; } ret =3D 0; @@ -1525,11 +1526,24 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr= mgr, return ret; } =20 + static int -virSecurityDACRestoreChardevLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def ATTRIBUTE_UNUSED, - virDomainChrSourceDefPtr dev_source, - bool chardevStdioLogd) +virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainChrSourceDefPtr dev_source, + bool chardevStdioLogd) +{ + return virSecurityDACSetChardevLabelHelper(mgr, def, dev_source, + chardevStdioLogd, true); +} + + +static int +virSecurityDACRestoreChardevLabelHelper(virSecurityManagerPtr mgr, + virDomainDefPtr def ATTRIBUTE_UNUS= ED, + virDomainChrSourceDefPtr dev_sourc= e, + bool chardevStdioLogd, + bool recall) { virSecurityDeviceLabelDefPtr chr_seclabel =3D NULL; char *in =3D NULL, *out =3D NULL; @@ -1549,7 +1563,9 @@ virSecurityDACRestoreChardevLabel(virSecurityManagerP= tr mgr, switch ((virDomainChrType)dev_source->type) { case VIR_DOMAIN_CHR_TYPE_DEV: case VIR_DOMAIN_CHR_TYPE_FILE: - ret =3D virSecurityDACRestoreFileLabel(mgr, dev_source->data.file.= path); + ret =3D virSecurityDACRestoreFileLabelInternal(mgr, NULL, + dev_source->data.file= .path, + recall); break; =20 case VIR_DOMAIN_CHR_TYPE_PIPE: @@ -1557,10 +1573,12 @@ virSecurityDACRestoreChardevLabel(virSecurityManage= rPtr mgr, virAsprintf(&in, "%s.in", dev_source->data.file.path) < 0) goto done; if (virFileExists(in) && virFileExists(out)) { - if (virSecurityDACRestoreFileLabel(mgr, out) < 0 || - virSecurityDACRestoreFileLabel(mgr, in) < 0) + if (virSecurityDACRestoreFileLabelInternal(mgr, NULL, out, rec= all) < 0 || + virSecurityDACRestoreFileLabelInternal(mgr, NULL, in, reca= ll) < 0) goto done; - } else if (virSecurityDACRestoreFileLabel(mgr, dev_source->data.fi= le.path) < 0) { + } else if (virSecurityDACRestoreFileLabelInternal(mgr, NULL, + dev_source->data= .file.path, + recall) < 0) { goto done; } ret =3D 0; @@ -1568,7 +1586,9 @@ virSecurityDACRestoreChardevLabel(virSecurityManagerP= tr mgr, =20 case VIR_DOMAIN_CHR_TYPE_UNIX: if (!dev_source->data.nix.listen && - virSecurityDACRestoreFileLabel(mgr, dev_source->data.nix.path)= < 0) { + virSecurityDACRestoreFileLabelInternal(mgr, NULL, + dev_source->data.nix.pa= th, + recall) < 0) { goto done; } ret =3D 0; @@ -1595,6 +1615,17 @@ virSecurityDACRestoreChardevLabel(virSecurityManager= Ptr mgr, } =20 =20 +static int +virSecurityDACRestoreChardevLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainChrSourceDefPtr dev_source, + bool chardevStdioLogd) +{ + return virSecurityDACRestoreChardevLabelHelper(mgr, def, dev_source, + chardevStdioLogd, true); +} + + struct _virSecuritySELinuxChardevCallbackData { virSecurityManagerPtr mgr; bool chardevStdioLogd; --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat May 4 04:48:48 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1569942066; cv=none; d=zoho.com; s=zohoarc; b=TZiPN8R3rhh9PS91f/MT+FmyjPfF3efNj8xq13CHm4gXsaY4/pjUCNgloml5QwJLWgad78DJerIDEZwzjCnlSWmuCLPxxJyEb4iTxhqs2twj7W0wJdPTP0t0jRE9dDKyg0lfiI4xo5gV+PYA8/9JERJTidQQAu7+fjaS71CJsvQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1569942066; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=0EyF/5F2EewtwcKBiyF7CiFidwSrekJctUPj5gzeKyQ=; b=LdozqXhXVAwTr9y0cgN8cHDIRF6+FO6A8TGdHTuNZ0yWHziJExEetMnaC8O1AhhBzNwBnA9R5ugEjuaaBO+Flgc4ZEcX8ZyVX38zid0JTX3+BAtXL+pbwJ1OrvqfRyT0hW9IqZMeKPzaEPNtXMdOPcdux3PhzCo86sRbREMrLek= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1569942066070432.7814141559678; Tue, 1 Oct 2019 08:01:06 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0BA14308429D; Tue, 1 Oct 2019 15:01:04 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id BB9E8614C2; Tue, 1 Oct 2019 15:01:03 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2B3EA6B4B1; Tue, 1 Oct 2019 15:01:03 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x91F0p6T032385 for ; Tue, 1 Oct 2019 11:00:51 -0400 Received: by smtp.corp.redhat.com (Postfix) id 67BCA5D717; Tue, 1 Oct 2019 15:00:51 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id E41CA5D784 for ; Tue, 1 Oct 2019 15:00:50 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Tue, 1 Oct 2019 17:00:44 +0200 Message-Id: <5f40dfd67ece7c02c0ce8c23e040f677e28f1f13.1569941501.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 3/3] security: Don't remember labels for TPM X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Tue, 01 Oct 2019 15:01:04 +0000 (UTC) Content-Type: text/plain; charset="utf-8" https://bugzilla.redhat.com/show_bug.cgi?id=3D1755803 The /dev/tpmN file can be opened only once, as implemented in drivers/char/tpm/tpm-dev.c:tpm_open() from the kernel's tree. Any other attempt to open the file fails. And since we're opening the file ourselves and passing the FD to qemu we will not succeed opening the file again when locking it for seclabel remembering. Signed-off-by: Michal Privoznik Reviewed-by: Cole Robinson --- src/security/security_dac.c | 18 +++++++++--------- src/security/security_selinux.c | 10 +++++----- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 2733fa664f..347a7a5f63 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1653,14 +1653,14 @@ virSecurityDACSetTPMFileLabel(virSecurityManagerPtr= mgr, =20 switch (tpm->type) { case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: - ret =3D virSecurityDACSetChardevLabel(mgr, def, - &tpm->data.passthrough.source, - false); + ret =3D virSecurityDACSetChardevLabelHelper(mgr, def, + &tpm->data.passthrough.s= ource, + false, false); break; case VIR_DOMAIN_TPM_TYPE_EMULATOR: - ret =3D virSecurityDACSetChardevLabel(mgr, def, - &tpm->data.emulator.source, - false); + ret =3D virSecurityDACSetChardevLabelHelper(mgr, def, + &tpm->data.emulator.sour= ce, + false, false); break; case VIR_DOMAIN_TPM_TYPE_LAST: break; @@ -1679,9 +1679,9 @@ virSecurityDACRestoreTPMFileLabel(virSecurityManagerP= tr mgr, =20 switch (tpm->type) { case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: - ret =3D virSecurityDACRestoreChardevLabel(mgr, def, - &tpm->data.passthrough.sou= rce, - false); + ret =3D virSecurityDACRestoreChardevLabelHelper(mgr, def, + &tpm->data.passthrou= gh.source, + false, false); break; case VIR_DOMAIN_TPM_TYPE_EMULATOR: /* swtpm will have removed the Unix socket upon termination */ diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index e3be724a2b..0486bdd6b6 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1682,14 +1682,14 @@ virSecuritySELinuxSetTPMFileLabel(virSecurityManage= rPtr mgr, switch (tpm->type) { case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: tpmdev =3D tpm->data.passthrough.source.data.file.path; - rc =3D virSecuritySELinuxSetFilecon(mgr, tpmdev, seclabel->imagela= bel, true); + rc =3D virSecuritySELinuxSetFilecon(mgr, tpmdev, seclabel->imagela= bel, false); if (rc < 0) return -1; =20 if ((cancel_path =3D virTPMCreateCancelPath(tpmdev)) !=3D NULL) { rc =3D virSecuritySELinuxSetFilecon(mgr, cancel_path, - seclabel->imagelabel, true); + seclabel->imagelabel, false); VIR_FREE(cancel_path); if (rc < 0) { virSecuritySELinuxRestoreTPMFileLabelInt(mgr, def, tpm); @@ -1701,7 +1701,7 @@ virSecuritySELinuxSetTPMFileLabel(virSecurityManagerP= tr mgr, break; case VIR_DOMAIN_TPM_TYPE_EMULATOR: tpmdev =3D tpm->data.emulator.source.data.nix.path; - rc =3D virSecuritySELinuxSetFilecon(mgr, tpmdev, seclabel->imagela= bel, true); + rc =3D virSecuritySELinuxSetFilecon(mgr, tpmdev, seclabel->imagela= bel, false); if (rc < 0) return -1; break; @@ -1730,10 +1730,10 @@ virSecuritySELinuxRestoreTPMFileLabelInt(virSecurit= yManagerPtr mgr, switch (tpm->type) { case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: tpmdev =3D tpm->data.passthrough.source.data.file.path; - rc =3D virSecuritySELinuxRestoreFileLabel(mgr, tpmdev, true); + rc =3D virSecuritySELinuxRestoreFileLabel(mgr, tpmdev, false); =20 if ((cancel_path =3D virTPMCreateCancelPath(tpmdev)) !=3D NULL) { - if (virSecuritySELinuxRestoreFileLabel(mgr, cancel_path, true)= < 0) + if (virSecuritySELinuxRestoreFileLabel(mgr, cancel_path, false= ) < 0) rc =3D -1; VIR_FREE(cancel_path); } --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list