From nobody Thu May 2 06:44:42 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1582905424; cv=none; d=zohomail.com; s=zohoarc; b=l7QphHOEDcI8f5y0rwg46498dEAmfR+SQTz0eF68Zi3n6a1vS23PhgdUIuLc3ZdALfoKV6zL/iR5uSH6g+OTi4njt2lwfd6KZG/TSAAmCTuFXClJ5JvtrQ9j5UQtazPixrwhZEfCtKDGH/Jrxovgvy8EYlPwK0dtY6MgodoQaGE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1582905424; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=ra4ZSv5hSauumRatxFVxXzk+h0iY5XM7CsMaC2SD728=; b=SOW3WJAF5EmIFWT5qTPR7xH//1mSQXTbvwEBDiZ9vwtVG6kg9flJebTp+AmaBNx3LDWUMtlV40S0LpU3D9uheRrWE/RbleMHYwAkdl2Teirlt/BHJZWAlRWJrCuNeFT2aESzU+//0rn3R11ZUEGvYtNm6RhdoBQa/RaGmIDAPY4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) by mx.zohomail.com with SMTPS id 1582905424296118.12702771974068; Fri, 28 Feb 2020 07:57:04 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-330-8mIXmCzuOhGN8TQUwfd46g-1; Fri, 28 Feb 2020 10:56:18 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5CEE5192296E; Fri, 28 Feb 2020 15:56:12 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2B4558D56B; Fri, 28 Feb 2020 15:56:12 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id CB1FA84491; Fri, 28 Feb 2020 15:56:11 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 01SFuAh3002424 for ; Fri, 28 Feb 2020 10:56:10 -0500 Received: by smtp.corp.redhat.com (Postfix) id 9B0294F0F6; Fri, 28 Feb 2020 15:56:10 +0000 (UTC) Received: from moe.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id 202F34DC3E for ; Fri, 28 Feb 2020 15:56:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1582905423; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=ra4ZSv5hSauumRatxFVxXzk+h0iY5XM7CsMaC2SD728=; b=Z003XqSwxaB6HpAiWeTgy/f+VcZy+dzPPW73iFqzhTROBYNn/1blB9GXR8wBaewpXbvFvS pSTy0J5K7O5eEaTAa0UMjWw5gAGKnHXNsof1c8NNfjqr9u4fUVFN9IVSgwYGsAI28KAl95 n9goD3tT+TuZPO8mCXEMIJkSasStsQs= X-MC-Unique: 8mIXmCzuOhGN8TQUwfd46g-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 1/2] qemu_shim: Allow other users to enter the root dir Date: Fri, 28 Feb 2020 16:56:00 +0100 Message-Id: <4f4a83ceba23185408915144dfa1c7cc6f6c2e59.1582905304.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" When virt-qemu-run is ran without any root directory specified on the command line, a temporary directory is made and used instead. But since we are using g_dir_make_tmp() to create the directory it is going to have 0700 mode. So even though we create the whole directory structure under it and label everything, QEMU is very likely to not have the access. This is because in this case there is no qemu.conf and thus distro default UID:GID is used to run QEMU (e.g. qemu:kvm on Fedora). Change the mode of the temporary directory so that everybody has eXecute permission. Signed-off-by: Michal Privoznik --- src/qemu/qemu_shim.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/qemu/qemu_shim.c b/src/qemu/qemu_shim.c index 5b7840e971..4f06ae952c 100644 --- a/src/qemu/qemu_shim.c +++ b/src/qemu/qemu_shim.c @@ -158,6 +158,12 @@ int main(int argc, char **argv) return 1; } tmproot =3D true; + + if (chmod(root, S_IRWXU | S_IXGRP | S_IXOTH) < 0) { + g_printerr("%s: cannot chown temporary dir: %s\n", + argv[0], g_strerror(errno)); + goto cleanup; + } } =20 virFileActivateDirOverrideForProg(argv[0]); --=20 2.24.1 From nobody Thu May 2 06:44:42 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1582905382; cv=none; d=zohomail.com; s=zohoarc; b=QES9HVuYwSo3v8Wm8gTMz3do0U3eHWlNzKpsTES63KGT9T3gkjh3qdfe3qfGapLxwlsj0I0FS4hjH+TD8WYQbyee1GZmPd7jvtg8uPo4utW8heGrtpCQA2VETdX3KHUDjPVBgPdTopKJwiYeJrF9qD3NUBK3EMTqM5hIowXpsVY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1582905382; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=Q2JdsEn2gJ73Bf+sj2rZxmNqoT3oBU3xeSnGOwoqwEM=; b=iKa3fIM1GoSC1THqzrBdbDXBzeYgwK4pxMKVUEh+gf6Mk4KCtwTUwUXc9rYO1C4WaFPAr10NT7GKgyr07W+LTRF9i2c2h3HVwgUH5XUDTNTCFFf/4JZVGLi6mE1ZQnT5HxmOTLQqJZQtcwdhlb9TU0zO6KN1whzH+YICCXkYhPM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) by mx.zohomail.com with SMTPS id 1582905382591370.4228428245999; Fri, 28 Feb 2020 07:56:22 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-319-ZK7RtoejPh2495yrnb8GMw-1; Fri, 28 Feb 2020 10:56:19 -0500 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 54A48800D48; Fri, 28 Feb 2020 15:56:13 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2A97B91D74; Fri, 28 Feb 2020 15:56:13 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D3B9A18089D0; Fri, 28 Feb 2020 15:56:12 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 01SFuBbm002433 for ; Fri, 28 Feb 2020 10:56:11 -0500 Received: by smtp.corp.redhat.com (Postfix) id 7F66A4DC3E; Fri, 28 Feb 2020 15:56:11 +0000 (UTC) Received: from moe.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id 05DA45DDB2 for ; Fri, 28 Feb 2020 15:56:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1582905381; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=Q2JdsEn2gJ73Bf+sj2rZxmNqoT3oBU3xeSnGOwoqwEM=; b=XpQmrqR4qz+NWZB2/Jpp62O0MWzcV1SYHv6eQkAJA8mBbThfhGN1ilTsEonMQ0KU98C4uO 6hkwamhQk7L/AJ5IlOUWwiq5xok3WdPgwDrR4HfMWOu9ggCGLwMwxp1ry+iwnt5Asdj0+p 62lLSmef5c/hrf0D1cAF/FnyerR3t40= X-MC-Unique: ZK7RtoejPh2495yrnb8GMw-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 2/2] qemu_shim: Ignore SIGPIPE Date: Fri, 28 Feb 2020 16:56:01 +0100 Message-Id: <34ebaaaf5fd570de0ba155dcf661b36e09a0b4a5.1582905304.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" I've found that if my virtlogd is socket activated but the daemon doesn't run yet, then the virt-qemu-run is killed right after it tries to start the domain. The problem is that because the default setting is to use virtlogd, the domain create code tries to connect to virtlogd socket, which in turn tries to detect who is connecting (virNetSocketGetUNIXIdentity()) and as a part of it, it will try to open /proc/${PID_OF_SHIM}/stat which is denied by SELinux: type=3DAVC msg=3Daudit(1582903501.927:323): avc: denied { search } for = \ pid=3D1210 comm=3D"virtlogd" name=3D"1843" dev=3D"proc" ino=3D37224 \ scontext=3Dsystem_u:system_r:virtlogd_t:s0-s0:c0.c1023 \ tcontext=3Dunconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass= =3Ddir \ permissive=3D0 Virtlogd reacts by closing the connection which the shim sees as SIGPIPE. Since the default response to the signal is Term, we don't even get to reporting any error nor to removing the temporary directory. Signed-off-by: Michal Privoznik --- src/qemu/qemu_shim.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/qemu/qemu_shim.c b/src/qemu/qemu_shim.c index 4f06ae952c..d8f3902874 100644 --- a/src/qemu/qemu_shim.c +++ b/src/qemu/qemu_shim.c @@ -150,6 +150,7 @@ int main(int argc, char **argv) signal(SIGINT, qemuShimSigShutdown); signal(SIGQUIT, qemuShimSigShutdown); signal(SIGHUP, qemuShimSigShutdown); + signal(SIGPIPE, SIG_IGN); =20 if (root =3D=3D NULL) { if (!(root =3D g_dir_make_tmp("virt-qemu-run-XXXXXX", &error))) { --=20 2.24.1