Re: [libvirt] [Qemu-devel] [PATCH v8 0/7] file descriptor passing using fd sets

Am 10.08.2012 04:10, schrieb Corey Bryant: > libvirt's sVirt security driver provides SELinux MAC isolation for > Qemu guest processes and their corresponding image files. In other > words, sVirt uses SELinux to prevent a QEMU process from opening > files that do not belong to it. > > sVirt provides this support by labeling guests and resources with > security labels that are stored in file system extended attributes. > Some file systems, such as NFS, do not support the extended > attribute security namespace, and therefore cannot support sVirt > isolation. > > A solution to this problem is to provide fd passing support, where > libvirt opens files and passes file descriptors to QEMU. This, > along with SELinux policy to prevent QEMU from opening files, can > provide image file isolation for NFS files stored on the same NFS > mount. > > This patch series adds the add-fd, remove-fd, and query-fdsets > QMP monitor commands, which allow file descriptors to be passed > via SCM_RIGHTS, and assigned to specified fd sets. This allows > fd sets to be created per file with fds having, for example, > different access rights. When QEMU needs to reopen a file with > different access rights, it can search for a matching fd in the > fd set. Fd sets also allow for easy tracking of fds per file, > helping to prevent fd leaks. > > Support is also added to the block layer to allow QEMU to dup an > fd from an fdset when the filename is of the /dev/fdset/nnn format, > where nnn is the fd set ID. > > No new SELinux policy is required to prevent open of NFS files > (files with type nfs_t). The virt_use_nfs boolean type simply > needs to be set to false, and open will be prevented (and dup will > be allowed). For example: > > # setsebool virt_use_nfs 0 > # getsebool virt_use_nfs > virt_use_nfs --> off > > Corey Bryant (7): > qemu-char: Add MSG_CMSG_CLOEXEC flag to recvmsg > qapi: Introduce add-fd, remove-fd, query-fdsets > monitor: Clean up fd sets on monitor disconnect > block: Prevent detection of /dev/fdset/ as floppy > block: Convert open calls to qemu_open > block: Convert close calls to qemu_close > block: Enable qemu_open/close to work with fd sets > > block/raw-posix.c | 46 +++++---- > block/raw-win32.c | 6 +- > block/vdi.c | 5 +- > block/vmdk.c | 25 ++--- > block/vpc.c | 4 +- > block/vvfat.c | 16 +-- > cutils.c | 5 + > monitor.c | 294 +++++++++++++++++++++++++++++++++++++++++++++++++++++ > monitor.h | 5 + > osdep.c | 117 +++++++++++++++++++++ > qapi-schema.json | 98 ++++++++++++++++++ > qemu-char.c | 12 ++- > qemu-common.h | 2 + > qemu-tool.c | 20 ++++ > qmp-commands.hx | 117 +++++++++++++++++++++ > savevm.c | 4 +- > 16 files changed, 721 insertions(+), 55 deletions(-) Apart from the few comments I made, I like this series. Maybe v9 will be the last one. :-)