qemu: Propagate shared_filesystems

virFileIsSharedFS() is the function that ultimately decides
whether a filesystem should be considered shared, but the list
of manually configured shared filesystems is part of the QEMU
driver's configuration, so we need to pass the information
through several layers in order to make use of it.

Note that with this change the list is propagated all the way
through, but its contents are still ignored, so the behavior
remains the same for now.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
This commit is contained in:
Andrea Bolognani 2024-08-02 15:23:36 +02:00
parent df3597ee70
commit 6952af8b43
21 changed files with 281 additions and 94 deletions

View File

@ -1919,7 +1919,8 @@ static int virLXCControllerSetupDisk(virLXCController *ctrl,
/* Labelling normally operates on src, but we need
* to actually label the dst here, so hack the config */
def->src->path = dst;
if (virSecurityManagerSetImageLabel(securityDriver, ctrl->def, def->src,
if (virSecurityManagerSetImageLabel(securityDriver,
NULL, ctrl->def, def->src,
VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN) < 0)
goto cleanup;

View File

@ -3265,7 +3265,7 @@ lxcDomainAttachDeviceMknodHelper(pid_t pid G_GNUC_UNUSED,
char *tmpsrc = def->src->path;
def->src->path = data->file;
if (virSecurityManagerSetImageLabel(data->driver->securityManager,
data->vm->def, def->src,
NULL, data->vm->def, def->src,
VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN) < 0) {
def->src->path = tmpsrc;
goto cleanup;

View File

@ -170,7 +170,7 @@ static void virLXCProcessCleanup(virLXCDriver *driver,
}
if (flags & VIR_LXC_PROCESS_CLEANUP_RESTORE_SECLABEL) {
virSecurityManagerRestoreAllLabel(driver->securityManager,
virSecurityManagerRestoreAllLabel(driver->securityManager, NULL,
vm->def, false, false);
}
@ -1320,7 +1320,7 @@ int virLXCProcessStart(virLXCDriver * driver,
stopFlags |= VIR_LXC_PROCESS_CLEANUP_RELEASE_SECLABEL;
VIR_DEBUG("Setting domain security labels");
if (virSecurityManagerSetAllLabel(driver->securityManager,
if (virSecurityManagerSetAllLabel(driver->securityManager, NULL,
vm->def, NULL, false, false) < 0)
goto cleanup;
stopFlags |= VIR_LXC_PROCESS_CLEANUP_RESTORE_SECLABEL;

View File

@ -12129,7 +12129,12 @@ virQEMUFileOpenAs(uid_t fallback_uid,
bool need_unlink = false;
unsigned int vfoflags = 0;
int fd = -1;
int path_shared = virFileIsSharedFS(path);
/* Note that it would be pointless to pass
* virQEMUDriverConfig.sharedFilesystems here, since those
* listed there are by definition paths that can be accessed
* as local from the current host. Thus, a second attempt at
* opening the file would not make a difference */
int path_shared = virFileIsSharedFS(path, NULL);
uid_t uid = geteuid();
gid_t gid = getegid();

View File

@ -165,7 +165,7 @@ qemuExtDevicesCleanupHost(virQEMUDriver *driver,
virDomainTPMDef *tpm = def->tpms[i];
if (tpm->type == VIR_DOMAIN_TPM_TYPE_EMULATOR)
qemuExtTPMCleanupHost(tpm, flags, outgoingMigration);
qemuExtTPMCleanupHost(driver, tpm, flags, outgoingMigration);
}
}

View File

@ -1435,6 +1435,7 @@ qemuMigrationSrcIsAllowed(virDomainObj *vm,
unsigned int flags)
{
qemuDomainObjPrivate *priv = vm->privateData;
virQEMUDriver *driver = priv->driver;
int nsnapshots;
int pauseReason;
size_t i;
@ -1609,7 +1610,7 @@ qemuMigrationSrcIsAllowed(virDomainObj *vm,
}
}
if (qemuTPMHasSharedStorage(vm->def)&&
if (qemuTPMHasSharedStorage(driver, vm->def) &&
!qemuTPMCanMigrateSharedStorage(vm->def)) {
virReportError(VIR_ERR_NO_SUPPORT, "%s",
_("the running swtpm does not support migration with shared storage"));
@ -1621,19 +1622,22 @@ qemuMigrationSrcIsAllowed(virDomainObj *vm,
}
static bool
qemuMigrationSrcIsSafe(virDomainDef *def,
virQEMUCaps *qemuCaps,
qemuMigrationSrcIsSafe(virDomainObj *vm,
const char **migrate_disks,
unsigned int flags)
{
qemuDomainObjPrivate *priv = vm->privateData;
virQEMUCaps *qemuCaps = priv->qemuCaps;
virQEMUDriver *driver = priv->driver;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
bool storagemigration = flags & (VIR_MIGRATE_NON_SHARED_DISK |
VIR_MIGRATE_NON_SHARED_INC);
size_t i;
int rc;
for (i = 0; i < def->ndisks; i++) {
virDomainDiskDef *disk = def->disks[i];
for (i = 0; i < vm->def->ndisks; i++) {
virDomainDiskDef *disk = vm->def->disks[i];
const char *src = virDomainDiskGetSource(disk);
virStorageType actualType = virStorageSourceGetActualType(disk->src);
bool unsafe = false;
@ -1652,7 +1656,7 @@ qemuMigrationSrcIsSafe(virDomainDef *def,
/* However, disks on local FS (e.g. ext4) are not safe. */
switch (actualType) {
case VIR_STORAGE_TYPE_FILE:
if ((rc = virFileIsSharedFS(src)) < 0) {
if ((rc = virFileIsSharedFS(src, cfg->sharedFilesystems)) < 0) {
return false;
} else if (rc == 0) {
unsafe = true;
@ -2646,7 +2650,7 @@ qemuMigrationSrcBeginPhase(virQEMUDriver *driver,
return NULL;
if (!(flags & (VIR_MIGRATE_UNSAFE | VIR_MIGRATE_OFFLINE)) &&
!qemuMigrationSrcIsSafe(vm->def, priv->qemuCaps, migrate_disks, flags))
!qemuMigrationSrcIsSafe(vm, migrate_disks, flags))
return NULL;
if (flags & VIR_MIGRATE_POSTCOPY &&
@ -6130,7 +6134,6 @@ qemuMigrationSrcPerformJob(virQEMUDriver *driver,
int ret = -1;
virErrorPtr orig_err = NULL;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
qemuDomainObjPrivate *priv = vm->privateData;
qemuDomainJobPrivate *jobPriv = vm->job->privateData;
if (flags & VIR_MIGRATE_POSTCOPY_RESUME) {
@ -6155,7 +6158,7 @@ qemuMigrationSrcPerformJob(virQEMUDriver *driver,
goto endjob;
if (!(flags & (VIR_MIGRATE_UNSAFE | VIR_MIGRATE_OFFLINE)) &&
!qemuMigrationSrcIsSafe(vm->def, priv->qemuCaps, migrate_disks, flags))
!qemuMigrationSrcIsSafe(vm, migrate_disks, flags))
goto endjob;
qemuMigrationSrcStoreDomainState(vm);

View File

@ -38,15 +38,18 @@ qemuSecuritySetAllLabel(virQEMUDriver *driver,
{
int ret = -1;
qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup;
if (virSecurityManagerSetAllLabel(driver->securityManager,
cfg->sharedFilesystems,
vm->def,
incomingPath,
priv->chardevStdioLogd,
@ -70,6 +73,7 @@ qemuSecurityRestoreAllLabel(virQEMUDriver *driver,
bool migrated)
{
qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
bool transactionStarted = false;
/* In contrast to qemuSecuritySetAllLabel, do not use vm->pid
@ -78,10 +82,12 @@ qemuSecurityRestoreAllLabel(virQEMUDriver *driver,
* domain's namespace is gone as qemu was the only process
* running there. We would not succeed in entering the
* namespace then. */
if (virSecurityManagerTransactionStart(driver->securityManager) >= 0)
if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) >= 0)
transactionStarted = true;
virSecurityManagerRestoreAllLabel(driver->securityManager,
cfg->sharedFilesystems,
vm->def,
migrated,
priv->chardevStdioLogd);
@ -103,6 +109,7 @@ qemuSecuritySetImageLabel(virQEMUDriver *driver,
bool chainTop)
{
qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1;
int ret = -1;
virSecurityDomainImageLabelFlags labelFlags = 0;
@ -116,10 +123,12 @@ qemuSecuritySetImageLabel(virQEMUDriver *driver,
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup;
if (virSecurityManagerSetImageLabel(driver->securityManager,
cfg->sharedFilesystems,
vm->def, src, labelFlags) < 0)
goto cleanup;
@ -141,6 +150,7 @@ qemuSecurityRestoreImageLabel(virQEMUDriver *driver,
bool backingChain)
{
qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1;
int ret = -1;
virSecurityDomainImageLabelFlags labelFlags = 0;
@ -151,10 +161,12 @@ qemuSecurityRestoreImageLabel(virQEMUDriver *driver,
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup;
if (virSecurityManagerRestoreImageLabel(driver->securityManager,
cfg->sharedFilesystems,
vm->def, src, labelFlags) < 0)
goto cleanup;
@ -176,6 +188,7 @@ qemuSecurityMoveImageMetadata(virQEMUDriver *driver,
virStorageSource *dst)
{
qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1;
if (!priv->rememberOwner)
@ -184,7 +197,9 @@ qemuSecurityMoveImageMetadata(virQEMUDriver *driver,
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid;
return virSecurityManagerMoveImageMetadata(driver->securityManager, pid, src, dst);
return virSecurityManagerMoveImageMetadata(driver->securityManager,
cfg->sharedFilesystems,
pid, src, dst);
}
@ -194,13 +209,15 @@ qemuSecuritySetHostdevLabel(virQEMUDriver *driver,
virDomainHostdevDef *hostdev)
{
qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1;
int ret = -1;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup;
if (virSecurityManagerSetHostdevLabel(driver->securityManager,
@ -226,13 +243,15 @@ qemuSecurityRestoreHostdevLabel(virQEMUDriver *driver,
virDomainHostdevDef *hostdev)
{
qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1;
int ret = -1;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup;
if (virSecurityManagerRestoreHostdevLabel(driver->securityManager,
@ -258,13 +277,15 @@ qemuSecuritySetMemoryLabel(virQEMUDriver *driver,
virDomainMemoryDef *mem)
{
qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1;
int ret = -1;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup;
if (virSecurityManagerSetMemoryLabel(driver->securityManager,
@ -289,13 +310,15 @@ qemuSecurityRestoreMemoryLabel(virQEMUDriver *driver,
virDomainMemoryDef *mem)
{
qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1;
int ret = -1;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup;
if (virSecurityManagerRestoreMemoryLabel(driver->securityManager,
@ -320,13 +343,15 @@ qemuSecuritySetInputLabel(virDomainObj *vm,
{
qemuDomainObjPrivate *priv = vm->privateData;
virQEMUDriver *driver = priv->driver;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1;
int ret = -1;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup;
if (virSecurityManagerSetInputLabel(driver->securityManager,
@ -351,13 +376,15 @@ qemuSecurityRestoreInputLabel(virDomainObj *vm,
{
qemuDomainObjPrivate *priv = vm->privateData;
virQEMUDriver *driver = priv->driver;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1;
int ret = -1;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup;
if (virSecurityManagerRestoreInputLabel(driver->securityManager,
@ -383,12 +410,14 @@ qemuSecuritySetChardevLabel(virQEMUDriver *driver,
{
int ret = -1;
qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup;
if (virSecurityManagerSetChardevLabel(driver->securityManager,
@ -415,12 +444,14 @@ qemuSecurityRestoreChardevLabel(virQEMUDriver *driver,
{
int ret = -1;
qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup;
if (virSecurityManagerRestoreChardevLabel(driver->securityManager,
@ -446,12 +477,14 @@ qemuSecuritySetNetdevLabel(virQEMUDriver *driver,
{
int ret = -1;
qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup;
if (virSecurityManagerSetNetdevLabel(driver->securityManager,
@ -476,12 +509,14 @@ qemuSecurityRestoreNetdevLabel(virQEMUDriver *driver,
{
int ret = -1;
qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup;
if (virSecurityManagerRestoreNetdevLabel(driver->securityManager,
@ -505,9 +540,11 @@ qemuSecuritySetTPMLabels(virQEMUDriver *driver,
bool setTPMStateLabel)
{
qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
int ret = -1;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup;
if (virSecurityManagerSetTPMLabels(driver->securityManager,
@ -531,9 +568,11 @@ qemuSecurityRestoreTPMLabels(virQEMUDriver *driver,
bool restoreTPMStateLabel)
{
qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
int ret = -1;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup;
if (virSecurityManagerRestoreTPMLabels(driver->securityManager,
@ -558,13 +597,15 @@ qemuSecurityDomainSetPathLabel(virQEMUDriver *driver,
bool allowSubtree)
{
qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1;
int ret = -1;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup;
if (virSecurityManagerDomainSetPathLabel(driver->securityManager,
@ -590,13 +631,15 @@ qemuSecurityDomainRestorePathLabel(virQEMUDriver *driver,
const char *path)
{
qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
pid_t pid = -1;
int ret = -1;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup;
if (virSecurityManagerDomainRestorePathLabel(driver->securityManager,
@ -634,6 +677,7 @@ qemuSecurityDomainSetMountNSPathLabel(virQEMUDriver *driver,
const char *path)
{
int ret = -1;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
if (!qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) {
VIR_DEBUG("Not labeling '%s': mount namespace disabled for domain '%s'",
@ -641,7 +685,8 @@ qemuSecurityDomainSetMountNSPathLabel(virQEMUDriver *driver,
return 1;
}
if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
if (virSecurityManagerTransactionStart(driver->securityManager,
cfg->sharedFilesystems) < 0)
goto cleanup;
if (virSecurityManagerDomainSetPathLabel(driver->securityManager,

View File

@ -538,6 +538,7 @@ qemuTPMEmulatorReconfigure(const char *storagepath,
* @privileged: whether we are running in privileged mode
* @swtpm_user: The uid for the swtpm to run as (drop privileges to from root)
* @swtpm_group: The gid for the swtpm to run as
* @sharedFilesystems: list of filesystem to consider shared
* @incomingMigration: whether we have an incoming migration
*
* Create the virCommand use for starting the emulator
@ -551,6 +552,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
bool privileged,
uid_t swtpm_user,
gid_t swtpm_group,
char *const *sharedFilesystems,
bool incomingMigration)
{
g_autoptr(virCommand) cmd = NULL;
@ -568,7 +570,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
/* Do not create storage and run swtpm_setup on incoming migration over
* shared storage
*/
on_shared_storage = virFileIsSharedFS(tpm->data.emulator.storagepath) == 1;
on_shared_storage = virFileIsSharedFS(tpm->data.emulator.storagepath, sharedFilesystems) == 1;
if (incomingMigration && on_shared_storage)
create_storage = false;
@ -738,6 +740,7 @@ qemuTPMEmulatorInitPaths(virDomainTPMDef *tpm,
/**
* qemuTPMEmulatorCleanupHost:
* @driver: QEMU driver
* @tpm: TPM definition
* @flags: flags indicating whether to keep or remove TPM persistent state
* @outgoingMigration: whether cleanup is due to an outgoing migration
@ -745,15 +748,18 @@ qemuTPMEmulatorInitPaths(virDomainTPMDef *tpm,
* Clean up persistent storage for the swtpm.
*/
static void
qemuTPMEmulatorCleanupHost(virDomainTPMDef *tpm,
qemuTPMEmulatorCleanupHost(virQEMUDriver *driver,
virDomainTPMDef *tpm,
virDomainUndefineFlagsValues flags,
bool outgoingMigration)
{
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
/* Never remove the state in case of outgoing migration with shared
* storage.
*/
if (outgoingMigration &&
virFileIsSharedFS(tpm->data.emulator.storagepath) == 1)
virFileIsSharedFS(tpm->data.emulator.storagepath, cfg->sharedFilesystems) == 1)
return;
/*
@ -939,6 +945,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
driver->privileged,
cfg->swtpm_user,
cfg->swtpm_group,
cfg->sharedFilesystems,
incomingMigration)))
return -1;
@ -954,7 +961,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
virCommandSetErrorFD(cmd, &errfd);
if (incomingMigration &&
virFileIsSharedFS(tpm->data.emulator.storagepath) == 1) {
virFileIsSharedFS(tpm->data.emulator.storagepath, cfg->sharedFilesystems) == 1) {
/* security labels must have been set up on source already */
setTPMStateLabel = false;
}
@ -1014,8 +1021,10 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
bool
qemuTPMHasSharedStorage(virDomainDef *def)
qemuTPMHasSharedStorage(virQEMUDriver *driver,
virDomainDef *def)
{
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
size_t i;
for (i = 0; i < def->ntpms; i++) {
@ -1023,7 +1032,8 @@ qemuTPMHasSharedStorage(virDomainDef *def)
switch (tpm->type) {
case VIR_DOMAIN_TPM_TYPE_EMULATOR:
return virFileIsSharedFS(tpm->data.emulator.storagepath) == 1;
return virFileIsSharedFS(tpm->data.emulator.storagepath,
cfg->sharedFilesystems) == 1;
case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
case VIR_DOMAIN_TPM_TYPE_EXTERNAL:
case VIR_DOMAIN_TPM_TYPE_LAST:
@ -1101,11 +1111,12 @@ qemuExtTPMPrepareHost(virQEMUDriver *driver,
void
qemuExtTPMCleanupHost(virDomainTPMDef *tpm,
qemuExtTPMCleanupHost(virQEMUDriver *driver,
virDomainTPMDef *tpm,
virDomainUndefineFlagsValues flags,
bool outgoingMigration)
{
qemuTPMEmulatorCleanupHost(tpm, flags, outgoingMigration);
qemuTPMEmulatorCleanupHost(driver, tpm, flags, outgoingMigration);
}
@ -1137,7 +1148,7 @@ qemuExtTPMStop(virQEMUDriver *driver,
return;
qemuTPMEmulatorStop(cfg->swtpmStateDir, shortName);
if (outgoingMigration && qemuTPMHasSharedStorage(vm->def))
if (outgoingMigration && qemuTPMHasSharedStorage(driver, vm->def))
restoreTPMStateLabel = false;
if (qemuSecurityRestoreTPMLabels(driver, vm, restoreTPMStateLabel) < 0)

View File

@ -35,10 +35,11 @@ int qemuExtTPMPrepareHost(virQEMUDriver *driver,
ATTRIBUTE_NONNULL(3)
G_GNUC_WARN_UNUSED_RESULT;
void qemuExtTPMCleanupHost(virDomainTPMDef *tpm,
void qemuExtTPMCleanupHost(virQEMUDriver *driver,
virDomainTPMDef *tpm,
virDomainUndefineFlagsValues flags,
bool outgoingMigration)
ATTRIBUTE_NONNULL(1);
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
int qemuExtTPMStart(virQEMUDriver *driver,
virDomainObj *vm,
@ -59,8 +60,9 @@ int qemuExtTPMSetupCgroup(virQEMUDriver *driver,
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
G_GNUC_WARN_UNUSED_RESULT;
bool qemuTPMHasSharedStorage(virDomainDef *def)
ATTRIBUTE_NONNULL(1)
bool qemuTPMHasSharedStorage(virQEMUDriver *driver,
virDomainDef *def)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2)
G_GNUC_WARN_UNUSED_RESULT;
bool qemuTPMCanMigrateSharedStorage(virDomainDef *def)

View File

@ -415,6 +415,7 @@ AppArmorGenSecurityLabel(virSecurityManager *mgr G_GNUC_UNUSED,
static int
AppArmorSetSecurityAllLabel(virSecurityManager *mgr,
char *const *sharedFilesystems G_GNUC_UNUSED,
virDomainDef *def,
const char *incomingPath,
bool chardevStdioLogd G_GNUC_UNUSED,
@ -489,6 +490,7 @@ AppArmorReleaseSecurityLabel(virSecurityManager *mgr G_GNUC_UNUSED,
static int
AppArmorRestoreSecurityAllLabel(virSecurityManager *mgr G_GNUC_UNUSED,
char *const *sharedFilesystems G_GNUC_UNUSED,
virDomainDef *def,
bool migrated G_GNUC_UNUSED,
bool chardevStdioLogd G_GNUC_UNUSED)
@ -607,6 +609,7 @@ AppArmorClearSecuritySocketLabel(virSecurityManager *mgr G_GNUC_UNUSED,
/* Called when hotplugging */
static int
AppArmorRestoreSecurityImageLabel(virSecurityManager *mgr,
char *const *sharedFilesystems G_GNUC_UNUSED,
virDomainDef *def,
virStorageSource *src,
virSecurityDomainImageLabelFlags flags G_GNUC_UNUSED)
@ -711,6 +714,7 @@ AppArmorRestoreInputLabel(virSecurityManager *mgr,
/* Called when hotplugging */
static int
AppArmorSetSecurityImageLabelInternal(virSecurityManager *mgr,
char *const *sharedFilesystems G_GNUC_UNUSED,
virDomainDef *def,
virStorageSource *src)
{
@ -744,6 +748,7 @@ AppArmorSetSecurityImageLabelInternal(virSecurityManager *mgr,
static int
AppArmorSetSecurityImageLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def,
virStorageSource *src,
virSecurityDomainImageLabelFlags flags G_GNUC_UNUSED)
@ -759,7 +764,8 @@ AppArmorSetSecurityImageLabel(virSecurityManager *mgr,
return 0;
for (n = src; virStorageSourceIsBacking(n); n = n->backingStore) {
if (AppArmorSetSecurityImageLabelInternal(mgr, def, n) < 0)
if (AppArmorSetSecurityImageLabelInternal(mgr, sharedFilesystems,
def, n) < 0)
return -1;
}

View File

@ -79,6 +79,7 @@ struct _virSecurityDACChownItem {
typedef struct _virSecurityDACChownList virSecurityDACChownList;
struct _virSecurityDACChownList {
virSecurityManager *manager;
char **sharedFilesystems;
virSecurityDACChownItem **items;
size_t nItems;
bool lock;
@ -137,6 +138,7 @@ virSecurityDACChownListFree(void *opaque)
virSecurityDACChownItemFree(list->items[i]);
g_free(list->items);
virObjectUnref(list->manager);
g_strfreev(list->sharedFilesystems);
g_free(list);
}
@ -228,7 +230,9 @@ virSecurityDACTransactionRun(pid_t pid G_GNUC_UNUSED,
VIR_APPEND_ELEMENT_COPY_INPLACE(paths, npaths, p);
}
if (!(state = virSecurityManagerMetadataLock(list->manager, paths, npaths)))
if (!(state = virSecurityManagerMetadataLock(list->manager,
list->sharedFilesystems,
paths, npaths)))
return -1;
for (i = 0; i < list->nItems; i++) {
@ -533,6 +537,7 @@ virSecurityDACPreFork(virSecurityManager *mgr)
/**
* virSecurityDACTransactionStart:
* @mgr: security manager
* @sharedFilesystems: list of filesystem to consider shared
*
* Starts a new transaction. In transaction nothing is chown()-ed until
* TransactionCommit() is called. This is implemented as a list that is
@ -544,7 +549,8 @@ virSecurityDACPreFork(virSecurityManager *mgr)
* -1 otherwise.
*/
static int
virSecurityDACTransactionStart(virSecurityManager *mgr)
virSecurityDACTransactionStart(virSecurityManager *mgr,
char *const *sharedFilesystems)
{
g_autoptr(virSecurityDACChownList) list = NULL;
@ -557,6 +563,7 @@ virSecurityDACTransactionStart(virSecurityManager *mgr)
list = g_new0(virSecurityDACChownList, 1);
list->manager = virObjectRef(mgr);
list->sharedFilesystems = g_strdupv((char **) sharedFilesystems);
if (virThreadLocalSet(&chownList, list) < 0) {
virReportSystemError(errno, "%s",
@ -859,6 +866,7 @@ virSecurityDACRestoreFileLabel(virSecurityManager *mgr,
static int
virSecurityDACSetImageLabelInternal(virSecurityManager *mgr,
char *const *sharedFilesystems G_GNUC_UNUSED,
virDomainDef *def,
virStorageSource *src,
virStorageSource *parent,
@ -938,6 +946,7 @@ virSecurityDACSetImageLabelInternal(virSecurityManager *mgr,
static int
virSecurityDACSetImageLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def,
virStorageSource *src,
virSecurityDomainImageLabelFlags flags)
@ -948,7 +957,8 @@ virSecurityDACSetImageLabel(virSecurityManager *mgr,
for (n = src; virStorageSourceIsBacking(n); n = n->backingStore) {
const bool isChainTop = flags & VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP;
if (virSecurityDACSetImageLabelInternal(mgr, def, n, parent, isChainTop) < 0)
if (virSecurityDACSetImageLabelInternal(mgr, sharedFilesystems,
def, n, parent, isChainTop) < 0)
return -1;
if (!(flags & VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN))
@ -962,6 +972,7 @@ virSecurityDACSetImageLabel(virSecurityManager *mgr,
static int
virSecurityDACRestoreImageLabelInt(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def,
virStorageSource *src,
bool migrated)
@ -1004,7 +1015,7 @@ virSecurityDACRestoreImageLabelInt(virSecurityManager *mgr,
if (!src->path)
return 0;
if ((rc = virFileIsSharedFS(src->path)) < 0)
if ((rc = virFileIsSharedFS(src->path, sharedFilesystems)) < 0)
return -1;
}
@ -1038,16 +1049,19 @@ virSecurityDACRestoreImageLabelInt(virSecurityManager *mgr,
static int
virSecurityDACRestoreImageLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def,
virStorageSource *src,
virSecurityDomainImageLabelFlags flags G_GNUC_UNUSED)
{
return virSecurityDACRestoreImageLabelInt(mgr, def, src, false);
return virSecurityDACRestoreImageLabelInt(mgr, sharedFilesystems,
def, src, false);
}
struct virSecurityDACMoveImageMetadataData {
virSecurityManager *mgr;
char **sharedFilesystems;
const char *src;
const char *dst;
};
@ -1062,7 +1076,9 @@ virSecurityDACMoveImageMetadataHelper(pid_t pid G_GNUC_UNUSED,
virSecurityManagerMetadataLockState *state;
int ret;
if (!(state = virSecurityManagerMetadataLock(data->mgr, paths, G_N_ELEMENTS(paths))))
if (!(state = virSecurityManagerMetadataLock(data->mgr,
data->sharedFilesystems,
paths, G_N_ELEMENTS(paths))))
return -1;
ret = virSecurityMoveRememberedLabel(SECURITY_DAC_NAME, data->src, data->dst);
@ -1079,12 +1095,17 @@ virSecurityDACMoveImageMetadataHelper(pid_t pid G_GNUC_UNUSED,
static int
virSecurityDACMoveImageMetadata(virSecurityManager *mgr,
char *const *sharedFilesystems,
pid_t pid,
virStorageSource *src,
virStorageSource *dst)
{
virSecurityDACData *priv = virSecurityManagerGetPrivateData(mgr);
struct virSecurityDACMoveImageMetadataData data = { .mgr = mgr, 0 };
struct virSecurityDACMoveImageMetadataData data = {
.mgr = mgr,
.sharedFilesystems = (char **) sharedFilesystems,
0
};
int rc;
/* If dynamicOwnership is turned off, or owner remembering is
@ -1883,6 +1904,7 @@ virSecurityDACRestoreSysinfoLabel(virSecurityManager *mgr,
static int
virSecurityDACRestoreAllLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def,
bool migrated,
bool chardevStdioLogd)
@ -1907,6 +1929,7 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr,
for (i = 0; i < def->ndisks; i++) {
if (virSecurityDACRestoreImageLabelInt(mgr,
sharedFilesystems,
def,
def->disks[i]->src,
migrated) < 0)
@ -1974,7 +1997,8 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr,
}
if (def->os.loader && def->os.loader->nvram) {
if (virSecurityDACRestoreImageLabelInt(mgr, def, def->os.loader->nvram,
if (virSecurityDACRestoreImageLabelInt(mgr, sharedFilesystems,
def, def->os.loader->nvram,
migrated) < 0)
rc = -1;
}
@ -2120,6 +2144,7 @@ virSecurityDACSetSysinfoLabel(virSecurityManager *mgr,
static int
virSecurityDACSetAllLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def,
const char *incomingPath G_GNUC_UNUSED,
bool chardevStdioLogd,
@ -2145,7 +2170,8 @@ virSecurityDACSetAllLabel(virSecurityManager *mgr,
/* XXX fixme - we need to recursively label the entire tree :-( */
if (virDomainDiskGetType(def->disks[i]) == VIR_STORAGE_TYPE_DIR)
continue;
if (virSecurityDACSetImageLabel(mgr, def, def->disks[i]->src,
if (virSecurityDACSetImageLabel(mgr, sharedFilesystems,
def, def->disks[i]->src,
VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN |
VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP) < 0)
return -1;
@ -2214,7 +2240,8 @@ virSecurityDACSetAllLabel(virSecurityManager *mgr,
}
if (def->os.loader && def->os.loader->nvram) {
if (virSecurityDACSetImageLabel(mgr, def, def->os.loader->nvram,
if (virSecurityDACSetImageLabel(mgr, sharedFilesystems,
def, def->os.loader->nvram,
VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN |
VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP) < 0)
return -1;

View File

@ -46,7 +46,8 @@ typedef const char *(*virSecurityDriverGetBaseLabel) (virSecurityManager *mgr,
typedef int (*virSecurityDriverPreFork) (virSecurityManager *mgr);
typedef int (*virSecurityDriverTransactionStart) (virSecurityManager *mgr);
typedef int (*virSecurityDriverTransactionStart) (virSecurityManager *mgr,
char *const *sharedFilesystems);
typedef int (*virSecurityDriverTransactionCommit) (virSecurityManager *mgr,
pid_t pid,
bool lock);
@ -80,11 +81,13 @@ typedef int (*virSecurityDomainReserveLabel) (virSecurityManager *mgr,
typedef int (*virSecurityDomainReleaseLabel) (virSecurityManager *mgr,
virDomainDef *sec);
typedef int (*virSecurityDomainSetAllLabel) (virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *sec,
const char *incomingPath,
bool chardevStdioLogd,
bool migrated);
typedef int (*virSecurityDomainRestoreAllLabel) (virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def,
bool migrated,
bool chardevStdioLogd);
@ -113,14 +116,17 @@ typedef int (*virSecurityDomainSetHugepages) (virSecurityManager *mgr,
const char *path);
typedef int (*virSecurityDomainSetImageLabel) (virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def,
virStorageSource *src,
virSecurityDomainImageLabelFlags flags);
typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def,
virStorageSource *src,
virSecurityDomainImageLabelFlags flags);
typedef int (*virSecurityDomainMoveImageMetadata) (virSecurityManager *mgr,
char *const *sharedFilesystems,
pid_t pid,
virStorageSource *src,
virStorageSource *dst);

View File

@ -244,6 +244,7 @@ virSecurityManagerPostFork(virSecurityManager *mgr)
/**
* virSecurityManagerTransactionStart:
* @mgr: security manager
* @sharedFilesystems: list of filesystem to consider shared
*
* Starts a new transaction. In transaction nothing is changed security
* label until virSecurityManagerTransactionCommit() is called.
@ -252,14 +253,15 @@ virSecurityManagerPostFork(virSecurityManager *mgr)
* -1 otherwise.
*/
int
virSecurityManagerTransactionStart(virSecurityManager *mgr)
virSecurityManagerTransactionStart(virSecurityManager *mgr,
char *const *sharedFilesystems)
{
VIR_LOCK_GUARD lock = virObjectLockGuard(mgr);
if (!mgr->drv->transactionStart)
return 0;
return mgr->drv->transactionStart(mgr);
return mgr->drv->transactionStart(mgr, sharedFilesystems);
}
@ -402,6 +404,7 @@ virSecurityManagerGetPrivileged(virSecurityManager *mgr)
/**
* virSecurityManagerRestoreImageLabel:
* @mgr: security manager object
* @sharedFilesystems: list of filesystem to consider shared
* @vm: domain definition object
* @src: disk source definition to operate on
* @flags: bitwise or of 'virSecurityDomainImageLabelFlags'
@ -412,6 +415,7 @@ virSecurityManagerGetPrivileged(virSecurityManager *mgr)
*/
int
virSecurityManagerRestoreImageLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *vm,
virStorageSource *src,
virSecurityDomainImageLabelFlags flags)
@ -423,13 +427,15 @@ virSecurityManagerRestoreImageLabel(virSecurityManager *mgr,
return -1;
}
return mgr->drv->domainRestoreSecurityImageLabel(mgr, vm, src, flags);
return mgr->drv->domainRestoreSecurityImageLabel(mgr, sharedFilesystems,
vm, src, flags);
}
/**
* virSecurityManagerMoveImageMetadata:
* @mgr: security manager
* @sharedFilesystems: list of filesystem to consider shared
* @pid: domain's PID
* @src: source of metadata
* @dst: destination to move metadata to
@ -449,6 +455,7 @@ virSecurityManagerRestoreImageLabel(virSecurityManager *mgr,
*/
int
virSecurityManagerMoveImageMetadata(virSecurityManager *mgr,
char *const *sharedFilesystems,
pid_t pid,
virStorageSource *src,
virStorageSource *dst)
@ -458,7 +465,8 @@ virSecurityManagerMoveImageMetadata(virSecurityManager *mgr,
if (!mgr->drv->domainMoveImageMetadata)
return 0;
return mgr->drv->domainMoveImageMetadata(mgr, pid, src, dst);
return mgr->drv->domainMoveImageMetadata(mgr, sharedFilesystems,
pid, src, dst);
}
@ -510,6 +518,7 @@ virSecurityManagerClearSocketLabel(virSecurityManager *mgr,
/**
* virSecurityManagerSetImageLabel:
* @mgr: security manager object
* @sharedFilesystems: list of filesystem to consider shared
* @vm: domain definition object
* @src: disk source definition to operate on
* @flags: bitwise or of 'virSecurityDomainImageLabelFlags'
@ -520,6 +529,7 @@ virSecurityManagerClearSocketLabel(virSecurityManager *mgr,
*/
int
virSecurityManagerSetImageLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *vm,
virStorageSource *src,
virSecurityDomainImageLabelFlags flags)
@ -531,7 +541,8 @@ virSecurityManagerSetImageLabel(virSecurityManager *mgr,
return -1;
}
return mgr->drv->domainSetSecurityImageLabel(mgr, vm, src, flags);
return mgr->drv->domainSetSecurityImageLabel(mgr, sharedFilesystems,
vm, src, flags);
}
@ -816,6 +827,7 @@ int virSecurityManagerCheckAllLabel(virSecurityManager *mgr,
int
virSecurityManagerSetAllLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *vm,
const char *incomingPath,
bool chardevStdioLogd,
@ -828,13 +840,15 @@ virSecurityManagerSetAllLabel(virSecurityManager *mgr,
return -1;
}
return mgr->drv->domainSetSecurityAllLabel(mgr, vm, incomingPath,
return mgr->drv->domainSetSecurityAllLabel(mgr, sharedFilesystems,
vm, incomingPath,
chardevStdioLogd, migrated);
}
int
virSecurityManagerRestoreAllLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *vm,
bool migrated,
bool chardevStdioLogd)
@ -846,7 +860,8 @@ virSecurityManagerRestoreAllLabel(virSecurityManager *mgr,
return -1;
}
return mgr->drv->domainRestoreSecurityAllLabel(mgr, vm, migrated,
return mgr->drv->domainRestoreSecurityAllLabel(mgr, sharedFilesystems,
vm, migrated,
chardevStdioLogd);
}
@ -1292,6 +1307,7 @@ cmpstringp(const void *p1,
/**
* virSecurityManagerMetadataLock:
* @mgr: security manager object
* @sharedFilesystems: list of filesystem to consider shared
* @paths: paths to lock
* @npaths: number of items in @paths array
*
@ -1307,6 +1323,7 @@ cmpstringp(const void *p1,
*/
virSecurityManagerMetadataLockState *
virSecurityManagerMetadataLock(virSecurityManager *mgr G_GNUC_UNUSED,
char *const *sharedFilesystems,
const char **paths,
size_t npaths)
{
@ -1377,7 +1394,7 @@ virSecurityManagerMetadataLock(virSecurityManager *mgr G_GNUC_UNUSED,
}
#endif /* !WIN32 */
if (virFileIsSharedFS(p)) {
if (virFileIsSharedFS(p, sharedFilesystems)) {
/* Probably a root squashed NFS. */
continue;
}

View File

@ -81,7 +81,8 @@ virSecurityManager *virSecurityManagerNewDAC(const char *virtDriver,
int virSecurityManagerPreFork(virSecurityManager *mgr);
void virSecurityManagerPostFork(virSecurityManager *mgr);
int virSecurityManagerTransactionStart(virSecurityManager *mgr);
int virSecurityManagerTransactionStart(virSecurityManager *mgr,
char *const *sharedFilesystems);
int virSecurityManagerTransactionCommit(virSecurityManager *mgr,
pid_t pid,
bool lock);
@ -129,11 +130,13 @@ int virSecurityManagerReleaseLabel(virSecurityManager *mgr,
int virSecurityManagerCheckAllLabel(virSecurityManager *mgr,
virDomainDef *sec);
int virSecurityManagerSetAllLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *sec,
const char *incomingPath,
bool chardevStdioLogd,
bool migrated);
int virSecurityManagerRestoreAllLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def,
bool migrated,
bool chardevStdioLogd);
@ -170,14 +173,17 @@ typedef enum {
} virSecurityDomainImageLabelFlags;
int virSecurityManagerSetImageLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *vm,
virStorageSource *src,
virSecurityDomainImageLabelFlags flags);
int virSecurityManagerRestoreImageLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *vm,
virStorageSource *src,
virSecurityDomainImageLabelFlags flags);
int virSecurityManagerMoveImageMetadata(virSecurityManager *mgr,
char *const *sharedFilesystems,
pid_t pid,
virStorageSource *src,
virStorageSource *dst);
@ -246,6 +252,7 @@ struct _virSecurityManagerMetadataLockState {
virSecurityManagerMetadataLockState *
virSecurityManagerMetadataLock(virSecurityManager *mgr,
char *const *sharedFilesystems,
const char **paths,
size_t npaths);

View File

@ -116,6 +116,7 @@ virSecurityDomainReleaseLabelNop(virSecurityManager *mgr G_GNUC_UNUSED,
static int
virSecurityDomainSetAllLabelNop(virSecurityManager *mgr G_GNUC_UNUSED,
char *const *sharedFilesystems G_GNUC_UNUSED,
virDomainDef *sec G_GNUC_UNUSED,
const char *incomingPath G_GNUC_UNUSED,
bool chardevStdioLogd G_GNUC_UNUSED,
@ -126,6 +127,7 @@ virSecurityDomainSetAllLabelNop(virSecurityManager *mgr G_GNUC_UNUSED,
static int
virSecurityDomainRestoreAllLabelNop(virSecurityManager *mgr G_GNUC_UNUSED,
char *const *sharedFilesystems G_GNUC_UNUSED,
virDomainDef *vm G_GNUC_UNUSED,
bool migrated G_GNUC_UNUSED,
bool chardevStdioLogd G_GNUC_UNUSED)
@ -189,6 +191,7 @@ virSecurityGetBaseLabel(virSecurityManager *mgr G_GNUC_UNUSED,
static int
virSecurityDomainRestoreImageLabelNop(virSecurityManager *mgr G_GNUC_UNUSED,
char *const *sharedFilesystems G_GNUC_UNUSED,
virDomainDef *def G_GNUC_UNUSED,
virStorageSource *src G_GNUC_UNUSED,
virSecurityDomainImageLabelFlags flags G_GNUC_UNUSED)
@ -198,6 +201,7 @@ virSecurityDomainRestoreImageLabelNop(virSecurityManager *mgr G_GNUC_UNUSED,
static int
virSecurityDomainSetImageLabelNop(virSecurityManager *mgr G_GNUC_UNUSED,
char *const *sharedFilesystems G_GNUC_UNUSED,
virDomainDef *def G_GNUC_UNUSED,
virStorageSource *src G_GNUC_UNUSED,
virSecurityDomainImageLabelFlags flags G_GNUC_UNUSED)
@ -207,6 +211,7 @@ virSecurityDomainSetImageLabelNop(virSecurityManager *mgr G_GNUC_UNUSED,
static int
virSecurityDomainMoveImageMetadataNop(virSecurityManager *mgr G_GNUC_UNUSED,
char *const *sharedFilesystems G_GNUC_UNUSED,
pid_t pid G_GNUC_UNUSED,
virStorageSource *src G_GNUC_UNUSED,
virStorageSource *dst G_GNUC_UNUSED)

View File

@ -77,6 +77,7 @@ struct _virSecuritySELinuxContextItem {
typedef struct _virSecuritySELinuxContextList virSecuritySELinuxContextList;
struct _virSecuritySELinuxContextList {
virSecurityManager *manager;
char **sharedFilesystems;
virSecuritySELinuxContextItem **items;
size_t nItems;
bool lock;
@ -141,6 +142,7 @@ virSecuritySELinuxContextListFree(void *opaque)
g_free(list->items);
virObjectUnref(list->manager);
g_strfreev(list->sharedFilesystems);
g_free(list);
}
@ -254,7 +256,9 @@ virSecuritySELinuxTransactionRun(pid_t pid G_GNUC_UNUSED,
VIR_APPEND_ELEMENT_COPY_INPLACE(paths, npaths, p);
}
if (!(state = virSecurityManagerMetadataLock(list->manager, paths, npaths)))
if (!(state = virSecurityManagerMetadataLock(list->manager,
list->sharedFilesystems,
paths, npaths)))
goto cleanup;
for (i = 0; i < list->nItems; i++) {
@ -1102,6 +1106,7 @@ virSecuritySELinuxGetDOI(virSecurityManager *mgr G_GNUC_UNUSED)
/**
* virSecuritySELinuxTransactionStart:
* @mgr: security manager
* @sharedFilesystems: list of filesystem to consider shared
*
* Starts a new transaction. In transaction nothing is changed context
* until TransactionCommit() is called. This is implemented as a list
@ -1114,7 +1119,8 @@ virSecuritySELinuxGetDOI(virSecurityManager *mgr G_GNUC_UNUSED)
* -1 otherwise.
*/
static int
virSecuritySELinuxTransactionStart(virSecurityManager *mgr)
virSecuritySELinuxTransactionStart(virSecurityManager *mgr,
char *const *sharedFilesystems)
{
virSecuritySELinuxContextList *list;
@ -1128,6 +1134,7 @@ virSecuritySELinuxTransactionStart(virSecurityManager *mgr)
list = g_new0(virSecuritySELinuxContextList, 1);
list->manager = virObjectRef(mgr);
list->sharedFilesystems = g_strdupv((char **) sharedFilesystems);
if (virThreadLocalSet(&contextList, list) < 0) {
virReportSystemError(errno, "%s",
@ -1777,6 +1784,7 @@ virSecuritySELinuxRestoreTPMFileLabelInt(virSecurityManager *mgr,
static int
virSecuritySELinuxRestoreImageLabelInt(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def,
virStorageSource *src,
bool migrated)
@ -1835,7 +1843,7 @@ virSecuritySELinuxRestoreImageLabelInt(virSecurityManager *mgr,
if (!src->path)
return 0;
if ((rc = virFileIsSharedFS(src->path)) < 0)
if ((rc = virFileIsSharedFS(src->path, sharedFilesystems)) < 0)
return -1;
}
@ -1867,16 +1875,19 @@ virSecuritySELinuxRestoreImageLabelInt(virSecurityManager *mgr,
static int
virSecuritySELinuxRestoreImageLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def,
virStorageSource *src,
virSecurityDomainImageLabelFlags flags G_GNUC_UNUSED)
{
return virSecuritySELinuxRestoreImageLabelInt(mgr, def, src, false);
return virSecuritySELinuxRestoreImageLabelInt(mgr, sharedFilesystems,
def, src, false);
}
static int
virSecuritySELinuxSetImageLabelInternal(virSecurityManager *mgr,
char *const *sharedFilesystems G_GNUC_UNUSED,
virDomainDef *def,
virStorageSource *src,
virStorageSource *parent,
@ -1983,6 +1994,7 @@ virSecuritySELinuxSetImageLabelInternal(virSecurityManager *mgr,
static int
virSecuritySELinuxSetImageLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def,
virStorageSource *src,
virSecurityDomainImageLabelFlags flags)
@ -1993,7 +2005,9 @@ virSecuritySELinuxSetImageLabel(virSecurityManager *mgr,
for (n = src; virStorageSourceIsBacking(n); n = n->backingStore) {
const bool isChainTop = flags & VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP;
if (virSecuritySELinuxSetImageLabelInternal(mgr, def, n, parent, isChainTop) < 0)
if (virSecuritySELinuxSetImageLabelInternal(mgr, sharedFilesystems,
def, n, parent,
isChainTop) < 0)
return -1;
if (!(flags & VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN))
@ -2008,6 +2022,7 @@ virSecuritySELinuxSetImageLabel(virSecurityManager *mgr,
struct virSecuritySELinuxMoveImageMetadataData {
virSecurityManager *mgr;
char **sharedFilesystems;
const char *src;
const char *dst;
};
@ -2022,7 +2037,9 @@ virSecuritySELinuxMoveImageMetadataHelper(pid_t pid G_GNUC_UNUSED,
virSecurityManagerMetadataLockState *state;
int ret;
if (!(state = virSecurityManagerMetadataLock(data->mgr, paths, G_N_ELEMENTS(paths))))
if (!(state = virSecurityManagerMetadataLock(data->mgr,
data->sharedFilesystems,
paths, G_N_ELEMENTS(paths))))
return -1;
ret = virSecurityMoveRememberedLabel(SECURITY_SELINUX_NAME, data->src, data->dst);
@ -2039,11 +2056,16 @@ virSecuritySELinuxMoveImageMetadataHelper(pid_t pid G_GNUC_UNUSED,
static int
virSecuritySELinuxMoveImageMetadata(virSecurityManager *mgr,
char *const *sharedFilesystems,
pid_t pid,
virStorageSource *src,
virStorageSource *dst)
{
struct virSecuritySELinuxMoveImageMetadataData data = { .mgr = mgr, 0 };
struct virSecuritySELinuxMoveImageMetadataData data = {
.mgr = mgr,
.sharedFilesystems = (char **) sharedFilesystems,
0
};
int rc;
if (src && virStorageSourceIsLocalStorage(src))
@ -2820,6 +2842,7 @@ virSecuritySELinuxRestoreSysinfoLabel(virSecurityManager *mgr,
static int
virSecuritySELinuxRestoreAllLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def,
bool migrated,
bool chardevStdioLogd)
@ -2844,7 +2867,8 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager *mgr,
for (i = 0; i < def->ndisks; i++) {
virDomainDiskDef *disk = def->disks[i];
if (virSecuritySELinuxRestoreImageLabelInt(mgr, def, disk->src,
if (virSecuritySELinuxRestoreImageLabelInt(mgr, sharedFilesystems,
def, disk->src,
migrated) < 0)
rc = -1;
}
@ -2890,7 +2914,8 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager *mgr,
}
if (def->os.loader && def->os.loader->nvram) {
if (virSecuritySELinuxRestoreImageLabelInt(mgr, def, def->os.loader->nvram,
if (virSecuritySELinuxRestoreImageLabelInt(mgr, sharedFilesystems,
def, def->os.loader->nvram,
migrated) < 0)
rc = -1;
}
@ -3236,6 +3261,7 @@ virSecuritySELinuxSetSysinfoLabel(virSecurityManager *mgr,
static int
virSecuritySELinuxSetAllLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *def,
const char *incomingPath G_GNUC_UNUSED,
bool chardevStdioLogd,
@ -3263,7 +3289,8 @@ virSecuritySELinuxSetAllLabel(virSecurityManager *mgr,
def->disks[i]->dst);
continue;
}
if (virSecuritySELinuxSetImageLabel(mgr, def, def->disks[i]->src,
if (virSecuritySELinuxSetImageLabel(mgr, sharedFilesystems,
def, def->disks[i]->src,
VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN |
VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP) < 0)
return -1;
@ -3313,7 +3340,8 @@ virSecuritySELinuxSetAllLabel(virSecurityManager *mgr,
}
if (def->os.loader && def->os.loader->nvram) {
if (virSecuritySELinuxSetImageLabel(mgr, def, def->os.loader->nvram,
if (virSecuritySELinuxSetImageLabel(mgr, sharedFilesystems,
def, def->os.loader->nvram,
VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN |
VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP) < 0)
return -1;

View File

@ -140,13 +140,15 @@ virSecurityStackPreFork(virSecurityManager *mgr)
static int
virSecurityStackTransactionStart(virSecurityManager *mgr)
virSecurityStackTransactionStart(virSecurityManager *mgr,
char *const *sharedFilesystems)
{
virSecurityStackData *priv = virSecurityManagerGetPrivateData(mgr);
virSecurityStackItem *item = priv->itemsHead;
for (; item; item = item->next) {
if (virSecurityManagerTransactionStart(item->securityManager) < 0)
if (virSecurityManagerTransactionStart(item->securityManager,
sharedFilesystems) < 0)
goto rollback;
}
@ -337,6 +339,7 @@ virSecurityStackRestoreHostdevLabel(virSecurityManager *mgr,
static int
virSecurityStackSetAllLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *vm,
const char *incomingPath,
bool chardevStdioLogd,
@ -346,8 +349,9 @@ virSecurityStackSetAllLabel(virSecurityManager *mgr,
virSecurityStackItem *item = priv->itemsHead;
for (; item; item = item->next) {
if (virSecurityManagerSetAllLabel(item->securityManager, vm,
incomingPath, chardevStdioLogd,
if (virSecurityManagerSetAllLabel(item->securityManager,
sharedFilesystems,
vm, incomingPath, chardevStdioLogd,
migrated) < 0)
goto rollback;
}
@ -357,6 +361,7 @@ virSecurityStackSetAllLabel(virSecurityManager *mgr,
rollback:
for (item = item->prev; item; item = item->prev) {
if (virSecurityManagerRestoreAllLabel(item->securityManager,
sharedFilesystems,
vm,
migrated,
chardevStdioLogd) < 0) {
@ -373,6 +378,7 @@ virSecurityStackSetAllLabel(virSecurityManager *mgr,
static int
virSecurityStackRestoreAllLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *vm,
bool migrated,
bool chardevStdioLogd)
@ -382,8 +388,11 @@ virSecurityStackRestoreAllLabel(virSecurityManager *mgr,
int rc = 0;
for (; item; item = item->next) {
if (virSecurityManagerRestoreAllLabel(item->securityManager, vm,
migrated, chardevStdioLogd) < 0)
if (virSecurityManagerRestoreAllLabel(item->securityManager,
sharedFilesystems,
vm,
migrated,
chardevStdioLogd) < 0)
rc = -1;
}
@ -638,6 +647,7 @@ virSecurityStackGetBaseLabel(virSecurityManager *mgr, int virtType)
static int
virSecurityStackSetImageLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *vm,
virStorageSource *src,
virSecurityDomainImageLabelFlags flags)
@ -646,8 +656,9 @@ virSecurityStackSetImageLabel(virSecurityManager *mgr,
virSecurityStackItem *item = priv->itemsHead;
for (; item; item = item->next) {
if (virSecurityManagerSetImageLabel(item->securityManager, vm, src,
flags) < 0)
if (virSecurityManagerSetImageLabel(item->securityManager,
sharedFilesystems,
vm, src, flags) < 0)
goto rollback;
}
@ -656,6 +667,7 @@ virSecurityStackSetImageLabel(virSecurityManager *mgr,
rollback:
for (item = item->prev; item; item = item->prev) {
if (virSecurityManagerRestoreImageLabel(item->securityManager,
sharedFilesystems,
vm,
src,
flags) < 0) {
@ -672,6 +684,7 @@ virSecurityStackSetImageLabel(virSecurityManager *mgr,
static int
virSecurityStackRestoreImageLabel(virSecurityManager *mgr,
char *const *sharedFilesystems,
virDomainDef *vm,
virStorageSource *src,
virSecurityDomainImageLabelFlags flags)
@ -682,6 +695,7 @@ virSecurityStackRestoreImageLabel(virSecurityManager *mgr,
for (; item; item = item->next) {
if (virSecurityManagerRestoreImageLabel(item->securityManager,
sharedFilesystems,
vm, src, flags) < 0)
rc = -1;
}
@ -691,6 +705,7 @@ virSecurityStackRestoreImageLabel(virSecurityManager *mgr,
static int
virSecurityStackMoveImageMetadata(virSecurityManager *mgr,
char *const *sharedFilesystems,
pid_t pid,
virStorageSource *src,
virStorageSource *dst)
@ -701,6 +716,7 @@ virSecurityStackMoveImageMetadata(virSecurityManager *mgr,
for (; item; item = item->next) {
if (virSecurityManagerMoveImageMetadata(item->securityManager,
sharedFilesystems,
pid, src, dst) < 0)
rc = -1;
}

View File

@ -2604,8 +2604,14 @@ virFileOpenAs(const char *path,
goto error;
/* On Linux we can also verify the FS-type of the
* directory. (this is a NOP on other platforms). */
if (virFileIsSharedFS(path) <= 0)
* directory. (this is a NOP on other platforms).
*
* Note that it would be pointless to pass
* virQEMUDriverConfig.sharedFilesystems here, since those
* listed there are by definition paths that can be accessed
* as local from the current host. Thus, a second attempt at
* opening the file would not make a difference */
if (virFileIsSharedFS(path, NULL) <= 0)
goto error;
}
@ -3798,7 +3804,8 @@ virFileGetDefaultHugepage(virHugeTLBFS *fs,
return NULL;
}
int virFileIsSharedFS(const char *path)
int virFileIsSharedFS(const char *path,
char *const *overrides G_GNUC_UNUSED)
{
return virFileIsSharedFSType(path,
VIR_FILE_SHFS_NFS |

View File

@ -235,7 +235,8 @@ enum {
};
int virFileIsSharedFSType(const char *path, unsigned int fstypes) ATTRIBUTE_NONNULL(1);
int virFileIsSharedFS(const char *path) ATTRIBUTE_NONNULL(1);
int virFileIsSharedFS(const char *path,
char *const *overrides) ATTRIBUTE_NONNULL(1);
int virFileIsClusterFS(const char *path) ATTRIBUTE_NONNULL(1);
int virFileIsMountPoint(const char *file) ATTRIBUTE_NONNULL(1);
int virFileIsCDROM(const char *path)

View File

@ -270,7 +270,7 @@ testSELinuxLabeling(const void *opaque)
if (!(def = testSELinuxLoadDef(testname)))
goto cleanup;
if (virSecurityManagerSetAllLabel(mgr, def, NULL, false, false) < 0)
if (virSecurityManagerSetAllLabel(mgr, NULL, def, NULL, false, false) < 0)
goto cleanup;
if (testSELinuxCheckLabels(files, nfiles) < 0)

View File

@ -313,7 +313,7 @@ testFileIsSharedFSType(const void *opaque G_GNUC_UNUSED)
goto cleanup;
}
actual = virFileIsSharedFS(data->filename);
actual = virFileIsSharedFS(data->filename, NULL);
if (actual != data->expected) {
fprintf(stderr, "Unexpected FS type. Expected %d got %d\n",