[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 3/4] Fix QEMU save/restore with block devices

On 04/28/2010 08:49 AM, Daniel P. Berrange wrote:
On Sun, Apr 25, 2010 at 03:04:21AM -0400, Laine Stump wrote:
On 04/24/2010 12:50 AM, Laine Stump wrote:
Is it really necessary to add this padding even when we *aren't* using
dd? (ie, when is_reg == 1).
Nevermind. Now that I've actual RTFC, I see that this new code *always*
use dd.

However, I just noticed an SELinux complaint about dd attempting to
write to a file on an NFS-mounted directory. My system is running
SELinux in permissive mode, so it succeeded, but won't this be a problem
if it's in enforcing mode?
If there is a SELinux problem I don't think it can be related to this
patch. Both before&  after this change we're running a child process
to actually write the data. Previously cat, now dd. So SELinux would
impact them equally badly/well.

Correct (that it's a problem with dd breaking an SELinux policy, not us). I don't recall if there was previously a complaint about cat doing it, but it seems probable that SELinux would be setup to not complain about a cat of a file on an NFS-mounted directory, yet complain loudly if someone used dd.

So while nothing needs changing in this code, it's one of those things that we need to inform the SELinux people about - it really is foreseeable that someone would want to access an NFS-mounted file with dd.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]