Re: [libvirt] [PATCH RFC 1/3] security_dac: Remember owner prior chown() and restore on relabel
On Tue, Feb 26, 2013 at 05:23:18PM -0700, Eric Blake wrote:
On 02/26/2013 09:08 AM, Michal Privoznik wrote:
> Currently, if we label a file to match qemu process DAC label, we
> do not store the original owner anywhere. So when relabeling
> back, the only option we have is to relabel to root:root
> which is obviously wrong.
>
> However, bare remembering is not enough. We need to keep track of
> how many times we labeled a file so only the last restore
> chown()-s file back to the original owner.
Definitely important for a read-only file shared by more than one domain.
>
> In order to not pollute domain XML, this info is kept in driver's
> private data in a hash table with path being key and pair
> <oldLabel, refcount> being value.
Makes sense.
Have you looked at what it would take to use ACLs to grant access to
qemu without having to do a full-blown chown? That would also need to
use the hash table to undo the ACL at the end of the day, and we would
need to fall back to chown() on file systems where ACL doesn't work, but
it certainly sounds like that would be sharing some of the work in this
patch.
Yep, independantly this patch we ought to make use of ACLs. It would
remove a whole class of problems users experiance and make udev happier
since it hates things chown'ing device nodes behind its back and has a
tendancy to change them back at any moment.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|