From nobody Mon Feb 9 09:08:37 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1556180446; cv=none; d=zoho.com; s=zohoarc; b=NnbOOAYVYd7H3aidISfqAM6/grSvMM+WY160UfysViBTDlMXHqvDy9dpEzW2W24xHITTNdAIueSbU5tuWBymXY8v7LG/EmIMoB103+Vz0tYFlDS74TWKxXN0c/aQTcP+a2lJKL/0M8B+TJG1kzmWXwU3GnQ4OqIF4jEYoXoy3KU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1556180446; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=Tq9ug51l8urHrnvB2OLxqGfclfwgyRMRURb4OInmb2k=; b=YSaZVulOW0aGV8gbQ38K86ipPzk0tZChz4BvRV8sMyp/20ifwg/u+2o3vCdRf5Z/OFo2wMuUtcLKYwI70a37EJpAqCuc9LHWeqStN1Ao+EywRbXnODeSlksyGN+oxmjNFpwfuRxaZiPJY45j/RMjrdvlMvTbZgNnq2a2DdTIqMg= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1556180446959815.4431089171769; Thu, 25 Apr 2019 01:20:46 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A407330ABF35; Thu, 25 Apr 2019 08:20:45 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EDD081001E92; Thu, 25 Apr 2019 08:20:44 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id AA8DD181BA11; Thu, 25 Apr 2019 08:20:44 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x3P8KJIE013932 for ; Thu, 25 Apr 2019 04:20:19 -0400 Received: by smtp.corp.redhat.com (Postfix) id 988C460C70; Thu, 25 Apr 2019 08:20:19 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id 21A0960BE5 for ; Thu, 25 Apr 2019 08:20:18 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Thu, 25 Apr 2019 10:19:51 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 15/25] security_dac: Allow caller to suppress owner remembering X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Thu, 25 Apr 2019 08:20:46 +0000 (UTC) Content-Type: text/plain; charset="utf-8" One caller in particular (virSecurityDACSetImageLabelInternal) will want to have the feature turned on only in some cases. Introduce @remember member to _virSecurityDACChownItem to track whether caller wants to do owner remembering or not. The actual remembering is then enabled if both caller wanted it and the feature is turned on in the config file. Technically, we could skip over paths that don't have remember enabled when creating a list of paths to lock. We won't touch their XATTRs after all. Well, I rather play it safe and keep them on the locking list for now. Signed-off-by: Michal Privoznik Reviewed-by: Cole Robinson Reviewed-by: Daniel P. Berrang=C3=A9 --- src/security/security_dac.c | 63 ++++++++++++++++++++++--------------- 1 file changed, 37 insertions(+), 26 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index c19421fa8f..a39dae5226 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -79,6 +79,7 @@ struct _virSecurityDACChownItem { const virStorageSource *src; uid_t uid; gid_t gid; + bool remember; /* Whether owner remembering should be done for @path/@= src */ bool restore; /* Whether current operation is 'set' or 'restore' */ }; =20 @@ -100,6 +101,7 @@ virSecurityDACChownListAppend(virSecurityDACChownListPt= r list, const virStorageSource *src, uid_t uid, gid_t gid, + bool remember, bool restore) { int ret =3D -1; @@ -116,6 +118,7 @@ virSecurityDACChownListAppend(virSecurityDACChownListPt= r list, item->src =3D src; item->uid =3D uid; item->gid =3D gid; + item->remember =3D remember; item->restore =3D restore; =20 if (VIR_APPEND_ELEMENT(list->items, list->nItems, item) < 0) @@ -155,9 +158,12 @@ virSecurityDACChownListFree(void *opaque) * @src: disk source to chown * @uid: user ID * @gid: group ID + * @remember: if the original owner should be recorded/recalled * @restore: if current operation is set or restore * * Appends an entry onto transaction list. + * The @remember should be true if caller wishes to record/recall + * the original owner of @path/@src. * The @restore should be true if the operation is restoring * seclabel and false otherwise. * @@ -170,13 +176,15 @@ virSecurityDACTransactionAppend(const char *path, const virStorageSource *src, uid_t uid, gid_t gid, + bool remember, bool restore) { virSecurityDACChownListPtr list =3D virThreadLocalGet(&chownList); if (!list) return 0; =20 - if (virSecurityDACChownListAppend(list, path, src, uid, gid, restore) = < 0) + if (virSecurityDACChownListAppend(list, path, src, + uid, gid, remember, restore) < 0) return -1; =20 return 1; @@ -235,6 +243,7 @@ virSecurityDACTransactionRun(pid_t pid ATTRIBUTE_UNUSED, =20 for (i =3D 0; i < list->nItems; i++) { virSecurityDACChownItemPtr item =3D list->items[i]; + const bool remember =3D item->remember && list->lock; =20 if (!item->restore) { rv =3D virSecurityDACSetOwnership(list->manager, @@ -242,12 +251,12 @@ virSecurityDACTransactionRun(pid_t pid ATTRIBUTE_UNUS= ED, item->path, item->uid, item->gid, - list->lock); + remember); } else { rv =3D virSecurityDACRestoreFileLabelInternal(list->manager, item->src, item->path, - list->lock); + remember); } =20 if (rv < 0) @@ -256,12 +265,13 @@ virSecurityDACTransactionRun(pid_t pid ATTRIBUTE_UNUS= ED, =20 for (; rv < 0 && i > 0; i--) { virSecurityDACChownItemPtr item =3D list->items[i - 1]; + const bool remember =3D item->remember && list->lock; =20 if (!item->restore) { virSecurityDACRestoreFileLabelInternal(list->manager, item->src, item->path, - list->lock); + remember); } else { VIR_WARN("Ignoring failed restore attempt on %s", NULLSTR(item->src ? item->src->path : item->path)); @@ -752,7 +762,8 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr, /* Be aware that this function might run in a separate process. * Therefore, any driver state changes would be thrown away. */ =20 - if ((rc =3D virSecurityDACTransactionAppend(path, src, uid, gid, false= )) < 0) + if ((rc =3D virSecurityDACTransactionAppend(path, src, + uid, gid, remember, false)) = < 0) return -1; else if (rc > 0) return 0; @@ -826,7 +837,7 @@ virSecurityDACRestoreFileLabelInternal(virSecurityManag= erPtr mgr, /* Be aware that this function might run in a separate process. * Therefore, any driver state changes would be thrown away. */ =20 - if ((rv =3D virSecurityDACTransactionAppend(path, src, uid, gid, true)= ) < 0) + if ((rv =3D virSecurityDACTransactionAppend(path, src, uid, gid, recal= l, true)) < 0) return -1; else if (rv > 0) return 0; @@ -853,7 +864,7 @@ static int virSecurityDACRestoreFileLabel(virSecurityManagerPtr mgr, const char *path) { - return virSecurityDACRestoreFileLabelInternal(mgr, NULL, path, false); + return virSecurityDACRestoreFileLabelInternal(mgr, NULL, path, true); } =20 =20 @@ -900,7 +911,7 @@ virSecurityDACSetImageLabelInternal(virSecurityManagerP= tr mgr, return -1; } =20 - return virSecurityDACSetOwnership(mgr, src, NULL, user, group, false); + return virSecurityDACSetOwnership(mgr, src, NULL, user, group, true); } =20 =20 @@ -967,7 +978,7 @@ virSecurityDACRestoreImageLabelInt(virSecurityManagerPt= r mgr, } } =20 - return virSecurityDACRestoreFileLabelInternal(mgr, src, NULL, false); + return virSecurityDACRestoreFileLabelInternal(mgr, src, NULL, true); } =20 =20 @@ -995,7 +1006,7 @@ virSecurityDACSetHostdevLabelHelper(const char *file, if (virSecurityDACGetIds(secdef, priv, &user, &group, NULL, NULL) < 0) return -1; =20 - return virSecurityDACSetOwnership(mgr, NULL, file, user, group, false); + return virSecurityDACSetOwnership(mgr, NULL, file, user, group, true); } =20 =20 @@ -1371,7 +1382,7 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr m= gr, case VIR_DOMAIN_CHR_TYPE_FILE: ret =3D virSecurityDACSetOwnership(mgr, NULL, dev_source->data.file.path, - user, group, false); + user, group, true); break; =20 case VIR_DOMAIN_CHR_TYPE_PIPE: @@ -1379,12 +1390,12 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr= mgr, virAsprintf(&out, "%s.out", dev_source->data.file.path) < 0) goto done; if (virFileExists(in) && virFileExists(out)) { - if (virSecurityDACSetOwnership(mgr, NULL, in, user, group, fal= se) < 0 || - virSecurityDACSetOwnership(mgr, NULL, out, user, group, fa= lse) < 0) + if (virSecurityDACSetOwnership(mgr, NULL, in, user, group, tru= e) < 0 || + virSecurityDACSetOwnership(mgr, NULL, out, user, group, tr= ue) < 0) goto done; } else if (virSecurityDACSetOwnership(mgr, NULL, dev_source->data.file.path, - user, group, false) < 0) { + user, group, true) < 0) { goto done; } ret =3D 0; @@ -1399,7 +1410,7 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr m= gr, * and passed via FD */ if (virSecurityDACSetOwnership(mgr, NULL, dev_source->data.nix.path, - user, group, false) < 0) + user, group, true) < 0) goto done; } ret =3D 0; @@ -1589,7 +1600,7 @@ virSecurityDACSetGraphicsLabel(virSecurityManagerPtr = mgr, if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < = 0) return -1; =20 - if (virSecurityDACSetOwnership(mgr, NULL, rendernode, user, group, fal= se) < 0) + if (virSecurityDACSetOwnership(mgr, NULL, rendernode, user, group, tru= e) < 0) return -1; =20 return 0; @@ -1632,7 +1643,7 @@ virSecurityDACSetInputLabel(virSecurityManagerPtr mgr, =20 ret =3D virSecurityDACSetOwnership(mgr, NULL, input->source.evdev, - user, group, false); + user, group, true); break; =20 case VIR_DOMAIN_INPUT_TYPE_MOUSE: @@ -1837,7 +1848,7 @@ virSecurityDACSetMemoryLabel(virSecurityManagerPtr mg= r, =20 ret =3D virSecurityDACSetOwnership(mgr, NULL, mem->nvdimmPath, - user, group, false); + user, group, true); break; =20 case VIR_DOMAIN_MEMORY_MODEL_DIMM: @@ -1874,7 +1885,7 @@ virSecurityDACSetSEVLabel(virSecurityManagerPtr mgr, return -1; =20 if (virSecurityDACSetOwnership(mgr, NULL, DEV_SEV, - user, group, false) < 0) + user, group, true) < 0) return -1; =20 return 0; @@ -1961,31 +1972,31 @@ virSecurityDACSetAllLabel(virSecurityManagerPtr mgr, if (def->os.loader && def->os.loader->nvram && virSecurityDACSetOwnership(mgr, NULL, def->os.loader->nvram, - user, group, false) < 0) + user, group, true) < 0) return -1; =20 if (def->os.kernel && virSecurityDACSetOwnership(mgr, NULL, def->os.kernel, - user, group, false) < 0) + user, group, true) < 0) return -1; =20 if (def->os.initrd && virSecurityDACSetOwnership(mgr, NULL, def->os.initrd, - user, group, false) < 0) + user, group, true) < 0) return -1; =20 if (def->os.dtb && virSecurityDACSetOwnership(mgr, NULL, def->os.dtb, - user, group, false) < 0) + user, group, true) < 0) return -1; =20 if (def->os.slic_table && virSecurityDACSetOwnership(mgr, NULL, def->os.slic_table, - user, group, false) < 0) + user, group, true) < 0) return -1; =20 return 0; @@ -2007,7 +2018,7 @@ virSecurityDACSetSavedStateLabel(virSecurityManagerPt= r mgr, if (virSecurityDACGetImageIds(secdef, priv, &user, &group) < 0) return -1; =20 - return virSecurityDACSetOwnership(mgr, NULL, savefile, user, group, fa= lse); + return virSecurityDACSetOwnership(mgr, NULL, savefile, user, group, tr= ue); } =20 =20 @@ -2327,7 +2338,7 @@ virSecurityDACDomainSetPathLabel(virSecurityManagerPt= r mgr, if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < = 0) return -1; =20 - return virSecurityDACSetOwnership(mgr, NULL, path, user, group, false); + return virSecurityDACSetOwnership(mgr, NULL, path, user, group, true); } =20 virSecurityDriver virSecurityDriverDAC =3D { --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list