|
|
d76c62 |
From f08dc7e622b398b00d6916ead44a8c9058b5a17e Mon Sep 17 00:00:00 2001
|
|
|
d76c62 |
Message-Id: <f08dc7e622b398b00d6916ead44a8c9058b5a17e@dist-git>
|
|
|
d76c62 |
From: Michal Privoznik <mprivozn@redhat.com>
|
|
|
d76c62 |
Date: Tue, 25 Feb 2020 11:24:51 +0100
|
|
|
d76c62 |
Subject: [PATCH] security: Don't remember seclabel for paths we haven't locked
|
|
|
d76c62 |
successfully
|
|
|
d76c62 |
|
|
|
d76c62 |
There are some cases where we want to remember the original owner
|
|
|
d76c62 |
of a file but we fail to lock it for XATTR change (e.g. root
|
|
|
d76c62 |
squashed NFS). If that is the case we error out and refuse to
|
|
|
d76c62 |
start a domain. Well, we can do better if we disable remembering
|
|
|
d76c62 |
for paths we haven't locked successfully.
|
|
|
d76c62 |
|
|
|
d76c62 |
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
|
d76c62 |
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
|
|
|
d76c62 |
(cherry picked from commit 5fddf61351f44e4186c0313d81907024c574201b)
|
|
|
d76c62 |
|
|
|
d76c62 |
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1804672
|
|
|
d76c62 |
|
|
|
d76c62 |
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
|
d76c62 |
Message-Id: <4c2586a6da3b01adce09573a6123a15b3aea5ae6.1582626185.git.mprivozn@redhat.com>
|
|
|
d76c62 |
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
|
|
|
d76c62 |
---
|
|
|
d76c62 |
src/security/security_dac.c | 14 ++++++++++++++
|
|
|
d76c62 |
src/security/security_manager.c | 7 -------
|
|
|
d76c62 |
src/security/security_manager.h | 6 ++++++
|
|
|
d76c62 |
src/security/security_selinux.c | 14 ++++++++++++++
|
|
|
d76c62 |
4 files changed, 34 insertions(+), 7 deletions(-)
|
|
|
d76c62 |
|
|
|
d76c62 |
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
|
|
|
d76c62 |
index 2561ee440e..0cfe3626d4 100644
|
|
|
d76c62 |
--- a/src/security/security_dac.c
|
|
|
d76c62 |
+++ b/src/security/security_dac.c
|
|
|
d76c62 |
@@ -240,6 +240,20 @@ virSecurityDACTransactionRun(pid_t pid G_GNUC_UNUSED,
|
|
|
d76c62 |
|
|
|
d76c62 |
if (!(state = virSecurityManagerMetadataLock(list->manager, paths, npaths)))
|
|
|
d76c62 |
goto cleanup;
|
|
|
d76c62 |
+
|
|
|
d76c62 |
+ for (i = 0; i < list->nItems; i++) {
|
|
|
d76c62 |
+ virSecurityDACChownItemPtr item = list->items[i];
|
|
|
d76c62 |
+ size_t j;
|
|
|
d76c62 |
+
|
|
|
d76c62 |
+ for (j = 0; j < state->nfds; j++) {
|
|
|
d76c62 |
+ if (STREQ_NULLABLE(item->path, state->paths[j]))
|
|
|
d76c62 |
+ break;
|
|
|
d76c62 |
+ }
|
|
|
d76c62 |
+
|
|
|
d76c62 |
+ /* If path wasn't locked, don't try to remember its label. */
|
|
|
d76c62 |
+ if (j == state->nfds)
|
|
|
d76c62 |
+ item->remember = false;
|
|
|
d76c62 |
+ }
|
|
|
d76c62 |
}
|
|
|
d76c62 |
|
|
|
d76c62 |
for (i = 0; i < list->nItems; i++) {
|
|
|
d76c62 |
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
|
|
|
d76c62 |
index 05d20e36af..9d06316a99 100644
|
|
|
d76c62 |
--- a/src/security/security_manager.c
|
|
|
d76c62 |
+++ b/src/security/security_manager.c
|
|
|
d76c62 |
@@ -1245,13 +1245,6 @@ virSecurityManagerRestoreTPMLabels(virSecurityManagerPtr mgr,
|
|
|
d76c62 |
}
|
|
|
d76c62 |
|
|
|
d76c62 |
|
|
|
d76c62 |
-struct _virSecurityManagerMetadataLockState {
|
|
|
d76c62 |
- size_t nfds; /* Captures size of both @fds and @paths */
|
|
|
d76c62 |
- int *fds;
|
|
|
d76c62 |
- const char **paths;
|
|
|
d76c62 |
-};
|
|
|
d76c62 |
-
|
|
|
d76c62 |
-
|
|
|
d76c62 |
static int
|
|
|
d76c62 |
cmpstringp(const void *p1, const void *p2)
|
|
|
d76c62 |
{
|
|
|
d76c62 |
diff --git a/src/security/security_manager.h b/src/security/security_manager.h
|
|
|
d76c62 |
index f835356b7e..b92ea5dc87 100644
|
|
|
d76c62 |
--- a/src/security/security_manager.h
|
|
|
d76c62 |
+++ b/src/security/security_manager.h
|
|
|
d76c62 |
@@ -203,6 +203,12 @@ int virSecurityManagerRestoreTPMLabels(virSecurityManagerPtr mgr,
|
|
|
d76c62 |
|
|
|
d76c62 |
typedef struct _virSecurityManagerMetadataLockState virSecurityManagerMetadataLockState;
|
|
|
d76c62 |
typedef virSecurityManagerMetadataLockState *virSecurityManagerMetadataLockStatePtr;
|
|
|
d76c62 |
+struct _virSecurityManagerMetadataLockState {
|
|
|
d76c62 |
+ size_t nfds; /* Captures size of both @fds and @paths */
|
|
|
d76c62 |
+ int *fds;
|
|
|
d76c62 |
+ const char **paths;
|
|
|
d76c62 |
+};
|
|
|
d76c62 |
+
|
|
|
d76c62 |
|
|
|
d76c62 |
virSecurityManagerMetadataLockStatePtr
|
|
|
d76c62 |
virSecurityManagerMetadataLock(virSecurityManagerPtr mgr,
|
|
|
d76c62 |
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
|
|
|
d76c62 |
index 21279e7622..d7362327e6 100644
|
|
|
d76c62 |
--- a/src/security/security_selinux.c
|
|
|
d76c62 |
+++ b/src/security/security_selinux.c
|
|
|
d76c62 |
@@ -271,6 +271,20 @@ virSecuritySELinuxTransactionRun(pid_t pid G_GNUC_UNUSED,
|
|
|
d76c62 |
|
|
|
d76c62 |
if (!(state = virSecurityManagerMetadataLock(list->manager, paths, npaths)))
|
|
|
d76c62 |
goto cleanup;
|
|
|
d76c62 |
+
|
|
|
d76c62 |
+ for (i = 0; i < list->nItems; i++) {
|
|
|
d76c62 |
+ virSecuritySELinuxContextItemPtr item = list->items[i];
|
|
|
d76c62 |
+ size_t j;
|
|
|
d76c62 |
+
|
|
|
d76c62 |
+ for (j = 0; j < state->nfds; j++) {
|
|
|
d76c62 |
+ if (STREQ_NULLABLE(item->path, state->paths[j]))
|
|
|
d76c62 |
+ break;
|
|
|
d76c62 |
+ }
|
|
|
d76c62 |
+
|
|
|
d76c62 |
+ /* If path wasn't locked, don't try to remember its label. */
|
|
|
d76c62 |
+ if (j == state->nfds)
|
|
|
d76c62 |
+ item->remember = false;
|
|
|
d76c62 |
+ }
|
|
|
d76c62 |
}
|
|
|
d76c62 |
|
|
|
d76c62 |
rv = 0;
|
|
|
d76c62 |
--
|
|
|
d76c62 |
2.25.1
|
|
|
d76c62 |
|