From nobody Wed May 15 15:20:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) client-ip=205.139.110.61; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1585929503; cv=none; d=zohomail.com; s=zohoarc; b=NacIHE/pDD6MeE4/32DEhtUGlitIaqkFwxjItiITQkpK9bDzCnVmKZ2XDpADWJ+Wki4YHWo6a/v66yspQMCtvJ3znn7FWHi2nVRtkdKjVAbmKEsVbuW5jWvkPayYBFHpkDAagglJTH/qnRy9z3lIfw8Td9qIHRsoLh49WfNcweE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1585929503; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=op7rAViyPVqT1Ay3bV8zaprdVqABZd95N+ZpCCa0h6I=; b=TUVNvWY5jr5u0r7yA1+gwFP6d30irwGy61d4fnsoWHAxvDMU6a15njEoaCpUYyoCNLA/tSJ65q9EtwqO8v8mZ3/9waCWOwgTH624MpE46+1rCoFEJotnjBC1hPm3VA3GsO15rcwsdSsYPehEkZd+P+jVPquC9YtVBa8/T1yHLzQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) by mx.zohomail.com with SMTPS id 1585929503616422.18737977647106; Fri, 3 Apr 2020 08:58:23 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-208-Ou6pgI1rNpuCyjfzGZPyHw-1; Fri, 03 Apr 2020 11:58:20 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id BCC98801E5E; Fri, 3 Apr 2020 15:58:13 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 958A3A63D5; Fri, 3 Apr 2020 15:58:13 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4D2AE4E45D; Fri, 3 Apr 2020 15:58:13 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 033Fw8In030522 for ; Fri, 3 Apr 2020 11:58:08 -0400 Received: by smtp.corp.redhat.com (Postfix) id C568F1147DF; Fri, 3 Apr 2020 15:58:08 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.192.193]) by smtp.corp.redhat.com (Postfix) with ESMTP id 41D361147DA for ; Fri, 3 Apr 2020 15:58:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1585929502; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=op7rAViyPVqT1Ay3bV8zaprdVqABZd95N+ZpCCa0h6I=; b=UHZOheX+ZupILkviJFUwS31cxICe0Eze9T3KTxwtQvA97ltxWrmtGqnmr7Jw4WXD3hRUgl tbnPDcfjqrYytTW1uZTEjlcFmVaXPOFdBmvXYcDRIgcfgrRhxmKn+5RBjHrx67PSHjBknp tEplBolh4gC3YvJ6lZVFYy/vui8lO10= X-MC-Unique: Ou6pgI1rNpuCyjfzGZPyHw-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 1/3] selinux: Don't remember label for restore path Date: Fri, 3 Apr 2020 17:58:01 +0200 Message-Id: <81ddd7a4c7d67940481e9fbd393f94d41df06506.1585929444.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" The seclabel for @stdin_path in virSecuritySELinuxSetAllLabel() is not restored, because at virSecuritySELinuxRestoreAllLabel() phase it's too late and the caller (QEMU driver) simply doesn't care. Well, don't remember the label and let the perms leak. Signed-off-by: Michal Privoznik --- src/security/security_selinux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 8aeb6e45a5..f47bfbdba9 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -3233,7 +3233,7 @@ virSecuritySELinuxSetAllLabel(virSecurityManagerPtr m= gr, =20 if (stdin_path && virSecuritySELinuxSetFilecon(mgr, stdin_path, - data->content_context, true) < 0) + data->content_context, false) < 0) return -1; =20 return 0; --=20 2.24.1 From nobody Wed May 15 15:20:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1585929501; cv=none; d=zohomail.com; s=zohoarc; b=dg/8BwLFlwCen0Ai1ODul878W0gb3+7MdEUk+bv/rEkCkQC+yfn4eEoqE13mkzewROek9NT6JW3ENeZrpHmB0q0CtcUiTIcfdCs7QhSfTt4Kye9f+aVHydY70Y0M7XZ3Rs9nlnNO9YXNMhWfFiMtcPIiwOzcYSMm83OyGVX1ewg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1585929501; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=mnJiK0r/8MieoCdM2bt0xR9iL3WR75GIu/CEn+Uqv7o=; b=g/dAlMLWCXSXqAV/LbRfn900ie/ZgpyhOPrkNiRkz3kJ6jgEwlRb8rPL1cL1B0QJCMrUujj6NvtORULgT+33r4sOwwDmyZTdJAURSYJrRTWziIIx7IXYScKhxKmIvy54Oi4ZJCKJNSIRyqkc4+TJP/0Ixy/biveQRGhb+H52qz8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) by mx.zohomail.com with SMTPS id 1585929501515947.5494594567257; Fri, 3 Apr 2020 08:58:21 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-281-5Mw4F7iFP2ir-GT5Xr-NwQ-1; Fri, 03 Apr 2020 11:58:17 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C24A7107B7D5; Fri, 3 Apr 2020 15:58:11 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8D8155DA2C; Fri, 3 Apr 2020 15:58:11 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 12A024E455; Fri, 3 Apr 2020 15:58:11 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 033Fw9Ho030527 for ; Fri, 3 Apr 2020 11:58:09 -0400 Received: by smtp.corp.redhat.com (Postfix) id AAD2A90817; Fri, 3 Apr 2020 15:58:09 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.192.193]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2657318A85 for ; Fri, 3 Apr 2020 15:58:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1585929500; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=mnJiK0r/8MieoCdM2bt0xR9iL3WR75GIu/CEn+Uqv7o=; b=UlEUDbLfn72Iwf6mkzFvLu06vD6zLpKDRL0m3CcdW/LlHOSRIe1kpKNidAi1NJRT1kigIC 2v6l3VVpWyB0FzPCP/b3DL+HKmnnrUnzE4DKMjIb/JxOJ1FgPlF9mg3t1OxECJpvNmCEyN C9cxw3rOM6sZp1ah5ofWlDSfy64RImI= X-MC-Unique: 5Mw4F7iFP2ir-GT5Xr-NwQ-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 2/3] security: Introduce virSecurityManagerDomainSetIncomingPathLabel Date: Fri, 3 Apr 2020 17:58:02 +0200 Message-Id: <5f9f8cd9bf061852eb4e79eb7b119e702cac0324.1585929444.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" This API allows drivers to separate out handling of @stdin_path of virSecurityManagerSetAllLabel(). The thing is, the QEMU driver uses transactions for virSecurityManagerSetAllLabel() which relabels devices from inside of domain's namespace. This is what we usually want. Except when resuming domain from a file. The file is opened before any namespace is set up and the FD is passed to QEMU to read the migration stream from. Because of this, the file lives outside of the namespace and if it so happens that the file is a block device (i.e. it lives under /dev) its copy will be created in the namespace. But the FD that is passed to QEMU points to the original living in the host and not in the namespace. So relabeling the file inside the namespace helps nothing. But if we have a separate API for relabeling the restore file then the QEMU driver can continue calling virSecurityManagerSetAllLabel() with transactions enabled and call this new API without transactions. We already have an API for relabeling a single file (virSecurityManagerDomainSetPathLabel()) but in case of SELinux it uses @imagelabel (which allows RW access) and we want to use @content_context (which allows RO access). Signed-off-by: Michal Privoznik Reviewed-by: Erik Skultety --- src/libvirt_private.syms | 1 + src/security/security_driver.h | 4 ++++ src/security/security_manager.c | 29 +++++++++++++++++++++++++++++ src/security/security_manager.h | 4 ++++ src/security/security_stack.c | 21 +++++++++++++++++++++ 5 files changed, 59 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index e276f55bb1..2c63f37fc2 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1523,6 +1523,7 @@ virSecurityDriverLookup; # security/security_manager.h virSecurityManagerCheckAllLabel; virSecurityManagerClearSocketLabel; +virSecurityManagerDomainSetIncomingPathLabel; virSecurityManagerDomainSetPathLabel; virSecurityManagerGenLabel; virSecurityManagerGetBaseLabel; diff --git a/src/security/security_driver.h b/src/security/security_driver.h index 3353955813..6cbe8613c9 100644 --- a/src/security/security_driver.h +++ b/src/security/security_driver.h @@ -140,6 +140,9 @@ typedef int (*virSecurityDomainSetPathLabel) (virSecuri= tyManagerPtr mgr, virDomainDefPtr def, const char *path, bool allowSubtree); +typedef int (*virSecurityDomainSetIncomingPathLabel) (virSecurityManagerPt= r mgr, + virDomainDefPtr def, + const char *path); typedef int (*virSecurityDomainSetChardevLabel) (virSecurityManagerPtr mgr, virDomainDefPtr def, virDomainChrSourceDefPtr = dev_source, @@ -211,6 +214,7 @@ struct _virSecurityDriver { virSecurityDriverGetBaseLabel getBaseLabel; =20 virSecurityDomainSetPathLabel domainSetPathLabel; + virSecurityDomainSetIncomingPathLabel domainSetIncomingPathLabel; =20 virSecurityDomainSetChardevLabel domainSetSecurityChardevLabel; virSecurityDomainRestoreChardevLabel domainRestoreSecurityChardevLabel; diff --git a/src/security/security_manager.c b/src/security/security_manage= r.c index fe032746ff..a76b953ee4 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -1077,6 +1077,35 @@ virSecurityManagerDomainSetPathLabel(virSecurityMana= gerPtr mgr, } =20 =20 +/** + * virSecurityManagerDomainSetIncomingPathLabel: + * @mgr: security manager object + * @vm: domain definition object + * @path: path to label + * + * This function relabels given @path so that @vm can restore for + * it. This allows the driver backend to use different label than + * virSecurityManagerDomainSetPathLabel(). + * + * Returns: 0 on success, -1 on error. + */ +int +virSecurityManagerDomainSetIncomingPathLabel(virSecurityManagerPtr mgr, + virDomainDefPtr vm, + const char *path) +{ + if (mgr->drv->domainSetIncomingPathLabel) { + int ret; + virObjectLock(mgr); + ret =3D mgr->drv->domainSetIncomingPathLabel(mgr, vm, path); + virObjectUnlock(mgr); + return ret; + } + + return 0; +} + + /** * virSecurityManagerSetMemoryLabel: * @mgr: security manager object diff --git a/src/security/security_manager.h b/src/security/security_manage= r.h index 7699bcbc6f..465d71558f 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -189,6 +189,10 @@ int virSecurityManagerDomainSetPathLabel(virSecurityMa= nagerPtr mgr, const char *path, bool allowSubtree); =20 +int virSecurityManagerDomainSetIncomingPathLabel(virSecurityManagerPtr mgr, + virDomainDefPtr vm, + const char *path); + int virSecurityManagerSetChardevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, virDomainChrSourceDefPtr dev_source, diff --git a/src/security/security_stack.c b/src/security/security_stack.c index 073876daff..7782abaf9d 100644 --- a/src/security/security_stack.c +++ b/src/security/security_stack.c @@ -825,6 +825,26 @@ virSecurityStackDomainSetPathLabel(virSecurityManagerP= tr mgr, return rc; } =20 + +static int +virSecurityStackDomainSetIncomingPathLabel(virSecurityManagerPtr mgr, + virDomainDefPtr vm, + const char *path) +{ + virSecurityStackDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); + virSecurityStackItemPtr item =3D priv->itemsHead; + int rc =3D 0; + + for (; item; item =3D item->next) { + if (virSecurityManagerDomainSetIncomingPathLabel(item->securityMan= ager, + vm, path) < 0) + rc =3D -1; + } + + return rc; +} + + static int virSecurityStackDomainSetChardevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, @@ -985,6 +1005,7 @@ virSecurityDriver virSecurityDriverStack =3D { .getBaseLabel =3D virSecurityStackGetBaseLabel, =20 .domainSetPathLabel =3D virSecurityStackDomainSetPathL= abel, + .domainSetIncomingPathLabel =3D virSecurityStackDomainSetIncom= ingPathLabel, =20 .domainSetSecurityChardevLabel =3D virSecurityStackDomainSetChard= evLabel, .domainRestoreSecurityChardevLabel =3D virSecurityStackDomainRestoreC= hardevLabel, --=20 2.24.1 From nobody Wed May 15 15:20:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) client-ip=205.139.110.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1585929507; cv=none; d=zohomail.com; s=zohoarc; b=KQzsCXWUUGXww0ems/Mme9zlB8wUaBZM9lNprq13tLlzvDmURBg4WZfN699Uj3jh7iCmEVvPMcfTWtpsWv/gGYOZ0t8pUkM657ThcS2gppcbCNk4yf6UuPX5Pup1Z9/vv5atVEdCHJYShhqKRthktj3HWOldW6bXJ7+fyZ1KS2M= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1585929507; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=sv1YgPaLSbsIQVXM56w/5WK6JvxlB4v7MxpGoYsMAr4=; b=L1eBPJr42v3ZIYd/MXj+wlp5sAuf+0U9VwYgQRBAsbrvKMnxswf/nWXVCsSiUINrnPNfvMMsJS6tF0j6H+nzQkeMEg6QNE7LYLlKe7xAREiEwnDXGTLS34oUi/oV6R6s85CCy48gaoxPlP44u66BrxsVYHLKmZkIRjzxg8EYCvg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) by mx.zohomail.com with SMTPS id 1585929507779690.1671994981438; Fri, 3 Apr 2020 08:58:27 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-316-Vw_NHKhbOf63Q02ZinEOHQ-1; Fri, 03 Apr 2020 11:58:23 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B6665800D53; Fri, 3 Apr 2020 15:58:15 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8C22B10027A3; Fri, 3 Apr 2020 15:58:15 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3DD084E460; Fri, 3 Apr 2020 15:58:15 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 033FwAiP030537 for ; Fri, 3 Apr 2020 11:58:10 -0400 Received: by smtp.corp.redhat.com (Postfix) id 8F30018A85; Fri, 3 Apr 2020 15:58:10 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.192.193]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0B4E31147DB for ; Fri, 3 Apr 2020 15:58:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1585929506; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=sv1YgPaLSbsIQVXM56w/5WK6JvxlB4v7MxpGoYsMAr4=; b=hvzOHYrJjk72nXdFxTRzSN/9kMmvejqsPbYfGdqAqJyCO0T8m030WV7C0TYBn8h/7i6YYt /MeFv0bdndE/QkNk9Q6lQCYvYAA0NSWDOx+zVlJxMD1dXVZ+vYfk5obzIYyPkflswO7o93 262ERCHb2+RPlkvXgq1KkzKkmI6SU2Y= X-MC-Unique: Vw_NHKhbOf63Q02ZinEOHQ-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 3/3] qemu: Label restore path outside of secdriver transactions Date: Fri, 3 Apr 2020 17:58:03 +0200 Message-Id: <5e6fd7cd5f4e9a122dc0d9fbfe6cb6393eaf620f.1585929444.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" As explained in the previous commit, we need to relabel the file we are restoring the domain from. That is the FD that is passed to QEMU. If the file is not under /dev then the file inside the namespace is the very same as the one in the host. And regardless of using transactions, the file will be relabeled. But, if the file is under /dev then when using transactions only the copy inside the namespace is relabeled and the one in the host is not. But QEMU is reading from the one in the host, actually. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=3D1772838 Signed-off-by: Michal Privoznik Reviewed-by: Erik Skultety --- src/qemu/qemu_security.c | 7 +++++++ src/security/security_selinux.c | 23 +++++++++++++++++------ 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c index 484fc34552..594a700ea3 100644 --- a/src/qemu/qemu_security.c +++ b/src/qemu/qemu_security.c @@ -39,6 +39,13 @@ qemuSecuritySetAllLabel(virQEMUDriverPtr driver, qemuDomainObjPrivatePtr priv =3D vm->privateData; pid_t pid =3D -1; =20 + /* Explicitly run this outside of transaction. We really want to relab= el + * the file in the host and not in the domain's namespace. */ + if (virSecurityManagerDomainSetIncomingPathLabel(driver->securityManag= er, + vm->def, + stdin_path) < 0) + goto cleanup; + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) pid =3D vm->pid; =20 diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index f47bfbdba9..4d8f755c10 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -3135,7 +3135,7 @@ virSecuritySELinuxSetSecuritySmartcardCallback(virDom= ainDefPtr def, static int virSecuritySELinuxSetAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - const char *stdin_path, + const char *stdin_path G_GNUC_UNUSED, bool chardevStdioLogd, bool migrated G_GNUC_UNUSED) { @@ -3231,11 +3231,6 @@ virSecuritySELinuxSetAllLabel(virSecurityManagerPtr = mgr, data->content_context, true) < 0) return -1; =20 - if (stdin_path && - virSecuritySELinuxSetFilecon(mgr, stdin_path, - data->content_context, false) < 0) - return -1; - return 0; } =20 @@ -3393,6 +3388,21 @@ virSecuritySELinuxDomainSetPathLabel(virSecurityMana= gerPtr mgr, return virSecuritySELinuxSetFilecon(mgr, path, seclabel->imagelabel, t= rue); } =20 +static int +virSecuritySELinuxDomainSetIncomingPathLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + const char *path) +{ + virSecuritySELinuxDataPtr data =3D virSecurityManagerGetPrivateData(mg= r); + virSecurityLabelDefPtr secdef; + + secdef =3D virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); + + if (!path || !secdef || !secdef->relabel || data->skipAllLabel) + return 0; + + return virSecuritySELinuxSetFilecon(mgr, path, data->content_context, = false); +} =20 /* * virSecuritySELinuxSetFileLabels: @@ -3596,6 +3606,7 @@ virSecurityDriver virSecurityDriverSELinux =3D { .getBaseLabel =3D virSecuritySELinuxGetBaseLabel, =20 .domainSetPathLabel =3D virSecuritySELinuxDomainSetPat= hLabel, + .domainSetIncomingPathLabel =3D virSecuritySELinuxDomainSetInc= omingPathLabel, =20 .domainSetSecurityChardevLabel =3D virSecuritySELinuxSetChardevLa= bel, .domainRestoreSecurityChardevLabel =3D virSecuritySELinuxRestoreChard= evLabel, --=20 2.24.1