[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libguestfs] [PATCH 4/7] launch: libvirt: Allow the SELinux label to be set on qcow2 overlay files.

On Thu, 2013-02-28 at 10:57 +0000, Richard W.M. Jones wrote:
> From: "Richard W.M. Jones" <rjones redhat com>
> When a disk is opened readonly, the libvirt attach-method privately
> creates a qcow2 overlay on top.
> This commit lets that overlay get an SELinux label, and sets it to the
> label specified by guestfs_internal_set_libvirt_selinux_label.
> We have to adjust the SELinux label (which is a process label) to make
> it applicable to images.  We do this by changing the role from
> 'system_r' to 'object_r', and the type from 'svirt_t' to 'svirt_image_t'.

The code below doesn't do this. Are you saying that the caller must set
the process context manually?

> The above only applies to the libvirt attach-method.
> ---
>  src/launch-libvirt.c | 27 +++++++++++++++++++--------
>  1 file changed, 19 insertions(+), 8 deletions(-)
> diff --git a/src/launch-libvirt.c b/src/launch-libvirt.c
> index 45950e2..5c14155 100644
> --- a/src/launch-libvirt.c
> +++ b/src/launch-libvirt.c
> @@ -133,8 +133,8 @@ static int is_custom_qemu (guestfs_h *g);
>  static int is_blk (const char *path);
>  static int random_chars (char *ret, size_t len);
>  static void ignore_errors (void *ignore, virErrorPtr ignore2);
> -static char *make_qcow2_overlay (guestfs_h *g, const char *path, const char *format);
> -static int make_qcow2_overlay_for_drive (guestfs_h *g, struct drive *drv);
> +static char *make_qcow2_overlay (guestfs_h *g, const char *path, const char *format, bool selinux_label);
> +static int make_qcow2_overlay_for_drive (guestfs_h *g, struct drive *drv, bool selinux_label);
>  static void drive_free_priv (void *);
>  static void set_socket_create_context (guestfs_h *g);
>  static void clear_socket_create_context (guestfs_h *g);
> @@ -235,13 +235,13 @@ launch_libvirt (guestfs_h *g, const char *libvirt_uri)
>     * Note that appliance can be NULL if using the old-style appliance.
>     */
>    if (appliance) {
> -    params.appliance_overlay = make_qcow2_overlay (g, appliance, "raw");
> +    params.appliance_overlay = make_qcow2_overlay (g, appliance, "raw", false);
>      if (!params.appliance_overlay)
>        goto cleanup;
>    }

I'm surprised the appliance image overlay doesn't require a label. If
libvirt launches the appliance in a confined context, I wouldn't expect
it to be able to read anything which wasn't appropriately labelled,
which would include the image. I assume you've tested it and it works,
but I would like to understand why this is possible. Relabelling the
appliance could get complicated wrt multiple appliances running


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]