11:15 a.m.
See 4/7 for detailed explanation.
Michal Prívozník (7):
security: Reintroduce virSecurityManager{Set,Restore}SavedStateLabel
qemu_security: Implement
virSecurityManager{Set,Restore}SavedStateLabel
security_selinux: Implement
virSecurityManager{Set,Restore}SavedStateLabel
qemu: Use qemuSecuritySetSavedStateLabel() to label restore path
Revert "qemuSecurityDomainRestorePathLabel: Introduce @ignoreNS
argument"
secdrivers: Rename @stdin_path argument of
virSecurityDomainSetAllLabel()
qemu_security: Complete renaming of virSecurityManagerSetAllLabel()
argument
src/libvirt_private.syms | 2 ++
src/qemu/qemu_driver.c | 2 --
src/qemu/qemu_process.c | 12 +++++++
src/qemu/qemu_security.c | 17 +++-------
src/qemu/qemu_security.h | 13 ++++++--
src/security/security_apparmor.c | 8 ++---
src/security/security_dac.c | 2 +-
src/security/security_driver.h | 11 ++++++-
src/security/security_manager.c | 38 ++++++++++++++++++++--
src/security/security_manager.h | 8 ++++-
src/security/security_nop.c | 2 +-
src/security/security_selinux.c | 37 ++++++++++++++++++++-
src/security/security_stack.c | 55 ++++++++++++++++++++++++++++++--
13 files changed, 177 insertions(+), 30 deletions(-)
--
2.26.2
11:15 a.m.
New subject: [PATCH 1/7] security: Reintroduce virSecurityManager{Set, Restore}SavedStateLabel
These APIs were removed/renamed in v6.5.0-rc1~142 and v6.5.0-rc1~141
because they deemed unused. And if it wasn't for the RFE [1] things
would stay that way.
The RFE asks for us to not change DAC ownership on the file a domain is
restoring from. We have been doing that for ages (if not forever),
nevertheless it's annoying because if the restore file is on an NFS
remembering owner won't help - NFS doesn't support XATTRs yet. But more
importantly, there is no need for us to chown() the file because when
restoring the domain the file is opened and the FD is then passed to
QEMU. Therefore, we really need only to set SELinux and AppArmor.
This reverts bd22eec903976c5c51b1d00e335c315699e5acd6.
This partially reverts 4ccbd207f213066c000f43eb544eb00ec745023b.
The difference to the original code is that secdrivers are now
not required to provide dummy implementation to avoid
virReportUnsupportedError(). The callback is run if it exists, if
it doesn't zero is returned without any error.
1: https://bugzilla.redhat.com/show_bug.cgi?id=1851016
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/libvirt_private.syms | 2 ++
src/security/security_driver.h | 9 ++++++
src/security/security_manager.c | 34 ++++++++++++++++++++++
src/security/security_manager.h | 6 ++++
src/security/security_stack.c | 51 +++++++++++++++++++++++++++++++++
5 files changed, 102 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index ae0e253ab9..8712213f40 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1560,6 +1560,7 @@ virSecurityManagerRestoreHostdevLabel;
virSecurityManagerRestoreImageLabel;
virSecurityManagerRestoreInputLabel;
virSecurityManagerRestoreMemoryLabel;
+virSecurityManagerRestoreSavedStateLabel;
virSecurityManagerRestoreTPMLabels;
virSecurityManagerSetAllLabel;
virSecurityManagerSetChardevLabel;
@@ -1571,6 +1572,7 @@ virSecurityManagerSetImageLabel;
virSecurityManagerSetInputLabel;
virSecurityManagerSetMemoryLabel;
virSecurityManagerSetProcessLabel;
+virSecurityManagerSetSavedStateLabel;
virSecurityManagerSetSocketLabel;
virSecurityManagerSetTapFDLabel;
virSecurityManagerSetTPMLabels;
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index bfff789552..f0ba77032d 100644
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -67,6 +67,12 @@ typedef int (*virSecurityDomainSetHostdevLabel) (virSecurityManagerPtr
mgr,
virDomainDefPtr def,
virDomainHostdevDefPtr dev,
const char *vroot);
+typedef int (*virSecurityDomainSetSavedStateLabel) (virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ const char *savefile);
+typedef int (*virSecurityDomainRestoreSavedStateLabel) (virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ const char *savefile);
typedef int (*virSecurityDomainGenLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr sec);
typedef int (*virSecurityDomainReserveLabel) (virSecurityManagerPtr mgr,
@@ -200,6 +206,9 @@ struct _virSecurityDriver {
virSecurityDomainSetHostdevLabel domainSetSecurityHostdevLabel;
virSecurityDomainRestoreHostdevLabel domainRestoreSecurityHostdevLabel;
+ virSecurityDomainSetSavedStateLabel domainSetSavedStateLabel;
+ virSecurityDomainRestoreSavedStateLabel domainRestoreSavedStateLabel;
+
virSecurityDomainSetImageFDLabel domainSetSecurityImageFDLabel;
virSecurityDomainSetTapFDLabel domainSetSecurityTapFDLabel;
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index ad1938caeb..c073d8cc0d 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -596,6 +596,40 @@ virSecurityManagerSetHostdevLabel(virSecurityManagerPtr mgr,
}
+int
+virSecurityManagerSetSavedStateLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ const char *savefile)
+{
+ if (mgr->drv->domainSetSavedStateLabel) {
+ int ret;
+ virObjectLock(mgr);
+ ret = mgr->drv->domainSetSavedStateLabel(mgr, vm, savefile);
+ virObjectUnlock(mgr);
+ return ret;
+ }
+
+ return 0;
+}
+
+
+int
+virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ const char *savefile)
+{
+ if (mgr->drv->domainRestoreSavedStateLabel) {
+ int ret;
+ virObjectLock(mgr);
+ ret = mgr->drv->domainRestoreSavedStateLabel(mgr, vm, savefile);
+ virObjectUnlock(mgr);
+ return ret;
+ }
+
+ return 0;
+}
+
+
int
virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm)
diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index 999752ce09..277151848e 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -104,6 +104,12 @@ int virSecurityManagerSetHostdevLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
virDomainHostdevDefPtr dev,
const char *vroot);
+int virSecurityManagerSetSavedStateLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ const char *savefile);
+int virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ const char *savefile);
int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
virDomainDefPtr sec);
int virSecurityManagerReserveLabel(virSecurityManagerPtr mgr,
diff --git a/src/security/security_stack.c b/src/security/security_stack.c
index 379c9302bc..624431d4ef 100644
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -394,6 +394,54 @@ virSecurityStackRestoreAllLabel(virSecurityManagerPtr mgr,
}
+static int
+virSecurityStackSetSavedStateLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ const char *savefile)
+{
+ virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+ virSecurityStackItemPtr item = priv->itemsHead;
+
+ for (; item; item = item->next) {
+ if (virSecurityManagerSetSavedStateLabel(item->securityManager, vm, savefile)
< 0)
+ goto rollback;
+ }
+
+ return 0;
+
+ rollback:
+ for (item = item->prev; item; item = item->prev) {
+ if (virSecurityManagerRestoreSavedStateLabel(item->securityManager,
+ vm,
+ savefile) < 0) {
+ VIR_WARN("Unable to restore saved state label after failed set "
+ "label call virDriver=%s driver=%s savefile=%s",
+ virSecurityManagerGetVirtDriver(mgr),
+ virSecurityManagerGetDriver(item->securityManager),
+ savefile);
+ }
+ }
+ return -1;
+}
+
+
+static int
+virSecurityStackRestoreSavedStateLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ const char *savefile)
+{
+ virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+ virSecurityStackItemPtr item = priv->itemsHead;
+ int rc = 0;
+
+ for (; item; item = item->next) {
+ if (virSecurityManagerRestoreSavedStateLabel(item->securityManager, vm,
savefile) < 0)
+ rc = -1;
+ }
+
+ return rc;
+}
+
static int
virSecurityStackSetProcessLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm)
@@ -964,6 +1012,9 @@ virSecurityDriver virSecurityDriverStack = {
.domainSetSecurityHostdevLabel = virSecurityStackSetHostdevLabel,
.domainRestoreSecurityHostdevLabel = virSecurityStackRestoreHostdevLabel,
+ .domainSetSavedStateLabel = virSecurityStackSetSavedStateLabel,
+ .domainRestoreSavedStateLabel = virSecurityStackRestoreSavedStateLabel,
+
.domainSetSecurityImageFDLabel = virSecurityStackSetImageFDLabel,
.domainSetSecurityTapFDLabel = virSecurityStackSetTapFDLabel,
--
2.26.2
11:15 a.m.
New subject: [PATCH 2/7] qemu_security: Implement virSecurityManager{Set, Restore}SavedStateLabel
These APIs don't use namespaces because the
virSecurityManagerSetSavedStateLabel() runs
when the namespace doesn't exist yet and thus
the virSecurityManagerRestoreSavedStateLabel()
has to run without namespace too.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_security.h | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
index df34820af8..107a581279 100644
--- a/src/qemu/qemu_security.h
+++ b/src/qemu/qemu_security.h
@@ -96,6 +96,14 @@ int qemuSecurityStartTPMEmulator(virQEMUDriverPtr driver,
void qemuSecurityCleanupTPMEmulator(virQEMUDriverPtr driver,
virDomainObjPtr vm);
+int qemuSecuritySetSavedStateLabel(virQEMUDriverPtr driver,
+ virDomainObjPtr vm,
+ const char *savefile);
+
+int qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver,
+ virDomainObjPtr vm,
+ const char *savefile);
+
int qemuSecurityDomainSetPathLabel(virQEMUDriverPtr driver,
virDomainObjPtr vm,
const char *path,
@@ -133,9 +141,11 @@ int qemuSecurityCommandRun(virQEMUDriverPtr driver,
#define qemuSecurityPreFork virSecurityManagerPreFork
#define qemuSecurityReleaseLabel virSecurityManagerReleaseLabel
#define qemuSecurityReserveLabel virSecurityManagerReserveLabel
+#define qemuSecurityRestoreSavedStateLabel virSecurityManagerRestoreSavedStateLabel
#define qemuSecuritySetChildProcessLabel virSecurityManagerSetChildProcessLabel
#define qemuSecuritySetDaemonSocketLabel virSecurityManagerSetDaemonSocketLabel
#define qemuSecuritySetImageFDLabel virSecurityManagerSetImageFDLabel
+#define qemuSecuritySetSavedStateLabel virSecurityManagerSetSavedStateLabel
#define qemuSecuritySetSocketLabel virSecurityManagerSetSocketLabel
#define qemuSecuritySetTapFDLabel virSecurityManagerSetTapFDLabel
#define qemuSecurityStackAddNested virSecurityManagerStackAddNested
--
2.26.2
11:15 a.m.
New subject: [PATCH 3/7] security_selinux: Implement virSecurityManager{Set, Restore}SavedStateLabel
These APIs are are basically
virSecuritySELinuxDomainSetPathLabelRO() and
virSecuritySELinuxDomainRestorePathLabel().
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/security/security_selinux.c | 35 +++++++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index f8c1a0a2f1..6b0581e4d9 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2501,6 +2501,38 @@ virSecuritySELinuxRestoreHostdevLabel(virSecurityManagerPtr mgr,
}
+static int
+virSecuritySELinuxSetSavedStateLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ const char *savefile)
+{
+ virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
+ virSecurityLabelDefPtr secdef;
+
+ secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+
+ if (!savefile || !secdef || !secdef->relabel || data->skipAllLabel)
+ return 0;
+
+ return virSecuritySELinuxSetFilecon(mgr, savefile, data->content_context, false);
+}
+
+
+static int
+virSecuritySELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ const char *savefile)
+{
+ virSecurityLabelDefPtr secdef;
+
+ secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+ if (!secdef || !secdef->relabel)
+ return 0;
+
+ return virSecuritySELinuxRestoreFileLabel(mgr, savefile, true);
+}
+
+
static int
virSecuritySELinuxSetChardevLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
@@ -3616,6 +3648,9 @@ virSecurityDriver virSecurityDriverSELinux = {
.domainSetSecurityHostdevLabel = virSecuritySELinuxSetHostdevLabel,
.domainRestoreSecurityHostdevLabel = virSecuritySELinuxRestoreHostdevLabel,
+ .domainSetSavedStateLabel = virSecuritySELinuxSetSavedStateLabel,
+ .domainRestoreSavedStateLabel = virSecuritySELinuxRestoreSavedStateLabel,
+
.domainSetSecurityImageFDLabel = virSecuritySELinuxSetImageFDLabel,
.domainSetSecurityTapFDLabel = virSecuritySELinuxSetTapFDLabel,
--
2.26.2
11:15 a.m.
New subject: [PATCH 4/7] qemu: Use qemuSecuritySetSavedStateLabel() to label restore path
Currently, when restoring from a domain the path that the domain
restores from is labelled under qemuSecuritySetAllLabel() (and after
v6.3.0-rc1~108 even outside transactions). While this grants QEMU
the access, it has a flaw, because once the domain is restored, up
and running then qemuSecurityDomainRestorePathLabel() is called,
which is not real counterpart. In case of DAC driver the
SetAllLabel() does nothing with the restore path but
RestorePathLabel() does - it chown()-s the file back and since there
is no original label remembered, the file is chown()-ed to
root:root. While the apparent solution is to have DAC driver set the
label (and thus remember the original one) in SetAllLabel(), we can
do better.
Turns out, we are opening the file ourselves (because it may live on
a root squashed NFS) and then are just passing the FD to QEMU. But
this means, that we don't have to chown() the file at all, we need
to set SELinux labels and/or add the path to AppArmor profile.
And since we want to restore labels right after QEMU is done loading
the migration stream (we don't want to wait until
qemuSecurityRestoreAllLabel()), the best way to approach this is to
have separate APIs for labelling and restoring label on the restore
file.
I will investigate whether AppArmor can use the SavedStateLabel()
API instead of passing the restore path to SetAllLabel().
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1851016
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_driver.c | 2 --
src/qemu/qemu_process.c | 12 ++++++++++++
src/qemu/qemu_security.c | 7 -------
3 files changed, 12 insertions(+), 9 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index a5b38b3d24..9da05038d9 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -6958,8 +6958,6 @@ qemuDomainSaveImageStartVM(virConnectPtr conn,
qemuProcessStop(driver, vm, VIR_DOMAIN_SHUTOFF_FAILED,
asyncJob, VIR_QEMU_PROCESS_STOP_MIGRATED);
}
- if (qemuSecurityDomainRestorePathLabel(driver, vm, path, true) < 0)
- VIR_WARN("failed to restore save state label on %s", path);
return ret;
}
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index d36088ba98..70fc24b993 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -7073,6 +7073,7 @@ qemuProcessStart(virConnectPtr conn,
qemuProcessIncomingDefPtr incoming = NULL;
unsigned int stopFlags;
bool relabel = false;
+ bool relabelSavedState = false;
int ret = -1;
int rv;
@@ -7109,6 +7110,13 @@ qemuProcessStart(virConnectPtr conn,
if (qemuProcessPrepareHost(driver, vm, flags) < 0)
goto stop;
+ if (migratePath) {
+ if (qemuSecuritySetSavedStateLabel(driver->securityManager,
+ vm->def, migratePath) < 0)
+ goto cleanup;
+ relabelSavedState = true;
+ }
+
if ((rv = qemuProcessLaunch(conn, driver, vm, asyncJob, incoming,
snapshot, vmop, flags)) < 0) {
if (rv == -2)
@@ -7145,6 +7153,10 @@ qemuProcessStart(virConnectPtr conn,
ret = 0;
cleanup:
+ if (relabelSavedState &&
+ qemuSecurityRestoreSavedStateLabel(driver->securityManager,
+ vm->def, migratePath) < 0)
+ VIR_WARN("failed to restore save state label on %s", migratePath);
qemuProcessIncomingDefFree(incoming);
return ret;
diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index 3b6d6e91f4..e35394b2f6 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -39,13 +39,6 @@ qemuSecuritySetAllLabel(virQEMUDriverPtr driver,
qemuDomainObjPrivatePtr priv = vm->privateData;
pid_t pid = -1;
- /* Explicitly run this outside of transaction. We really want to relabel
- * the file in the host and not in the domain's namespace. */
- if (virSecurityManagerDomainSetPathLabelRO(driver->securityManager,
- vm->def,
- stdin_path) < 0)
- goto cleanup;
-
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid;
--
2.26.2
11:15 a.m.
New subject: [PATCH 5/7] Revert "qemuSecurityDomainRestorePathLabel: Introduce @ignoreNS argument"
The only consumer was removed in the previous commit.
This reverts commit f03a38bd1d28eaa95402742da6ff64f3f633a979.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_security.c | 6 ++----
src/qemu/qemu_security.h | 3 +--
2 files changed, 3 insertions(+), 6 deletions(-)
diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index e35394b2f6..34cfcd3256 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -610,15 +610,13 @@ qemuSecurityDomainSetPathLabel(virQEMUDriverPtr driver,
int
qemuSecurityDomainRestorePathLabel(virQEMUDriverPtr driver,
virDomainObjPtr vm,
- const char *path,
- bool ignoreNS)
+ const char *path)
{
qemuDomainObjPrivatePtr priv = vm->privateData;
pid_t pid = -1;
int ret = -1;
- if (!ignoreNS &&
- qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
index 107a581279..82f4945cd8 100644
--- a/src/qemu/qemu_security.h
+++ b/src/qemu/qemu_security.h
@@ -111,8 +111,7 @@ int qemuSecurityDomainSetPathLabel(virQEMUDriverPtr driver,
int qemuSecurityDomainRestorePathLabel(virQEMUDriverPtr driver,
virDomainObjPtr vm,
- const char *path,
- bool ignoreNS);
+ const char *path);
int qemuSecurityCommandRun(virQEMUDriverPtr driver,
virDomainObjPtr vm,
--
2.26.2
11:15 a.m.
New subject: [PATCH 6/7] secdrivers: Rename @stdin_path argument of virSecurityDomainSetAllLabel()
The argument (if not NULL) points to the file the domain is
restoring from. On QEMU command line this used to be '-incoming
$path', but we've switched to passing FD ages ago and thus this
argument is used only in AppArmor (which loads the profile on
domain start). Anyway, the argument does not refer to stdin,
rename it to 'incomingPath' then.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/security/security_apparmor.c | 8 ++++----
src/security/security_dac.c | 2 +-
src/security/security_driver.h | 2 +-
src/security/security_manager.c | 4 ++--
src/security/security_manager.h | 2 +-
src/security/security_nop.c | 2 +-
src/security/security_selinux.c | 2 +-
src/security/security_stack.c | 4 ++--
8 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 583e872614..3f6a213b43 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -455,7 +455,7 @@ AppArmorGenSecurityLabel(virSecurityManagerPtr mgr G_GNUC_UNUSED,
static int
AppArmorSetSecurityAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
- const char *stdin_path,
+ const char *incomingPath,
bool chardevStdioLogd G_GNUC_UNUSED,
bool migrated G_GNUC_UNUSED)
{
@@ -464,10 +464,10 @@ AppArmorSetSecurityAllLabel(virSecurityManagerPtr mgr,
if (!secdef || !secdef->relabel)
return 0;
- /* Reload the profile if stdin_path is specified. Note that
+ /* Reload the profile if incomingPath is specified. Note that
GenSecurityLabel() will have already been run. */
- if (stdin_path)
- return reload_profile(mgr, def, stdin_path, true);
+ if (incomingPath)
+ return reload_profile(mgr, def, incomingPath, true);
return 0;
}
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 23fe351a32..dd701ef28b 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -2142,7 +2142,7 @@ virSecurityDACSetSysinfoLabel(virSecurityManagerPtr mgr,
static int
virSecurityDACSetAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
- const char *stdin_path G_GNUC_UNUSED,
+ const char *incomingPath G_GNUC_UNUSED,
bool chardevStdioLogd,
bool migrated G_GNUC_UNUSED)
{
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index f0ba77032d..08cdf94598 100644
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -82,7 +82,7 @@ typedef int (*virSecurityDomainReleaseLabel) (virSecurityManagerPtr
mgr,
virDomainDefPtr sec);
typedef int (*virSecurityDomainSetAllLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr sec,
- const char *stdin_path,
+ const char *incomingPath,
bool chardevStdioLogd,
bool migrated);
typedef int (*virSecurityDomainRestoreAllLabel) (virSecurityManagerPtr mgr,
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index c073d8cc0d..9a242f9189 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -856,14 +856,14 @@ int virSecurityManagerCheckAllLabel(virSecurityManagerPtr mgr,
int
virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
- const char *stdin_path,
+ const char *incomingPath,
bool chardevStdioLogd,
bool migrated)
{
if (mgr->drv->domainSetSecurityAllLabel) {
int ret;
virObjectLock(mgr);
- ret = mgr->drv->domainSetSecurityAllLabel(mgr, vm, stdin_path,
+ ret = mgr->drv->domainSetSecurityAllLabel(mgr, vm, incomingPath,
chardevStdioLogd,
migrated);
virObjectUnlock(mgr);
diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index 277151848e..1c9e166174 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -121,7 +121,7 @@ int virSecurityManagerCheckAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr sec);
int virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr sec,
- const char *stdin_path,
+ const char *incomingPath,
bool chardevStdioLogd,
bool migrated);
int virSecurityManagerRestoreAllLabel(virSecurityManagerPtr mgr,
diff --git a/src/security/security_nop.c b/src/security/security_nop.c
index de5da1ee1c..385a747f5b 100644
--- a/src/security/security_nop.c
+++ b/src/security/security_nop.c
@@ -119,7 +119,7 @@ virSecurityDomainReleaseLabelNop(virSecurityManagerPtr mgr
G_GNUC_UNUSED,
static int
virSecurityDomainSetAllLabelNop(virSecurityManagerPtr mgr G_GNUC_UNUSED,
virDomainDefPtr sec G_GNUC_UNUSED,
- const char *stdin_path G_GNUC_UNUSED,
+ const char *incomingPath G_GNUC_UNUSED,
bool chardevStdioLogd G_GNUC_UNUSED,
bool migrated G_GNUC_UNUSED)
{
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 6b0581e4d9..52ff4fab0f 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -3169,7 +3169,7 @@ virSecuritySELinuxSetSysinfoLabel(virSecurityManagerPtr mgr,
static int
virSecuritySELinuxSetAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
- const char *stdin_path G_GNUC_UNUSED,
+ const char *incomingPath G_GNUC_UNUSED,
bool chardevStdioLogd,
bool migrated G_GNUC_UNUSED)
{
diff --git a/src/security/security_stack.c b/src/security/security_stack.c
index 624431d4ef..2480c47f70 100644
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -341,7 +341,7 @@ virSecurityStackRestoreHostdevLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackSetAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
- const char *stdin_path,
+ const char *incomingPath,
bool chardevStdioLogd,
bool migrated)
{
@@ -350,7 +350,7 @@ virSecurityStackSetAllLabel(virSecurityManagerPtr mgr,
for (; item; item = item->next) {
if (virSecurityManagerSetAllLabel(item->securityManager, vm,
- stdin_path, chardevStdioLogd,
+ incomingPath, chardevStdioLogd,
migrated) < 0)
goto rollback;
}
--
2.26.2
11:15 a.m.
New subject: [PATCH 7/7] qemu_security: Complete renaming of virSecurityManagerSetAllLabel() argument
Just like in the previous commit, the stdin_path argument of
virSecurityManagerSetAllLabel() is renamed to incomingPath.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_security.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index 34cfcd3256..621523f086 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -32,7 +32,7 @@ VIR_LOG_INIT("qemu.qemu_security");
int
qemuSecuritySetAllLabel(virQEMUDriverPtr driver,
virDomainObjPtr vm,
- const char *stdin_path,
+ const char *incomingPath,
bool migrated)
{
int ret = -1;
@@ -47,7 +47,7 @@ qemuSecuritySetAllLabel(virQEMUDriverPtr driver,
if (virSecurityManagerSetAllLabel(driver->securityManager,
vm->def,
- stdin_path,
+ incomingPath,
priv->chardevStdioLogd,
migrated) < 0)
goto cleanup;
--
2.26.2
5:44 a.m.
New subject: [PATCH 7/7] qemu_security: Complete renaming of virSecurityManagerSetAllLabel() argument
On Wed, Jul 01, 2020 at 06:15:07PM +0200, Michal Privoznik wrote:
Just like in the previous commit, the stdin_path argument of
virSecurityManagerSetAllLabel() is renamed to incomingPath.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_security.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index 34cfcd3256..621523f086 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -32,7 +32,7 @@ VIR_LOG_INIT("qemu.qemu_security");
int
qemuSecuritySetAllLabel(virQEMUDriverPtr driver,
virDomainObjPtr vm,
- const char *stdin_path,
+ const char *incomingPath,
bool migrated)
The same change should be performed in qemu_security.h
I also think since all of the stdin_path occurrences are security related, you
can squash 6 and 7 together. While doing that you might as well toss in an
identical patch for da863c2ad15 which also missed the same change in the header
file.
Erik
5:47 a.m.
On Wed, Jul 01, 2020 at 06:15:00PM +0200, Michal Privoznik wrote:
See 4/7 for detailed explanation.
Michal Prívozník (7):
security: Reintroduce virSecurityManager{Set,Restore}SavedStateLabel
qemu_security: Implement
virSecurityManager{Set,Restore}SavedStateLabel
security_selinux: Implement
virSecurityManager{Set,Restore}SavedStateLabel
qemu: Use qemuSecuritySetSavedStateLabel() to label restore path
Revert "qemuSecurityDomainRestorePathLabel: Introduce @ignoreNS
argument"
secdrivers: Rename @stdin_path argument of
virSecurityDomainSetAllLabel()
qemu_security: Complete renaming of virSecurityManagerSetAllLabel()
argument
I gave it a try, compared it to both 6.5.0 and to the much older 4.6.0 as per
the bugzilla in 4/7 and it worked.
Reviewed-by: Erik Skultety <eskultet(a)redhat.com>
1596
days inactive
1605
days old
9 comments
2 participants
participants (2)
-
Erik Skultety -
Michal Privoznik