Re: [libvirt] [PATCH 3/4] Fix QEMU save/restore with block devices
On 04/28/2010 08:49 AM, Daniel P. Berrange wrote:
On Sun, Apr 25, 2010 at 03:04:21AM -0400, Laine Stump wrote:
> On 04/24/2010 12:50 AM, Laine Stump wrote:
>
>> Is it really necessary to add this padding even when we *aren't* using
>> dd? (ie, when is_reg == 1).
>>
> Nevermind. Now that I've actual RTFC, I see that this new code *always*
> use dd.
>
> However, I just noticed an SELinux complaint about dd attempting to
> write to a file on an NFS-mounted directory. My system is running
> SELinux in permissive mode, so it succeeded, but won't this be a problem
> if it's in enforcing mode?
>
If there is a SELinux problem I don't think it can be related to this
patch. Both before& after this change we're running a child process
to actually write the data. Previously cat, now dd. So SELinux would
impact them equally badly/well.
Correct (that it's a problem with dd breaking an SELinux policy, not
us). I don't recall if there was previously a complaint about cat doing
it, but it seems probable that SELinux would be setup to not complain
about a cat of a file on an NFS-mounted directory, yet complain loudly
if someone used dd.
So while nothing needs changing in this code, it's one of those things
that we need to inform the SELinux people about - it really is
foreseeable that someone would want to access an NFS-mounted file with dd.