External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-22 05:35:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemu: Propagate shared_filesystems

Browse Source 
virFileIsSharedFS() is the function that ultimately decides
whether a filesystem should be considered shared, but the list
of manually configured shared filesystems is part of the QEMU
driver's configuration, so we need to pass the information
through several layers in order to make use of it.

Note that with this change the list is propagated all the way
through, but its contents are still ignored, so the behavior
remains the same for now.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
This commit is contained in:
Andrea Bolognani 2024-08-02 15:23:36 +02:00
parent df3597ee70
commit 6952af8b43
21 changed files with 281 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/lxc/lxc_controller.c
View File

@ -1919,7 +1919,8 @@ static int virLXCControllerSetupDisk(virLXCController *ctrl,
/* Labelling normally operates on src, but we need /* Labelling normally operates on src, but we need
* to actually label the dst here, so hack the config */ * to actually label the dst here, so hack the config */
def->src->path = dst; def->src->path = dst;
if (virSecurityManagerSetImageLabel(securityDriver, ctrl->def, def->src, if (virSecurityManagerSetImageLabel(securityDriver,
NULL, ctrl->def, def->src,
VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN) < 0) VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN) < 0)
goto cleanup; goto cleanup;

2
src/lxc/lxc_driver.c
View File

@ -3265,7 +3265,7 @@ lxcDomainAttachDeviceMknodHelper(pid_t pid G_GNUC_UNUSED,
char *tmpsrc = def->src->path; char *tmpsrc = def->src->path;
def->src->path = data->file; def->src->path = data->file;
if (virSecurityManagerSetImageLabel(data->driver->securityManager, if (virSecurityManagerSetImageLabel(data->driver->securityManager,
data->vm->def, def->src, NULL, data->vm->def, def->src,
VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN) < 0) { VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN) < 0) {
def->src->path = tmpsrc; def->src->path = tmpsrc;
goto cleanup; goto cleanup;

4
src/lxc/lxc_process.c
View File

@ -170,7 +170,7 @@ static void virLXCProcessCleanup(virLXCDriver *driver,
} }
if (flags & VIR_LXC_PROCESS_CLEANUP_RESTORE_SECLABEL) { if (flags & VIR_LXC_PROCESS_CLEANUP_RESTORE_SECLABEL) {
virSecurityManagerRestoreAllLabel(driver->securityManager, virSecurityManagerRestoreAllLabel(driver->securityManager, NULL,
vm->def, false, false); vm->def, false, false);
} }
@ -1320,7 +1320,7 @@ int virLXCProcessStart(virLXCDriver * driver,
stopFlags |= VIR_LXC_PROCESS_CLEANUP_RELEASE_SECLABEL; stopFlags |= VIR_LXC_PROCESS_CLEANUP_RELEASE_SECLABEL;
VIR_DEBUG("Setting domain security labels"); VIR_DEBUG("Setting domain security labels");
if (virSecurityManagerSetAllLabel(driver->securityManager, if (virSecurityManagerSetAllLabel(driver->securityManager, NULL,
vm->def, NULL, false, false) < 0) vm->def, NULL, false, false) < 0)
goto cleanup; goto cleanup;
stopFlags |= VIR_LXC_PROCESS_CLEANUP_RESTORE_SECLABEL; stopFlags |= VIR_LXC_PROCESS_CLEANUP_RESTORE_SECLABEL;

7
src/qemu/qemu_domain.c
View File

@ -12129,7 +12129,12 @@ virQEMUFileOpenAs(uid_t fallback_uid,
bool need_unlink = false; bool need_unlink = false;
unsigned int vfoflags = 0; unsigned int vfoflags = 0;
int fd = -1; int fd = -1;
int path_shared = virFileIsSharedFS(path); /* Note that it would be pointless to pass
* virQEMUDriverConfig.sharedFilesystems here, since those
* listed there are by definition paths that can be accessed
* as local from the current host. Thus, a second attempt at
* opening the file would not make a difference */
int path_shared = virFileIsSharedFS(path, NULL);
uid_t uid = geteuid(); uid_t uid = geteuid();
gid_t gid = getegid(); gid_t gid = getegid();

2
src/qemu/qemu_extdevice.c
View File

@ -165,7 +165,7 @@ qemuExtDevicesCleanupHost(virQEMUDriver *driver,
virDomainTPMDef *tpm = def->tpms[i]; virDomainTPMDef *tpm = def->tpms[i];
if (tpm->type == VIR_DOMAIN_TPM_TYPE_EMULATOR) if (tpm->type == VIR_DOMAIN_TPM_TYPE_EMULATOR)
qemuExtTPMCleanupHost(tpm, flags, outgoingMigration); qemuExtTPMCleanupHost(driver, tpm, flags, outgoingMigration);
} }
} }

21
src/qemu/qemu_migration.c
View File

@ -1435,6 +1435,7 @@ qemuMigrationSrcIsAllowed(virDomainObj *vm,
unsigned int flags) unsigned int flags)
{ {
qemuDomainObjPrivate *priv = vm->privateData; qemuDomainObjPrivate *priv = vm->privateData;
virQEMUDriver *driver = priv->driver;
int nsnapshots; int nsnapshots;
int pauseReason; int pauseReason;
size_t i; size_t i;
@ -1609,7 +1610,7 @@ qemuMigrationSrcIsAllowed(virDomainObj *vm,
} }
} }
if (qemuTPMHasSharedStorage(vm->def)&& if (qemuTPMHasSharedStorage(driver, vm->def) &&
!qemuTPMCanMigrateSharedStorage(vm->def)) { !qemuTPMCanMigrateSharedStorage(vm->def)) {
virReportError(VIR_ERR_NO_SUPPORT, "%s", virReportError(VIR_ERR_NO_SUPPORT, "%s",
_("the running swtpm does not support migration with shared storage")); _("the running swtpm does not support migration with shared storage"));
@ -1621,19 +1622,22 @@ qemuMigrationSrcIsAllowed(virDomainObj *vm,
} }
static bool static bool
qemuMigrationSrcIsSafe(virDomainDef *def, qemuMigrationSrcIsSafe(virDomainObj *vm,
virQEMUCaps *qemuCaps,
const char **migrate_disks, const char **migrate_disks,
unsigned int flags) unsigned int flags)
{ {
qemuDomainObjPrivate *priv = vm->privateData;
virQEMUCaps *qemuCaps = priv->qemuCaps;
virQEMUDriver *driver = priv->driver;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
bool storagemigration = flags & (VIR_MIGRATE_NON_SHARED_DISK | bool storagemigration = flags & (VIR_MIGRATE_NON_SHARED_DISK |
VIR_MIGRATE_NON_SHARED_INC); VIR_MIGRATE_NON_SHARED_INC);
size_t i; size_t i;
int rc; int rc;
for (i = 0; i < def->ndisks; i++) { for (i = 0; i < vm->def->ndisks; i++) {
virDomainDiskDef *disk = def->disks[i]; virDomainDiskDef *disk = vm->def->disks[i];
const char *src = virDomainDiskGetSource(disk); const char *src = virDomainDiskGetSource(disk);
virStorageType actualType = virStorageSourceGetActualType(disk->src); virStorageType actualType = virStorageSourceGetActualType(disk->src);
bool unsafe = false; bool unsafe = false;
@ -1652,7 +1656,7 @@ qemuMigrationSrcIsSafe(virDomainDef *def,
/* However, disks on local FS (e.g. ext4) are not safe. */ /* However, disks on local FS (e.g. ext4) are not safe. */
switch (actualType) { switch (actualType) {
case VIR_STORAGE_TYPE_FILE: case VIR_STORAGE_TYPE_FILE:
if ((rc = virFileIsSharedFS(src)) < 0) { if ((rc = virFileIsSharedFS(src, cfg->sharedFilesystems)) < 0) {
return false; return false;
} else if (rc == 0) { } else if (rc == 0) {
unsafe = true; unsafe = true;
@ -2646,7 +2650,7 @@ qemuMigrationSrcBeginPhase(virQEMUDriver *driver,
return NULL; return NULL;
if (!(flags & (VIR_MIGRATE_UNSAFE | VIR_MIGRATE_OFFLINE)) && if (!(flags & (VIR_MIGRATE_UNSAFE | VIR_MIGRATE_OFFLINE)) &&
!qemuMigrationSrcIsSafe(vm->def, priv->qemuCaps, migrate_disks, flags)) !qemuMigrationSrcIsSafe(vm, migrate_disks, flags))
return NULL; return NULL;
if (flags & VIR_MIGRATE_POSTCOPY && if (flags & VIR_MIGRATE_POSTCOPY &&
@ -6130,7 +6134,6 @@ qemuMigrationSrcPerformJob(virQEMUDriver *driver,
int ret = -1; int ret = -1;
virErrorPtr orig_err = NULL; virErrorPtr orig_err = NULL;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver); g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
qemuDomainObjPrivate *priv = vm->privateData;
qemuDomainJobPrivate *jobPriv = vm->job->privateData; qemuDomainJobPrivate *jobPriv = vm->job->privateData;
if (flags & VIR_MIGRATE_POSTCOPY_RESUME) { if (flags & VIR_MIGRATE_POSTCOPY_RESUME) {
@ -6155,7 +6158,7 @@ qemuMigrationSrcPerformJob(virQEMUDriver *driver,
goto endjob; goto endjob;
if (!(flags & (VIR_MIGRATE_UNSAFE | VIR_MIGRATE_OFFLINE)) && if (!(flags & (VIR_MIGRATE_UNSAFE | VIR_MIGRATE_OFFLINE)) &&
!qemuMigrationSrcIsSafe(vm->def, priv->qemuCaps, migrate_disks, flags)) !qemuMigrationSrcIsSafe(vm, migrate_disks, flags))
goto endjob; goto endjob;
qemuMigrationSrcStoreDomainState(vm); qemuMigrationSrcStoreDomainState(vm);

85
src/qemu/qemu_security.c
View File

@ -38,15 +38,18 @@ qemuSecuritySetAllLabel(virQEMUDriver *driver,
{ {
int ret = -1; int ret = -1;
qemuDomainObjPrivate *priv = vm->privateData; qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1; pid_t pid = -1;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid; pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0) if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup; goto cleanup;
if (virSecurityManagerSetAllLabel(driver->securityManager, if (virSecurityManagerSetAllLabel(driver->securityManager,
cfg->sharedFilesystems,
vm->def, vm->def,
incomingPath, incomingPath,
priv->chardevStdioLogd, priv->chardevStdioLogd,
@ -70,6 +73,7 @@ qemuSecurityRestoreAllLabel(virQEMUDriver *driver,
bool migrated) bool migrated)
{ {
qemuDomainObjPrivate *priv = vm->privateData; qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
bool transactionStarted = false; bool transactionStarted = false;
/* In contrast to qemuSecuritySetAllLabel, do not use vm->pid /* In contrast to qemuSecuritySetAllLabel, do not use vm->pid
@ -78,10 +82,12 @@ qemuSecurityRestoreAllLabel(virQEMUDriver *driver,
* domain's namespace is gone as qemu was the only process * domain's namespace is gone as qemu was the only process
* running there. We would not succeed in entering the * running there. We would not succeed in entering the
* namespace then. */ * namespace then. */
if (virSecurityManagerTransactionStart(driver->securityManager) >= 0) if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) >= 0)
transactionStarted = true; transactionStarted = true;
virSecurityManagerRestoreAllLabel(driver->securityManager, virSecurityManagerRestoreAllLabel(driver->securityManager,
cfg->sharedFilesystems,
vm->def, vm->def,
migrated, migrated,
priv->chardevStdioLogd); priv->chardevStdioLogd);
@ -103,6 +109,7 @@ qemuSecuritySetImageLabel(virQEMUDriver *driver,
bool chainTop) bool chainTop)
{ {
qemuDomainObjPrivate *priv = vm->privateData; qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1; pid_t pid = -1;
int ret = -1; int ret = -1;
virSecurityDomainImageLabelFlags labelFlags = 0; virSecurityDomainImageLabelFlags labelFlags = 0;
@ -116,10 +123,12 @@ qemuSecuritySetImageLabel(virQEMUDriver *driver,
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid; pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0) if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup; goto cleanup;
if (virSecurityManagerSetImageLabel(driver->securityManager, if (virSecurityManagerSetImageLabel(driver->securityManager,
cfg->sharedFilesystems,
vm->def, src, labelFlags) < 0) vm->def, src, labelFlags) < 0)
goto cleanup; goto cleanup;
@ -141,6 +150,7 @@ qemuSecurityRestoreImageLabel(virQEMUDriver *driver,
bool backingChain) bool backingChain)
{ {
qemuDomainObjPrivate *priv = vm->privateData; qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1; pid_t pid = -1;
int ret = -1; int ret = -1;
virSecurityDomainImageLabelFlags labelFlags = 0; virSecurityDomainImageLabelFlags labelFlags = 0;
@ -151,10 +161,12 @@ qemuSecurityRestoreImageLabel(virQEMUDriver *driver,
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid; pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0) if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup; goto cleanup;
if (virSecurityManagerRestoreImageLabel(driver->securityManager, if (virSecurityManagerRestoreImageLabel(driver->securityManager,
cfg->sharedFilesystems,
vm->def, src, labelFlags) < 0) vm->def, src, labelFlags) < 0)
goto cleanup; goto cleanup;
@ -176,6 +188,7 @@ qemuSecurityMoveImageMetadata(virQEMUDriver *driver,
virStorageSource *dst) virStorageSource *dst)
{ {
qemuDomainObjPrivate *priv = vm->privateData; qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1; pid_t pid = -1;
if (!priv->rememberOwner) if (!priv->rememberOwner)
@ -184,7 +197,9 @@ qemuSecurityMoveImageMetadata(virQEMUDriver *driver,
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid; pid = vm->pid;
return virSecurityManagerMoveImageMetadata(driver->securityManager, pid, src, dst); return virSecurityManagerMoveImageMetadata(driver->securityManager,
cfg->sharedFilesystems,
pid, src, dst);
} }
@ -194,13 +209,15 @@ qemuSecuritySetHostdevLabel(virQEMUDriver *driver,
virDomainHostdevDef *hostdev) virDomainHostdevDef *hostdev)
{ {
qemuDomainObjPrivate *priv = vm->privateData; qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1; pid_t pid = -1;
int ret = -1; int ret = -1;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid; pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0) if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup; goto cleanup;
if (virSecurityManagerSetHostdevLabel(driver->securityManager, if (virSecurityManagerSetHostdevLabel(driver->securityManager,
@ -226,13 +243,15 @@ qemuSecurityRestoreHostdevLabel(virQEMUDriver *driver,
virDomainHostdevDef *hostdev) virDomainHostdevDef *hostdev)
{ {
qemuDomainObjPrivate *priv = vm->privateData; qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1; pid_t pid = -1;
int ret = -1; int ret = -1;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid; pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0) if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup; goto cleanup;
if (virSecurityManagerRestoreHostdevLabel(driver->securityManager, if (virSecurityManagerRestoreHostdevLabel(driver->securityManager,
@ -258,13 +277,15 @@ qemuSecuritySetMemoryLabel(virQEMUDriver *driver,
virDomainMemoryDef *mem) virDomainMemoryDef *mem)
{ {
qemuDomainObjPrivate *priv = vm->privateData; qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1; pid_t pid = -1;
int ret = -1; int ret = -1;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid; pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0) if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup; goto cleanup;
if (virSecurityManagerSetMemoryLabel(driver->securityManager, if (virSecurityManagerSetMemoryLabel(driver->securityManager,
@ -289,13 +310,15 @@ qemuSecurityRestoreMemoryLabel(virQEMUDriver *driver,
virDomainMemoryDef *mem) virDomainMemoryDef *mem)
{ {
qemuDomainObjPrivate *priv = vm->privateData; qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1; pid_t pid = -1;
int ret = -1; int ret = -1;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid; pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0) if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup; goto cleanup;
if (virSecurityManagerRestoreMemoryLabel(driver->securityManager, if (virSecurityManagerRestoreMemoryLabel(driver->securityManager,
@ -320,13 +343,15 @@ qemuSecuritySetInputLabel(virDomainObj *vm,
{ {
qemuDomainObjPrivate *priv = vm->privateData; qemuDomainObjPrivate *priv = vm->privateData;
virQEMUDriver *driver = priv->driver; virQEMUDriver *driver = priv->driver;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1; pid_t pid = -1;
int ret = -1; int ret = -1;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid; pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0) if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup; goto cleanup;
if (virSecurityManagerSetInputLabel(driver->securityManager, if (virSecurityManagerSetInputLabel(driver->securityManager,
@ -351,13 +376,15 @@ qemuSecurityRestoreInputLabel(virDomainObj *vm,
{ {
qemuDomainObjPrivate *priv = vm->privateData; qemuDomainObjPrivate *priv = vm->privateData;
virQEMUDriver *driver = priv->driver; virQEMUDriver *driver = priv->driver;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1; pid_t pid = -1;
int ret = -1; int ret = -1;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid; pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0) if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup; goto cleanup;
if (virSecurityManagerRestoreInputLabel(driver->securityManager, if (virSecurityManagerRestoreInputLabel(driver->securityManager,
@ -383,12 +410,14 @@ qemuSecuritySetChardevLabel(virQEMUDriver *driver,
{ {
int ret = -1; int ret = -1;
qemuDomainObjPrivate *priv = vm->privateData; qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1; pid_t pid = -1;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid; pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0) if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup; goto cleanup;
if (virSecurityManagerSetChardevLabel(driver->securityManager, if (virSecurityManagerSetChardevLabel(driver->securityManager,
@ -415,12 +444,14 @@ qemuSecurityRestoreChardevLabel(virQEMUDriver *driver,
{ {
int ret = -1; int ret = -1;
qemuDomainObjPrivate *priv = vm->privateData; qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1; pid_t pid = -1;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid; pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0) if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup; goto cleanup;
if (virSecurityManagerRestoreChardevLabel(driver->securityManager, if (virSecurityManagerRestoreChardevLabel(driver->securityManager,
@ -446,12 +477,14 @@ qemuSecuritySetNetdevLabel(virQEMUDriver *driver,
{ {
int ret = -1; int ret = -1;
qemuDomainObjPrivate *priv = vm->privateData; qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1; pid_t pid = -1;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid; pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0) if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup; goto cleanup;
if (virSecurityManagerSetNetdevLabel(driver->securityManager, if (virSecurityManagerSetNetdevLabel(driver->securityManager,
@ -476,12 +509,14 @@ qemuSecurityRestoreNetdevLabel(virQEMUDriver *driver,
{ {
int ret = -1; int ret = -1;
qemuDomainObjPrivate *priv = vm->privateData; qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1; pid_t pid = -1;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid; pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0) if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup; goto cleanup;
if (virSecurityManagerRestoreNetdevLabel(driver->securityManager, if (virSecurityManagerRestoreNetdevLabel(driver->securityManager,
@ -505,9 +540,11 @@ qemuSecuritySetTPMLabels(virQEMUDriver *driver,
bool setTPMStateLabel) bool setTPMStateLabel)
{ {
qemuDomainObjPrivate *priv = vm->privateData; qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
int ret = -1; int ret = -1;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0) if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup; goto cleanup;
if (virSecurityManagerSetTPMLabels(driver->securityManager, if (virSecurityManagerSetTPMLabels(driver->securityManager,
@ -531,9 +568,11 @@ qemuSecurityRestoreTPMLabels(virQEMUDriver *driver,
bool restoreTPMStateLabel) bool restoreTPMStateLabel)
{ {
qemuDomainObjPrivate *priv = vm->privateData; qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
int ret = -1; int ret = -1;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0) if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup; goto cleanup;
if (virSecurityManagerRestoreTPMLabels(driver->securityManager, if (virSecurityManagerRestoreTPMLabels(driver->securityManager,
@ -558,13 +597,15 @@ qemuSecurityDomainSetPathLabel(virQEMUDriver *driver,
bool allowSubtree) bool allowSubtree)
{ {
qemuDomainObjPrivate *priv = vm->privateData; qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1; pid_t pid = -1;
int ret = -1; int ret = -1;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid; pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0) if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup; goto cleanup;
if (virSecurityManagerDomainSetPathLabel(driver->securityManager, if (virSecurityManagerDomainSetPathLabel(driver->securityManager,
@ -590,13 +631,15 @@ qemuSecurityDomainRestorePathLabel(virQEMUDriver *driver,
const char *path) const char *path)
{ {
qemuDomainObjPrivate *priv = vm->privateData; qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1; pid_t pid = -1;
int ret = -1; int ret = -1;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid; pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0) if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup; goto cleanup;
if (virSecurityManagerDomainRestorePathLabel(driver->securityManager, if (virSecurityManagerDomainRestorePathLabel(driver->securityManager,
@ -634,6 +677,7 @@ qemuSecurityDomainSetMountNSPathLabel(virQEMUDriver *driver,
const char *path) const char *path)
{ {
int ret = -1; int ret = -1;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
if (!qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) { if (!qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) {
VIR_DEBUG("Not labeling '%s': mount namespace disabled for domain '%s'", VIR_DEBUG("Not labeling '%s': mount namespace disabled for domain '%s'",
@ -641,7 +685,8 @@ qemuSecurityDomainSetMountNSPathLabel(virQEMUDriver *driver,
return 1; return 1;
} }
if (virSecurityManagerTransactionStart(driver->securityManager) < 0) if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup; goto cleanup;
if (virSecurityManagerDomainSetPathLabel(driver->securityManager, if (virSecurityManagerDomainSetPathLabel(driver->securityManager,

29
src/qemu/qemu_tpm.c
View File

@ -538,6 +538,7 @@ qemuTPMEmulatorReconfigure(const char *storagepath,
* @privileged: whether we are running in privileged mode * @privileged: whether we are running in privileged mode
* @swtpm_user: The uid for the swtpm to run as (drop privileges to from root) * @swtpm_user: The uid for the swtpm to run as (drop privileges to from root)
* @swtpm_group: The gid for the swtpm to run as * @swtpm_group: The gid for the swtpm to run as
* @sharedFilesystems: list of filesystem to consider shared
* @incomingMigration: whether we have an incoming migration * @incomingMigration: whether we have an incoming migration
* *
* Create the virCommand use for starting the emulator * Create the virCommand use for starting the emulator
@ -551,6 +552,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
bool privileged, bool privileged,
uid_t swtpm_user, uid_t swtpm_user,
gid_t swtpm_group, gid_t swtpm_group,
char *const *sharedFilesystems,
bool incomingMigration) bool incomingMigration)
{ {
g_autoptr(virCommand) cmd = NULL; g_autoptr(virCommand) cmd = NULL;
@ -568,7 +570,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
/* Do not create storage and run swtpm_setup on incoming migration over /* Do not create storage and run swtpm_setup on incoming migration over
* shared storage * shared storage
*/ */
on_shared_storage = virFileIsSharedFS(tpm->data.emulator.storagepath) == 1; on_shared_storage = virFileIsSharedFS(tpm->data.emulator.storagepath, sharedFilesystems) == 1;
if (incomingMigration && on_shared_storage) if (incomingMigration && on_shared_storage)
create_storage = false; create_storage = false;
@ -738,6 +740,7 @@ qemuTPMEmulatorInitPaths(virDomainTPMDef *tpm,
/** /**
* qemuTPMEmulatorCleanupHost: * qemuTPMEmulatorCleanupHost:
* @driver: QEMU driver
* @tpm: TPM definition * @tpm: TPM definition
* @flags: flags indicating whether to keep or remove TPM persistent state * @flags: flags indicating whether to keep or remove TPM persistent state
* @outgoingMigration: whether cleanup is due to an outgoing migration * @outgoingMigration: whether cleanup is due to an outgoing migration
@ -745,15 +748,18 @@ qemuTPMEmulatorInitPaths(virDomainTPMDef *tpm,
* Clean up persistent storage for the swtpm. * Clean up persistent storage for the swtpm.
*/ */
static void static void
qemuTPMEmulatorCleanupHost(virDomainTPMDef *tpm, qemuTPMEmulatorCleanupHost(virQEMUDriver *driver,
virDomainTPMDef *tpm,
virDomainUndefineFlagsValues flags, virDomainUndefineFlagsValues flags,
bool outgoingMigration) bool outgoingMigration)
{ {
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
/* Never remove the state in case of outgoing migration with shared /* Never remove the state in case of outgoing migration with shared
* storage. * storage.
*/ */
if (outgoingMigration && if (outgoingMigration &&
virFileIsSharedFS(tpm->data.emulator.storagepath) == 1) virFileIsSharedFS(tpm->data.emulator.storagepath, cfg->sharedFilesystems) == 1)
return; return;
/* /*
@ -939,6 +945,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
driver->privileged, driver->privileged,
cfg->swtpm_user, cfg->swtpm_user,
cfg->swtpm_group, cfg->swtpm_group,
cfg->sharedFilesystems,
incomingMigration))) incomingMigration)))
return -1; return -1;
@ -954,7 +961,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
virCommandSetErrorFD(cmd, &errfd); virCommandSetErrorFD(cmd, &errfd);
if (incomingMigration && if (incomingMigration &&
virFileIsSharedFS(tpm->data.emulator.storagepath) == 1) { virFileIsSharedFS(tpm->data.emulator.storagepath, cfg->sharedFilesystems) == 1) {
/* security labels must have been set up on source already */ /* security labels must have been set up on source already */
setTPMStateLabel = false; setTPMStateLabel = false;
} }
@ -1014,8 +1021,10 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
bool bool
qemuTPMHasSharedStorage(virDomainDef *def) qemuTPMHasSharedStorage(virQEMUDriver *driver,
virDomainDef *def)
{ {
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
size_t i; size_t i;
for (i = 0; i < def->ntpms; i++) { for (i = 0; i < def->ntpms; i++) {
@ -1023,7 +1032,8 @@ qemuTPMHasSharedStorage(virDomainDef *def)
switch (tpm->type) { switch (tpm->type) {
case VIR_DOMAIN_TPM_TYPE_EMULATOR: case VIR_DOMAIN_TPM_TYPE_EMULATOR:
return virFileIsSharedFS(tpm->data.emulator.storagepath) == 1; return virFileIsSharedFS(tpm->data.emulator.storagepath,
cfg->sharedFilesystems) == 1;
case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
case VIR_DOMAIN_TPM_TYPE_EXTERNAL: case VIR_DOMAIN_TPM_TYPE_EXTERNAL:
case VIR_DOMAIN_TPM_TYPE_LAST: case VIR_DOMAIN_TPM_TYPE_LAST:
@ -1101,11 +1111,12 @@ qemuExtTPMPrepareHost(virQEMUDriver *driver,
void void
qemuExtTPMCleanupHost(virDomainTPMDef *tpm, qemuExtTPMCleanupHost(virQEMUDriver *driver,
virDomainTPMDef *tpm,
virDomainUndefineFlagsValues flags, virDomainUndefineFlagsValues flags,
bool outgoingMigration) bool outgoingMigration)
{ {
qemuTPMEmulatorCleanupHost(tpm, flags, outgoingMigration); qemuTPMEmulatorCleanupHost(driver, tpm, flags, outgoingMigration);
} }
@ -1137,7 +1148,7 @@ qemuExtTPMStop(virQEMUDriver *driver,
return; return;
qemuTPMEmulatorStop(cfg->swtpmStateDir, shortName); qemuTPMEmulatorStop(cfg->swtpmStateDir, shortName);
if (outgoingMigration && qemuTPMHasSharedStorage(vm->def)) if (outgoingMigration && qemuTPMHasSharedStorage(driver, vm->def))
restoreTPMStateLabel = false; restoreTPMStateLabel = false;
if (qemuSecurityRestoreTPMLabels(driver, vm, restoreTPMStateLabel) < 0) if (qemuSecurityRestoreTPMLabels(driver, vm, restoreTPMStateLabel) < 0)

10
src/qemu/qemu_tpm.h
View File

@ -35,10 +35,11 @@ int qemuExtTPMPrepareHost(virQEMUDriver *driver,
ATTRIBUTE_NONNULL(3) ATTRIBUTE_NONNULL(3)
G_GNUC_WARN_UNUSED_RESULT; G_GNUC_WARN_UNUSED_RESULT;
void qemuExtTPMCleanupHost(virDomainTPMDef *tpm, void qemuExtTPMCleanupHost(virQEMUDriver *driver,
virDomainTPMDef *tpm,
virDomainUndefineFlagsValues flags, virDomainUndefineFlagsValues flags,
bool outgoingMigration) bool outgoingMigration)
ATTRIBUTE_NONNULL(1); ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
int qemuExtTPMStart(virQEMUDriver *driver, int qemuExtTPMStart(virQEMUDriver *driver,
virDomainObj *vm, virDomainObj *vm,
@ -59,8 +60,9 @@ int qemuExtTPMSetupCgroup(virQEMUDriver *driver,
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3) ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
G_GNUC_WARN_UNUSED_RESULT; G_GNUC_WARN_UNUSED_RESULT;
bool qemuTPMHasSharedStorage(virDomainDef *def) bool qemuTPMHasSharedStorage(virQEMUDriver *driver,
ATTRIBUTE_NONNULL(1) virDomainDef *def)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2)
G_GNUC_WARN_UNUSED_RESULT; G_GNUC_WARN_UNUSED_RESULT;
bool qemuTPMCanMigrateSharedStorage(virDomainDef *def) bool qemuTPMCanMigrateSharedStorage(virDomainDef *def)

8
src/security/security_apparmor.c
View File

@ -415,6 +415,7 @@ AppArmorGenSecurityLabel(virSecurityManager *mgr G_GNUC_UNUSED,
static int static int
AppArmorSetSecurityAllLabel(virSecurityManager *mgr, AppArmorSetSecurityAllLabel(virSecurityManager *mgr,
char *const *sharedFilesystems G_GNUC_UNUSED,
virDomainDef *def, virDomainDef *def,
const char *incomingPath, const char *incomingPath,
bool chardevStdioLogd G_GNUC_UNUSED, bool chardevStdioLogd G_GNUC_UNUSED,
@ -489,6 +490,7 @@ AppArmorReleaseSecurityLabel(virSecurityManager *mgr G_GNUC_UNUSED,
static int static int
AppArmorRestoreSecurityAllLabel(virSecurityManager *mgr G_GNUC_UNUSED, AppArmorRestoreSecurityAllLabel(virSecurityManager *mgr G_GNUC_UNUSED,
char *const *sharedFilesystems G_GNUC_UNUSED,
virDomainDef *def, virDomainDef *def,
bool migrated G_GNUC_UNUSED, bool migrated G_GNUC_UNUSED,
bool chardevStdioLogd G_GNUC_UNUSED) bool chardevStdioLogd G_GNUC_UNUSED)
@ -607,6 +609,7 @@ AppArmorClearSecuritySocketLabel(virSecurityManager *mgr G_GNUC_UNUSED,
/* Called when hotplugging */ /* Called when hotplugging */
static int static int
AppArmorRestoreSecurityImageLabel(virSecurityManager *mgr, AppArmorRestoreSecurityImageLabel(virSecurityManager *mgr,
char *const *sharedFilesystems G_GNUC_UNUSED,
virDomainDef *def, virDomainDef *def,
virStorageSource *src, virStorageSource *src,
virSecurityDomainImageLabelFlags flags G_GNUC_UNUSED) virSecurityDomainImageLabelFlags flags G_GNUC_UNUSED)
@ -711,6 +714,7 @@ AppArmorRestoreInputLabel(virSecurityManager *mgr,
/* Called when hotplugging */ /* Called when hotplugging */
static int static int
AppArmorSetSecurityImageLabelInternal(virSecurityManager *mgr, AppArmorSetSecurityImageLabelInternal(virSecurityManager *mgr,
char *const *sharedFilesystems G_GNUC_UNUSED,
virDomainDef *def, virDomainDef *def,
virStorageSource *src) virStorageSource *src)
{ {
@ -744,6 +748,7 @@ AppArmorSetSecurityImageLabelInternal(virSecurityManager *mgr,
static int static int
AppArmorSetSecurityImageLabel(virSecurityManager *mgr, AppArmorSetSecurityImageLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def, virDomainDef *def,
virStorageSource *src, virStorageSource *src,
virSecurityDomainImageLabelFlags flags G_GNUC_UNUSED) virSecurityDomainImageLabelFlags flags G_GNUC_UNUSED)
@ -759,7 +764,8 @@ AppArmorSetSecurityImageLabel(virSecurityManager *mgr,
return 0; return 0;
for (n = src; virStorageSourceIsBacking(n); n = n->backingStore) { for (n = src; virStorageSourceIsBacking(n); n = n->backingStore) {
if (AppArmorSetSecurityImageLabelInternal(mgr, def, n) < 0) if (AppArmorSetSecurityImageLabelInternal(mgr, sharedFilesystems,
def, n) < 0)
return -1; return -1;
} }

47
src/security/security_dac.c
View File

@ -79,6 +79,7 @@ struct _virSecurityDACChownItem {
typedef struct _virSecurityDACChownList virSecurityDACChownList; typedef struct _virSecurityDACChownList virSecurityDACChownList;
struct _virSecurityDACChownList { struct _virSecurityDACChownList {
virSecurityManager *manager; virSecurityManager *manager;
char **sharedFilesystems;
virSecurityDACChownItem **items; virSecurityDACChownItem **items;
size_t nItems; size_t nItems;
bool lock; bool lock;
@ -137,6 +138,7 @@ virSecurityDACChownListFree(void *opaque)
virSecurityDACChownItemFree(list->items[i]); virSecurityDACChownItemFree(list->items[i]);
g_free(list->items); g_free(list->items);
virObjectUnref(list->manager); virObjectUnref(list->manager);
g_strfreev(list->sharedFilesystems);
g_free(list); g_free(list);
} }
@ -228,7 +230,9 @@ virSecurityDACTransactionRun(pid_t pid G_GNUC_UNUSED,
VIR_APPEND_ELEMENT_COPY_INPLACE(paths, npaths, p); VIR_APPEND_ELEMENT_COPY_INPLACE(paths, npaths, p);
} }
if (!(state = virSecurityManagerMetadataLock(list->manager, paths, npaths))) if (!(state = virSecurityManagerMetadataLock(list->manager,
list->sharedFilesystems,
paths, npaths)))
return -1; return -1;
for (i = 0; i < list->nItems; i++) { for (i = 0; i < list->nItems; i++) {
@ -533,6 +537,7 @@ virSecurityDACPreFork(virSecurityManager *mgr)
/** /**
* virSecurityDACTransactionStart: * virSecurityDACTransactionStart:
* @mgr: security manager * @mgr: security manager
* @sharedFilesystems: list of filesystem to consider shared
* *
* Starts a new transaction. In transaction nothing is chown()-ed until * Starts a new transaction. In transaction nothing is chown()-ed until
* TransactionCommit() is called. This is implemented as a list that is * TransactionCommit() is called. This is implemented as a list that is
@ -544,7 +549,8 @@ virSecurityDACPreFork(virSecurityManager *mgr)
* -1 otherwise. * -1 otherwise.
*/ */
static int static int
virSecurityDACTransactionStart(virSecurityManager *mgr) virSecurityDACTransactionStart(virSecurityManager *mgr,
char *const *sharedFilesystems)
{ {
g_autoptr(virSecurityDACChownList) list = NULL; g_autoptr(virSecurityDACChownList) list = NULL;
@ -557,6 +563,7 @@ virSecurityDACTransactionStart(virSecurityManager *mgr)
list = g_new0(virSecurityDACChownList, 1); list = g_new0(virSecurityDACChownList, 1);
list->manager = virObjectRef(mgr); list->manager = virObjectRef(mgr);
list->sharedFilesystems = g_strdupv((char **) sharedFilesystems);
if (virThreadLocalSet(&chownList, list) < 0) { if (virThreadLocalSet(&chownList, list) < 0) {
virReportSystemError(errno, "%s", virReportSystemError(errno, "%s",
@ -859,6 +866,7 @@ virSecurityDACRestoreFileLabel(virSecurityManager *mgr,
static int static int
virSecurityDACSetImageLabelInternal(virSecurityManager *mgr, virSecurityDACSetImageLabelInternal(virSecurityManager *mgr,
char *const *sharedFilesystems G_GNUC_UNUSED,
virDomainDef *def, virDomainDef *def,
virStorageSource *src, virStorageSource *src,
virStorageSource *parent, virStorageSource *parent,
@ -938,6 +946,7 @@ virSecurityDACSetImageLabelInternal(virSecurityManager *mgr,
static int static int
virSecurityDACSetImageLabel(virSecurityManager *mgr, virSecurityDACSetImageLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def, virDomainDef *def,
virStorageSource *src, virStorageSource *src,
virSecurityDomainImageLabelFlags flags) virSecurityDomainImageLabelFlags flags)
@ -948,7 +957,8 @@ virSecurityDACSetImageLabel(virSecurityManager *mgr,
for (n = src; virStorageSourceIsBacking(n); n = n->backingStore) { for (n = src; virStorageSourceIsBacking(n); n = n->backingStore) {
const bool isChainTop = flags & VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP; const bool isChainTop = flags & VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP;
if (virSecurityDACSetImageLabelInternal(mgr, def, n, parent, isChainTop) < 0) if (virSecurityDACSetImageLabelInternal(mgr, sharedFilesystems,
def, n, parent, isChainTop) < 0)
return -1; return -1;
if (!(flags & VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN)) if (!(flags & VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN))
@ -962,6 +972,7 @@ virSecurityDACSetImageLabel(virSecurityManager *mgr,
static int static int
virSecurityDACRestoreImageLabelInt(virSecurityManager *mgr, virSecurityDACRestoreImageLabelInt(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def, virDomainDef *def,
virStorageSource *src, virStorageSource *src,
bool migrated) bool migrated)
@ -1004,7 +1015,7 @@ virSecurityDACRestoreImageLabelInt(virSecurityManager *mgr,
if (!src->path) if (!src->path)
return 0; return 0;
if ((rc = virFileIsSharedFS(src->path)) < 0) if ((rc = virFileIsSharedFS(src->path, sharedFilesystems)) < 0)
return -1; return -1;
} }
@ -1038,16 +1049,19 @@ virSecurityDACRestoreImageLabelInt(virSecurityManager *mgr,
static int static int
virSecurityDACRestoreImageLabel(virSecurityManager *mgr, virSecurityDACRestoreImageLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def, virDomainDef *def,
virStorageSource *src, virStorageSource *src,
virSecurityDomainImageLabelFlags flags G_GNUC_UNUSED) virSecurityDomainImageLabelFlags flags G_GNUC_UNUSED)
{ {
return virSecurityDACRestoreImageLabelInt(mgr, def, src, false); return virSecurityDACRestoreImageLabelInt(mgr, sharedFilesystems,
def, src, false);
} }
struct virSecurityDACMoveImageMetadataData { struct virSecurityDACMoveImageMetadataData {
virSecurityManager *mgr; virSecurityManager *mgr;
char **sharedFilesystems;
const char *src; const char *src;
const char *dst; const char *dst;
}; };
@ -1062,7 +1076,9 @@ virSecurityDACMoveImageMetadataHelper(pid_t pid G_GNUC_UNUSED,
virSecurityManagerMetadataLockState *state; virSecurityManagerMetadataLockState *state;
int ret; int ret;
if (!(state = virSecurityManagerMetadataLock(data->mgr, paths, G_N_ELEMENTS(paths)))) if (!(state = virSecurityManagerMetadataLock(data->mgr,
data->sharedFilesystems,
paths, G_N_ELEMENTS(paths))))
return -1; return -1;
ret = virSecurityMoveRememberedLabel(SECURITY_DAC_NAME, data->src, data->dst); ret = virSecurityMoveRememberedLabel(SECURITY_DAC_NAME, data->src, data->dst);
@ -1079,12 +1095,17 @@ virSecurityDACMoveImageMetadataHelper(pid_t pid G_GNUC_UNUSED,
static int static int
virSecurityDACMoveImageMetadata(virSecurityManager *mgr, virSecurityDACMoveImageMetadata(virSecurityManager *mgr,
char *const *sharedFilesystems,
pid_t pid, pid_t pid,
virStorageSource *src, virStorageSource *src,
virStorageSource *dst) virStorageSource *dst)
{ {
virSecurityDACData *priv = virSecurityManagerGetPrivateData(mgr); virSecurityDACData *priv = virSecurityManagerGetPrivateData(mgr);
struct virSecurityDACMoveImageMetadataData data = { .mgr = mgr, 0 }; struct virSecurityDACMoveImageMetadataData data = {
.mgr = mgr,
.sharedFilesystems = (char **) sharedFilesystems,
0
};
int rc; int rc;
/* If dynamicOwnership is turned off, or owner remembering is /* If dynamicOwnership is turned off, or owner remembering is
@ -1883,6 +1904,7 @@ virSecurityDACRestoreSysinfoLabel(virSecurityManager *mgr,
static int static int
virSecurityDACRestoreAllLabel(virSecurityManager *mgr, virSecurityDACRestoreAllLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def, virDomainDef *def,
bool migrated, bool migrated,
bool chardevStdioLogd) bool chardevStdioLogd)
@ -1907,6 +1929,7 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr,
for (i = 0; i < def->ndisks; i++) { for (i = 0; i < def->ndisks; i++) {
if (virSecurityDACRestoreImageLabelInt(mgr, if (virSecurityDACRestoreImageLabelInt(mgr,
sharedFilesystems,
def, def,
def->disks[i]->src, def->disks[i]->src,
migrated) < 0) migrated) < 0)
@ -1974,7 +1997,8 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr,
} }
if (def->os.loader && def->os.loader->nvram) { if (def->os.loader && def->os.loader->nvram) {
if (virSecurityDACRestoreImageLabelInt(mgr, def, def->os.loader->nvram, if (virSecurityDACRestoreImageLabelInt(mgr, sharedFilesystems,
def, def->os.loader->nvram,
migrated) < 0) migrated) < 0)
rc = -1; rc = -1;
} }
@ -2120,6 +2144,7 @@ virSecurityDACSetSysinfoLabel(virSecurityManager *mgr,
static int static int
virSecurityDACSetAllLabel(virSecurityManager *mgr, virSecurityDACSetAllLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def, virDomainDef *def,
const char *incomingPath G_GNUC_UNUSED, const char *incomingPath G_GNUC_UNUSED,
bool chardevStdioLogd, bool chardevStdioLogd,
@ -2145,7 +2170,8 @@ virSecurityDACSetAllLabel(virSecurityManager *mgr,
/* XXX fixme - we need to recursively label the entire tree :-( */ /* XXX fixme - we need to recursively label the entire tree :-( */
if (virDomainDiskGetType(def->disks[i]) == VIR_STORAGE_TYPE_DIR) if (virDomainDiskGetType(def->disks[i]) == VIR_STORAGE_TYPE_DIR)
continue; continue;
if (virSecurityDACSetImageLabel(mgr, def, def->disks[i]->src, if (virSecurityDACSetImageLabel(mgr, sharedFilesystems,
def, def->disks[i]->src,
VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN | VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN |
VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP) < 0) VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP) < 0)
return -1; return -1;
@ -2214,7 +2240,8 @@ virSecurityDACSetAllLabel(virSecurityManager *mgr,
} }
if (def->os.loader && def->os.loader->nvram) { if (def->os.loader && def->os.loader->nvram) {
if (virSecurityDACSetImageLabel(mgr, def, def->os.loader->nvram, if (virSecurityDACSetImageLabel(mgr, sharedFilesystems,
def, def->os.loader->nvram,
VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN | VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN |
VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP) < 0) VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP) < 0)
return -1; return -1;

8
src/security/security_driver.h
View File

@ -46,7 +46,8 @@ typedef const char *(*virSecurityDriverGetBaseLabel) (virSecurityManager *mgr,
typedef int (*virSecurityDriverPreFork) (virSecurityManager *mgr); typedef int (*virSecurityDriverPreFork) (virSecurityManager *mgr);
typedef int (*virSecurityDriverTransactionStart) (virSecurityManager *mgr); typedef int (*virSecurityDriverTransactionStart) (virSecurityManager *mgr,
char *const *sharedFilesystems);
typedef int (*virSecurityDriverTransactionCommit) (virSecurityManager *mgr, typedef int (*virSecurityDriverTransactionCommit) (virSecurityManager *mgr,
pid_t pid, pid_t pid,
bool lock); bool lock);
@ -80,11 +81,13 @@ typedef int (*virSecurityDomainReserveLabel) (virSecurityManager *mgr,
typedef int (*virSecurityDomainReleaseLabel) (virSecurityManager *mgr, typedef int (*virSecurityDomainReleaseLabel) (virSecurityManager *mgr,
virDomainDef *sec); virDomainDef *sec);
typedef int (*virSecurityDomainSetAllLabel) (virSecurityManager *mgr, typedef int (*virSecurityDomainSetAllLabel) (virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *sec, virDomainDef *sec,
const char *incomingPath, const char *incomingPath,
bool chardevStdioLogd, bool chardevStdioLogd,
bool migrated); bool migrated);
typedef int (*virSecurityDomainRestoreAllLabel) (virSecurityManager *mgr, typedef int (*virSecurityDomainRestoreAllLabel) (virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def, virDomainDef *def,
bool migrated, bool migrated,
bool chardevStdioLogd); bool chardevStdioLogd);
@ -113,14 +116,17 @@ typedef int (*virSecurityDomainSetHugepages) (virSecurityManager *mgr,
const char *path); const char *path);
typedef int (*virSecurityDomainSetImageLabel) (virSecurityManager *mgr, typedef int (*virSecurityDomainSetImageLabel) (virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def, virDomainDef *def,
virStorageSource *src, virStorageSource *src,
virSecurityDomainImageLabelFlags flags); virSecurityDomainImageLabelFlags flags);
typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManager *mgr, typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def, virDomainDef *def,
virStorageSource *src, virStorageSource *src,
virSecurityDomainImageLabelFlags flags); virSecurityDomainImageLabelFlags flags);
typedef int (*virSecurityDomainMoveImageMetadata) (virSecurityManager *mgr, typedef int (*virSecurityDomainMoveImageMetadata) (virSecurityManager *mgr,
char *const *sharedFilesystems,
pid_t pid, pid_t pid,
virStorageSource *src, virStorageSource *src,
virStorageSource *dst); virStorageSource *dst);

33
src/security/security_manager.c
View File

@ -244,6 +244,7 @@ virSecurityManagerPostFork(virSecurityManager *mgr)
/** /**
* virSecurityManagerTransactionStart: * virSecurityManagerTransactionStart:
* @mgr: security manager * @mgr: security manager
* @sharedFilesystems: list of filesystem to consider shared
* *
* Starts a new transaction. In transaction nothing is changed security * Starts a new transaction. In transaction nothing is changed security
* label until virSecurityManagerTransactionCommit() is called. * label until virSecurityManagerTransactionCommit() is called.
@ -252,14 +253,15 @@ virSecurityManagerPostFork(virSecurityManager *mgr)
* -1 otherwise. * -1 otherwise.
*/ */
int int
virSecurityManagerTransactionStart(virSecurityManager *mgr) virSecurityManagerTransactionStart(virSecurityManager *mgr,
char *const *sharedFilesystems)
{ {
VIR_LOCK_GUARD lock = virObjectLockGuard(mgr); VIR_LOCK_GUARD lock = virObjectLockGuard(mgr);
if (!mgr->drv->transactionStart) if (!mgr->drv->transactionStart)
return 0; return 0;
return mgr->drv->transactionStart(mgr); return mgr->drv->transactionStart(mgr, sharedFilesystems);
} }
@ -402,6 +404,7 @@ virSecurityManagerGetPrivileged(virSecurityManager *mgr)
/** /**
* virSecurityManagerRestoreImageLabel: * virSecurityManagerRestoreImageLabel:
* @mgr: security manager object * @mgr: security manager object
* @sharedFilesystems: list of filesystem to consider shared
* @vm: domain definition object * @vm: domain definition object
* @src: disk source definition to operate on * @src: disk source definition to operate on
* @flags: bitwise or of 'virSecurityDomainImageLabelFlags' * @flags: bitwise or of 'virSecurityDomainImageLabelFlags'
@ -412,6 +415,7 @@ virSecurityManagerGetPrivileged(virSecurityManager *mgr)
*/ */
int int
virSecurityManagerRestoreImageLabel(virSecurityManager *mgr, virSecurityManagerRestoreImageLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *vm, virDomainDef *vm,
virStorageSource *src, virStorageSource *src,
virSecurityDomainImageLabelFlags flags) virSecurityDomainImageLabelFlags flags)
@ -423,13 +427,15 @@ virSecurityManagerRestoreImageLabel(virSecurityManager *mgr,
return -1; return -1;
} }
return mgr->drv->domainRestoreSecurityImageLabel(mgr, vm, src, flags); return mgr->drv->domainRestoreSecurityImageLabel(mgr, sharedFilesystems,
vm, src, flags);
} }
/** /**
* virSecurityManagerMoveImageMetadata: * virSecurityManagerMoveImageMetadata:
* @mgr: security manager * @mgr: security manager
* @sharedFilesystems: list of filesystem to consider shared
* @pid: domain's PID * @pid: domain's PID
* @src: source of metadata * @src: source of metadata
* @dst: destination to move metadata to * @dst: destination to move metadata to
@ -449,6 +455,7 @@ virSecurityManagerRestoreImageLabel(virSecurityManager *mgr,
*/ */
int int
virSecurityManagerMoveImageMetadata(virSecurityManager *mgr, virSecurityManagerMoveImageMetadata(virSecurityManager *mgr,
char *const *sharedFilesystems,
pid_t pid, pid_t pid,
virStorageSource *src, virStorageSource *src,
virStorageSource *dst) virStorageSource *dst)
@ -458,7 +465,8 @@ virSecurityManagerMoveImageMetadata(virSecurityManager *mgr,
if (!mgr->drv->domainMoveImageMetadata) if (!mgr->drv->domainMoveImageMetadata)
return 0; return 0;
return mgr->drv->domainMoveImageMetadata(mgr, pid, src, dst); return mgr->drv->domainMoveImageMetadata(mgr, sharedFilesystems,
pid, src, dst);
} }
@ -510,6 +518,7 @@ virSecurityManagerClearSocketLabel(virSecurityManager *mgr,
/** /**
* virSecurityManagerSetImageLabel: * virSecurityManagerSetImageLabel:
* @mgr: security manager object * @mgr: security manager object
* @sharedFilesystems: list of filesystem to consider shared
* @vm: domain definition object * @vm: domain definition object
* @src: disk source definition to operate on * @src: disk source definition to operate on
* @flags: bitwise or of 'virSecurityDomainImageLabelFlags' * @flags: bitwise or of 'virSecurityDomainImageLabelFlags'
@ -520,6 +529,7 @@ virSecurityManagerClearSocketLabel(virSecurityManager *mgr,
*/ */
int int
virSecurityManagerSetImageLabel(virSecurityManager *mgr, virSecurityManagerSetImageLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *vm, virDomainDef *vm,
virStorageSource *src, virStorageSource *src,
virSecurityDomainImageLabelFlags flags) virSecurityDomainImageLabelFlags flags)
@ -531,7 +541,8 @@ virSecurityManagerSetImageLabel(virSecurityManager *mgr,
return -1; return -1;
} }
return mgr->drv->domainSetSecurityImageLabel(mgr, vm, src, flags); return mgr->drv->domainSetSecurityImageLabel(mgr, sharedFilesystems,
vm, src, flags);
} }
@ -816,6 +827,7 @@ int virSecurityManagerCheckAllLabel(virSecurityManager *mgr,
int int
virSecurityManagerSetAllLabel(virSecurityManager *mgr, virSecurityManagerSetAllLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *vm, virDomainDef *vm,
const char *incomingPath, const char *incomingPath,
bool chardevStdioLogd, bool chardevStdioLogd,
@ -828,13 +840,15 @@ virSecurityManagerSetAllLabel(virSecurityManager *mgr,
return -1; return -1;
} }
return mgr->drv->domainSetSecurityAllLabel(mgr, vm, incomingPath, return mgr->drv->domainSetSecurityAllLabel(mgr, sharedFilesystems,
vm, incomingPath,
chardevStdioLogd, migrated); chardevStdioLogd, migrated);
} }
int int
virSecurityManagerRestoreAllLabel(virSecurityManager *mgr, virSecurityManagerRestoreAllLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *vm, virDomainDef *vm,
bool migrated, bool migrated,
bool chardevStdioLogd) bool chardevStdioLogd)
@ -846,7 +860,8 @@ virSecurityManagerRestoreAllLabel(virSecurityManager *mgr,
return -1; return -1;
} }
return mgr->drv->domainRestoreSecurityAllLabel(mgr, vm, migrated, return mgr->drv->domainRestoreSecurityAllLabel(mgr, sharedFilesystems,
vm, migrated,
chardevStdioLogd); chardevStdioLogd);
} }
@ -1292,6 +1307,7 @@ cmpstringp(const void *p1,
/** /**
* virSecurityManagerMetadataLock: * virSecurityManagerMetadataLock:
* @mgr: security manager object * @mgr: security manager object
* @sharedFilesystems: list of filesystem to consider shared
* @paths: paths to lock * @paths: paths to lock
* @npaths: number of items in @paths array * @npaths: number of items in @paths array
* *
@ -1307,6 +1323,7 @@ cmpstringp(const void *p1,
*/ */
virSecurityManagerMetadataLockState * virSecurityManagerMetadataLockState *
virSecurityManagerMetadataLock(virSecurityManager *mgr G_GNUC_UNUSED, virSecurityManagerMetadataLock(virSecurityManager *mgr G_GNUC_UNUSED,
char *const *sharedFilesystems,
const char **paths, const char **paths,
size_t npaths) size_t npaths)
{ {
@ -1377,7 +1394,7 @@ virSecurityManagerMetadataLock(virSecurityManager *mgr G_GNUC_UNUSED,
} }
#endif /* !WIN32 */ #endif /* !WIN32 */
if (virFileIsSharedFS(p)) { if (virFileIsSharedFS(p, sharedFilesystems)) {
/* Probably a root squashed NFS. */ /* Probably a root squashed NFS. */
continue; continue;
} }

9
src/security/security_manager.h
View File

@ -81,7 +81,8 @@ virSecurityManager *virSecurityManagerNewDAC(const char *virtDriver,
int virSecurityManagerPreFork(virSecurityManager *mgr); int virSecurityManagerPreFork(virSecurityManager *mgr);
void virSecurityManagerPostFork(virSecurityManager *mgr); void virSecurityManagerPostFork(virSecurityManager *mgr);
int virSecurityManagerTransactionStart(virSecurityManager *mgr); int virSecurityManagerTransactionStart(virSecurityManager *mgr,
char *const *sharedFilesystems);
int virSecurityManagerTransactionCommit(virSecurityManager *mgr, int virSecurityManagerTransactionCommit(virSecurityManager *mgr,
pid_t pid, pid_t pid,
bool lock); bool lock);
@ -129,11 +130,13 @@ int virSecurityManagerReleaseLabel(virSecurityManager *mgr,
int virSecurityManagerCheckAllLabel(virSecurityManager *mgr, int virSecurityManagerCheckAllLabel(virSecurityManager *mgr,
virDomainDef *sec); virDomainDef *sec);
int virSecurityManagerSetAllLabel(virSecurityManager *mgr, int virSecurityManagerSetAllLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *sec, virDomainDef *sec,
const char *incomingPath, const char *incomingPath,
bool chardevStdioLogd, bool chardevStdioLogd,
bool migrated); bool migrated);
int virSecurityManagerRestoreAllLabel(virSecurityManager *mgr, int virSecurityManagerRestoreAllLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def, virDomainDef *def,
bool migrated, bool migrated,
bool chardevStdioLogd); bool chardevStdioLogd);
@ -170,14 +173,17 @@ typedef enum {
} virSecurityDomainImageLabelFlags; } virSecurityDomainImageLabelFlags;
int virSecurityManagerSetImageLabel(virSecurityManager *mgr, int virSecurityManagerSetImageLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *vm, virDomainDef *vm,
virStorageSource *src, virStorageSource *src,
virSecurityDomainImageLabelFlags flags); virSecurityDomainImageLabelFlags flags);
int virSecurityManagerRestoreImageLabel(virSecurityManager *mgr, int virSecurityManagerRestoreImageLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *vm, virDomainDef *vm,
virStorageSource *src, virStorageSource *src,
virSecurityDomainImageLabelFlags flags); virSecurityDomainImageLabelFlags flags);
int virSecurityManagerMoveImageMetadata(virSecurityManager *mgr, int virSecurityManagerMoveImageMetadata(virSecurityManager *mgr,
char *const *sharedFilesystems,
pid_t pid, pid_t pid,
virStorageSource *src, virStorageSource *src,
virStorageSource *dst); virStorageSource *dst);
@ -246,6 +252,7 @@ struct _virSecurityManagerMetadataLockState {
virSecurityManagerMetadataLockState * virSecurityManagerMetadataLockState *
virSecurityManagerMetadataLock(virSecurityManager *mgr, virSecurityManagerMetadataLock(virSecurityManager *mgr,
char *const *sharedFilesystems,
const char **paths, const char **paths,
size_t npaths); size_t npaths);

5
src/security/security_nop.c
View File

@ -116,6 +116,7 @@ virSecurityDomainReleaseLabelNop(virSecurityManager *mgr G_GNUC_UNUSED,
static int static int
virSecurityDomainSetAllLabelNop(virSecurityManager *mgr G_GNUC_UNUSED, virSecurityDomainSetAllLabelNop(virSecurityManager *mgr G_GNUC_UNUSED,
char *const *sharedFilesystems G_GNUC_UNUSED,
virDomainDef *sec G_GNUC_UNUSED, virDomainDef *sec G_GNUC_UNUSED,
const char *incomingPath G_GNUC_UNUSED, const char *incomingPath G_GNUC_UNUSED,
bool chardevStdioLogd G_GNUC_UNUSED, bool chardevStdioLogd G_GNUC_UNUSED,
@ -126,6 +127,7 @@ virSecurityDomainSetAllLabelNop(virSecurityManager *mgr G_GNUC_UNUSED,
static int static int
virSecurityDomainRestoreAllLabelNop(virSecurityManager *mgr G_GNUC_UNUSED, virSecurityDomainRestoreAllLabelNop(virSecurityManager *mgr G_GNUC_UNUSED,
char *const *sharedFilesystems G_GNUC_UNUSED,
virDomainDef *vm G_GNUC_UNUSED, virDomainDef *vm G_GNUC_UNUSED,
bool migrated G_GNUC_UNUSED, bool migrated G_GNUC_UNUSED,
bool chardevStdioLogd G_GNUC_UNUSED) bool chardevStdioLogd G_GNUC_UNUSED)
@ -189,6 +191,7 @@ virSecurityGetBaseLabel(virSecurityManager *mgr G_GNUC_UNUSED,
static int static int
virSecurityDomainRestoreImageLabelNop(virSecurityManager *mgr G_GNUC_UNUSED, virSecurityDomainRestoreImageLabelNop(virSecurityManager *mgr G_GNUC_UNUSED,
char *const *sharedFilesystems G_GNUC_UNUSED,
virDomainDef *def G_GNUC_UNUSED, virDomainDef *def G_GNUC_UNUSED,
virStorageSource *src G_GNUC_UNUSED, virStorageSource *src G_GNUC_UNUSED,
virSecurityDomainImageLabelFlags flags G_GNUC_UNUSED) virSecurityDomainImageLabelFlags flags G_GNUC_UNUSED)
@ -198,6 +201,7 @@ virSecurityDomainRestoreImageLabelNop(virSecurityManager *mgr G_GNUC_UNUSED,
static int static int
virSecurityDomainSetImageLabelNop(virSecurityManager *mgr G_GNUC_UNUSED, virSecurityDomainSetImageLabelNop(virSecurityManager *mgr G_GNUC_UNUSED,
char *const *sharedFilesystems G_GNUC_UNUSED,
virDomainDef *def G_GNUC_UNUSED, virDomainDef *def G_GNUC_UNUSED,
virStorageSource *src G_GNUC_UNUSED, virStorageSource *src G_GNUC_UNUSED,
virSecurityDomainImageLabelFlags flags G_GNUC_UNUSED) virSecurityDomainImageLabelFlags flags G_GNUC_UNUSED)
@ -207,6 +211,7 @@ virSecurityDomainSetImageLabelNop(virSecurityManager *mgr G_GNUC_UNUSED,
static int static int
virSecurityDomainMoveImageMetadataNop(virSecurityManager *mgr G_GNUC_UNUSED, virSecurityDomainMoveImageMetadataNop(virSecurityManager *mgr G_GNUC_UNUSED,
char *const *sharedFilesystems G_GNUC_UNUSED,
pid_t pid G_GNUC_UNUSED, pid_t pid G_GNUC_UNUSED,
virStorageSource *src G_GNUC_UNUSED, virStorageSource *src G_GNUC_UNUSED,
virStorageSource *dst G_GNUC_UNUSED) virStorageSource *dst G_GNUC_UNUSED)

50
src/security/security_selinux.c
View File

@ -77,6 +77,7 @@ struct _virSecuritySELinuxContextItem {
typedef struct _virSecuritySELinuxContextList virSecuritySELinuxContextList; typedef struct _virSecuritySELinuxContextList virSecuritySELinuxContextList;
struct _virSecuritySELinuxContextList { struct _virSecuritySELinuxContextList {
virSecurityManager *manager; virSecurityManager *manager;
char **sharedFilesystems;
virSecuritySELinuxContextItem **items; virSecuritySELinuxContextItem **items;
size_t nItems; size_t nItems;
bool lock; bool lock;
@ -141,6 +142,7 @@ virSecuritySELinuxContextListFree(void *opaque)
g_free(list->items); g_free(list->items);
virObjectUnref(list->manager); virObjectUnref(list->manager);
g_strfreev(list->sharedFilesystems);
g_free(list); g_free(list);
} }
@ -254,7 +256,9 @@ virSecuritySELinuxTransactionRun(pid_t pid G_GNUC_UNUSED,
VIR_APPEND_ELEMENT_COPY_INPLACE(paths, npaths, p); VIR_APPEND_ELEMENT_COPY_INPLACE(paths, npaths, p);
} }
if (!(state = virSecurityManagerMetadataLock(list->manager, paths, npaths))) if (!(state = virSecurityManagerMetadataLock(list->manager,
list->sharedFilesystems,
paths, npaths)))
goto cleanup; goto cleanup;
for (i = 0; i < list->nItems; i++) { for (i = 0; i < list->nItems; i++) {
@ -1102,6 +1106,7 @@ virSecuritySELinuxGetDOI(virSecurityManager *mgr G_GNUC_UNUSED)
/** /**
* virSecuritySELinuxTransactionStart: * virSecuritySELinuxTransactionStart:
* @mgr: security manager * @mgr: security manager
* @sharedFilesystems: list of filesystem to consider shared
* *
* Starts a new transaction. In transaction nothing is changed context * Starts a new transaction. In transaction nothing is changed context
* until TransactionCommit() is called. This is implemented as a list * until TransactionCommit() is called. This is implemented as a list
@ -1114,7 +1119,8 @@ virSecuritySELinuxGetDOI(virSecurityManager *mgr G_GNUC_UNUSED)
* -1 otherwise. * -1 otherwise.
*/ */
static int static int
virSecuritySELinuxTransactionStart(virSecurityManager *mgr) virSecuritySELinuxTransactionStart(virSecurityManager *mgr,
char *const *sharedFilesystems)
{ {
virSecuritySELinuxContextList *list; virSecuritySELinuxContextList *list;
@ -1128,6 +1134,7 @@ virSecuritySELinuxTransactionStart(virSecurityManager *mgr)
list = g_new0(virSecuritySELinuxContextList, 1); list = g_new0(virSecuritySELinuxContextList, 1);
list->manager = virObjectRef(mgr); list->manager = virObjectRef(mgr);
list->sharedFilesystems = g_strdupv((char **) sharedFilesystems);
if (virThreadLocalSet(&contextList, list) < 0) { if (virThreadLocalSet(&contextList, list) < 0) {
virReportSystemError(errno, "%s", virReportSystemError(errno, "%s",
@ -1777,6 +1784,7 @@ virSecuritySELinuxRestoreTPMFileLabelInt(virSecurityManager *mgr,
static int static int
virSecuritySELinuxRestoreImageLabelInt(virSecurityManager *mgr, virSecuritySELinuxRestoreImageLabelInt(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def, virDomainDef *def,
virStorageSource *src, virStorageSource *src,
bool migrated) bool migrated)
@ -1835,7 +1843,7 @@ virSecuritySELinuxRestoreImageLabelInt(virSecurityManager *mgr,
if (!src->path) if (!src->path)
return 0; return 0;
if ((rc = virFileIsSharedFS(src->path)) < 0) if ((rc = virFileIsSharedFS(src->path, sharedFilesystems)) < 0)
return -1; return -1;
} }
@ -1867,16 +1875,19 @@ virSecuritySELinuxRestoreImageLabelInt(virSecurityManager *mgr,
static int static int
virSecuritySELinuxRestoreImageLabel(virSecurityManager *mgr, virSecuritySELinuxRestoreImageLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def, virDomainDef *def,
virStorageSource *src, virStorageSource *src,
virSecurityDomainImageLabelFlags flags G_GNUC_UNUSED) virSecurityDomainImageLabelFlags flags G_GNUC_UNUSED)
{ {
return virSecuritySELinuxRestoreImageLabelInt(mgr, def, src, false); return virSecuritySELinuxRestoreImageLabelInt(mgr, sharedFilesystems,
def, src, false);
} }
static int static int
virSecuritySELinuxSetImageLabelInternal(virSecurityManager *mgr, virSecuritySELinuxSetImageLabelInternal(virSecurityManager *mgr,
char *const *sharedFilesystems G_GNUC_UNUSED,
virDomainDef *def, virDomainDef *def,
virStorageSource *src, virStorageSource *src,
virStorageSource *parent, virStorageSource *parent,
@ -1983,6 +1994,7 @@ virSecuritySELinuxSetImageLabelInternal(virSecurityManager *mgr,
static int static int
virSecuritySELinuxSetImageLabel(virSecurityManager *mgr, virSecuritySELinuxSetImageLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def, virDomainDef *def,
virStorageSource *src, virStorageSource *src,
virSecurityDomainImageLabelFlags flags) virSecurityDomainImageLabelFlags flags)
@ -1993,7 +2005,9 @@ virSecuritySELinuxSetImageLabel(virSecurityManager *mgr,
for (n = src; virStorageSourceIsBacking(n); n = n->backingStore) { for (n = src; virStorageSourceIsBacking(n); n = n->backingStore) {
const bool isChainTop = flags & VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP; const bool isChainTop = flags & VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP;
if (virSecuritySELinuxSetImageLabelInternal(mgr, def, n, parent, isChainTop) < 0) if (virSecuritySELinuxSetImageLabelInternal(mgr, sharedFilesystems,
def, n, parent,
isChainTop) < 0)
return -1; return -1;
if (!(flags & VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN)) if (!(flags & VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN))
@ -2008,6 +2022,7 @@ virSecuritySELinuxSetImageLabel(virSecurityManager *mgr,
struct virSecuritySELinuxMoveImageMetadataData { struct virSecuritySELinuxMoveImageMetadataData {
virSecurityManager *mgr; virSecurityManager *mgr;
char **sharedFilesystems;
const char *src; const char *src;
const char *dst; const char *dst;
}; };
@ -2022,7 +2037,9 @@ virSecuritySELinuxMoveImageMetadataHelper(pid_t pid G_GNUC_UNUSED,
virSecurityManagerMetadataLockState *state; virSecurityManagerMetadataLockState *state;
int ret; int ret;
if (!(state = virSecurityManagerMetadataLock(data->mgr, paths, G_N_ELEMENTS(paths)))) if (!(state = virSecurityManagerMetadataLock(data->mgr,
data->sharedFilesystems,
paths, G_N_ELEMENTS(paths))))
return -1; return -1;
ret = virSecurityMoveRememberedLabel(SECURITY_SELINUX_NAME, data->src, data->dst); ret = virSecurityMoveRememberedLabel(SECURITY_SELINUX_NAME, data->src, data->dst);
@ -2039,11 +2056,16 @@ virSecuritySELinuxMoveImageMetadataHelper(pid_t pid G_GNUC_UNUSED,
static int static int
virSecuritySELinuxMoveImageMetadata(virSecurityManager *mgr, virSecuritySELinuxMoveImageMetadata(virSecurityManager *mgr,
char *const *sharedFilesystems,
pid_t pid, pid_t pid,
virStorageSource *src, virStorageSource *src,
virStorageSource *dst) virStorageSource *dst)
{ {
struct virSecuritySELinuxMoveImageMetadataData data = { .mgr = mgr, 0 }; struct virSecuritySELinuxMoveImageMetadataData data = {
.mgr = mgr,
.sharedFilesystems = (char **) sharedFilesystems,
0
};
int rc; int rc;
if (src && virStorageSourceIsLocalStorage(src)) if (src && virStorageSourceIsLocalStorage(src))
@ -2820,6 +2842,7 @@ virSecuritySELinuxRestoreSysinfoLabel(virSecurityManager *mgr,
static int static int
virSecuritySELinuxRestoreAllLabel(virSecurityManager *mgr, virSecuritySELinuxRestoreAllLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def, virDomainDef *def,
bool migrated, bool migrated,
bool chardevStdioLogd) bool chardevStdioLogd)
@ -2844,7 +2867,8 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager *mgr,
for (i = 0; i < def->ndisks; i++) { for (i = 0; i < def->ndisks; i++) {
virDomainDiskDef *disk = def->disks[i]; virDomainDiskDef *disk = def->disks[i];
if (virSecuritySELinuxRestoreImageLabelInt(mgr, def, disk->src, if (virSecuritySELinuxRestoreImageLabelInt(mgr, sharedFilesystems,
def, disk->src,
migrated) < 0) migrated) < 0)
rc = -1; rc = -1;
} }
@ -2890,7 +2914,8 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager *mgr,
} }
if (def->os.loader && def->os.loader->nvram) { if (def->os.loader && def->os.loader->nvram) {
if (virSecuritySELinuxRestoreImageLabelInt(mgr, def, def->os.loader->nvram, if (virSecuritySELinuxRestoreImageLabelInt(mgr, sharedFilesystems,
def, def->os.loader->nvram,
migrated) < 0) migrated) < 0)
rc = -1; rc = -1;
} }
@ -3236,6 +3261,7 @@ virSecuritySELinuxSetSysinfoLabel(virSecurityManager *mgr,
static int static int
virSecuritySELinuxSetAllLabel(virSecurityManager *mgr, virSecuritySELinuxSetAllLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def, virDomainDef *def,
const char *incomingPath G_GNUC_UNUSED, const char *incomingPath G_GNUC_UNUSED,
bool chardevStdioLogd, bool chardevStdioLogd,
@ -3263,7 +3289,8 @@ virSecuritySELinuxSetAllLabel(virSecurityManager *mgr,
def->disks[i]->dst); def->disks[i]->dst);
continue; continue;
} }
if (virSecuritySELinuxSetImageLabel(mgr, def, def->disks[i]->src, if (virSecuritySELinuxSetImageLabel(mgr, sharedFilesystems,
def, def->disks[i]->src,
VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN | VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN |
VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP) < 0) VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP) < 0)
return -1; return -1;
@ -3313,7 +3340,8 @@ virSecuritySELinuxSetAllLabel(virSecurityManager *mgr,
} }
if (def->os.loader && def->os.loader->nvram) { if (def->os.loader && def->os.loader->nvram) {
if (virSecuritySELinuxSetImageLabel(mgr, def, def->os.loader->nvram, if (virSecuritySELinuxSetImageLabel(mgr, sharedFilesystems,
def, def->os.loader->nvram,
VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN | VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN |
VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP) < 0) VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP) < 0)
return -1; return -1;

32
src/security/security_stack.c
View File

@ -140,13 +140,15 @@ virSecurityStackPreFork(virSecurityManager *mgr)
static int static int
virSecurityStackTransactionStart(virSecurityManager *mgr) virSecurityStackTransactionStart(virSecurityManager *mgr,
char *const *sharedFilesystems)
{ {
virSecurityStackData *priv = virSecurityManagerGetPrivateData(mgr); virSecurityStackData *priv = virSecurityManagerGetPrivateData(mgr);
virSecurityStackItem *item = priv->itemsHead; virSecurityStackItem *item = priv->itemsHead;
for (; item; item = item->next) { for (; item; item = item->next) {
if (virSecurityManagerTransactionStart(item->securityManager) < 0) if (virSecurityManagerTransactionStart(item->securityManager,
sharedFilesystems) < 0)
goto rollback; goto rollback;
} }
@ -337,6 +339,7 @@ virSecurityStackRestoreHostdevLabel(virSecurityManager *mgr,
static int static int
virSecurityStackSetAllLabel(virSecurityManager *mgr, virSecurityStackSetAllLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *vm, virDomainDef *vm,
const char *incomingPath, const char *incomingPath,
bool chardevStdioLogd, bool chardevStdioLogd,
@ -346,8 +349,9 @@ virSecurityStackSetAllLabel(virSecurityManager *mgr,
virSecurityStackItem *item = priv->itemsHead; virSecurityStackItem *item = priv->itemsHead;
for (; item; item = item->next) { for (; item; item = item->next) {
if (virSecurityManagerSetAllLabel(item->securityManager, vm, if (virSecurityManagerSetAllLabel(item->securityManager,
incomingPath, chardevStdioLogd, sharedFilesystems,
vm, incomingPath, chardevStdioLogd,
migrated) < 0) migrated) < 0)
goto rollback; goto rollback;
} }
@ -357,6 +361,7 @@ virSecurityStackSetAllLabel(virSecurityManager *mgr,
rollback: rollback:
for (item = item->prev; item; item = item->prev) { for (item = item->prev; item; item = item->prev) {
if (virSecurityManagerRestoreAllLabel(item->securityManager, if (virSecurityManagerRestoreAllLabel(item->securityManager,
sharedFilesystems,
vm, vm,
migrated, migrated,
chardevStdioLogd) < 0) { chardevStdioLogd) < 0) {
@ -373,6 +378,7 @@ virSecurityStackSetAllLabel(virSecurityManager *mgr,
static int static int
virSecurityStackRestoreAllLabel(virSecurityManager *mgr, virSecurityStackRestoreAllLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *vm, virDomainDef *vm,
bool migrated, bool migrated,
bool chardevStdioLogd) bool chardevStdioLogd)
@ -382,8 +388,11 @@ virSecurityStackRestoreAllLabel(virSecurityManager *mgr,
int rc = 0; int rc = 0;
for (; item; item = item->next) { for (; item; item = item->next) {
if (virSecurityManagerRestoreAllLabel(item->securityManager, vm, if (virSecurityManagerRestoreAllLabel(item->securityManager,
migrated, chardevStdioLogd) < 0) sharedFilesystems,
vm,
migrated,
chardevStdioLogd) < 0)
rc = -1; rc = -1;
} }
@ -638,6 +647,7 @@ virSecurityStackGetBaseLabel(virSecurityManager *mgr, int virtType)
static int static int
virSecurityStackSetImageLabel(virSecurityManager *mgr, virSecurityStackSetImageLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *vm, virDomainDef *vm,
virStorageSource *src, virStorageSource *src,
virSecurityDomainImageLabelFlags flags) virSecurityDomainImageLabelFlags flags)
@ -646,8 +656,9 @@ virSecurityStackSetImageLabel(virSecurityManager *mgr,
virSecurityStackItem *item = priv->itemsHead; virSecurityStackItem *item = priv->itemsHead;
for (; item; item = item->next) { for (; item; item = item->next) {
if (virSecurityManagerSetImageLabel(item->securityManager, vm, src, if (virSecurityManagerSetImageLabel(item->securityManager,
flags) < 0) sharedFilesystems,
vm, src, flags) < 0)
goto rollback; goto rollback;
} }
@ -656,6 +667,7 @@ virSecurityStackSetImageLabel(virSecurityManager *mgr,
rollback: rollback:
for (item = item->prev; item; item = item->prev) { for (item = item->prev; item; item = item->prev) {
if (virSecurityManagerRestoreImageLabel(item->securityManager, if (virSecurityManagerRestoreImageLabel(item->securityManager,
sharedFilesystems,
vm, vm,
src, src,
flags) < 0) { flags) < 0) {
@ -672,6 +684,7 @@ virSecurityStackSetImageLabel(virSecurityManager *mgr,
static int static int
virSecurityStackRestoreImageLabel(virSecurityManager *mgr, virSecurityStackRestoreImageLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *vm, virDomainDef *vm,
virStorageSource *src, virStorageSource *src,
virSecurityDomainImageLabelFlags flags) virSecurityDomainImageLabelFlags flags)
@ -682,6 +695,7 @@ virSecurityStackRestoreImageLabel(virSecurityManager *mgr,
for (; item; item = item->next) { for (; item; item = item->next) {
if (virSecurityManagerRestoreImageLabel(item->securityManager, if (virSecurityManagerRestoreImageLabel(item->securityManager,
sharedFilesystems,
vm, src, flags) < 0) vm, src, flags) < 0)
rc = -1; rc = -1;
} }
@ -691,6 +705,7 @@ virSecurityStackRestoreImageLabel(virSecurityManager *mgr,
static int static int
virSecurityStackMoveImageMetadata(virSecurityManager *mgr, virSecurityStackMoveImageMetadata(virSecurityManager *mgr,
char *const *sharedFilesystems,
pid_t pid, pid_t pid,
virStorageSource *src, virStorageSource *src,
virStorageSource *dst) virStorageSource *dst)
@ -701,6 +716,7 @@ virSecurityStackMoveImageMetadata(virSecurityManager *mgr,
for (; item; item = item->next) { for (; item; item = item->next) {
if (virSecurityManagerMoveImageMetadata(item->securityManager, if (virSecurityManagerMoveImageMetadata(item->securityManager,
sharedFilesystems,
pid, src, dst) < 0) pid, src, dst) < 0)
rc = -1; rc = -1;
} }

13
src/util/virfile.c
View File

@ -2604,8 +2604,14 @@ virFileOpenAs(const char *path,
goto error; goto error;
/* On Linux we can also verify the FS-type of the /* On Linux we can also verify the FS-type of the
* directory. (this is a NOP on other platforms). */ * directory. (this is a NOP on other platforms).
if (virFileIsSharedFS(path) <= 0) *
* Note that it would be pointless to pass
* virQEMUDriverConfig.sharedFilesystems here, since those
* listed there are by definition paths that can be accessed
* as local from the current host. Thus, a second attempt at
* opening the file would not make a difference */
if (virFileIsSharedFS(path, NULL) <= 0)
goto error; goto error;
} }
@ -3798,7 +3804,8 @@ virFileGetDefaultHugepage(virHugeTLBFS *fs,
return NULL; return NULL;
} }
int virFileIsSharedFS(const char *path) int virFileIsSharedFS(const char *path,
char *const *overrides G_GNUC_UNUSED)
{ {
return virFileIsSharedFSType(path, return virFileIsSharedFSType(path,
VIR_FILE_SHFS_NFS | VIR_FILE_SHFS_NFS |

3
src/util/virfile.h
View File

@ -235,7 +235,8 @@ enum {
}; };
int virFileIsSharedFSType(const char *path, unsigned int fstypes) ATTRIBUTE_NONNULL(1); int virFileIsSharedFSType(const char *path, unsigned int fstypes) ATTRIBUTE_NONNULL(1);
int virFileIsSharedFS(const char *path) ATTRIBUTE_NONNULL(1); int virFileIsSharedFS(const char *path,
char *const *overrides) ATTRIBUTE_NONNULL(1);
int virFileIsClusterFS(const char *path) ATTRIBUTE_NONNULL(1); int virFileIsClusterFS(const char *path) ATTRIBUTE_NONNULL(1);
int virFileIsMountPoint(const char *file) ATTRIBUTE_NONNULL(1); int virFileIsMountPoint(const char *file) ATTRIBUTE_NONNULL(1);
int virFileIsCDROM(const char *path) int virFileIsCDROM(const char *path)

2
tests/securityselinuxlabeltest.c
View File

@ -270,7 +270,7 @@ testSELinuxLabeling(const void *opaque)
if (!(def = testSELinuxLoadDef(testname))) if (!(def = testSELinuxLoadDef(testname)))
goto cleanup; goto cleanup;
if (virSecurityManagerSetAllLabel(mgr, def, NULL, false, false) < 0) if (virSecurityManagerSetAllLabel(mgr, NULL, def, NULL, false, false) < 0)
goto cleanup; goto cleanup;
if (testSELinuxCheckLabels(files, nfiles) < 0) if (testSELinuxCheckLabels(files, nfiles) < 0)

2
tests/virfiletest.c
View File

@ -313,7 +313,7 @@ testFileIsSharedFSType(const void *opaque G_GNUC_UNUSED)
goto cleanup; goto cleanup;
} }
actual = virFileIsSharedFS(data->filename); actual = virFileIsSharedFS(data->filename, NULL);
if (actual != data->expected) { if (actual != data->expected) {
fprintf(stderr, "Unexpected FS type. Expected %d got %d\n", fprintf(stderr, "Unexpected FS type. Expected %d got %d\n",