From nobody Tue Jul 1 04:55:33 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1494858544623207.3264562832785; Mon, 15 May 2017 07:29:04 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 693F7C04B936; Mon, 15 May 2017 14:28:58 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 36C6C7444F; Mon, 15 May 2017 14:28:58 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id E45D3180BAF7; Mon, 15 May 2017 14:28:57 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v4FESfW4031196 for ; Mon, 15 May 2017 10:28:41 -0400 Received: by smtp.corp.redhat.com (Postfix) id 053A75C54F; Mon, 15 May 2017 14:28:41 +0000 (UTC) Received: from antique-work.brq.redhat.com (dhcp129-230.brq.redhat.com [10.34.129.230]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8090B729B9 for ; Mon, 15 May 2017 14:28:40 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 693F7C04B936 Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 693F7C04B936 From: Pavel Hrdina To: libvir-list@redhat.com Date: Mon, 15 May 2017 16:28:35 +0200 Message-Id: <9d4e0854fd1cbb2a4ab0e7bc68fc104134256115.1494858416.git.phrdina@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 2/2] qemu: don't relabel chardev source file if virtlogd is used X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Mon, 15 May 2017 14:29:03 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" If libvirt uses virtlogd instead of passing the file path directly to QEMU we shouldn't relabel the chardev source file, otherwise virtlogd will get a permission denied while reloading. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=3D143098 Signed-off-by: Pavel Hrdina --- src/conf/domain_conf.c | 20 ++++++++++++++++++++ src/conf/domain_conf.h | 1 + src/qemu/qemu_command.c | 12 ++++++++---- src/security/security_dac.c | 6 ++++++ src/security/security_selinux.c | 6 ++++++ 5 files changed, 41 insertions(+), 4 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index aa441fae3c..92f011d3a4 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -2064,6 +2064,7 @@ virDomainChrSourceDefCopy(virDomainChrSourceDefPtr de= st, } =20 dest->type =3D src->type; + dest->skipRelabel =3D src->skipRelabel; =20 return 0; } @@ -10608,6 +10609,7 @@ virDomainChrSourceDefParseXML(virDomainChrSourceDef= Ptr def, char *append =3D NULL; char *haveTLS =3D NULL; char *tlsFromConfig =3D NULL; + char *skipRelabel =3D NULL; int remaining =3D 0; =20 while (cur !=3D NULL) { @@ -10628,6 +10630,8 @@ virDomainChrSourceDefParseXML(virDomainChrSourceDef= Ptr def, case VIR_DOMAIN_CHR_TYPE_UNIX: if (!append && def->type =3D=3D VIR_DOMAIN_CHR_TYPE_FI= LE) append =3D virXMLPropString(cur, "append"); + if (!skipRelabel && def->type =3D=3D VIR_DOMAIN_CHR_TY= PE_FILE) + skipRelabel =3D virXMLPropString(cur, "skipRelabel= "); /* PTY path is only parsed from live xml. */ if (!path && (def->type !=3D VIR_DOMAIN_CHR_TYPE_PTY || @@ -10726,6 +10730,17 @@ virDomainChrSourceDefParseXML(virDomainChrSourceDe= fPtr def, _("Invalid append attribute value '%s'"), appen= d); goto error; } + if (skipRelabel && def->type =3D=3D VIR_DOMAIN_CHR_TYPE_FILE && + (flags & VIR_DOMAIN_DEF_PARSE_STATUS)) { + if (STREQ(skipRelabel, "yes")) { + def->skipRelabel =3D true; + } else { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("invalid 'skipRelabel' attribute value '%= s'"), + skipRelabel); + goto error; + } + } if (!path && def->type !=3D VIR_DOMAIN_CHR_TYPE_PTY) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -10902,6 +10917,7 @@ virDomainChrSourceDefParseXML(virDomainChrSourceDef= Ptr def, VIR_FREE(logfile); VIR_FREE(haveTLS); VIR_FREE(tlsFromConfig); + VIR_FREE(skipRelabel); =20 return remaining; =20 @@ -22324,6 +22340,10 @@ virDomainChrSourceDefFormat(virBufferPtr buf, def->data.file.append !=3D VIR_TRISTATE_SWITCH_ABSENT) virBufferAsprintf(buf, " append=3D'%s'", virTristateSwitchTypeToString(def->data.file.append)); + if ((flags & VIR_DOMAIN_DEF_FORMAT_STATUS) && + def->type =3D=3D VIR_DOMAIN_CHR_TYPE_FILE && def->skipRela= bel) { + virBufferAddLit(buf, " skipRelabel=3D'yes'"); + } virDomainSourceDefFormatSeclabel(buf, nseclabels, seclabels, f= lags); } break; diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 09fb7aada4..329eb90392 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -1166,6 +1166,7 @@ struct _virDomainChrSourceDef { } data; char *logfile; int logappend; + bool skipRelabel; }; =20 /* A complete character device, both host and domain views. */ diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 813a8515c0..0625075bb2 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -4998,6 +4998,7 @@ static int qemuBuildChrChardevFileStr(virLogManagerPtr logManager, virCommandPtr cmd, const virDomainDef *def, + virDomainChrSourceDefPtr sourceDef, virBufferPtr buf, const char *filearg, const char *fileval, const char *appendarg, int appendval) @@ -5011,6 +5012,9 @@ qemuBuildChrChardevFileStr(virLogManagerPtr logManage= r, appendval =3D=3D VIR_TRISTATE_SWITCH_OFF) flags |=3D VIR_LOG_MANAGER_PROTOCOL_DOMAIN_OPEN_LOG_FILE_TRUNC= ATE; =20 + if (sourceDef) + sourceDef->skipRelabel =3D true; + if ((logfd =3D virLogManagerDomainOpenLogFile(logManager, "qemu", def->uuid, @@ -5051,7 +5055,7 @@ qemuBuildChrChardevStr(virLogManagerPtr logManager, virCommandPtr cmd, virQEMUDriverConfigPtr cfg, const virDomainDef *def, - const virDomainChrSourceDef *dev, + virDomainChrSourceDefPtr dev, const char *alias, virQEMUCapsPtr qemuCaps, bool nowait) @@ -5093,7 +5097,7 @@ qemuBuildChrChardevStr(virLogManagerPtr logManager, goto cleanup; } if (qemuBuildChrChardevFileStr(virQEMUCapsGet(qemuCaps, QEMU_CAPS_= CHARDEV_FILE_APPEND) ? - logManager : NULL, cmd, def, &buf, + logManager : NULL, cmd, def, dev, &= buf, "path", dev->data.file.path, "append", dev->data.file.append) < = 0) goto cleanup; @@ -5209,7 +5213,7 @@ qemuBuildChrChardevStr(virLogManagerPtr logManager, _("logfile not supported in this QEMU binary")); goto cleanup; } - if (qemuBuildChrChardevFileStr(logManager, cmd, def, &buf, + if (qemuBuildChrChardevFileStr(logManager, cmd, def, NULL, &buf, "logfile", dev->logfile, "logappend", dev->logappend) < 0) goto cleanup; @@ -5573,7 +5577,7 @@ qemuBuildMonitorCommandLine(virLogManagerPtr logManag= er, virQEMUDriverConfigPtr cfg, virDomainDefPtr def, virQEMUCapsPtr qemuCaps, - const virDomainChrSourceDef *monitor_chr, + virDomainChrSourceDefPtr monitor_chr, bool monitor_json) { char *chrdev; diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 922e484942..a4e02ca8bc 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1196,6 +1196,9 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr m= gr, if (chr_seclabel && !chr_seclabel->relabel) return 0; =20 + if (!chr_seclabel && dev_source->skipRelabel) + return 0; + if (chr_seclabel && chr_seclabel->label) { if (virParseOwnershipIds(chr_seclabel->label, &user, &group) < 0) return -1; @@ -1276,6 +1279,9 @@ virSecurityDACRestoreChardevLabel(virSecurityManagerP= tr mgr, if (chr_seclabel && !chr_seclabel->relabel) return 0; =20 + if (!chr_seclabel && dev_source->skipRelabel) + return 0; + switch ((virDomainChrType) dev_source->type) { case VIR_DOMAIN_CHR_TYPE_DEV: case VIR_DOMAIN_CHR_TYPE_FILE: diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 612dbc2a83..64ab2795d5 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -2216,6 +2216,9 @@ virSecuritySELinuxSetChardevLabel(virSecurityManagerP= tr mgr, if (chr_seclabel && !chr_seclabel->relabel) return 0; =20 + if (!chr_seclabel && dev_source->skipRelabel) + return 0; + if (chr_seclabel) imagelabel =3D chr_seclabel->label; if (!imagelabel) @@ -2289,6 +2292,9 @@ virSecuritySELinuxRestoreChardevLabel(virSecurityMana= gerPtr mgr, if (chr_seclabel && !chr_seclabel->relabel) return 0; =20 + if (!chr_seclabel && dev_source->skipRelabel) + return 0; + switch (dev_source->type) { case VIR_DOMAIN_CHR_TYPE_DEV: case VIR_DOMAIN_CHR_TYPE_FILE: --=20 2.13.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list