From nobody Thu May 15 09:32:02 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1514998846617436.87504036771975; Wed, 3 Jan 2018 09:00:46 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2C8416014F; Wed, 3 Jan 2018 17:00:45 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 053F56F437; Wed, 3 Jan 2018 17:00:45 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id B73131806104; Wed, 3 Jan 2018 17:00:44 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w03H0h80021717 for ; Wed, 3 Jan 2018 12:00:43 -0500 Received: by smtp.corp.redhat.com (Postfix) id 99A77619EB; Wed, 3 Jan 2018 17:00:43 +0000 (UTC) Received: from mx1.redhat.com (ext-mx08.extmail.prod.ext.phx2.redhat.com [10.5.110.32]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 934ED60F81 for ; Wed, 3 Jan 2018 17:00:43 +0000 (UTC) Received: from youngberry.canonical.com (youngberry.canonical.com [91.189.89.112]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 6D4C0C0587FC for ; Wed, 3 Jan 2018 17:00:42 +0000 (UTC) Received: from 1.general.paelzer.uk.vpn ([10.172.196.172] helo=localhost.localdomain) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1eWmPB-0003dO-9B; Wed, 03 Jan 2018 17:00:41 +0000 From: Christian Ehrhardt To: Libvirt Devel Date: Wed, 3 Jan 2018 18:00:18 +0100 Message-Id: <1514998820-24644-3-git-send-email-christian.ehrhardt@canonical.com> In-Reply-To: <1514998820-24644-1-git-send-email-christian.ehrhardt@canonical.com> References: <1514998820-24644-1-git-send-email-christian.ehrhardt@canonical.com> X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Wed, 03 Jan 2018 17:00:42 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Wed, 03 Jan 2018 17:00:42 +0000 (UTC) for IP:'91.189.89.112' DOMAIN:'youngberry.canonical.com' HELO:'youngberry.canonical.com' FROM:'christian.ehrhardt@canonical.com' RCPT:'' X-RedHat-Spam-Score: -5.01 (RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD) 91.189.89.112 youngberry.canonical.com 91.189.89.112 youngberry.canonical.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.32 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Cc: Jamie Strandboge , Intrigeri , Guido Guenther , Christian Ehrhardt Subject: [libvirt] [PATCH 2/4] security: full path option for DomainSetPathLabel X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Wed, 03 Jan 2018 17:00:45 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" virSecurityManagerDomainSetPathLabel is used to make a path known to the security modules, but today is used interchangably for - paths to files/dirs to be accessed directly - paths to a dir, but the access will actually be to files therein Depending on the security module it is important to know which of these types it will be. The argument fullpath augments the call to the implementations of DomainSetPathLabel that can - per security module - decide if extra actions shall be taken. For now dac/selinux handle this as before, but apparmor will make use of it to add a wildcard to the path that was passed. Signed-off-by: Christian Ehrhardt --- src/qemu/qemu_domain.c | 2 +- src/qemu/qemu_process.c | 4 ++-- src/security/security_apparmor.c | 17 +++++++++++++++-- src/security/security_dac.c | 3 ++- src/security/security_driver.h | 3 ++- src/security/security_manager.c | 5 +++-- src/security/security_manager.h | 3 ++- src/security/security_selinux.c | 3 ++- src/security/security_stack.c | 5 +++-- 9 files changed, 32 insertions(+), 13 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 70fb406..ac3e182 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -692,7 +692,7 @@ qemuDomainWriteMasterKeyFile(virQEMUDriverPtr driver, } =20 if (qemuSecurityDomainSetPathLabel(driver->securityManager, - vm->def, path) < 0) + vm->def, path, false) < 0) goto cleanup; =20 ret =3D 0; diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index a0f430f..1a0923a 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -3401,7 +3401,7 @@ qemuProcessBuildDestroyMemoryPathsImpl(virQEMUDriverP= tr driver, } =20 if (qemuSecurityDomainSetPathLabel(driver->securityManager, - def, path) < 0) { + def, path, true) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Unable to label %s"), path); return -1; @@ -4514,7 +4514,7 @@ qemuProcessMakeDir(virQEMUDriverPtr driver, } =20 if (qemuSecurityDomainSetPathLabel(driver->securityManager, - vm->def, path) < 0) + vm->def, path, true) < 0) goto cleanup; =20 ret =3D 0; diff --git a/src/security/security_apparmor.c b/src/security/security_appar= mor.c index dcd6f52..60a8e08 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -956,9 +956,22 @@ AppArmorSetSavedStateLabel(virSecurityManagerPtr mgr, static int AppArmorSetPathLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - const char *path) + const char *path, + bool fullpath) { - return reload_profile(mgr, def, path, true); + int rc =3D -1; + char *full_path =3D NULL; + + if (fullpath) { + if (virAsprintf(&full_path, "%s/{,**}", path) < 0) + return -1; + rc =3D reload_profile(mgr, def, full_path, true); + VIR_FREE(full_path); + } + else + rc =3D reload_profile(mgr, def, path, true); + + return rc; } =20 static int diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 609d259..60c4f09 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -2081,7 +2081,8 @@ virSecurityDACGetBaseLabel(virSecurityManagerPtr mgr, static int virSecurityDACDomainSetPathLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - const char *path) + const char *path, + bool fullpath ATTRIBUTE_UNUSED) { virSecurityDACDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); virSecurityLabelDefPtr seclabel; diff --git a/src/security/security_driver.h b/src/security/security_driver.h index 47dad8b..20168a6 100644 --- a/src/security/security_driver.h +++ b/src/security/security_driver.h @@ -139,7 +139,8 @@ typedef int (*virSecurityDomainRestoreInputLabel) (virS= ecurityManagerPtr mgr, virDomainInputDefPtr in= put); typedef int (*virSecurityDomainSetPathLabel) (virSecurityManagerPtr mgr, virDomainDefPtr def, - const char *path); + const char *path, + bool fullpath); typedef int (*virSecurityDomainSetChardevLabel) (virSecurityManagerPtr mgr, virDomainDefPtr def, virDomainChrSourceDefPtr = dev_source, diff --git a/src/security/security_manager.c b/src/security/security_manage= r.c index 9249aba..fbd4333 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -1048,12 +1048,13 @@ virSecurityManagerGetNested(virSecurityManagerPtr m= gr) int virSecurityManagerDomainSetPathLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, - const char *path) + const char *path, + bool fullpath) { if (mgr->drv->domainSetPathLabel) { int ret; virObjectLock(mgr); - ret =3D mgr->drv->domainSetPathLabel(mgr, vm, path); + ret =3D mgr->drv->domainSetPathLabel(mgr, vm, path, fullpath); virObjectUnlock(mgr); return ret; } diff --git a/src/security/security_manager.h b/src/security/security_manage= r.h index 013e3b9..4ef6bd8 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -182,7 +182,8 @@ int virSecurityManagerRestoreInputLabel(virSecurityMana= gerPtr mgr, =20 int virSecurityManagerDomainSetPathLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, - const char *path); + const char *path, + bool fullpath); =20 int virSecurityManagerSetChardevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 0815a02..9a24b30 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -3028,7 +3028,8 @@ virSecuritySELinuxGetSecurityMountOptions(virSecurity= ManagerPtr mgr, static int virSecuritySELinuxDomainSetPathLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - const char *path) + const char *path, + bool fullpath ATTRIBUTE_UNUSED) { virSecurityLabelDefPtr seclabel; =20 diff --git a/src/security/security_stack.c b/src/security/security_stack.c index 0375e7d..5ad4d99 100644 --- a/src/security/security_stack.c +++ b/src/security/security_stack.c @@ -704,7 +704,8 @@ virSecurityStackRestoreInputLabel(virSecurityManagerPtr= mgr, static int virSecurityStackDomainSetPathLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, - const char *path) + const char *path, + bool fullpath) { virSecurityStackDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); virSecurityStackItemPtr item =3D priv->itemsHead; @@ -712,7 +713,7 @@ virSecurityStackDomainSetPathLabel(virSecurityManagerPt= r mgr, =20 for (; item; item =3D item->next) { if (virSecurityManagerDomainSetPathLabel(item->securityManager, - vm, path) < 0) + vm, path, fullpath) < 0) rc =3D -1; } =20 --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list