[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] qemu: fix regression with fd labeling on migration



On Mon, Mar 28, 2011 at 04:33:58PM -0600, Eric Blake wrote:
> My earlier testing for commit 34fa0de0 was done while starting
> just-built libvirt from an unconfined_t shell, where the fds happened
> to work when transferring to qemu.  But when installed and run under
> virtd_t, failure to label the raw file (with no compression) or the
> pipe (with compression) triggers SELinux failures when passing fds
> over SCM_RIGHTS to svirt_t qemu.
> 
> * src/qemu/qemu_migration.c (qemuMigrationToFile): When passing
> FDs, make sure they are labeled.
> ---
> 
> This copies the fd-labeling approach added in commit 34a19dda1.
> 
> With this patch, I tested both unconfined_t and virtd_t SELinux
> process labels for libvirtd (shell start vs. init start).
> 
> virsh managedsave dom/virsh start dom
> works for both raw and compressed save_image_format, both contexts
> 
> virsh save dom file/virsh restore file
> works for raw save_image_format, both contexts
> works for compressed with virtd_t context
> save fails for compressed with unconfined_t context, with the failure
> looking identical to the previously-reported failure for restore
> in the same settings (https://bugzilla.redhat.com/show_bug.cgi?id=691499)
> 
> So I'm reasonably confident that this is a good patch.
> 
>  src/qemu/qemu_migration.c |    8 ++++++--
>  1 files changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
> index 98b9d01..43741e1 100644
> --- a/src/qemu/qemu_migration.c
> +++ b/src/qemu/qemu_migration.c
> @@ -1304,8 +1304,12 @@ qemuMigrationToFile(struct qemud_driver *driver, virDomainObjPtr vm,
>      if (qemuCaps && qemuCapsGet(qemuCaps, QEMU_CAPS_MIGRATE_QEMU_FD) &&
>          (!compressor || pipe(pipeFD) == 0)) {
>          /* All right! We can use fd migration, which means that qemu
> -         * doesn't have to open() the file, so we don't have to futz
> -         * around with granting access or revoking it later.  */
> +         * doesn't have to open() the file, so while we still have to
> +         * grant SELinux access, we can do it on fd and avoid cleanup
> +         * later, as well as skip futzing with cgroup.  */
> +        if (virSecurityManagerSetFDLabel(driver->securityManager, vm,
> +                                         compressor ? pipeFD[1] : fd) < 0)
> +            goto cleanup;
>          is_reg = true;
>          bypassSecurityDriver = true;
>      } else {

  Based on the xplanations, that looks a reasonable patch,

   ACK,

Daniel

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel veillard com  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]