From nobody Mon Feb 9 01:17:17 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1686557721; cv=none; d=zohomail.com; s=zohoarc; b=TmPGyM3BzICjY9HRMujyD5cBoDvpydE6nTjovKYcqJas6Qy6qRx+97xtFraEGolVMDn0QrUQJwgWE2FjY1K2Spg4PDzlCXpdjgG1goWsaezvYs9y0z++jskfc0VuxdgduTnBUEY0q6HsXGU1biwHAWp7Mer+l8LJxcHCyf7HpYQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1686557721; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=GhLmrCOotWUtxqXh5pw6rHN7H/KqhoLB6BTfOEvlOBo=; b=VlsS4Y04WDGYESB25XvwY8ebkrNWWXqRamm/guLtxh144/o+OMNuOa2ZUahEpAiuPLFzY8gjJ/QoJ4DCayN1cTe9/ctpukQjgjFSKjqZhHR03SUaQ5iJs1fd6+z2QSPcfdH6h0d0nBn42iwj+CmQOT1zt/cbMNtsz+Zyx6rSqV8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 168655772119478.92956716079902; Mon, 12 Jun 2023 01:15:21 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-470-JY-YTjDxPaOQWyfgcV_Jwg-1; Mon, 12 Jun 2023 04:15:16 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 7E9F6811E9F; Mon, 12 Jun 2023 08:15:13 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3527040D1B61; Mon, 12 Jun 2023 08:15:13 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 0B10E19465A8; Mon, 12 Jun 2023 08:15:13 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 95AC3194658C for ; Mon, 12 Jun 2023 08:15:11 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 753FC492CAD; Mon, 12 Jun 2023 08:15:11 +0000 (UTC) Received: from localhost.localdomain (unknown [10.43.2.36]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1B63A492CA6 for ; Mon, 12 Jun 2023 08:15:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1686557719; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=GhLmrCOotWUtxqXh5pw6rHN7H/KqhoLB6BTfOEvlOBo=; b=XWdvuuN8oM3Am5cIWjjTVePm6FGEYHaYcst9o3FQEFaHItr/4tYLvg9hgax5J97Ro+f3vs vLpOB21VXSoEuPqAxHHUahELNfcp7GGUKE/l0tTqoG5HzbYIKFowHnuG3vXHDmsbXnHHfu l0W9eYDM2avNSMluNJs/GkHzrhCOYgM= X-MC-Unique: JY-YTjDxPaOQWyfgcV_Jwg-1 X-Original-To: libvir-list@listman.corp.redhat.com From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 1/2] qemu_passt: Precreate passt logfile Date: Mon, 12 Jun 2023 10:15:08 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1686557729512100003 Content-Type: text/plain; charset="utf-8"; x-default="true" There are a few situations where passt itself is unable to create a file because it runs under QEMU user (e.g. just like our example from formatdomain.rst suggests: /var/log/passt.log). If libvirtd runs with sufficient permissions (e.g. as root) it can create the file and set seclabels on it so that passt can then open it. Ideally, we would just pass pre-opened FD, but this wasn't viewed as secure enough [1]. So lets just create the file and set seclabels. For the case when both libvirtd and passt have the same permissions, well then we fail before even needing to fork() and exec(). 1: https://archives.passt.top/passt-dev/20230606225836.63aecebe@elisabeth/ Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=3D2209191 Signed-off-by: Michal Privoznik --- src/qemu/qemu_passt.c | 40 +++++++++++++++++++++++++++++++++++----- 1 file changed, 35 insertions(+), 5 deletions(-) diff --git a/src/qemu/qemu_passt.c b/src/qemu/qemu_passt.c index 99636a3a49..25b22d8ad9 100644 --- a/src/qemu/qemu_passt.c +++ b/src/qemu/qemu_passt.c @@ -20,6 +20,8 @@ =20 #include =20 +#include + #include "qemu_dbus.h" #include "qemu_extdevice.h" #include "qemu_security.h" @@ -136,9 +138,13 @@ void qemuPasstStop(virDomainObj *vm, virDomainNetDef *net) { + qemuDomainObjPrivate *priv =3D vm->privateData; + virQEMUDriver *driver =3D priv->driver; g_autofree char *pidfile =3D qemuPasstCreatePidFilename(vm, net); g_autofree char *passtSocketName =3D qemuPasstCreateSocketPath(vm, net= ); =20 + qemuSecurityDomainRestorePathLabel(driver, vm, net->backend.logFile); + qemuPasstKill(pidfile, passtSocketName); } =20 @@ -166,10 +172,12 @@ qemuPasstStart(virDomainObj *vm, { qemuDomainObjPrivate *priv =3D vm->privateData; virQEMUDriver *driver =3D priv->driver; + g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver); g_autofree char *passtSocketName =3D qemuPasstCreateSocketPath(vm, net= ); g_autoptr(virCommand) cmd =3D NULL; g_autofree char *pidfile =3D qemuPasstCreatePidFilename(vm, net); char macaddr[VIR_MAC_STRING_BUFLEN]; + bool needUnlink =3D false; size_t i; =20 cmd =3D virCommandNew(PASST); @@ -191,8 +199,25 @@ qemuPasstStart(virDomainObj *vm, if (net->sourceDev) virCommandAddArgList(cmd, "--interface", net->sourceDev, NULL); =20 - if (net->backend.logFile) + if (net->backend.logFile) { + VIR_AUTOCLOSE logfd =3D -1; + /* The logFile location is not restricted to a per-domain director= y. It + * can be anywhere. Pre-create it as passt may not have enough per= ms to + * do so. */ + if (qemuDomainOpenFile(cfg, vm->def, net->backend.logFile, + O_CREAT | O_TRUNC | O_APPEND | O_RDWR, + &needUnlink) < 0) { + return -1; + } + + if (qemuSecurityDomainSetPathLabel(driver, vm, + net->backend.logFile, false) < = 0) { + goto error; + } + + /* Worse, passt deliberately doesn't support FD passing. */ virCommandAddArgList(cmd, "--log-file", net->backend.logFile, NULL= ); + } =20 /* Add IP address info */ for (i =3D 0; i < net->guestIP.nips; i++) { @@ -203,7 +228,7 @@ qemuPasstStart(virDomainObj *vm, * a single IPv4 and single IPv6 address */ if (!(addr =3D virSocketAddrFormat(&ip->address))) - return -1; + goto error; =20 virCommandAddArgList(cmd, "--address", addr, NULL); =20 @@ -231,14 +256,14 @@ qemuPasstStart(virDomainObj *vm, /* validation guarantees this will never happen */ virReportError(VIR_ERR_INTERNAL_ERROR, _("Invalid portForward proto value %1$u"), pf->= proto); - return -1; + goto error; } =20 if (VIR_SOCKET_ADDR_VALID(&pf->address)) { g_autofree char *addr =3D NULL; =20 if (!(addr =3D virSocketAddrFormat(&pf->address))) - return -1; + goto error; =20 virBufferAddStr(&buf, addr); emitsep =3D true; @@ -284,7 +309,7 @@ qemuPasstStart(virDomainObj *vm, =20 =20 if (qemuExtDeviceLogCommand(driver, vm, cmd, "passt") < 0) - return -1; + goto error; =20 if (qemuSecurityCommandRun(driver, vm, cmd, -1, -1, true, NULL) < 0) goto error; @@ -292,6 +317,11 @@ qemuPasstStart(virDomainObj *vm, return 0; =20 error: + if (needUnlink && unlink(net->backend.logFile) < 0) { + VIR_WARN("Unable to unlink '%s': %s", + net->backend.logFile, g_strerror(errno)); + } + qemuPasstKill(pidfile, passtSocketName); return -1; } --=20 2.39.3