From 34a19dda1c525e3e94a7b51cd161fafba8f2fbe8 Mon Sep 17 00:00:00 2001 From: Laine Stump Date: Sun, 23 Jan 2011 16:09:40 -0500 Subject: [PATCH] Set SELinux context label of pipes used for qemu migration This patch is a partial resolution to the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=667756 (to complete the fix, an updated selinux-policy package is required, to add the policy that allows libvirt to set the context of a fifo, which was previously not allowed). Explanation : When an incoming migration is over a pipe (for example, if the image was compressed and is being fed through gzip, or was on a root-squash nfs server, so needed to be opened by a child process running as a different uid), qemu cannot read it unless the selinux context label for the pipe has been set properly. The solution is to check the fd used as the source of the migration just before passing it to qemu; if it's a fifo (implying that it's a pipe), we call the newly added virSecurityManagerSetFDLabel() function to set the context properly. --- src/qemu/qemu_driver.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 575dbd3395..b6a5cd68a8 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -2667,6 +2667,24 @@ static int qemudStartVMDaemon(virConnectPtr conn, vm, stdin_path) < 0) goto cleanup; + if (stdin_fd != -1) { + /* if there's an fd to migrate from, and it's a pipe, put the + * proper security label on it + */ + struct stat stdin_sb; + + DEBUG0("setting security label on pipe used for migration"); + + if (fstat(stdin_fd, &stdin_sb) < 0) { + virReportSystemError(errno, + _("cannot stat fd %d"), stdin_fd); + goto cleanup; + } + if (S_ISFIFO(stdin_sb.st_mode) && + virSecurityManagerSetFDLabel(driver->securityManager, vm, stdin_fd) < 0) + goto cleanup; + } + /* Ensure no historical cgroup for this VM is lying around bogus * settings */ DEBUG0("Ensuring no historical cgroup is lying around");