From nobody Sun May 5 18:53:45 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) client-ip=205.139.110.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593620141; cv=none; d=zohomail.com; s=zohoarc; b=bkH2pGwhnokyipK4tVgf5o6W6jMWsFWtSXtEixdQN3Bd9kZu+P78stJAGwhTX0uLon8wX4saKhu6xcIw2jr+ENljYj08mP5czJ2FyBJ8bkGCgYWY88aZMAMcQ43HtU0WxFVXf8lboKwWnyvYe6rPtH7XDMKzkwgdOfNH7klswGw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593620141; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=QLUQGnYu2rwvWxfRrydRST4Pdsa77qZfBJYFR8N/MZ4=; b=LoZjhB+ZjRsJ/RuhyJ0HndpA05YewIUB1ZoFagCrNbUbUNtrF09C25GTVZjGyQEjR2o9Dsr2iCSAP3A0rwiUH1zD108kvSjUh49msWfTsI5VavG+twYqSe6Db/EeNwtvSJYrP/+dvN5KOQEB5rYPzFmg8bXkojsHyKvLsxtA2eI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) by mx.zohomail.com with SMTPS id 1593620140941160.0040623330475; Wed, 1 Jul 2020 09:15:40 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-286-QZQiRQDHOhqmE_IhUsz2yg-1; Wed, 01 Jul 2020 12:15:31 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id DA89A186A205; Wed, 1 Jul 2020 16:15:25 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A3CE960BE1; Wed, 1 Jul 2020 16:15:24 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 7C7A46C9CA; Wed, 1 Jul 2020 16:15:23 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 061GFKnB005178 for ; Wed, 1 Jul 2020 12:15:20 -0400 Received: by smtp.corp.redhat.com (Postfix) id 1C4345C3F8; Wed, 1 Jul 2020 16:15:20 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.194.29]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8FCDD5C1C5 for ; Wed, 1 Jul 2020 16:15:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593620136; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=QLUQGnYu2rwvWxfRrydRST4Pdsa77qZfBJYFR8N/MZ4=; b=AWScDA39Gr0hxXHV3EKEWLHoFfgcS+WS39WqKCSqdiiM/vXIZHDvGsONEHOWcR28xo01U7 B9DBeufncvz1VQ7Vf9G+eFDsEg3sp0UtqtPWLGMr7xbb6tuzl0bcse+Oo4UxU6HuvfJHIb AB0Oe2OFatRo5ugdXBSF95MeAlTXLnU= X-MC-Unique: QZQiRQDHOhqmE_IhUsz2yg-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 1/7] security: Reintroduce virSecurityManager{Set, Restore}SavedStateLabel Date: Wed, 1 Jul 2020 18:15:01 +0200 Message-Id: <16e860f98dd6954d09acd400aa054a35e0af28f9.1593620041.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" These APIs were removed/renamed in v6.5.0-rc1~142 and v6.5.0-rc1~141 because they deemed unused. And if it wasn't for the RFE [1] things would stay that way. The RFE asks for us to not change DAC ownership on the file a domain is restoring from. We have been doing that for ages (if not forever), nevertheless it's annoying because if the restore file is on an NFS remembering owner won't help - NFS doesn't support XATTRs yet. But more importantly, there is no need for us to chown() the file because when restoring the domain the file is opened and the FD is then passed to QEMU. Therefore, we really need only to set SELinux and AppArmor. This reverts bd22eec903976c5c51b1d00e335c315699e5acd6. This partially reverts 4ccbd207f213066c000f43eb544eb00ec745023b. The difference to the original code is that secdrivers are now not required to provide dummy implementation to avoid virReportUnsupportedError(). The callback is run if it exists, if it doesn't zero is returned without any error. 1: https://bugzilla.redhat.com/show_bug.cgi?id=3D1851016 Signed-off-by: Michal Privoznik Reviewed-by: Erik Skultety --- src/libvirt_private.syms | 2 ++ src/security/security_driver.h | 9 ++++++ src/security/security_manager.c | 34 ++++++++++++++++++++++ src/security/security_manager.h | 6 ++++ src/security/security_stack.c | 51 +++++++++++++++++++++++++++++++++ 5 files changed, 102 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index ae0e253ab9..8712213f40 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1560,6 +1560,7 @@ virSecurityManagerRestoreHostdevLabel; virSecurityManagerRestoreImageLabel; virSecurityManagerRestoreInputLabel; virSecurityManagerRestoreMemoryLabel; +virSecurityManagerRestoreSavedStateLabel; virSecurityManagerRestoreTPMLabels; virSecurityManagerSetAllLabel; virSecurityManagerSetChardevLabel; @@ -1571,6 +1572,7 @@ virSecurityManagerSetImageLabel; virSecurityManagerSetInputLabel; virSecurityManagerSetMemoryLabel; virSecurityManagerSetProcessLabel; +virSecurityManagerSetSavedStateLabel; virSecurityManagerSetSocketLabel; virSecurityManagerSetTapFDLabel; virSecurityManagerSetTPMLabels; diff --git a/src/security/security_driver.h b/src/security/security_driver.h index bfff789552..f0ba77032d 100644 --- a/src/security/security_driver.h +++ b/src/security/security_driver.h @@ -67,6 +67,12 @@ typedef int (*virSecurityDomainSetHostdevLabel) (virSecu= rityManagerPtr mgr, virDomainDefPtr def, virDomainHostdevDefPtr de= v, const char *vroot); +typedef int (*virSecurityDomainSetSavedStateLabel) (virSecurityManagerPtr = mgr, + virDomainDefPtr def, + const char *savefile); +typedef int (*virSecurityDomainRestoreSavedStateLabel) (virSecurityManager= Ptr mgr, + virDomainDefPtr de= f, + const char *savefi= le); typedef int (*virSecurityDomainGenLabel) (virSecurityManagerPtr mgr, virDomainDefPtr sec); typedef int (*virSecurityDomainReserveLabel) (virSecurityManagerPtr mgr, @@ -200,6 +206,9 @@ struct _virSecurityDriver { virSecurityDomainSetHostdevLabel domainSetSecurityHostdevLabel; virSecurityDomainRestoreHostdevLabel domainRestoreSecurityHostdevLabel; =20 + virSecurityDomainSetSavedStateLabel domainSetSavedStateLabel; + virSecurityDomainRestoreSavedStateLabel domainRestoreSavedStateLabel; + virSecurityDomainSetImageFDLabel domainSetSecurityImageFDLabel; virSecurityDomainSetTapFDLabel domainSetSecurityTapFDLabel; =20 diff --git a/src/security/security_manager.c b/src/security/security_manage= r.c index ad1938caeb..c073d8cc0d 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -596,6 +596,40 @@ virSecurityManagerSetHostdevLabel(virSecurityManagerPt= r mgr, } =20 =20 +int +virSecurityManagerSetSavedStateLabel(virSecurityManagerPtr mgr, + virDomainDefPtr vm, + const char *savefile) +{ + if (mgr->drv->domainSetSavedStateLabel) { + int ret; + virObjectLock(mgr); + ret =3D mgr->drv->domainSetSavedStateLabel(mgr, vm, savefile); + virObjectUnlock(mgr); + return ret; + } + + return 0; +} + + +int +virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr, + virDomainDefPtr vm, + const char *savefile) +{ + if (mgr->drv->domainRestoreSavedStateLabel) { + int ret; + virObjectLock(mgr); + ret =3D mgr->drv->domainRestoreSavedStateLabel(mgr, vm, savefile); + virObjectUnlock(mgr); + return ret; + } + + return 0; +} + + int virSecurityManagerGenLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm) diff --git a/src/security/security_manager.h b/src/security/security_manage= r.h index 999752ce09..277151848e 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -104,6 +104,12 @@ int virSecurityManagerSetHostdevLabel(virSecurityManag= erPtr mgr, virDomainDefPtr def, virDomainHostdevDefPtr dev, const char *vroot); +int virSecurityManagerSetSavedStateLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + const char *savefile); +int virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + const char *savefile); int virSecurityManagerGenLabel(virSecurityManagerPtr mgr, virDomainDefPtr sec); int virSecurityManagerReserveLabel(virSecurityManagerPtr mgr, diff --git a/src/security/security_stack.c b/src/security/security_stack.c index 379c9302bc..624431d4ef 100644 --- a/src/security/security_stack.c +++ b/src/security/security_stack.c @@ -394,6 +394,54 @@ virSecurityStackRestoreAllLabel(virSecurityManagerPtr = mgr, } =20 =20 +static int +virSecurityStackSetSavedStateLabel(virSecurityManagerPtr mgr, + virDomainDefPtr vm, + const char *savefile) +{ + virSecurityStackDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); + virSecurityStackItemPtr item =3D priv->itemsHead; + + for (; item; item =3D item->next) { + if (virSecurityManagerSetSavedStateLabel(item->securityManager, vm= , savefile) < 0) + goto rollback; + } + + return 0; + + rollback: + for (item =3D item->prev; item; item =3D item->prev) { + if (virSecurityManagerRestoreSavedStateLabel(item->securityManager, + vm, + savefile) < 0) { + VIR_WARN("Unable to restore saved state label after failed set= " + "label call virDriver=3D%s driver=3D%s savefile=3D%s", + virSecurityManagerGetVirtDriver(mgr), + virSecurityManagerGetDriver(item->securityManager), + savefile); + } + } + return -1; +} + + +static int +virSecurityStackRestoreSavedStateLabel(virSecurityManagerPtr mgr, + virDomainDefPtr vm, + const char *savefile) +{ + virSecurityStackDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); + virSecurityStackItemPtr item =3D priv->itemsHead; + int rc =3D 0; + + for (; item; item =3D item->next) { + if (virSecurityManagerRestoreSavedStateLabel(item->securityManager= , vm, savefile) < 0) + rc =3D -1; + } + + return rc; +} + static int virSecurityStackSetProcessLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm) @@ -964,6 +1012,9 @@ virSecurityDriver virSecurityDriverStack =3D { .domainSetSecurityHostdevLabel =3D virSecurityStackSetHostdevLabe= l, .domainRestoreSecurityHostdevLabel =3D virSecurityStackRestoreHostdev= Label, =20 + .domainSetSavedStateLabel =3D virSecurityStackSetSavedStateL= abel, + .domainRestoreSavedStateLabel =3D virSecurityStackRestoreSavedSt= ateLabel, + .domainSetSecurityImageFDLabel =3D virSecurityStackSetImageFDLabe= l, .domainSetSecurityTapFDLabel =3D virSecurityStackSetTapFDLabel, =20 --=20 2.26.2 From nobody Sun May 5 18:53:45 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) client-ip=205.139.110.61; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593620236; cv=none; d=zohomail.com; s=zohoarc; b=LVJR+QpNQDgw0t76Cb+8Fd0V6bJtilryVBPGPu8u6XTMDb7zLn0H7GZIvhzYo12eHD+0BGO9ZZZXB/mFmrkhHbaO4NniAp2FMoAQH3pVP0QTP3hX//lq+kIfzKDAne21oKPaz49nOB8QvLuR0w2ebS+/N6LGdoYwI5esGU55AGw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593620236; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=C9pTwmoNLAhIJ5iIogSiDYSFe3L2GPyVyS2ZwsWhxz8=; b=IQjLw/I7YfHtQ5XtyI0DbFfd4VJHC15fM0myXU7kZzrX3AuRN334fPAiLaJhPFXa3dFb4q5DCjSE+E5SDJz10yPS3VmnUFSrfpGLiQUa9NIA1tn6yNUaN0yBryPaw3xLRpYs0iBJB6CMKYJQ6JkmsYjqOfKRY2EJjLsa7gJ7H/o= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) by mx.zohomail.com with SMTPS id 1593620236969521.7198015826995; Wed, 1 Jul 2020 09:17:16 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-466-aDC7z230PfOejxfcnm4Kwg-1; Wed, 01 Jul 2020 12:15:49 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id F00E0879516; Wed, 1 Jul 2020 16:15:40 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CD64173FC3; Wed, 1 Jul 2020 16:15:40 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 97A5D1809563; Wed, 1 Jul 2020 16:15:40 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 061GFKY5005186 for ; Wed, 1 Jul 2020 12:15:21 -0400 Received: by smtp.corp.redhat.com (Postfix) id F01955C3FD; Wed, 1 Jul 2020 16:15:20 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.194.29]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6FBE35C1C5 for ; Wed, 1 Jul 2020 16:15:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593620235; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=C9pTwmoNLAhIJ5iIogSiDYSFe3L2GPyVyS2ZwsWhxz8=; b=X1JMHXydyEWvmwKKxCfn5ASpxgBTZvpu9FWR3EpclMRxJT3P2ecyMrSlqV8mY0LMGiW2La WjMfj1dcZdyRl9PKeEAQ6xP1alwP9A97rf0IcjDgZk/Fc0xNw1RUx9nvUry+uNXjsRklan tdjTCF2ZXYICCFmB1qyPMUzOeWq83ew= X-MC-Unique: aDC7z230PfOejxfcnm4Kwg-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 2/7] qemu_security: Implement virSecurityManager{Set, Restore}SavedStateLabel Date: Wed, 1 Jul 2020 18:15:02 +0200 Message-Id: <279977f506cd424c755fe6e249726c830ef79dd6.1593620041.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" These APIs don't use namespaces because the virSecurityManagerSetSavedStateLabel() runs when the namespace doesn't exist yet and thus the virSecurityManagerRestoreSavedStateLabel() has to run without namespace too. Signed-off-by: Michal Privoznik Reviewed-by: Erik Skultety --- src/qemu/qemu_security.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h index df34820af8..107a581279 100644 --- a/src/qemu/qemu_security.h +++ b/src/qemu/qemu_security.h @@ -96,6 +96,14 @@ int qemuSecurityStartTPMEmulator(virQEMUDriverPtr driver, void qemuSecurityCleanupTPMEmulator(virQEMUDriverPtr driver, virDomainObjPtr vm); =20 +int qemuSecuritySetSavedStateLabel(virQEMUDriverPtr driver, + virDomainObjPtr vm, + const char *savefile); + +int qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver, + virDomainObjPtr vm, + const char *savefile); + int qemuSecurityDomainSetPathLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, const char *path, @@ -133,9 +141,11 @@ int qemuSecurityCommandRun(virQEMUDriverPtr driver, #define qemuSecurityPreFork virSecurityManagerPreFork #define qemuSecurityReleaseLabel virSecurityManagerReleaseLabel #define qemuSecurityReserveLabel virSecurityManagerReserveLabel +#define qemuSecurityRestoreSavedStateLabel virSecurityManagerRestoreSavedS= tateLabel #define qemuSecuritySetChildProcessLabel virSecurityManagerSetChildProcess= Label #define qemuSecuritySetDaemonSocketLabel virSecurityManagerSetDaemonSocket= Label #define qemuSecuritySetImageFDLabel virSecurityManagerSetImageFDLabel +#define qemuSecuritySetSavedStateLabel virSecurityManagerSetSavedStateLabel #define qemuSecuritySetSocketLabel virSecurityManagerSetSocketLabel #define qemuSecuritySetTapFDLabel virSecurityManagerSetTapFDLabel #define qemuSecurityStackAddNested virSecurityManagerStackAddNested --=20 2.26.2 From nobody Sun May 5 18:53:45 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593620153; cv=none; d=zohomail.com; s=zohoarc; b=BQDmqjPhoxfqVMyTcUvP8OR1iZ3XSdQZPSEGI0a24PnDElp1aLE+k93qDwYv+6QXvO+tB9WEiyw4bkJm5VEeTHaFEMg3LJFHOFpNKGAsjgacx77nQCNKwi9Q2kDT6e4hdZSu2SDzaNKzQRHoAdpMd0PlDbvHjTYWmT6/N0nwHk8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593620153; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=sxfWBVSDa3dAvw6CiUf4SpcKezuALlnRjsDM9T4hpC4=; b=N9PeNUyAtxTcqFFJSj2H5G7TP6sMpto51z1T94+NsyQ09ZpZp3IEadodwnSMsqPXJjkX5TZyeOT996RL2iJnRdRJZrsxG66peFj2GAZsP9vPn0KCJt6MhcncEO1I6JMdV+v49uqi/F3+0fPNL7ev2hTuAP3jl44yNgjZBDOimYE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) by mx.zohomail.com with SMTPS id 1593620153521426.4653294190564; Wed, 1 Jul 2020 09:15:53 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-167-UX8Hg4mzPZ26xn8IPGVCdg-1; Wed, 01 Jul 2020 12:15:46 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 89A0E186A219; Wed, 1 Jul 2020 16:15:40 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6A96C5C3F8; Wed, 1 Jul 2020 16:15:40 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 39E306C9CB; Wed, 1 Jul 2020 16:15:40 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 061GFL3t005198 for ; Wed, 1 Jul 2020 12:15:21 -0400 Received: by smtp.corp.redhat.com (Postfix) id CFA385C3F8; Wed, 1 Jul 2020 16:15:21 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.194.29]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4F4EF5C1C5 for ; Wed, 1 Jul 2020 16:15:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593620150; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=sxfWBVSDa3dAvw6CiUf4SpcKezuALlnRjsDM9T4hpC4=; b=Z9j0dGY5hsOXC1MwBDLfRdAZtukYJ3gRThz5+3rts0Och2fuTHn+k9v4NnQrq/Raf+uAgB jlMZdolo7q/aIj+X2KyZlqY3u7S5kZ/9d+CDPVR1OUr30Cp5dK6L/ZxpzU+BL01oB/oBD8 2lfO95W/eg/Pn8XKXgbIC3JbvnxIkko= X-MC-Unique: UX8Hg4mzPZ26xn8IPGVCdg-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 3/7] security_selinux: Implement virSecurityManager{Set, Restore}SavedStateLabel Date: Wed, 1 Jul 2020 18:15:03 +0200 Message-Id: <7647272819ab84d8e65b00f3037dc8acfe59d6a6.1593620041.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" These APIs are are basically virSecuritySELinuxDomainSetPathLabelRO() and virSecuritySELinuxDomainRestorePathLabel(). Signed-off-by: Michal Privoznik Reviewed-by: Erik Skultety --- src/security/security_selinux.c | 35 +++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index f8c1a0a2f1..6b0581e4d9 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -2501,6 +2501,38 @@ virSecuritySELinuxRestoreHostdevLabel(virSecurityMan= agerPtr mgr, } =20 =20 +static int +virSecuritySELinuxSetSavedStateLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + const char *savefile) +{ + virSecuritySELinuxDataPtr data =3D virSecurityManagerGetPrivateData(mg= r); + virSecurityLabelDefPtr secdef; + + secdef =3D virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); + + if (!savefile || !secdef || !secdef->relabel || data->skipAllLabel) + return 0; + + return virSecuritySELinuxSetFilecon(mgr, savefile, data->content_conte= xt, false); +} + + +static int +virSecuritySELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + const char *savefile) +{ + virSecurityLabelDefPtr secdef; + + secdef =3D virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); + if (!secdef || !secdef->relabel) + return 0; + + return virSecuritySELinuxRestoreFileLabel(mgr, savefile, true); +} + + static int virSecuritySELinuxSetChardevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, @@ -3616,6 +3648,9 @@ virSecurityDriver virSecurityDriverSELinux =3D { .domainSetSecurityHostdevLabel =3D virSecuritySELinuxSetHostdevLa= bel, .domainRestoreSecurityHostdevLabel =3D virSecuritySELinuxRestoreHostd= evLabel, =20 + .domainSetSavedStateLabel =3D virSecuritySELinuxSetSavedStat= eLabel, + .domainRestoreSavedStateLabel =3D virSecuritySELinuxRestoreSaved= StateLabel, + .domainSetSecurityImageFDLabel =3D virSecuritySELinuxSetImageFDLa= bel, .domainSetSecurityTapFDLabel =3D virSecuritySELinuxSetTapFDLabe= l, =20 --=20 2.26.2 From nobody Sun May 5 18:53:45 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593620157; cv=none; d=zohomail.com; s=zohoarc; b=jl/ihKZ3Ma4uBjXOU0bnTkzyXOXqBdSZBxfxLohVJPACPyYCeFhEinZtZkDYrt3o3hLTkN2OScxeamEnWFAgbDePWZneYzUln1CO+jK/mOB5zVyaUh4yb5jc1z7Nk9MtPtA9HD0rTmXIz9DViIYVF27+OnbIvohN3bSKi00BTnU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593620157; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=LpQdZRn0Lm7sBCN8CGUSkASezcKneyq7Vf99VgHfdvc=; b=Y5cdn/73jNeqJxFLHl3vyMn1Moh4xGCoPUeGVAdtLEP/x5Fm4cxAq1LQ2up03LkGAeofWgc2FxYV9kXukbT6t75CPEnTKKqQ5zuEu7z1ofO8aIEUIvjS7TUqxrP/4R/piWDS+NCWLmb9jgUZ6+iryN93Eq265YfFGAzs2PeMUeU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by mx.zohomail.com with SMTPS id 1593620157394566.8795409942536; Wed, 1 Jul 2020 09:15:57 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-351-om-hQMxYNEqejQcQhtSDPg-1; Wed, 01 Jul 2020 12:15:49 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 644FA75E44; Wed, 1 Jul 2020 16:15:43 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EFCDA73FC2; Wed, 1 Jul 2020 16:15:42 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id BB9081809561; Wed, 1 Jul 2020 16:15:42 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 061GFMPJ005218 for ; Wed, 1 Jul 2020 12:15:22 -0400 Received: by smtp.corp.redhat.com (Postfix) id AF8225C3F8; Wed, 1 Jul 2020 16:15:22 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.194.29]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2E9CA5C1C5 for ; Wed, 1 Jul 2020 16:15:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593620156; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=LpQdZRn0Lm7sBCN8CGUSkASezcKneyq7Vf99VgHfdvc=; b=fBrwKwkt3PLVSXmlESM9IorssfENontXnvg9sGRy/DDuppOxeWee+/uxf25quUYxgN/VS2 Rwl5tS+v8e/fljgUQGUzO40ftW0zOJGfw7f4baRb2nNbw7Rmpoa63eigM1pu3z4f2TP2kH FOa055CqOhvgKy2Cb9E7QUcuIasmj44= X-MC-Unique: om-hQMxYNEqejQcQhtSDPg-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 4/7] qemu: Use qemuSecuritySetSavedStateLabel() to label restore path Date: Wed, 1 Jul 2020 18:15:04 +0200 Message-Id: <1856638ac8cc3373c638854084e11677aadd887b.1593620041.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Currently, when restoring from a domain the path that the domain restores from is labelled under qemuSecuritySetAllLabel() (and after v6.3.0-rc1~108 even outside transactions). While this grants QEMU the access, it has a flaw, because once the domain is restored, up and running then qemuSecurityDomainRestorePathLabel() is called, which is not real counterpart. In case of DAC driver the SetAllLabel() does nothing with the restore path but RestorePathLabel() does - it chown()-s the file back and since there is no original label remembered, the file is chown()-ed to root:root. While the apparent solution is to have DAC driver set the label (and thus remember the original one) in SetAllLabel(), we can do better. Turns out, we are opening the file ourselves (because it may live on a root squashed NFS) and then are just passing the FD to QEMU. But this means, that we don't have to chown() the file at all, we need to set SELinux labels and/or add the path to AppArmor profile. And since we want to restore labels right after QEMU is done loading the migration stream (we don't want to wait until qemuSecurityRestoreAllLabel()), the best way to approach this is to have separate APIs for labelling and restoring label on the restore file. I will investigate whether AppArmor can use the SavedStateLabel() API instead of passing the restore path to SetAllLabel(). Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=3D1851016 Signed-off-by: Michal Privoznik Reviewed-by: Erik Skultety --- src/qemu/qemu_driver.c | 2 -- src/qemu/qemu_process.c | 12 ++++++++++++ src/qemu/qemu_security.c | 7 ------- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index a5b38b3d24..9da05038d9 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -6958,8 +6958,6 @@ qemuDomainSaveImageStartVM(virConnectPtr conn, qemuProcessStop(driver, vm, VIR_DOMAIN_SHUTOFF_FAILED, asyncJob, VIR_QEMU_PROCESS_STOP_MIGRATED); } - if (qemuSecurityDomainRestorePathLabel(driver, vm, path, true) < 0) - VIR_WARN("failed to restore save state label on %s", path); return ret; } =20 diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index d36088ba98..70fc24b993 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -7073,6 +7073,7 @@ qemuProcessStart(virConnectPtr conn, qemuProcessIncomingDefPtr incoming =3D NULL; unsigned int stopFlags; bool relabel =3D false; + bool relabelSavedState =3D false; int ret =3D -1; int rv; =20 @@ -7109,6 +7110,13 @@ qemuProcessStart(virConnectPtr conn, if (qemuProcessPrepareHost(driver, vm, flags) < 0) goto stop; =20 + if (migratePath) { + if (qemuSecuritySetSavedStateLabel(driver->securityManager, + vm->def, migratePath) < 0) + goto cleanup; + relabelSavedState =3D true; + } + if ((rv =3D qemuProcessLaunch(conn, driver, vm, asyncJob, incoming, snapshot, vmop, flags)) < 0) { if (rv =3D=3D -2) @@ -7145,6 +7153,10 @@ qemuProcessStart(virConnectPtr conn, ret =3D 0; =20 cleanup: + if (relabelSavedState && + qemuSecurityRestoreSavedStateLabel(driver->securityManager, + vm->def, migratePath) < 0) + VIR_WARN("failed to restore save state label on %s", migratePath); qemuProcessIncomingDefFree(incoming); return ret; =20 diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c index 3b6d6e91f4..e35394b2f6 100644 --- a/src/qemu/qemu_security.c +++ b/src/qemu/qemu_security.c @@ -39,13 +39,6 @@ qemuSecuritySetAllLabel(virQEMUDriverPtr driver, qemuDomainObjPrivatePtr priv =3D vm->privateData; pid_t pid =3D -1; =20 - /* Explicitly run this outside of transaction. We really want to relab= el - * the file in the host and not in the domain's namespace. */ - if (virSecurityManagerDomainSetPathLabelRO(driver->securityManager, - vm->def, - stdin_path) < 0) - goto cleanup; - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) pid =3D vm->pid; =20 --=20 2.26.2 From nobody Sun May 5 18:53:45 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593620138; cv=none; d=zohomail.com; s=zohoarc; b=OFz76c5/2Uwx+8YB94QpWD9AdukjUSejok9Zztha1vg4/19lcFPXktH5HxCe9QYI8FPVsMwSyICfRDdVzFGQvaHSnSY0hIHvbWKpMR2hKGhYKrMzafcGxnA2kFyPIiIneBnwAxbrLHyzFG0ri/JS1wrU5VMyxIy6ZPb+eC3+a58= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593620138; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=RtrocdQfEqiYhDXugOeghU4F6L+ZwMeHPSivqn0oDrQ=; b=mY6+kv5eDa3Hu8r5fKrwcvDTl7UUUJdqYc9HpbUFbwBAelRhttzl5GiU45Kqwj2e56CyV9w304A1rro4Ol81tkRRy3Ww5rHngUb+ITOwYA66KNIUS0p7RnPTF/5v+Og0hF7X3L0vBeDN6E0PaEzcs45kNjBGq4SbRD1nRl/C/q8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by mx.zohomail.com with SMTPS id 1593620138315737.4235054212802; Wed, 1 Jul 2020 09:15:38 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-151-Fe36Q6tOMhinHtne9HvB0Q-1; Wed, 01 Jul 2020 12:15:33 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1A8EE186A201; Wed, 1 Jul 2020 16:15:27 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EAEED1000235; Wed, 1 Jul 2020 16:15:26 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id B85111809561; Wed, 1 Jul 2020 16:15:26 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 061GFNj1005223 for ; Wed, 1 Jul 2020 12:15:23 -0400 Received: by smtp.corp.redhat.com (Postfix) id 8EC585C3F8; Wed, 1 Jul 2020 16:15:23 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.194.29]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0E5D65C1C5 for ; Wed, 1 Jul 2020 16:15:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593620137; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=RtrocdQfEqiYhDXugOeghU4F6L+ZwMeHPSivqn0oDrQ=; b=WwMuixv0cAGnEH0MBog4fi1XdWaCPRNzugqKbLmz+r0XWY2rd12KaoZTR+2JFA+SHK0Zz3 iX2yoHyy+shXvg2n/0bWiNserLxJVieA7jgBRcPIQtkZ0x3Kzvv/+R+2oxolWj8tW3qS6D qCqaoAE+uVNDUBJQEUw+pdduklWUJ+A= X-MC-Unique: Fe36Q6tOMhinHtne9HvB0Q-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 5/7] Revert "qemuSecurityDomainRestorePathLabel: Introduce @ignoreNS argument" Date: Wed, 1 Jul 2020 18:15:05 +0200 Message-Id: <219e8cb39a0ba6659feed16a1e1c42c339c525ac.1593620041.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" The only consumer was removed in the previous commit. This reverts commit f03a38bd1d28eaa95402742da6ff64f3f633a979. Signed-off-by: Michal Privoznik Reviewed-by: Erik Skultety --- src/qemu/qemu_security.c | 6 ++---- src/qemu/qemu_security.h | 3 +-- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c index e35394b2f6..34cfcd3256 100644 --- a/src/qemu/qemu_security.c +++ b/src/qemu/qemu_security.c @@ -610,15 +610,13 @@ qemuSecurityDomainSetPathLabel(virQEMUDriverPtr drive= r, int qemuSecurityDomainRestorePathLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, - const char *path, - bool ignoreNS) + const char *path) { qemuDomainObjPrivatePtr priv =3D vm->privateData; pid_t pid =3D -1; int ret =3D -1; =20 - if (!ignoreNS && - qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) pid =3D vm->pid; =20 if (virSecurityManagerTransactionStart(driver->securityManager) < 0) diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h index 107a581279..82f4945cd8 100644 --- a/src/qemu/qemu_security.h +++ b/src/qemu/qemu_security.h @@ -111,8 +111,7 @@ int qemuSecurityDomainSetPathLabel(virQEMUDriverPtr dri= ver, =20 int qemuSecurityDomainRestorePathLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, - const char *path, - bool ignoreNS); + const char *path); =20 int qemuSecurityCommandRun(virQEMUDriverPtr driver, virDomainObjPtr vm, --=20 2.26.2 From nobody Sun May 5 18:53:45 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593620164; cv=none; d=zohomail.com; s=zohoarc; b=FcO2cvra2zSBeeEjqFGN2pyi/qoNfHp5e6JgbqmYu0YcOWI6wWfOo3vfDKbCDb1FkudJrNA+bFvtw6a+eFDkZm9cbFuaYKtI4uVnWnUf74SZohzBhfH/GMIFzp9rfvX2wToq48vblHmJv2PQOtiyFhp+zV+HS5gfPwaY6CAyr/c= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593620164; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=05tENvqegO7cxqM+r9sC7x4fvs2m70XvHAatoFf717I=; b=DJ7OMr4qiXDgvZ0cNmkH/onZPs7yi2rD7bTEGSi4Yc/zl5dmJQoKq1YlEf+8EJslEewEGP9Ak2mlxzbzfbfS8iEAUMNiuu7qXTxcgWCfYwE1oHTP/LEELP9u539q0R8nnyMbDYXbOstE/c6BhN9O9P+XNUj7v+P+N6Mv1+ztKPU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) by mx.zohomail.com with SMTPS id 1593620164788466.8688123558022; Wed, 1 Jul 2020 09:16:04 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-101-BLKfdbspNDeaf1sH0g1nmQ-1; Wed, 01 Jul 2020 12:15:46 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id AC87E75E49; Wed, 1 Jul 2020 16:15:40 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8C32679223; Wed, 1 Jul 2020 16:15:40 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5BE006C9CC; Wed, 1 Jul 2020 16:15:40 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 061GFOUc005244 for ; Wed, 1 Jul 2020 12:15:24 -0400 Received: by smtp.corp.redhat.com (Postfix) id 6E8A75C3F8; Wed, 1 Jul 2020 16:15:24 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.194.29]) by smtp.corp.redhat.com (Postfix) with ESMTP id E21505C1C5 for ; Wed, 1 Jul 2020 16:15:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593620163; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=05tENvqegO7cxqM+r9sC7x4fvs2m70XvHAatoFf717I=; b=D9W14Yxbn6YMMM4nyHtQ0HlmSVpiaDJZ5tY/kmcvX1XOzHTmumb1Y+6KMQXBhR7cRGgY0W HSNpEDjp+KUmX1X5MKHzc5mJG6NTDCfCZAOw8OYfAVLHqIf8RYf0KZ/NreJb5JWazIOu9s nTmTHujnOrXP47LGUWZph8imJRhq7p4= X-MC-Unique: BLKfdbspNDeaf1sH0g1nmQ-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 6/7] secdrivers: Rename @stdin_path argument of virSecurityDomainSetAllLabel() Date: Wed, 1 Jul 2020 18:15:06 +0200 Message-Id: <29169de24f45a2ef739e55070a7b03050cc0c1d5.1593620041.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" The argument (if not NULL) points to the file the domain is restoring from. On QEMU command line this used to be '-incoming $path', but we've switched to passing FD ages ago and thus this argument is used only in AppArmor (which loads the profile on domain start). Anyway, the argument does not refer to stdin, rename it to 'incomingPath' then. Signed-off-by: Michal Privoznik Reviewed-by: Erik Skultety --- src/security/security_apparmor.c | 8 ++++---- src/security/security_dac.c | 2 +- src/security/security_driver.h | 2 +- src/security/security_manager.c | 4 ++-- src/security/security_manager.h | 2 +- src/security/security_nop.c | 2 +- src/security/security_selinux.c | 2 +- src/security/security_stack.c | 4 ++-- 8 files changed, 13 insertions(+), 13 deletions(-) diff --git a/src/security/security_apparmor.c b/src/security/security_appar= mor.c index 583e872614..3f6a213b43 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -455,7 +455,7 @@ AppArmorGenSecurityLabel(virSecurityManagerPtr mgr G_GN= UC_UNUSED, static int AppArmorSetSecurityAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - const char *stdin_path, + const char *incomingPath, bool chardevStdioLogd G_GNUC_UNUSED, bool migrated G_GNUC_UNUSED) { @@ -464,10 +464,10 @@ AppArmorSetSecurityAllLabel(virSecurityManagerPtr mgr, if (!secdef || !secdef->relabel) return 0; =20 - /* Reload the profile if stdin_path is specified. Note that + /* Reload the profile if incomingPath is specified. Note that GenSecurityLabel() will have already been run. */ - if (stdin_path) - return reload_profile(mgr, def, stdin_path, true); + if (incomingPath) + return reload_profile(mgr, def, incomingPath, true); =20 return 0; } diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 23fe351a32..dd701ef28b 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -2142,7 +2142,7 @@ virSecurityDACSetSysinfoLabel(virSecurityManagerPtr m= gr, static int virSecurityDACSetAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - const char *stdin_path G_GNUC_UNUSED, + const char *incomingPath G_GNUC_UNUSED, bool chardevStdioLogd, bool migrated G_GNUC_UNUSED) { diff --git a/src/security/security_driver.h b/src/security/security_driver.h index f0ba77032d..08cdf94598 100644 --- a/src/security/security_driver.h +++ b/src/security/security_driver.h @@ -82,7 +82,7 @@ typedef int (*virSecurityDomainReleaseLabel) (virSecurity= ManagerPtr mgr, virDomainDefPtr sec); typedef int (*virSecurityDomainSetAllLabel) (virSecurityManagerPtr mgr, virDomainDefPtr sec, - const char *stdin_path, + const char *incomingPath, bool chardevStdioLogd, bool migrated); typedef int (*virSecurityDomainRestoreAllLabel) (virSecurityManagerPtr mgr, diff --git a/src/security/security_manager.c b/src/security/security_manage= r.c index c073d8cc0d..9a242f9189 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -856,14 +856,14 @@ int virSecurityManagerCheckAllLabel(virSecurityManage= rPtr mgr, int virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, - const char *stdin_path, + const char *incomingPath, bool chardevStdioLogd, bool migrated) { if (mgr->drv->domainSetSecurityAllLabel) { int ret; virObjectLock(mgr); - ret =3D mgr->drv->domainSetSecurityAllLabel(mgr, vm, stdin_path, + ret =3D mgr->drv->domainSetSecurityAllLabel(mgr, vm, incomingPath, chardevStdioLogd, migrated); virObjectUnlock(mgr); diff --git a/src/security/security_manager.h b/src/security/security_manage= r.h index 277151848e..1c9e166174 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -121,7 +121,7 @@ int virSecurityManagerCheckAllLabel(virSecurityManagerP= tr mgr, virDomainDefPtr sec); int virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr sec, - const char *stdin_path, + const char *incomingPath, bool chardevStdioLogd, bool migrated); int virSecurityManagerRestoreAllLabel(virSecurityManagerPtr mgr, diff --git a/src/security/security_nop.c b/src/security/security_nop.c index de5da1ee1c..385a747f5b 100644 --- a/src/security/security_nop.c +++ b/src/security/security_nop.c @@ -119,7 +119,7 @@ virSecurityDomainReleaseLabelNop(virSecurityManagerPtr = mgr G_GNUC_UNUSED, static int virSecurityDomainSetAllLabelNop(virSecurityManagerPtr mgr G_GNUC_UNUSED, virDomainDefPtr sec G_GNUC_UNUSED, - const char *stdin_path G_GNUC_UNUSED, + const char *incomingPath G_GNUC_UNUSED, bool chardevStdioLogd G_GNUC_UNUSED, bool migrated G_GNUC_UNUSED) { diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 6b0581e4d9..52ff4fab0f 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -3169,7 +3169,7 @@ virSecuritySELinuxSetSysinfoLabel(virSecurityManagerP= tr mgr, static int virSecuritySELinuxSetAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - const char *stdin_path G_GNUC_UNUSED, + const char *incomingPath G_GNUC_UNUSED, bool chardevStdioLogd, bool migrated G_GNUC_UNUSED) { diff --git a/src/security/security_stack.c b/src/security/security_stack.c index 624431d4ef..2480c47f70 100644 --- a/src/security/security_stack.c +++ b/src/security/security_stack.c @@ -341,7 +341,7 @@ virSecurityStackRestoreHostdevLabel(virSecurityManagerP= tr mgr, static int virSecurityStackSetAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, - const char *stdin_path, + const char *incomingPath, bool chardevStdioLogd, bool migrated) { @@ -350,7 +350,7 @@ virSecurityStackSetAllLabel(virSecurityManagerPtr mgr, =20 for (; item; item =3D item->next) { if (virSecurityManagerSetAllLabel(item->securityManager, vm, - stdin_path, chardevStdioLogd, + incomingPath, chardevStdioLogd, migrated) < 0) goto rollback; } --=20 2.26.2 From nobody Sun May 5 18:53:45 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) client-ip=205.139.110.61; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593620161; cv=none; d=zohomail.com; s=zohoarc; b=N1nBEJmwq418bZR2U0M1H7GkOydzF8M2o3S3hffBmAV9+q3hizTaOCYGnY4kQaZxCEMJOciyM+DnzlbSgjzIjLxG2m1fAfFrbNpTdQWL5N/4javzZd+sRRqVP06rIoNvkNiFytU4d7xOw9ZOaeJMMfZqpxML2RX/PAegbt573gY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593620161; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=tpC92CdcXg68tSV/hyzIAaxj8ti2yKm0PbppUkx9jbk=; b=E3mhGoCERvJJPTcB7jlRvHMoeIgoI3DupkA82snU1+OUuoAkJb3sTQea39xMuxL2OdSSeqPnIXE2wWv/8JprgR0ePv/MnWqdmpCvVxj0BcdgELQZa3Z/+ma6qmUUy4Wamai/Fez95jOWkWtRDlj0oN3FgdJGJPqG+uAcOjC1IbA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) by mx.zohomail.com with SMTPS id 1593620161239944.4180174798646; Wed, 1 Jul 2020 09:16:01 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-316-ujIoZUzaPkKDzpRXZjzfFQ-1; Wed, 01 Jul 2020 12:15:54 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4B377100CCC2; Wed, 1 Jul 2020 16:15:43 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2A38E73FCC; Wed, 1 Jul 2020 16:15:43 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id EE3EC6C9CF; Wed, 1 Jul 2020 16:15:42 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 061GFP5w005250 for ; Wed, 1 Jul 2020 12:15:25 -0400 Received: by smtp.corp.redhat.com (Postfix) id 4E5785C3F8; Wed, 1 Jul 2020 16:15:25 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.194.29]) by smtp.corp.redhat.com (Postfix) with ESMTP id C182E5C1C5 for ; Wed, 1 Jul 2020 16:15:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593620160; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=tpC92CdcXg68tSV/hyzIAaxj8ti2yKm0PbppUkx9jbk=; b=Zj7lYiJmshATIxtbK/xT8mAiKXbo2jVtnqMr/tfr3bivaItT4F9lBTbUFRbIw7RP/wfK+X N55TKO3aIorADPvHY3AYyiIHME/Pisk2srI4omjlnl3v6Ncr773nxldzWBTw6iB4iFOtrp lmyJ10GQz8RWoWjBs8qSTUx0ZEH6zDA= X-MC-Unique: ujIoZUzaPkKDzpRXZjzfFQ-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 7/7] qemu_security: Complete renaming of virSecurityManagerSetAllLabel() argument Date: Wed, 1 Jul 2020 18:15:07 +0200 Message-Id: <6b8fd4f787bfe120b072baa5bdf6150994e4f20d.1593620041.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Just like in the previous commit, the stdin_path argument of virSecurityManagerSetAllLabel() is renamed to incomingPath. Signed-off-by: Michal Privoznik Reviewed-by: Erik Skultety --- src/qemu/qemu_security.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c index 34cfcd3256..621523f086 100644 --- a/src/qemu/qemu_security.c +++ b/src/qemu/qemu_security.c @@ -32,7 +32,7 @@ VIR_LOG_INIT("qemu.qemu_security"); int qemuSecuritySetAllLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, - const char *stdin_path, + const char *incomingPath, bool migrated) { int ret =3D -1; @@ -47,7 +47,7 @@ qemuSecuritySetAllLabel(virQEMUDriverPtr driver, =20 if (virSecurityManagerSetAllLabel(driver->securityManager, vm->def, - stdin_path, + incomingPath, priv->chardevStdioLogd, migrated) < 0) goto cleanup; --=20 2.26.2