From nobody Tue May 13 13:13:05 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1536572288563281.7935267570675;
 Mon, 10 Sep 2018 02:38:08 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 28B66308AA12;
	Mon, 10 Sep 2018 09:38:07 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id DA1F8106A79A;
	Mon, 10 Sep 2018 09:38:06 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 8728E4A469;
	Mon, 10 Sep 2018 09:38:06 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
	[10.11.54.3])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w8A9b3RY030847 for <libvir-list@listman.util.phx.redhat.com>;
	Mon, 10 Sep 2018 05:37:03 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 4437410EE839; Mon, 10 Sep 2018 09:37:03 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.2.192])
	by smtp.corp.redhat.com (Postfix) with ESMTP id D91F710EE836
	for <libvir-list@redhat.com>; Mon, 10 Sep 2018 09:37:02 +0000 (UTC)
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Date: Mon, 10 Sep 2018 11:36:18 +0200
Message-Id: 
 <a595ffdadaf3eed8dd723bb2fae5f95a15e79e88.1536571504.git.mprivozn@redhat.com>
In-Reply-To: <cover.1536571504.git.mprivozn@redhat.com>
References: <cover.1536571504.git.mprivozn@redhat.com>
In-Reply-To: <cover.1536571504.git.mprivozn@redhat.com>
References: <cover.1536571504.git.mprivozn@redhat.com>
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v4 17/23] security_dac: Move transaction handling
	up one level
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]);
 Mon, 10 Sep 2018 09:38:07 +0000 (UTC)
X-ZohoMail: RDMRC_0  RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

So far the whole transaction handling is done
virSecurityDACSetOwnershipInternal(). This needs to change for
the sake of security label remembering and locking. Otherwise we
would be locking a path when only appending it to transaction
list and not when actually relabelling it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
---
 src/security/security_dac.c | 65 ++++++++++++++++++++++++++++++-----------=
----
 1 file changed, 44 insertions(+), 21 deletions(-)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 926c9a33c1..52e28b5fda 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -77,12 +77,13 @@ struct _virSecurityDACChownItem {
     const virStorageSource *src;
     uid_t uid;
     gid_t gid;
+    bool restore;
 };
=20
 typedef struct _virSecurityDACChownList virSecurityDACChownList;
 typedef virSecurityDACChownList *virSecurityDACChownListPtr;
 struct _virSecurityDACChownList {
-    virSecurityDACDataPtr priv;
+    virSecurityManagerPtr manager;
     virSecurityDACChownItemPtr *items;
     size_t nItems;
 };
@@ -95,7 +96,8 @@ virSecurityDACChownListAppend(virSecurityDACChownListPtr =
list,
                               const char *path,
                               const virStorageSource *src,
                               uid_t uid,
-                              gid_t gid)
+                              gid_t gid,
+                              bool restore)
 {
     int ret =3D -1;
     char *tmp =3D NULL;
@@ -111,6 +113,7 @@ virSecurityDACChownListAppend(virSecurityDACChownListPt=
r list,
     item->src =3D src;
     item->uid =3D uid;
     item->gid =3D gid;
+    item->restore =3D restore;
=20
     if (VIR_APPEND_ELEMENT(list->items, list->nItems, item) < 0)
         goto cleanup;
@@ -159,25 +162,29 @@ static int
 virSecurityDACTransactionAppend(const char *path,
                                 const virStorageSource *src,
                                 uid_t uid,
-                                gid_t gid)
+                                gid_t gid,
+                                bool restore)
 {
     virSecurityDACChownListPtr list =3D virThreadLocalGet(&chownList);
     if (!list)
         return 0;
=20
-    if (virSecurityDACChownListAppend(list, path, src, uid, gid) < 0)
+    if (virSecurityDACChownListAppend(list, path, src, uid, gid, restore) =
< 0)
         return -1;
=20
     return 1;
 }
=20
=20
-static int virSecurityDACSetOwnershipInternal(const virSecurityDACData *pr=
iv,
-                                              const virStorageSource *src,
-                                              const char *path,
-                                              uid_t uid,
-                                              gid_t gid);
+static int virSecurityDACSetOwnership(virSecurityManagerPtr mgr,
+                                      const virStorageSource *src,
+                                      const char *path,
+                                      uid_t uid,
+                                      gid_t gid);
=20
+static int virSecurityDACRestoreFileLabelInternal(virSecurityManagerPtr mg=
r,
+                                                  const virStorageSource *=
src,
+                                                  const char *path);
 /**
  * virSecurityDACTransactionRun:
  * @pid: process pid
@@ -201,11 +208,16 @@ virSecurityDACTransactionRun(pid_t pid ATTRIBUTE_UNUS=
ED,
         virSecurityDACChownItemPtr item =3D list->items[i];
=20
         /* TODO Implement rollback */
-        if (virSecurityDACSetOwnershipInternal(list->priv,
-                                               item->src,
-                                               item->path,
-                                               item->uid,
-                                               item->gid) < 0)
+        if ((!item->restore &&
+             virSecurityDACSetOwnership(list->manager,
+                                        item->src,
+                                        item->path,
+                                        item->uid,
+                                        item->gid) < 0) ||
+            (item->restore &&
+             virSecurityDACRestoreFileLabelInternal(list->manager,
+                                                    item->src,
+                                                    item->path) < 0))
             return -1;
     }
=20
@@ -455,7 +467,6 @@ virSecurityDACPreFork(virSecurityManagerPtr mgr)
 static int
 virSecurityDACTransactionStart(virSecurityManagerPtr mgr)
 {
-    virSecurityDACDataPtr priv =3D virSecurityManagerGetPrivateData(mgr);
     virSecurityDACChownListPtr list;
=20
     list =3D virThreadLocalGet(&chownList);
@@ -468,7 +479,7 @@ virSecurityDACTransactionStart(virSecurityManagerPtr mg=
r)
     if (VIR_ALLOC(list) < 0)
         return -1;
=20
-    list->priv =3D priv;
+    list->manager =3D mgr;
=20
     if (virThreadLocalSet(&chownList, list) < 0) {
         virReportSystemError(errno, "%s",
@@ -564,11 +575,6 @@ virSecurityDACSetOwnershipInternal(const virSecurityDA=
CData *priv,
     /* Be aware that this function might run in a separate process.
      * Therefore, any driver state changes would be thrown away. */
=20
-    if ((rc =3D virSecurityDACTransactionAppend(path, src, uid, gid)) < 0)
-        return -1;
-    else if (rc > 0)
-        return 0;
-
     VIR_INFO("Setting DAC user and group on '%s' to '%ld:%ld'",
              NULLSTR(src ? src->path : path), (long)uid, (long)gid);
=20
@@ -640,11 +646,20 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr,
 {
     virSecurityDACDataPtr priv =3D virSecurityManagerGetPrivateData(mgr);
     struct stat sb;
+    int rc;
=20
     if (!path && src && src->path &&
         virStorageSourceIsLocalStorage(src))
         path =3D src->path;
=20
+    /* Be aware that this function might run in a separate process.
+     * Therefore, any driver state changes would be thrown away. */
+
+    if ((rc =3D virSecurityDACTransactionAppend(path, src, uid, gid, false=
)) < 0)
+        return -1;
+    else if (rc > 0)
+        return 0;
+
     if (path) {
         if (stat(path, &sb) < 0) {
             virReportSystemError(errno, _("unable to stat: %s"), path);
@@ -676,6 +691,14 @@ virSecurityDACRestoreFileLabelInternal(virSecurityMana=
gerPtr mgr,
         virStorageSourceIsLocalStorage(src))
         path =3D src->path;
=20
+    /* Be aware that this function might run in a separate process.
+     * Therefore, any driver state changes would be thrown away. */
+
+    if ((rv =3D virSecurityDACTransactionAppend(path, src, uid, gid, true)=
) < 0)
+        return -1;
+    else if (rv > 0)
+        return 0;
+
     if (path) {
         rv =3D virSecurityDACRecallLabel(priv, path, &uid, &gid);
         if (rv < 0)
--=20
2.16.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list