From nobody Tue May 13 13:20:17 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1536572297904946.3708407472584; Mon, 10 Sep 2018 02:38:17 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 284C986677; Mon, 10 Sep 2018 09:38:16 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E589318154; Mon, 10 Sep 2018 09:38:15 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 92FC3181A71E; Mon, 10 Sep 2018 09:38:15 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w8A9b63N030891 for ; Mon, 10 Sep 2018 05:37:06 -0400 Received: by smtp.corp.redhat.com (Postfix) id 7342B10EE839; Mon, 10 Sep 2018 09:37:06 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1467E10EE836 for ; Mon, 10 Sep 2018 09:37:05 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Mon, 10 Sep 2018 11:36:23 +0200 Message-Id: <608bcbae0c61ed65110ff70e438d04ae98e588d9.1536571504.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 22/23] security_selinux: Move transaction handling up one level X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Mon, 10 Sep 2018 09:38:16 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" So far the whole transaction handling is done virSecuritySELinuxSetFileconHelper(). This needs to change for the sake of security label remembering and locking. Otherwise we would be locking a path when only appending it to transaction list and not when actually relabelling it. Signed-off-by: Michal Privoznik --- src/security/security_selinux.c | 35 ++++++++++++++++++++++++++--------- 1 file changed, 26 insertions(+), 9 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 72d12c9df1..f6416010f9 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1146,20 +1146,14 @@ virSecuritySELinuxGetProcessLabel(virSecurityManage= rPtr mgr ATTRIBUTE_UNUSED, * return 1 if labelling was not possible. Otherwise, require a label * change, and return 0 for success, -1 for failure. */ static int -virSecuritySELinuxSetFileconHelper(const char *path, const char *tcon, - bool optional, bool privileged) +virSecuritySELinuxSetFileconImpl(const char *path, const char *tcon, + bool optional, bool privileged) { security_context_t econ; - int rc; =20 /* Be aware that this function might run in a separate process. * Therefore, any driver state changes would be thrown away. */ =20 - if ((rc =3D virSecuritySELinuxTransactionAppend(path, tcon, optional))= < 0) - return -1; - else if (rc > 0) - return 0; - VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon); =20 if (setfilecon_raw(path, (VIR_SELINUX_CTX_CONST char *)tcon) < 0) { @@ -1213,6 +1207,22 @@ virSecuritySELinuxSetFileconHelper(const char *path,= const char *tcon, return 0; } =20 + +static int +virSecuritySELinuxSetFileconHelper(const char *path, const char *tcon, + bool optional, bool privileged) +{ + int rc; + + if ((rc =3D virSecuritySELinuxTransactionAppend(path, tcon, optional))= < 0) + return -1; + else if (rc > 0) + return 0; + + return virSecuritySELinuxSetFileconImpl(path, tcon, optional, privileg= ed); +} + + static int virSecuritySELinuxSetFileconOptional(virSecurityManagerPtr mgr, const char *path, const char *tcon) @@ -1289,10 +1299,12 @@ static int virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr, const char *path) { + bool privileged =3D virSecurityManagerGetPrivileged(mgr); struct stat buf; security_context_t fcon =3D NULL; char *newpath =3D NULL; char ebuf[1024]; + int rc; int ret =3D -1; =20 /* Some paths are auto-generated, so let's be safe here and do @@ -1324,7 +1336,12 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManage= rPtr mgr, goto cleanup; } =20 - if (virSecuritySELinuxSetFilecon(mgr, newpath, fcon) < 0) + if ((rc =3D virSecuritySELinuxTransactionAppend(path, fcon, false)) < = 0) + return -1; + else if (rc > 0) + return 0; + + if (virSecuritySELinuxSetFileconImpl(newpath, fcon, false, privileged)= < 0) goto cleanup; =20 ret =3D 0; --=20 2.16.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list