From nobody Sun May 5 12:51:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1626967844; cv=none; d=zohomail.com; s=zohoarc; b=D/w0Gj9ATidPYDEBEuDrku6ES2frrb/rP0jMFg69JKjwFbv5ZqsDLmfMe64fc0FFImKJDXP8v7s6i4VM0rI4yflPw1H9U4vsrruMRwB7KgbTvNrvT+Sbn9Sz1OwDspiTM3P+2z2ed058Cp2Q1Y342MYLTJhShFNBAgOEV8YrPEQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626967844; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=CXKOL8eib8Kp4UpvF0l21z476n3bksXAz6EXBpEe8og=; b=F0ufpdt4zgXwSnhoYYeeulboM1M1UK45i6923gSMiuCmdx2CG4SWJ/xzDgPlVn9me5XzLrIhl+Ussj7PmenJ1RIPKPjYLrAmt2K1GYKM1BL1ICYZrHjUHM12IsiWr+FVsiRNmYEbSo8uCQqFbEsq7I2eyG2zLoPAGqvrBErlwK4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1626967844345601.0926476465822; Thu, 22 Jul 2021 08:30:44 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-46-wx2ZAt4ON-q4EdvCHDkh5g-1; Thu, 22 Jul 2021 11:30:40 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id DC3B0100B3A3; Thu, 22 Jul 2021 15:30:34 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B4D545C1D1; Thu, 22 Jul 2021 15:30:34 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D68674BB7C; Thu, 22 Jul 2021 15:30:32 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 16MFUV0t022836 for ; Thu, 22 Jul 2021 11:30:31 -0400 Received: by smtp.corp.redhat.com (Postfix) id CE131710C6; Thu, 22 Jul 2021 15:30:31 +0000 (UTC) Received: from bart.redhat.com (unknown [10.43.2.63]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5A3985B826 for ; Thu, 22 Jul 2021 15:30:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626967842; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=CXKOL8eib8Kp4UpvF0l21z476n3bksXAz6EXBpEe8og=; b=NNhhQunrTMCZihOFtCHZ8alrM06/zVRmzgWWKPEi0bVqBLEakbgw9t9vMKCwXd9ynZ7Uoq SaHeRlUAjx0k4TygYTXV6+8EafbQ1B9tWUrIsnbCsivfNjBA6GoMbBB9YQK0Xq4fR01IrU bh3CL6amlMeUIQrjq6Qt1bJhg7Hrjz0= X-MC-Unique: wx2ZAt4ON-q4EdvCHDkh5g-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 1/2] virSetUIDGIDWithCaps: Check for capng_apply() retval properly Date: Thu, 22 Jul 2021 17:29:57 +0200 Message-Id: <240620c8c78c442cd8ab12800cf1abd7c9d2a1fc.1626967773.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1626967846812100002 Content-Type: text/plain; charset="utf-8" After all capabilities were set (except for CAP_SETGID, CAP_SETUID and CAP_SETPCAP) and after UID:GID was changed we drop the last aforementioned capabilities (we couldn't drop them before because we needed UID:GID and capabilities change). Therefore, there's final capng_apply() call. However, it's return value is not checked for properly. It's typical problem of: var =3D func() < 0 Signed-off-by: Michal Privoznik --- src/util/virutil.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/util/virutil.c b/src/util/virutil.c index ed3d57662b..aba0aea0ff 100644 --- a/src/util/virutil.c +++ b/src/util/virutil.c @@ -1261,7 +1261,7 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, gid_t *gro= ups, int ngroups, if (need_setpcap) capng_update(CAPNG_DROP, CAPNG_EFFECTIVE|CAPNG_PERMITTED, CAP_SETP= CAP); =20 - if (((capng_ret =3D capng_apply(CAPNG_SELECT_CAPS)) < 0)) { + if ((capng_ret =3D capng_apply(CAPNG_SELECT_CAPS)) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("cannot apply process capabilities %d"), capng_re= t); return -1; --=20 2.31.1 From nobody Sun May 5 12:51:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1626967851; cv=none; d=zohomail.com; s=zohoarc; b=OR4911XNRxvK0u34hv4QSAHURW126PFU2I5XjiEvwedDYINzI5dQrqLiXknLSpAw2xuc178LYwzYcj8lano/WUxboy8QAQBh1KSFK8IGdDQ0NHjzidldJAxyDb4Z8Ba7nCd9MP4lcUdf1QcJMfkbMMCZD5augDFmYg93qKtoKA0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626967851; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=VWFlxj1qKP4bkBaBF9/Q5OaPMwO1T4YxWka1TZxnkr4=; b=av1zjd00vKubhWBhws6B7TDHXFUSjlGA827azKzGxcw7+I0r2Jj90CwTJJiuJVepJiRKJBPNOlL5wR8AxxKWzz4f8AfW3UyZqivCNbHMBO8VhybFL/QFWLI+68Uo19Xxh0yabMpI3YxEpyLBvJAZMH14bNvEOGTxEXYrFisIs1Q= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1626967851134583.2621122207704; Thu, 22 Jul 2021 08:30:51 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-262-lVw-LpwcPK6ZpQQdhsmAVQ-1; Thu, 22 Jul 2021 11:30:48 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A73B81019642; Thu, 22 Jul 2021 15:30:42 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7E42D10074E1; Thu, 22 Jul 2021 15:30:42 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4A470180BAB1; Thu, 22 Jul 2021 15:30:42 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 16MFUWQA022843 for ; Thu, 22 Jul 2021 11:30:32 -0400 Received: by smtp.corp.redhat.com (Postfix) id A3303604CF; Thu, 22 Jul 2021 15:30:32 +0000 (UTC) Received: from bart.redhat.com (unknown [10.43.2.63]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2B266797CF for ; Thu, 22 Jul 2021 15:30:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626967850; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=VWFlxj1qKP4bkBaBF9/Q5OaPMwO1T4YxWka1TZxnkr4=; b=ecJFqq/c534r9kSMqS9sa61T8QV09D2cYT5vttdYv6eB55y0N5humDpYLBcp1TnIZ6wMDf VLAud4AH44AkboAlgWPZYc7eDBK2pDF14MnPMhL8RNknWkeV9QSFSzDcdriZaRpH3csneS fgUXayHl8skTIcQY+KfvS4kJNQNeKOo= X-MC-Unique: lVw-LpwcPK6ZpQQdhsmAVQ-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 2/2] virSetUIDGIDWithCaps: Set bounding capabilities only with CAP_SETPCAP Date: Thu, 22 Jul 2021 17:29:58 +0200 Message-Id: <54cbe3cd8a1004a73c534fe517824a9c9f49c9ca.1626967773.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1626967853113100001 Content-Type: text/plain; charset="utf-8" In one of my previous patches I've tried to postpone dropping CAP_SETPCAP until the very end because it's needed for capng_apply(). What I did not realize back then was that we might not have the capability to begin with. Because of unknown reasons capng_apply() pollutes logs only for CAPNG_SELECT_BOUNDS and not for CAPNG_SELECT_CAPS. Reproducer is really simple: run libvirtd as a regular user. During its initialization, libvirtd will spawn some binaries (dnsmasq, qemu-*, etc.) and while doing so it will try to drop capabilities. Anyway, let's call capng_apply(CAPNG_SELECT_BOUNDS) only if we have the CAP_SETPCAP (which is tracked in need_setpcap variable). Fixes: 438b50dda8a863fdc988e9ab612f097cc1626e8a Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=3D1924218 Signed-off-by: Michal Privoznik Reviewed-by: Cole Robinson --- src/util/virutil.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/util/virutil.c b/src/util/virutil.c index aba0aea0ff..00cd56e2b2 100644 --- a/src/util/virutil.c +++ b/src/util/virutil.c @@ -1250,7 +1250,8 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, gid_t *gro= ups, int ngroups, * do this if we failed to get the capability above, so ignore the * return value. */ - capng_apply(CAPNG_SELECT_BOUNDS); + if (!need_setpcap) + capng_apply(CAPNG_SELECT_BOUNDS); =20 /* Drop the caps that allow setuid/gid (unless they were requested) */ if (need_setgid) --=20 2.31.1