1. Patchew
  2. Libvirt
  3. View series

[libvirt] [PATCH v2 0/5] Extend apparmor rules for libvirt 4.6

Christian Ehrhardt posted 5 patches 5 years, 8 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20180814061822.15439-1-christian.ehrhardt@canonical.com
Test syntax-check passed
examples/apparmor/libvirt-qemu      | 20 ++++++++++++++++++++
examples/apparmor/usr.sbin.libvirtd | 24 +++++++++++++-----------
2 files changed, 33 insertions(+), 11 deletions(-)
[libvirt] [PATCH v2 0/5] Extend apparmor rules for libvirt 4.6
Posted by Christian Ehrhardt 5 years, 8 months ago 
Hi,
this is a summary of things I had to touch recently for libvirt 4.6.
The first two patches are re-submissions and modifications of last
year which were never totally challenged, but also not pushed.

The first was lost in a discussion about virt-aa-helper, whicih eventually
turned out to be clear that it could not help in that case.
  - https://www.redhat.com/archives/libvir-list/2017-February/msg01598.html
  - https://www.redhat.com/archives/libvir-list/2017-March/msg00052.html

The second even got a few Acks, but neither made it into upstream yet.
Parts of it where introduced already, in
  7edcbd02 apparmor: allow libvirt to send term signal to unconfined
  b482925c apparmor: support ptrace checks
But there are still signals blocked with those rules, so I resubmit the
remaining bit. Also I added the Acks to the resubmission.

The third&fourth change came in recently via various bug reports which I
finally wanted to adress - e.g. for ceph lib or smb. If we later on spot
more cases that have predictable safe paths under /tmp we can add those.

Finally the fifth change was triggered by me testing libvirt 4.6 in
various conditions. Some of them were in containers, and the new libvirt
behavior to carry more mount points into the qemu namespace triggers the
need to rewrite the existing mount-moving rules that we added last year.

*Updates in V2*
- added Acks to path #1
- split former patch #3 into #3/#4 to discuss /tmp access and qemu-smd
  individually
- rewrote reasoning and concerns as well as TODOs to improve later in
  regard to the /tmp related commits #3/#4
- Updated the rule since the trailing {,/} is not needed after **

Christian Ehrhardt (5):
  apparmor: allow openGraphicsFD for virt manager >1.4
  apparmor: add mediation rules for unconfined guests
  apparmor: allow expected /tmp access patterns
  apparmor: allow qemu-smb access in /tmp
  apparmor: allow to preserve /dev mountpoints into qemu namespaces

 examples/apparmor/libvirt-qemu      | 20 ++++++++++++++++++++
 examples/apparmor/usr.sbin.libvirtd | 24 +++++++++++++-----------
 2 files changed, 33 insertions(+), 11 deletions(-)

-- 
2.17.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2 0/5] Extend apparmor rules for libvirt 4.6
Posted by Christian Ehrhardt 5 years, 8 months ago 
Ok, with acks of last year and new ones in and no other feedback nor any
Freeze atm I'm pushing these changes any minute.
The qemu-smb related one will be dropped, the others pushed with the latest
cleanups as discussed in the per-patch threads.
Thanks everybody for your participation!

On Tue, Aug 14, 2018 at 8:18 AM Christian Ehrhardt <
christian.ehrhardt@canonical.com> wrote:

> Hi,
> this is a summary of things I had to touch recently for libvirt 4.6.
> The first two patches are re-submissions and modifications of last
> year which were never totally challenged, but also not pushed.
>
> The first was lost in a discussion about virt-aa-helper, whicih eventually
> turned out to be clear that it could not help in that case.
>   -
> https://www.redhat.com/archives/libvir-list/2017-February/msg01598.html
>   - https://www.redhat.com/archives/libvir-list/2017-March/msg00052.html
>
> The second even got a few Acks, but neither made it into upstream yet.
> Parts of it where introduced already, in
>   7edcbd02 apparmor: allow libvirt to send term signal to unconfined
>   b482925c apparmor: support ptrace checks
> But there are still signals blocked with those rules, so I resubmit the
> remaining bit. Also I added the Acks to the resubmission.
>
> The third&fourth change came in recently via various bug reports which I
> finally wanted to adress - e.g. for ceph lib or smb. If we later on spot
> more cases that have predictable safe paths under /tmp we can add those.
>
> Finally the fifth change was triggered by me testing libvirt 4.6 in
> various conditions. Some of them were in containers, and the new libvirt
> behavior to carry more mount points into the qemu namespace triggers the
> need to rewrite the existing mount-moving rules that we added last year.
>
> *Updates in V2*
> - added Acks to path #1
> - split former patch #3 into #3/#4 to discuss /tmp access and qemu-smd
>   individually
> - rewrote reasoning and concerns as well as TODOs to improve later in
>   regard to the /tmp related commits #3/#4
> - Updated the rule since the trailing {,/} is not needed after **
>
> Christian Ehrhardt (5):
>   apparmor: allow openGraphicsFD for virt manager >1.4
>   apparmor: add mediation rules for unconfined guests
>   apparmor: allow expected /tmp access patterns
>   apparmor: allow qemu-smb access in /tmp
>   apparmor: allow to preserve /dev mountpoints into qemu namespaces
>
>  examples/apparmor/libvirt-qemu      | 20 ++++++++++++++++++++
>  examples/apparmor/usr.sbin.libvirtd | 24 +++++++++++++-----------
>  2 files changed, 33 insertions(+), 11 deletions(-)
>
> --
> 2.17.1
>
>

-- 
Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patchew 2.1-devel-8c64711

© 2016 - 2024 Red Hat, Inc.