10:01 a.m.
The security drivers were currently ignoring labelling for serial,
parallel, console and channel devices. This has predictably bad
results if you want to use file based backends with those devices.
10:01 a.m.
New subject: [libvirt] [PATCH 1/2] Add API for iterating over all character devices
The parallel, serial, console and channel devices are all just
character devices. A lot of code needs todo the same thing to
all these devices. This provides an convenient API for iterating
over all of them.
* src/conf/domain_conf.c, src/conf/domain_conf.c,
src/libvirt_private.syms: Add virDomainChrDefForeach
---
src/conf/domain_conf.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++
src/conf/domain_conf.h | 9 ++++++++
src/libvirt_private.syms | 1 +
3 files changed, 62 insertions(+), 0 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 64b5cf3..b8bddda 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -7168,4 +7168,56 @@ int virDomainSnapshotHasChildren(virDomainSnapshotObjPtr snap,
}
+int virDomainChrDefForeach(virDomainDefPtr def,
+ bool abortOnError,
+ virDomainChrDefIterator iter,
+ void *opaque)
+{
+ int i;
+ int rc = 0;
+
+ for (i = 0 ; i < def->nserials ; i++) {
+ if ((iter)(def,
+ def->serials[i],
+ opaque) < 0)
+ rc = -1;
+
+ if (abortOnError && rc != 0)
+ goto done;
+ }
+
+ for (i = 0 ; i < def->nparallels ; i++) {
+ if ((iter)(def,
+ def->parallels[i],
+ opaque) < 0)
+ rc = -1;
+
+ if (abortOnError && rc != 0)
+ goto done;
+ }
+
+ for (i = 0 ; i < def->nchannels ; i++) {
+ if ((iter)(def,
+ def->channels[i],
+ opaque) < 0)
+ rc = -1;
+
+ if (abortOnError && rc != 0)
+ goto done;
+ }
+ if (def->console) {
+ if ((iter)(def,
+ def->console,
+ opaque) < 0)
+ rc = -1;
+
+ if (abortOnError && rc != 0)
+ goto done;
+ }
+
+done:
+ return rc;
+}
+
+
#endif /* ! PROXY */
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index f83de83..cc271dc 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1059,6 +1059,15 @@ int virDomainObjListGetInactiveNames(virDomainObjListPtr doms,
char **const names,
int maxnames);
+typedef int (*virDomainChrDefIterator)(virDomainDefPtr def,
+ virDomainChrDefPtr dev,
+ void *opaque);
+
+int virDomainChrDefForeach(virDomainDefPtr def,
+ bool abortOnError,
+ virDomainChrDefIterator iter,
+ void *opaque);
+
VIR_ENUM_DECL(virDomainVirt)
VIR_ENUM_DECL(virDomainBoot)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 4e61e55..778ceb1 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -224,6 +224,7 @@ virDomainSnapshotDefParseString;
virDomainSnapshotDefFormat;
virDomainSnapshotAssignDef;
virDomainObjAssignDef;
+virDomainChrDefForeach;
# domain_event.h
--
1.6.6.1
11:25 a.m.
New subject: [libvirt] [PATCH 1/2] Add API for iterating over all character devices
2010/6/24 Daniel P. Berrange <berrange(a)redhat.com>:
The parallel, serial, console and channel devices are all just
character devices. A lot of code needs todo the same thing to
all these devices. This provides an convenient API for iterating
over all of them.
* src/conf/domain_conf.c, src/conf/domain_conf.c,
src/libvirt_private.syms: Add virDomainChrDefForeach
---
src/conf/domain_conf.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++
src/conf/domain_conf.h | 9 ++++++++
src/libvirt_private.syms | 1 +
3 files changed, 62 insertions(+), 0 deletions(-)
ACK.
Matthias
10:01 a.m.
New subject: [libvirt] [PATCH 2/2] Set labelling for character devices in security drivers
When configuring serial, parallel, console or channel devices
with a file, dev or pipe backend type, it is neccessary to label
the file path in the security drivers. For char devices of type
file, it is neccessary to pre-create (touch) the file if it does
not already exist since QEMU won't be allowed todo so itself.
dev/pipe configs already require the admin to pre-create before
starting the guest.
* src/qemu/qemu_security_dac.c: set file ownership for character
devices
* src/security/security_selinux.c: Set file labelling for character
devices
* src/qemu/qemu_driver.c: Add character devices to cgroup ACL
---
src/qemu/qemu_driver.c | 59 +++++++++++++++++++
src/qemu/qemu_security_dac.c | 117 ++++++++++++++++++++++++++++++++++++++
src/security/security_selinux.c | 119 +++++++++++++++++++++++++++++++++++++++
src/util/cgroup.c | 2 +-
4 files changed, 296 insertions(+), 1 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index a7b3f25..6274d4c 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -2950,6 +2950,28 @@ qemuPrepareHostDevices(struct qemud_driver *driver,
}
+static int
+qemuPrepareChardevDevice(virDomainDefPtr def ATTRIBUTE_UNUSED,
+ virDomainChrDefPtr dev,
+ void *opaque ATTRIBUTE_UNUSED)
+{
+ int fd;
+ if (dev->type != VIR_DOMAIN_CHR_TYPE_FILE)
+ return 0;
+
+ if ((fd = open(dev->data.file.path, O_CREAT | O_APPEND, S_IRUSR|S_IWUSR)) < 0)
{
+ virReportSystemError(errno,
+ _("Unable to pre-create chardev file %s"),
+ dev->data.file.path);
+ return -1;
+ }
+
+ close(fd);
+
+ return 0;
+}
+
+
static void
qemudReattachManagedDevice(pciDevice *dev)
{
@@ -3124,6 +3146,30 @@ cleanup:
}
+static int qemuSetupChardevCgroup(virDomainDefPtr def,
+ virDomainChrDefPtr dev,
+ void *opaque)
+{
+ virCgroupPtr cgroup = opaque;
+ int rc;
+
+ if (dev->type != VIR_DOMAIN_CHR_TYPE_DEV)
+ return 0;
+
+
+ VIR_DEBUG("Process path %s for disk", dev->data.file.path);
+ rc = virCgroupAllowDevicePath(cgroup, dev->data.file.path);
+ if (rc != 0) {
+ virReportSystemError(-rc,
+ _("Unable to allow device %s for %s"),
+ dev->data.file.path, def->name);
+ return -1;
+ }
+
+ return 0;
+}
+
+
static int qemuSetupCgroup(struct qemud_driver *driver,
virDomainObjPtr vm)
{
@@ -3191,6 +3237,12 @@ static int qemuSetupCgroup(struct qemud_driver *driver,
goto cleanup;
}
}
+
+ if (virDomainChrDefForeach(vm->def,
+ true,
+ qemuSetupChardevCgroup,
+ cgroup) < 0)
+ goto cleanup;
}
done:
@@ -3364,6 +3416,13 @@ static int qemudStartVMDaemon(virConnectPtr conn,
if (qemuPrepareHostDevices(driver, vm->def) < 0)
goto cleanup;
+ DEBUG0("Preparing chr devices");
+ if (virDomainChrDefForeach(vm->def,
+ true,
+ qemuPrepareChardevDevice,
+ NULL) < 0)
+ goto cleanup;
+
/* If you are using a SecurityDriver with dynamic labelling,
then generate a security label for isolation */
DEBUG0("Generating domain security label (if required)");
diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c
index ffc9b8d..95015b0 100644
--- a/src/qemu/qemu_security_dac.c
+++ b/src/qemu/qemu_security_dac.c
@@ -328,6 +328,100 @@ done:
static int
+qemuSecurityDACSetChardevLabel(virDomainObjPtr vm,
+ virDomainChrDefPtr dev)
+
+{
+ const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ char *in = NULL, *out = NULL;
+ int ret = -1;
+
+ if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC)
+ return 0;
+
+ switch (dev->type) {
+ case VIR_DOMAIN_CHR_TYPE_DEV:
+ case VIR_DOMAIN_CHR_TYPE_FILE:
+ ret = qemuSecurityDACSetOwnership(dev->data.file.path, driver->user,
driver->group);
+ break;
+
+ case VIR_DOMAIN_CHR_TYPE_PIPE:
+ if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
+ (virAsprintf(&out, "%s.out", dev->data.file.path) < 0))
{
+ virReportOOMError();
+ goto done;
+ }
+ if ((qemuSecurityDACSetOwnership(in, driver->user, driver->group) < 0)
||
+ (qemuSecurityDACSetOwnership(out, driver->user, driver->group) <
0))
+ goto done;
+ ret = 0;
+ break;
+
+ default:
+ ret = 0;
+ break;
+ }
+
+done:
+ VIR_FREE(in);
+ VIR_FREE(out);
+ return ret;
+}
+
+static int
+qemuSecurityDACRestoreChardevLabel(virDomainObjPtr vm,
+ virDomainChrDefPtr dev)
+
+{
+ const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ char *in = NULL, *out = NULL;
+ int ret = -1;
+
+ if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC)
+ return 0;
+
+ switch (dev->type) {
+ case VIR_DOMAIN_CHR_TYPE_DEV:
+ case VIR_DOMAIN_CHR_TYPE_FILE:
+ ret = qemuSecurityDACRestoreSecurityFileLabel(dev->data.file.path);
+ break;
+
+ case VIR_DOMAIN_CHR_TYPE_PIPE:
+ if ((virAsprintf(&out, "%s.out", dev->data.file.path) < 0)
||
+ (virAsprintf(&in, "%s.in", dev->data.file.path) < 0)) {
+ virReportOOMError();
+ goto done;
+ }
+ if ((qemuSecurityDACRestoreSecurityFileLabel(out) < 0) ||
+ (qemuSecurityDACRestoreSecurityFileLabel(in) < 0))
+ goto done;
+ ret = 0;
+ break;
+
+ default:
+ ret = 0;
+ break;
+ }
+
+done:
+ VIR_FREE(in);
+ VIR_FREE(out);
+ return ret;
+}
+
+
+static int
+qemuSecurityDACRestoreChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
+ virDomainChrDefPtr dev,
+ void *opaque)
+{
+ virDomainObjPtr vm = opaque;
+
+ return qemuSecurityDACRestoreChardevLabel(vm, dev);
+}
+
+
+static int
qemuSecurityDACRestoreSecurityAllLabel(virDomainObjPtr vm,
int migrated)
{
@@ -352,6 +446,12 @@ qemuSecurityDACRestoreSecurityAllLabel(virDomainObjPtr vm,
rc = -1;
}
+ if (virDomainChrDefForeach(vm->def,
+ false,
+ qemuSecurityDACRestoreChardevCallback,
+ vm) < 0)
+ rc = -1;
+
if (vm->def->os.kernel &&
qemuSecurityDACRestoreSecurityFileLabel(vm->def->os.kernel) < 0)
rc = -1;
@@ -365,6 +465,17 @@ qemuSecurityDACRestoreSecurityAllLabel(virDomainObjPtr vm,
static int
+qemuSecurityDACSetChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
+ virDomainChrDefPtr dev,
+ void *opaque)
+{
+ virDomainObjPtr vm = opaque;
+
+ return qemuSecurityDACSetChardevLabel(vm, dev);
+}
+
+
+static int
qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path
ATTRIBUTE_UNUSED)
{
int i;
@@ -384,6 +495,12 @@ qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm, const char
*stdin_path AT
return -1;
}
+ if (virDomainChrDefForeach(vm->def,
+ true,
+ qemuSecurityDACSetChardevCallback,
+ vm) < 0)
+ return -1;
+
if (vm->def->os.kernel &&
qemuSecurityDACSetOwnership(vm->def->os.kernel,
driver->user,
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 2b43f2d..d4e2edb 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -628,6 +628,101 @@ done:
return ret;
}
+
+static int
+SELinuxSetSecurityChardevLabel(virDomainObjPtr vm,
+ virDomainChrDefPtr dev)
+
+{
+ const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ char *in = NULL, *out = NULL;
+ int ret = -1;
+
+ if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC)
+ return 0;
+
+ switch (dev->type) {
+ case VIR_DOMAIN_CHR_TYPE_DEV:
+ case VIR_DOMAIN_CHR_TYPE_FILE:
+ ret = SELinuxSetFilecon(dev->data.file.path, secdef->imagelabel);
+ break;
+
+ case VIR_DOMAIN_CHR_TYPE_PIPE:
+ if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
+ (virAsprintf(&out, "%s.out", dev->data.file.path) < 0))
{
+ virReportOOMError();
+ goto done;
+ }
+ if ((SELinuxSetFilecon(in, secdef->imagelabel) < 0) ||
+ (SELinuxSetFilecon(out, secdef->imagelabel) < 0))
+ goto done;
+ ret = 0;
+ break;
+
+ default:
+ ret = 0;
+ break;
+ }
+
+done:
+ VIR_FREE(in);
+ VIR_FREE(out);
+ return ret;
+}
+
+static int
+SELinuxRestoreSecurityChardevLabel(virDomainObjPtr vm,
+ virDomainChrDefPtr dev)
+
+{
+ const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ char *in = NULL, *out = NULL;
+ int ret = -1;
+
+ if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC)
+ return 0;
+
+ switch (dev->type) {
+ case VIR_DOMAIN_CHR_TYPE_DEV:
+ case VIR_DOMAIN_CHR_TYPE_FILE:
+ ret = SELinuxSetFilecon(dev->data.file.path, secdef->imagelabel);
+ break;
+
+ case VIR_DOMAIN_CHR_TYPE_PIPE:
+ if ((virAsprintf(&out, "%s.out", dev->data.file.path) < 0)
||
+ (virAsprintf(&in, "%s.in", dev->data.file.path) < 0)) {
+ virReportOOMError();
+ goto done;
+ }
+ if ((SELinuxRestoreSecurityFileLabel(out) < 0) ||
+ (SELinuxRestoreSecurityFileLabel(in) < 0))
+ goto done;
+ ret = 0;
+ break;
+
+ default:
+ ret = 0;
+ break;
+ }
+
+done:
+ VIR_FREE(in);
+ VIR_FREE(out);
+ return ret;
+}
+
+
+static int
+SELinuxRestoreSecurityChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
+ virDomainChrDefPtr dev,
+ void *opaque)
+{
+ virDomainObjPtr vm = opaque;
+
+ return SELinuxRestoreSecurityChardevLabel(vm, dev);
+}
+
+
static int
SELinuxRestoreSecurityAllLabel(virDomainObjPtr vm,
int migrated ATTRIBUTE_UNUSED)
@@ -652,6 +747,12 @@ SELinuxRestoreSecurityAllLabel(virDomainObjPtr vm,
rc = -1;
}
+ if (virDomainChrDefForeach(vm->def,
+ false,
+ SELinuxRestoreSecurityChardevCallback,
+ vm) < 0)
+ rc = -1;
+
if (vm->def->os.kernel &&
SELinuxRestoreSecurityFileLabel(vm->def->os.kernel) < 0)
rc = -1;
@@ -858,6 +959,18 @@ SELinuxClearSecuritySocketLabel(virSecurityDriverPtr drv,
return 0;
}
+
+static int
+SELinuxSetSecurityChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
+ virDomainChrDefPtr dev,
+ void *opaque)
+{
+ virDomainObjPtr vm = opaque;
+
+ return SELinuxSetSecurityChardevLabel(vm, dev);
+}
+
+
static int
SELinuxSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path ATTRIBUTE_UNUSED)
{
@@ -882,6 +995,12 @@ SELinuxSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path
ATTRIBUTE_
return -1;
}
+ if (virDomainChrDefForeach(vm->def,
+ true,
+ SELinuxSetSecurityChardevCallback,
+ vm) < 0)
+ return -1;
+
if (vm->def->os.kernel &&
SELinuxSetFilecon(vm->def->os.kernel, default_content_context) < 0)
return -1;
diff --git a/src/util/cgroup.c b/src/util/cgroup.c
index 35e9691..33610aa 100644
--- a/src/util/cgroup.c
+++ b/src/util/cgroup.c
@@ -272,7 +272,7 @@ static int virCgroupSetValueStr(virCgroupPtr group,
if (rc != 0)
return rc;
- VIR_DEBUG("Set value %s", keypath);
+ VIR_DEBUG("Set value '%s' to '%s'", keypath, value);
rc = virFileWriteStr(keypath, value);
if (rc < 0) {
DEBUG("Failed to write value '%s': %m", value);
--
1.6.6.1
11:36 a.m.
New subject: [libvirt] [PATCH 2/2] Set labelling for character devices in security drivers
2010/6/24 Daniel P. Berrange <berrange(a)redhat.com>:
When configuring serial, parallel, console or channel devices
with a file, dev or pipe backend type, it is neccessary to label
the file path in the security drivers. For char devices of type
file, it is neccessary to pre-create (touch) the file if it does
not already exist since QEMU won't be allowed todo so itself.
dev/pipe configs already require the admin to pre-create before
starting the guest.
Two typos: s/neccessary/necessary
* src/qemu/qemu_security_dac.c: set file ownership for character
devices
* src/security/security_selinux.c: Set file labelling for character
Another typo: s/labelling/labeling
devices
* src/qemu/qemu_driver.c: Add character devices to cgroup ACL
---
src/qemu/qemu_driver.c | 59 +++++++++++++++++++
src/qemu/qemu_security_dac.c | 117 ++++++++++++++++++++++++++++++++++++++
src/security/security_selinux.c | 119 +++++++++++++++++++++++++++++++++++++++
src/util/cgroup.c | 2 +-
4 files changed, 296 insertions(+), 1 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index a7b3f25..6274d4c 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -2950,6 +2950,28 @@ qemuPrepareHostDevices(struct qemud_driver *driver,
}
+static int
+qemuPrepareChardevDevice(virDomainDefPtr def ATTRIBUTE_UNUSED,
+ virDomainChrDefPtr dev,
+ void *opaque ATTRIBUTE_UNUSED)
+{
+ int fd;
+ if (dev->type != VIR_DOMAIN_CHR_TYPE_FILE)
+ return 0;
+
+ if ((fd = open(dev->data.file.path, O_CREAT | O_APPEND, S_IRUSR|S_IWUSR)) < 0)
{
+ virReportSystemError(errno,
+ _("Unable to pre-create chardev file %s"),
Maybe use '%s' here instead of plain %s.
+ dev->data.file.path);
+ return -1;
+ }
+
+ close(fd);
+
+ return 0;
+}
+
+
static void
qemudReattachManagedDevice(pciDevice *dev)
{
@@ -3124,6 +3146,30 @@ cleanup:
}
+static int qemuSetupChardevCgroup(virDomainDefPtr def,
+ virDomainChrDefPtr dev,
+ void *opaque)
+{
+ virCgroupPtr cgroup = opaque;
+ int rc;
+
+ if (dev->type != VIR_DOMAIN_CHR_TYPE_DEV)
+ return 0;
+
+
+ VIR_DEBUG("Process path %s for disk", dev->data.file.path);
Again '%s' instead of plain %s.
+ rc = virCgroupAllowDevicePath(cgroup, dev->data.file.path);
+ if (rc != 0) {
+ virReportSystemError(-rc,
+ _("Unable to allow device %s for %s"),
Here too.
ACK.
Matthias
8:53 a.m.
New subject: [libvirt] [PATCH 2/2] Set labelling for character devices in security drivers
On Thu, Jun 24, 2010 at 06:36:36PM +0200, Matthias Bolte wrote:
2010/6/24 Daniel P. Berrange <berrange(a)redhat.com>:
> When configuring serial, parallel, console or channel devices
> with a file, dev or pipe backend type, it is neccessary to label
> the file path in the security drivers. For char devices of type
> file, it is neccessary to pre-create (touch) the file if it does
> not already exist since QEMU won't be allowed todo so itself.
> dev/pipe configs already require the admin to pre-create before
> starting the guest.
Two typos: s/neccessary/necessary
> * src/qemu/qemu_security_dac.c: set file ownership for character
> devices
> * src/security/security_selinux.c: Set file labelling for character
Another typo: s/labelling/labeling
> devices
> * src/qemu/qemu_driver.c: Add character devices to cgroup ACL
> ---
> src/qemu/qemu_driver.c | 59 +++++++++++++++++++
> src/qemu/qemu_security_dac.c | 117 ++++++++++++++++++++++++++++++++++++++
> src/security/security_selinux.c | 119 +++++++++++++++++++++++++++++++++++++++
> src/util/cgroup.c | 2 +-
> 4 files changed, 296 insertions(+), 1 deletions(-)
>
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index a7b3f25..6274d4c 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -2950,6 +2950,28 @@ qemuPrepareHostDevices(struct qemud_driver *driver,
> }
>
>
> +static int
> +qemuPrepareChardevDevice(virDomainDefPtr def ATTRIBUTE_UNUSED,
> + virDomainChrDefPtr dev,
> + void *opaque ATTRIBUTE_UNUSED)
> +{
> + int fd;
> + if (dev->type != VIR_DOMAIN_CHR_TYPE_FILE)
> + return 0;
> +
> + if ((fd = open(dev->data.file.path, O_CREAT | O_APPEND, S_IRUSR|S_IWUSR))
< 0) {
> + virReportSystemError(errno,
> + _("Unable to pre-create chardev file %s"),
Maybe use '%s' here instead of plain %s.
Yep, added this and the others
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
5264
days inactive
5265
days old
5 comments
2 participants
participants (2)
-
Daniel P. Berrange -
Matthias Bolte