Re: [libvirt] [PATCH 0/5] security_stack: Perform rollback if one of stacked drivers fails

On 9/16/19 5:12 AM, Michal Privoznik wrote: I gotta admit I'm seriously wondering if supporting this label remembering stuff is worth it. I know you've put a heroic amount of work into it over a long period of time, but I think it's worth taking another look at this whole thing end to end to decide whether it's worth the complexity for what we are actually getting The old RHEL bug that was tracking this is here: https://bugzilla.redhat.com/show_bug.cgi?id=547546 It's closed because it was against RHEL7 and these patches aren't going to hit RHEL7. Is there still a major product or project issue that this is solving? In that bug, I see that rjones (cc'd) said that libvirt not remembering labels/uid causes issues for libguestfs that requires workarounds. Rich, do you have links to threads or bug reports where this is described in more detail? From the end user distro perspective, the main place I have historically heard people complain about this is basically: * download $ISO to home, owned by uid=crobinso * point virt-manager at it, which uses qemu:///system * VM starts, $ISO chown'd to uid=qemu * VM stops, $ISO chown'd to uid=root * Now there's a root owned image in your homedir. Worse, if you have a /media directory somewhere shared over http or some other service, owned as a non-root user, then changing to root owner can disrupt that access. This issue definitely annoys users. Unfortunately remember_owner doesn't help here because it's limited to RW media, which generally is less often shared than things like ISOs. I'm interested in hearing other concrete usecases that are solved by remember_owner (or at one time we thought would be solved by this) (in the mean time I will review your patches tomorrow) Thanks, Cole