render / rpms / libvirt

Forked from rpms/libvirt 9 months ago
Clone
c1c534
From f0e402ae3edf7717f1f2c1317f8b445ad20fdda4 Mon Sep 17 00:00:00 2001
c1c534
Message-Id: <f0e402ae3edf7717f1f2c1317f8b445ad20fdda4@dist-git>
c1c534
From: Pavel Hrdina <phrdina@redhat.com>
c1c534
Date: Tue, 5 Dec 2017 14:02:34 +0100
c1c534
Subject: [PATCH] qemu: fix security labeling for attach/detach of char devices
c1c534
c1c534
Commit e93d844b90 was not enough to fix the permission denied
c1c534
issue.  We need to apply security labels as well.
c1c534
c1c534
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1465833
c1c534
c1c534
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
c1c534
(cherry picked from commit 1c57eea3625f59a80bea08d8779837a40acc4660)
c1c534
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
c1c534
Reviewed-by: Erik Skultety <eskultet@redhat.com>
c1c534
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
c1c534
---
c1c534
 src/qemu/qemu_hotplug.c  | 10 ++++++++
c1c534
 src/qemu/qemu_security.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++
c1c534
 src/qemu/qemu_security.h |  8 +++++++
c1c534
 3 files changed, 78 insertions(+)
c1c534
c1c534
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
c1c534
index 56e8a93885..eab9ad794a 100644
c1c534
--- a/src/qemu/qemu_hotplug.c
c1c534
+++ b/src/qemu/qemu_hotplug.c
c1c534
@@ -1818,6 +1818,7 @@ int qemuDomainAttachChrDevice(virConnectPtr conn,
c1c534
     bool chardevAttached = false;
c1c534
     bool teardowncgroup = false;
c1c534
     bool teardowndevice = false;
c1c534
+    bool teardownlabel = false;
c1c534
     char *tlsAlias = NULL;
c1c534
     char *secAlias = NULL;
c1c534
     bool need_release = false;
c1c534
@@ -1838,6 +1839,10 @@ int qemuDomainAttachChrDevice(virConnectPtr conn,
c1c534
         goto cleanup;
c1c534
     teardowndevice = true;
c1c534
 
c1c534
+    if (qemuSecuritySetChardevLabel(driver, vm, chr) < 0)
c1c534
+        goto cleanup;
c1c534
+    teardownlabel = true;
c1c534
+
c1c534
     if (qemuSetupChardevCgroup(vm, chr) < 0)
c1c534
         goto cleanup;
c1c534
     teardowncgroup = true;
c1c534
@@ -1880,6 +1885,8 @@ int qemuDomainAttachChrDevice(virConnectPtr conn,
c1c534
             qemuDomainReleaseDeviceAddress(vm, &chr->info, NULL);
c1c534
         if (teardowncgroup && qemuTeardownChardevCgroup(vm, chr) < 0)
c1c534
             VIR_WARN("Unable to remove chr device cgroup ACL on hotplug fail");
c1c534
+        if (teardownlabel && qemuSecurityRestoreChardevLabel(driver, vm, chr) < 0)
c1c534
+            VIR_WARN("Unable to restore security label on char device");
c1c534
         if (teardowndevice && qemuDomainNamespaceTeardownChardev(driver, vm, chr) < 0)
c1c534
             VIR_WARN("Unable to remove chr device from /dev");
c1c534
     }
c1c534
@@ -4111,6 +4118,9 @@ qemuDomainRemoveChrDevice(virQEMUDriverPtr driver,
c1c534
     if (qemuTeardownChardevCgroup(vm, chr) < 0)
c1c534
         VIR_WARN("Failed to remove chr device cgroup ACL");
c1c534
 
c1c534
+    if (qemuSecurityRestoreChardevLabel(driver, vm, chr) < 0)
c1c534
+        VIR_WARN("Unable to restore security label on char device");
c1c534
+
c1c534
     if (qemuDomainNamespaceTeardownChardev(driver, vm, chr) < 0)
c1c534
         VIR_WARN("Unable to remove chr device from /dev");
c1c534
 
c1c534
diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
c1c534
index e7d2bbd5a3..2aced22d2d 100644
c1c534
--- a/src/qemu/qemu_security.c
c1c534
+++ b/src/qemu/qemu_security.c
c1c534
@@ -364,3 +364,63 @@ qemuSecurityRestoreInputLabel(virDomainObjPtr vm,
c1c534
     virSecurityManagerTransactionAbort(driver->securityManager);
c1c534
     return ret;
c1c534
 }
c1c534
+
c1c534
+
c1c534
+int
c1c534
+qemuSecuritySetChardevLabel(virQEMUDriverPtr driver,
c1c534
+                            virDomainObjPtr vm,
c1c534
+                            virDomainChrDefPtr chr)
c1c534
+{
c1c534
+    int ret = -1;
c1c534
+    qemuDomainObjPrivatePtr priv = vm->privateData;
c1c534
+
c1c534
+    if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
c1c534
+        virSecurityManagerTransactionStart(driver->securityManager) < 0)
c1c534
+        goto cleanup;
c1c534
+
c1c534
+    if (virSecurityManagerSetChardevLabel(driver->securityManager,
c1c534
+                                          vm->def,
c1c534
+                                          chr->source,
c1c534
+                                          priv->chardevStdioLogd) < 0)
c1c534
+        goto cleanup;
c1c534
+
c1c534
+    if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
c1c534
+        virSecurityManagerTransactionCommit(driver->securityManager,
c1c534
+                                            vm->pid) < 0)
c1c534
+        goto cleanup;
c1c534
+
c1c534
+    ret = 0;
c1c534
+ cleanup:
c1c534
+    virSecurityManagerTransactionAbort(driver->securityManager);
c1c534
+    return ret;
c1c534
+}
c1c534
+
c1c534
+
c1c534
+int
c1c534
+qemuSecurityRestoreChardevLabel(virQEMUDriverPtr driver,
c1c534
+                                virDomainObjPtr vm,
c1c534
+                                virDomainChrDefPtr chr)
c1c534
+{
c1c534
+    int ret = -1;
c1c534
+    qemuDomainObjPrivatePtr priv = vm->privateData;
c1c534
+
c1c534
+    if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
c1c534
+        virSecurityManagerTransactionStart(driver->securityManager) < 0)
c1c534
+        goto cleanup;
c1c534
+
c1c534
+    if (virSecurityManagerRestoreChardevLabel(driver->securityManager,
c1c534
+                                              vm->def,
c1c534
+                                              chr->source,
c1c534
+                                              priv->chardevStdioLogd) < 0)
c1c534
+        goto cleanup;
c1c534
+
c1c534
+    if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
c1c534
+        virSecurityManagerTransactionCommit(driver->securityManager,
c1c534
+                                            vm->pid) < 0)
c1c534
+        goto cleanup;
c1c534
+
c1c534
+    ret = 0;
c1c534
+ cleanup:
c1c534
+    virSecurityManagerTransactionAbort(driver->securityManager);
c1c534
+    return ret;
c1c534
+}
c1c534
diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
c1c534
index 76d63f06ec..d54ce6fead 100644
c1c534
--- a/src/qemu/qemu_security.h
c1c534
+++ b/src/qemu/qemu_security.h
c1c534
@@ -76,6 +76,14 @@ int qemuSecuritySetInputLabel(virDomainObjPtr vm,
c1c534
 int qemuSecurityRestoreInputLabel(virDomainObjPtr vm,
c1c534
                                   virDomainInputDefPtr input);
c1c534
 
c1c534
+int qemuSecuritySetChardevLabel(virQEMUDriverPtr driver,
c1c534
+                                virDomainObjPtr vm,
c1c534
+                                virDomainChrDefPtr chr);
c1c534
+
c1c534
+int qemuSecurityRestoreChardevLabel(virQEMUDriverPtr driver,
c1c534
+                                    virDomainObjPtr vm,
c1c534
+                                    virDomainChrDefPtr chr);
c1c534
+
c1c534
 /* Please note that for these APIs there is no wrapper yet. Do NOT blindly add
c1c534
  * new APIs here. If an API can touch a /dev file add a proper wrapper instead.
c1c534
  */
c1c534
-- 
c1c534
2.15.1
c1c534