[libvirt] [PATCH 2/2] security: Save contexts of resources for restoring it.

Daniel P. Berrange berrange at redhat.com
Mon Jun 24 09:50:59 UTC 2013 

On Mon, Jun 24, 2013 at 02:42:16PM +0800, yangdongsheng wrote:
> Before this patch, if relabel is yes or sec_type is dynamic in VM,
> after VM stopped, resources this VM accessed will be restored to
> default label on their path, but not the label before VM started.
> 
> This patch instroduce a struct named _virSecuritySELinuxBackupContext to
> save the path and the label before libvirt changing them. And labels will
> be restored to path in VM being stopped.
> 
> TODO: There is only restoring for imageFile in this patch,
> files of other types will be implemented later.
> 
> Signed-off-by: yangdongsheng <yangds.fnst at cn.fujitsu.com>
> ---
>  src/security/security_selinux.c |  229 +++++++++++++++++++++++++++++++++++++--
>  1 file changed, 222 insertions(+), 7 deletions(-)
> 
> diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
> index 6fe063e..a780569 100644
> --- a/src/security/security_selinux.c
> +++ b/src/security/security_selinux.c
> @@ -57,12 +57,16 @@ typedef virSecuritySELinuxData *virSecuritySELinuxDataPtr;
>  typedef struct _virSecuritySELinuxCallbackData virSecuritySELinuxCallbackData;
>  typedef virSecuritySELinuxCallbackData *virSecuritySELinuxCallbackDataPtr;
>  
> +typedef struct _virSecuritySELinuxBackupContext virSecuritySELinuxBackupContext;
> +typedef virSecuritySELinuxBackupContext *virSecuritySELinuxBackupContextPtr;
> +
>  struct _virSecuritySELinuxData {
>      char *domain_context;
>      char *alt_domain_context;
>      char *file_context;
>      char *content_context;
>      virHashTablePtr mcs;
> +    virSecuritySELinuxBackupContextPtr backup_header;

NACK

You cannot store this data inside libvirtd. We need to cope with libvirtd
being restarted at any time for software upgrades. We also need to cope
with migration  where the libvirtd restoring labels is not the same as
the libvirtd setting the original labels. We also need to cope with shared
disks where multiple VMs use a label & have ref counting.

There was an attempt to fix this problem for the DAC labels, which
stalled. Whatever approach is used for the DAC labels, should also be
used for the SELinux labels

http://www.redhat.com/archives/libvir-list/2013-March/msg01289.html


Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the libvir-list mailing list