[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH 0/2] security: Save labels of resources before libvirt changing them for restoring.



Hi ALL:
    There is a confusing issue in svirt. If sec_type is dynamic or relabel is yes in VM,
    when VM stopped, the label of image will be restored to a default label on the path, 
    but not my expected label what it was before VM is started.

Example:
    #virsh dumpxml virt-tests-vm1
    ...
    <disk type='file' device='disk'>
      <driver name='qemu' type='raw' cache='none'/>
      <source file='/libvirt_autotest_root/images/fedora17.img'/>
      <target dev='hda' bus='ide'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>
    ...
    <seclabel type='dynamic' model='selinux' relabel='yes'/>
    ...
    # ll /libvirt_autotest_root/images/fedora17.img -Z
    -rwxr-xr-x. root root *system_u:object_r:svirt_image_t:s0* /libvirt_autotest_root/images/fedora17.img
    # virsh start virt-tests-vm1
    Domain virt-tests-vm1 started
    # virsh destroy virt-tests-vm1
    Domain virt-tests-vm1 destroyed
    # ll /libvirt_autotest_root/images/fedora17.img -Z
    -rwxr-xr-x. root root *system_u:object_r:default_t:s0*   /libvirt_autotest_root/images/fedora17.img

    Label is changed from svirt_image_t to default_t. And the svirt_image_t is accessable for svirt_t process
    but default_t is not.


This patch instroduce a struct named _virSecuritySELinuxBackupContext to
save the path and the label before libvirt changing them. And labels will
be restored to path in VM being stopped.


yangdongsheng (2):
  util: Introduce virStrcmp into virstring.
  security: Save contexts of resources for restoring it.

 src/security/security_selinux.c |  229 +++++++++++++++++++++++++++++++++++++--
 src/util/virstring.c            |   14 +++
 src/util/virstring.h            |    2 +
 3 files changed, 238 insertions(+), 7 deletions(-)

-- 
1.7.10.1


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]