[PATCH 0/7] qemu: Stop chowning domain restore file
See 4/7 for detailed explanation. Michal Prívozník (7): security: Reintroduce virSecurityManager{Set,Restore}SavedStateLabel qemu_security: Implement virSecurityManager{Set,Restore}SavedStateLabel security_selinux: Implement virSecurityManager{Set,Restore}SavedStateLabel qemu: Use qemuSecuritySetSavedStateLabel() to label restore path Revert "qemuSecurityDomainRestorePathLabel: Introduce @ignoreNS argument" secdrivers: Rename @stdin_path argument of virSecurityDomainSetAllLabel() qemu_security: Complete renaming of virSecurityManagerSetAllLabel() argument src/libvirt_private.syms | 2 ++ src/qemu/qemu_driver.c | 2 -- src/qemu/qemu_process.c | 12 +++++++ src/qemu/qemu_security.c | 17 +++------- src/qemu/qemu_security.h | 13 ++++++-- src/security/security_apparmor.c | 8 ++--- src/security/security_dac.c | 2 +- src/security/security_driver.h | 11 ++++++- src/security/security_manager.c | 38 ++++++++++++++++++++-- src/security/security_manager.h | 8 ++++- src/security/security_nop.c | 2 +- src/security/security_selinux.c | 37 ++++++++++++++++++++- src/security/security_stack.c | 55 ++++++++++++++++++++++++++++++-- 13 files changed, 177 insertions(+), 30 deletions(-) -- 2.26.2
These APIs were removed/renamed in v6.5.0-rc1~142 and v6.5.0-rc1~141 because they deemed unused. And if it wasn't for the RFE [1] things would stay that way. The RFE asks for us to not change DAC ownership on the file a domain is restoring from. We have been doing that for ages (if not forever), nevertheless it's annoying because if the restore file is on an NFS remembering owner won't help - NFS doesn't support XATTRs yet. But more importantly, there is no need for us to chown() the file because when restoring the domain the file is opened and the FD is then passed to QEMU. Therefore, we really need only to set SELinux and AppArmor. This reverts bd22eec903976c5c51b1d00e335c315699e5acd6. This partially reverts 4ccbd207f213066c000f43eb544eb00ec745023b. The difference to the original code is that secdrivers are now not required to provide dummy implementation to avoid virReportUnsupportedError(). The callback is run if it exists, if it doesn't zero is returned without any error. 1: https://bugzilla.redhat.com/show_bug.cgi?id=1851016 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/libvirt_private.syms | 2 ++ src/security/security_driver.h | 9 ++++++ src/security/security_manager.c | 34 ++++++++++++++++++++++ src/security/security_manager.h | 6 ++++ src/security/security_stack.c | 51 +++++++++++++++++++++++++++++++++ 5 files changed, 102 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index ae0e253ab9..8712213f40 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1560,6 +1560,7 @@ virSecurityManagerRestoreHostdevLabel; virSecurityManagerRestoreImageLabel; virSecurityManagerRestoreInputLabel; virSecurityManagerRestoreMemoryLabel; +virSecurityManagerRestoreSavedStateLabel; virSecurityManagerRestoreTPMLabels; virSecurityManagerSetAllLabel; virSecurityManagerSetChardevLabel; @@ -1571,6 +1572,7 @@ virSecurityManagerSetImageLabel; virSecurityManagerSetInputLabel; virSecurityManagerSetMemoryLabel; virSecurityManagerSetProcessLabel; +virSecurityManagerSetSavedStateLabel; virSecurityManagerSetSocketLabel; virSecurityManagerSetTapFDLabel; virSecurityManagerSetTPMLabels; diff --git a/src/security/security_driver.h b/src/security/security_driver.h index bfff789552..f0ba77032d 100644 --- a/src/security/security_driver.h +++ b/src/security/security_driver.h @@ -67,6 +67,12 @@ typedef int (*virSecurityDomainSetHostdevLabel) (virSecurityManagerPtr mgr, virDomainDefPtr def, virDomainHostdevDefPtr dev, const char *vroot); +typedef int (*virSecurityDomainSetSavedStateLabel) (virSecurityManagerPtr mgr, + virDomainDefPtr def, + const char *savefile); +typedef int (*virSecurityDomainRestoreSavedStateLabel) (virSecurityManagerPtr mgr, + virDomainDefPtr def, + const char *savefile); typedef int (*virSecurityDomainGenLabel) (virSecurityManagerPtr mgr, virDomainDefPtr sec); typedef int (*virSecurityDomainReserveLabel) (virSecurityManagerPtr mgr, @@ -200,6 +206,9 @@ struct _virSecurityDriver { virSecurityDomainSetHostdevLabel domainSetSecurityHostdevLabel; virSecurityDomainRestoreHostdevLabel domainRestoreSecurityHostdevLabel; + virSecurityDomainSetSavedStateLabel domainSetSavedStateLabel; + virSecurityDomainRestoreSavedStateLabel domainRestoreSavedStateLabel; + virSecurityDomainSetImageFDLabel domainSetSecurityImageFDLabel; virSecurityDomainSetTapFDLabel domainSetSecurityTapFDLabel; diff --git a/src/security/security_manager.c b/src/security/security_manager.c index ad1938caeb..c073d8cc0d 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -596,6 +596,40 @@ virSecurityManagerSetHostdevLabel(virSecurityManagerPtr mgr, } +int +virSecurityManagerSetSavedStateLabel(virSecurityManagerPtr mgr, + virDomainDefPtr vm, + const char *savefile) +{ + if (mgr->drv->domainSetSavedStateLabel) { + int ret; + virObjectLock(mgr); + ret = mgr->drv->domainSetSavedStateLabel(mgr, vm, savefile); + virObjectUnlock(mgr); + return ret; + } + + return 0; +} + + +int +virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr, + virDomainDefPtr vm, + const char *savefile) +{ + if (mgr->drv->domainRestoreSavedStateLabel) { + int ret; + virObjectLock(mgr); + ret = mgr->drv->domainRestoreSavedStateLabel(mgr, vm, savefile); + virObjectUnlock(mgr); + return ret; + } + + return 0; +} + + int virSecurityManagerGenLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm) diff --git a/src/security/security_manager.h b/src/security/security_manager.h index 999752ce09..277151848e 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -104,6 +104,12 @@ int virSecurityManagerSetHostdevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, virDomainHostdevDefPtr dev, const char *vroot); +int virSecurityManagerSetSavedStateLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + const char *savefile); +int virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + const char *savefile); int virSecurityManagerGenLabel(virSecurityManagerPtr mgr, virDomainDefPtr sec); int virSecurityManagerReserveLabel(virSecurityManagerPtr mgr, diff --git a/src/security/security_stack.c b/src/security/security_stack.c index 379c9302bc..624431d4ef 100644 --- a/src/security/security_stack.c +++ b/src/security/security_stack.c @@ -394,6 +394,54 @@ virSecurityStackRestoreAllLabel(virSecurityManagerPtr mgr, } +static int +virSecurityStackSetSavedStateLabel(virSecurityManagerPtr mgr, + virDomainDefPtr vm, + const char *savefile) +{ + virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); + virSecurityStackItemPtr item = priv->itemsHead; + + for (; item; item = item->next) { + if (virSecurityManagerSetSavedStateLabel(item->securityManager, vm, savefile) < 0) + goto rollback; + } + + return 0; + + rollback: + for (item = item->prev; item; item = item->prev) { + if (virSecurityManagerRestoreSavedStateLabel(item->securityManager, + vm, + savefile) < 0) { + VIR_WARN("Unable to restore saved state label after failed set " + "label call virDriver=%s driver=%s savefile=%s", + virSecurityManagerGetVirtDriver(mgr), + virSecurityManagerGetDriver(item->securityManager), + savefile); + } + } + return -1; +} + + +static int +virSecurityStackRestoreSavedStateLabel(virSecurityManagerPtr mgr, + virDomainDefPtr vm, + const char *savefile) +{ + virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); + virSecurityStackItemPtr item = priv->itemsHead; + int rc = 0; + + for (; item; item = item->next) { + if (virSecurityManagerRestoreSavedStateLabel(item->securityManager, vm, savefile) < 0) + rc = -1; + } + + return rc; +} + static int virSecurityStackSetProcessLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm) @@ -964,6 +1012,9 @@ virSecurityDriver virSecurityDriverStack = { .domainSetSecurityHostdevLabel = virSecurityStackSetHostdevLabel, .domainRestoreSecurityHostdevLabel = virSecurityStackRestoreHostdevLabel, + .domainSetSavedStateLabel = virSecurityStackSetSavedStateLabel, + .domainRestoreSavedStateLabel = virSecurityStackRestoreSavedStateLabel, + .domainSetSecurityImageFDLabel = virSecurityStackSetImageFDLabel, .domainSetSecurityTapFDLabel = virSecurityStackSetTapFDLabel, -- 2.26.2
These APIs don't use namespaces because the virSecurityManagerSetSavedStateLabel() runs when the namespace doesn't exist yet and thus the virSecurityManagerRestoreSavedStateLabel() has to run without namespace too. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_security.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h index df34820af8..107a581279 100644 --- a/src/qemu/qemu_security.h +++ b/src/qemu/qemu_security.h @@ -96,6 +96,14 @@ int qemuSecurityStartTPMEmulator(virQEMUDriverPtr driver, void qemuSecurityCleanupTPMEmulator(virQEMUDriverPtr driver, virDomainObjPtr vm); +int qemuSecuritySetSavedStateLabel(virQEMUDriverPtr driver, + virDomainObjPtr vm, + const char *savefile); + +int qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver, + virDomainObjPtr vm, + const char *savefile); + int qemuSecurityDomainSetPathLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, const char *path, @@ -133,9 +141,11 @@ int qemuSecurityCommandRun(virQEMUDriverPtr driver, #define qemuSecurityPreFork virSecurityManagerPreFork #define qemuSecurityReleaseLabel virSecurityManagerReleaseLabel #define qemuSecurityReserveLabel virSecurityManagerReserveLabel +#define qemuSecurityRestoreSavedStateLabel virSecurityManagerRestoreSavedStateLabel #define qemuSecuritySetChildProcessLabel virSecurityManagerSetChildProcessLabel #define qemuSecuritySetDaemonSocketLabel virSecurityManagerSetDaemonSocketLabel #define qemuSecuritySetImageFDLabel virSecurityManagerSetImageFDLabel +#define qemuSecuritySetSavedStateLabel virSecurityManagerSetSavedStateLabel #define qemuSecuritySetSocketLabel virSecurityManagerSetSocketLabel #define qemuSecuritySetTapFDLabel virSecurityManagerSetTapFDLabel #define qemuSecurityStackAddNested virSecurityManagerStackAddNested -- 2.26.2
These APIs are are basically virSecuritySELinuxDomainSetPathLabelRO() and virSecuritySELinuxDomainRestorePathLabel(). Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/security/security_selinux.c | 35 +++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index f8c1a0a2f1..6b0581e4d9 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -2501,6 +2501,38 @@ virSecuritySELinuxRestoreHostdevLabel(virSecurityManagerPtr mgr, } +static int +virSecuritySELinuxSetSavedStateLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + const char *savefile) +{ + virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr); + virSecurityLabelDefPtr secdef; + + secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); + + if (!savefile || !secdef || !secdef->relabel || data->skipAllLabel) + return 0; + + return virSecuritySELinuxSetFilecon(mgr, savefile, data->content_context, false); +} + + +static int +virSecuritySELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + const char *savefile) +{ + virSecurityLabelDefPtr secdef; + + secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); + if (!secdef || !secdef->relabel) + return 0; + + return virSecuritySELinuxRestoreFileLabel(mgr, savefile, true); +} + + static int virSecuritySELinuxSetChardevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, @@ -3616,6 +3648,9 @@ virSecurityDriver virSecurityDriverSELinux = { .domainSetSecurityHostdevLabel = virSecuritySELinuxSetHostdevLabel, .domainRestoreSecurityHostdevLabel = virSecuritySELinuxRestoreHostdevLabel, + .domainSetSavedStateLabel = virSecuritySELinuxSetSavedStateLabel, + .domainRestoreSavedStateLabel = virSecuritySELinuxRestoreSavedStateLabel, + .domainSetSecurityImageFDLabel = virSecuritySELinuxSetImageFDLabel, .domainSetSecurityTapFDLabel = virSecuritySELinuxSetTapFDLabel, -- 2.26.2
Currently, when restoring from a domain the path that the domain restores from is labelled under qemuSecuritySetAllLabel() (and after v6.3.0-rc1~108 even outside transactions). While this grants QEMU the access, it has a flaw, because once the domain is restored, up and running then qemuSecurityDomainRestorePathLabel() is called, which is not real counterpart. In case of DAC driver the SetAllLabel() does nothing with the restore path but RestorePathLabel() does - it chown()-s the file back and since there is no original label remembered, the file is chown()-ed to root:root. While the apparent solution is to have DAC driver set the label (and thus remember the original one) in SetAllLabel(), we can do better. Turns out, we are opening the file ourselves (because it may live on a root squashed NFS) and then are just passing the FD to QEMU. But this means, that we don't have to chown() the file at all, we need to set SELinux labels and/or add the path to AppArmor profile. And since we want to restore labels right after QEMU is done loading the migration stream (we don't want to wait until qemuSecurityRestoreAllLabel()), the best way to approach this is to have separate APIs for labelling and restoring label on the restore file. I will investigate whether AppArmor can use the SavedStateLabel() API instead of passing the restore path to SetAllLabel(). Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1851016 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_driver.c | 2 -- src/qemu/qemu_process.c | 12 ++++++++++++ src/qemu/qemu_security.c | 7 ------- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index a5b38b3d24..9da05038d9 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -6958,8 +6958,6 @@ qemuDomainSaveImageStartVM(virConnectPtr conn, qemuProcessStop(driver, vm, VIR_DOMAIN_SHUTOFF_FAILED, asyncJob, VIR_QEMU_PROCESS_STOP_MIGRATED); } - if (qemuSecurityDomainRestorePathLabel(driver, vm, path, true) < 0) - VIR_WARN("failed to restore save state label on %s", path); return ret; } diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index d36088ba98..70fc24b993 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -7073,6 +7073,7 @@ qemuProcessStart(virConnectPtr conn, qemuProcessIncomingDefPtr incoming = NULL; unsigned int stopFlags; bool relabel = false; + bool relabelSavedState = false; int ret = -1; int rv; @@ -7109,6 +7110,13 @@ qemuProcessStart(virConnectPtr conn, if (qemuProcessPrepareHost(driver, vm, flags) < 0) goto stop; + if (migratePath) { + if (qemuSecuritySetSavedStateLabel(driver->securityManager, + vm->def, migratePath) < 0) + goto cleanup; + relabelSavedState = true; + } + if ((rv = qemuProcessLaunch(conn, driver, vm, asyncJob, incoming, snapshot, vmop, flags)) < 0) { if (rv == -2) @@ -7145,6 +7153,10 @@ qemuProcessStart(virConnectPtr conn, ret = 0; cleanup: + if (relabelSavedState && + qemuSecurityRestoreSavedStateLabel(driver->securityManager, + vm->def, migratePath) < 0) + VIR_WARN("failed to restore save state label on %s", migratePath); qemuProcessIncomingDefFree(incoming); return ret; diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c index 3b6d6e91f4..e35394b2f6 100644 --- a/src/qemu/qemu_security.c +++ b/src/qemu/qemu_security.c @@ -39,13 +39,6 @@ qemuSecuritySetAllLabel(virQEMUDriverPtr driver, qemuDomainObjPrivatePtr priv = vm->privateData; pid_t pid = -1; - /* Explicitly run this outside of transaction. We really want to relabel - * the file in the host and not in the domain's namespace. */ - if (virSecurityManagerDomainSetPathLabelRO(driver->securityManager, - vm->def, - stdin_path) < 0) - goto cleanup; - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) pid = vm->pid; -- 2.26.2
The only consumer was removed in the previous commit. This reverts commit f03a38bd1d28eaa95402742da6ff64f3f633a979. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_security.c | 6 ++---- src/qemu/qemu_security.h | 3 +-- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c index e35394b2f6..34cfcd3256 100644 --- a/src/qemu/qemu_security.c +++ b/src/qemu/qemu_security.c @@ -610,15 +610,13 @@ qemuSecurityDomainSetPathLabel(virQEMUDriverPtr driver, int qemuSecurityDomainRestorePathLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, - const char *path, - bool ignoreNS) + const char *path) { qemuDomainObjPrivatePtr priv = vm->privateData; pid_t pid = -1; int ret = -1; - if (!ignoreNS && - qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) pid = vm->pid; if (virSecurityManagerTransactionStart(driver->securityManager) < 0) diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h index 107a581279..82f4945cd8 100644 --- a/src/qemu/qemu_security.h +++ b/src/qemu/qemu_security.h @@ -111,8 +111,7 @@ int qemuSecurityDomainSetPathLabel(virQEMUDriverPtr driver, int qemuSecurityDomainRestorePathLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, - const char *path, - bool ignoreNS); + const char *path); int qemuSecurityCommandRun(virQEMUDriverPtr driver, virDomainObjPtr vm, -- 2.26.2
The argument (if not NULL) points to the file the domain is restoring from. On QEMU command line this used to be '-incoming $path', but we've switched to passing FD ages ago and thus this argument is used only in AppArmor (which loads the profile on domain start). Anyway, the argument does not refer to stdin, rename it to 'incomingPath' then. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/security/security_apparmor.c | 8 ++++---- src/security/security_dac.c | 2 +- src/security/security_driver.h | 2 +- src/security/security_manager.c | 4 ++-- src/security/security_manager.h | 2 +- src/security/security_nop.c | 2 +- src/security/security_selinux.c | 2 +- src/security/security_stack.c | 4 ++-- 8 files changed, 13 insertions(+), 13 deletions(-) diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c index 583e872614..3f6a213b43 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -455,7 +455,7 @@ AppArmorGenSecurityLabel(virSecurityManagerPtr mgr G_GNUC_UNUSED, static int AppArmorSetSecurityAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - const char *stdin_path, + const char *incomingPath, bool chardevStdioLogd G_GNUC_UNUSED, bool migrated G_GNUC_UNUSED) { @@ -464,10 +464,10 @@ AppArmorSetSecurityAllLabel(virSecurityManagerPtr mgr, if (!secdef || !secdef->relabel) return 0; - /* Reload the profile if stdin_path is specified. Note that + /* Reload the profile if incomingPath is specified. Note that GenSecurityLabel() will have already been run. */ - if (stdin_path) - return reload_profile(mgr, def, stdin_path, true); + if (incomingPath) + return reload_profile(mgr, def, incomingPath, true); return 0; } diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 23fe351a32..dd701ef28b 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -2142,7 +2142,7 @@ virSecurityDACSetSysinfoLabel(virSecurityManagerPtr mgr, static int virSecurityDACSetAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - const char *stdin_path G_GNUC_UNUSED, + const char *incomingPath G_GNUC_UNUSED, bool chardevStdioLogd, bool migrated G_GNUC_UNUSED) { diff --git a/src/security/security_driver.h b/src/security/security_driver.h index f0ba77032d..08cdf94598 100644 --- a/src/security/security_driver.h +++ b/src/security/security_driver.h @@ -82,7 +82,7 @@ typedef int (*virSecurityDomainReleaseLabel) (virSecurityManagerPtr mgr, virDomainDefPtr sec); typedef int (*virSecurityDomainSetAllLabel) (virSecurityManagerPtr mgr, virDomainDefPtr sec, - const char *stdin_path, + const char *incomingPath, bool chardevStdioLogd, bool migrated); typedef int (*virSecurityDomainRestoreAllLabel) (virSecurityManagerPtr mgr, diff --git a/src/security/security_manager.c b/src/security/security_manager.c index c073d8cc0d..9a242f9189 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -856,14 +856,14 @@ int virSecurityManagerCheckAllLabel(virSecurityManagerPtr mgr, int virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, - const char *stdin_path, + const char *incomingPath, bool chardevStdioLogd, bool migrated) { if (mgr->drv->domainSetSecurityAllLabel) { int ret; virObjectLock(mgr); - ret = mgr->drv->domainSetSecurityAllLabel(mgr, vm, stdin_path, + ret = mgr->drv->domainSetSecurityAllLabel(mgr, vm, incomingPath, chardevStdioLogd, migrated); virObjectUnlock(mgr); diff --git a/src/security/security_manager.h b/src/security/security_manager.h index 277151848e..1c9e166174 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -121,7 +121,7 @@ int virSecurityManagerCheckAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr sec); int virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr sec, - const char *stdin_path, + const char *incomingPath, bool chardevStdioLogd, bool migrated); int virSecurityManagerRestoreAllLabel(virSecurityManagerPtr mgr, diff --git a/src/security/security_nop.c b/src/security/security_nop.c index de5da1ee1c..385a747f5b 100644 --- a/src/security/security_nop.c +++ b/src/security/security_nop.c @@ -119,7 +119,7 @@ virSecurityDomainReleaseLabelNop(virSecurityManagerPtr mgr G_GNUC_UNUSED, static int virSecurityDomainSetAllLabelNop(virSecurityManagerPtr mgr G_GNUC_UNUSED, virDomainDefPtr sec G_GNUC_UNUSED, - const char *stdin_path G_GNUC_UNUSED, + const char *incomingPath G_GNUC_UNUSED, bool chardevStdioLogd G_GNUC_UNUSED, bool migrated G_GNUC_UNUSED) { diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 6b0581e4d9..52ff4fab0f 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -3169,7 +3169,7 @@ virSecuritySELinuxSetSysinfoLabel(virSecurityManagerPtr mgr, static int virSecuritySELinuxSetAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - const char *stdin_path G_GNUC_UNUSED, + const char *incomingPath G_GNUC_UNUSED, bool chardevStdioLogd, bool migrated G_GNUC_UNUSED) { diff --git a/src/security/security_stack.c b/src/security/security_stack.c index 624431d4ef..2480c47f70 100644 --- a/src/security/security_stack.c +++ b/src/security/security_stack.c @@ -341,7 +341,7 @@ virSecurityStackRestoreHostdevLabel(virSecurityManagerPtr mgr, static int virSecurityStackSetAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, - const char *stdin_path, + const char *incomingPath, bool chardevStdioLogd, bool migrated) { @@ -350,7 +350,7 @@ virSecurityStackSetAllLabel(virSecurityManagerPtr mgr, for (; item; item = item->next) { if (virSecurityManagerSetAllLabel(item->securityManager, vm, - stdin_path, chardevStdioLogd, + incomingPath, chardevStdioLogd, migrated) < 0) goto rollback; } -- 2.26.2
Just like in the previous commit, the stdin_path argument of virSecurityManagerSetAllLabel() is renamed to incomingPath. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_security.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c index 34cfcd3256..621523f086 100644 --- a/src/qemu/qemu_security.c +++ b/src/qemu/qemu_security.c @@ -32,7 +32,7 @@ VIR_LOG_INIT("qemu.qemu_security"); int qemuSecuritySetAllLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, - const char *stdin_path, + const char *incomingPath, bool migrated) { int ret = -1; @@ -47,7 +47,7 @@ qemuSecuritySetAllLabel(virQEMUDriverPtr driver, if (virSecurityManagerSetAllLabel(driver->securityManager, vm->def, - stdin_path, + incomingPath, priv->chardevStdioLogd, migrated) < 0) goto cleanup; -- 2.26.2
On Wed, Jul 01, 2020 at 06:15:07PM +0200, Michal Privoznik wrote:
Just like in the previous commit, the stdin_path argument of virSecurityManagerSetAllLabel() is renamed to incomingPath.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_security.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c index 34cfcd3256..621523f086 100644 --- a/src/qemu/qemu_security.c +++ b/src/qemu/qemu_security.c @@ -32,7 +32,7 @@ VIR_LOG_INIT("qemu.qemu_security"); int qemuSecuritySetAllLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, - const char *stdin_path, + const char *incomingPath, bool migrated)
The same change should be performed in qemu_security.h I also think since all of the stdin_path occurrences are security related, you can squash 6 and 7 together. While doing that you might as well toss in an identical patch for da863c2ad15 which also missed the same change in the header file. Erik
On Wed, Jul 01, 2020 at 06:15:00PM +0200, Michal Privoznik wrote:
See 4/7 for detailed explanation.
Michal Prívozník (7): security: Reintroduce virSecurityManager{Set,Restore}SavedStateLabel qemu_security: Implement virSecurityManager{Set,Restore}SavedStateLabel security_selinux: Implement virSecurityManager{Set,Restore}SavedStateLabel qemu: Use qemuSecuritySetSavedStateLabel() to label restore path Revert "qemuSecurityDomainRestorePathLabel: Introduce @ignoreNS argument" secdrivers: Rename @stdin_path argument of virSecurityDomainSetAllLabel() qemu_security: Complete renaming of virSecurityManagerSetAllLabel() argument
I gave it a try, compared it to both 6.5.0 and to the much older 4.6.0 as per the bugzilla in 4/7 and it worked. Reviewed-by: Erik Skultety <eskultet@redhat.com>
participants (2)
-
Erik Skultety -
Michal Privoznik