Commit 1151cdcad3f4b68478b076832843338256b94644

Daniel P. Berrange
Wed Nov 11 16:53:51 CET 2009

Tree SHA1: 2ebc033
Parent SHA1: d7cca87 (Do not log rotate very small logs)
raw diff | raw patch

Fix save and restore with non-privileged guests and SELinux

When running qemu:///system instance, libvirtd runs as root,
but QEMU may optionally be configured to run non-root. When
then saving a guest to a state file, the file is initially
created as root, and thus QEMU cannot write to it. It is also
missing labelling required to allow access via SELinux.

* src/qemu/qemu_driver.c: Set ownership on save image before
  running migrate command in virDomainSave impl. Call out to
  security driver to set save image labelling
* src/security/security_driver.h: Add driver APIs for setting
  and restoring saved state file labelling
* src/security/security_selinux.c: Implement saved state file
  labelling for SELinux

(cherry picked from commit bc0010b3d149df00406b82c37eb59874d8525af4)

Fedora-patch: libvirt-qemu-save-restore.patch

Diff rendering mode:
inline
side by side


3146	3146	char *xml = NULL;
3147	3147	struct qemud_save_header header;
3148	3148	int ret = -1;
	3149	int rc;
3149	3150	virDomainEventPtr event = NULL;
3150	3151
3151	3152	memset(&header, 0, sizeof(header));
…	…
3227	3227	}
3228	3228	fd = -1;
3229	3229
	3230	if (driver->privileged &&
	3231	chown(path, driver->user, driver->group) < 0) {
	3232	virReportSystemError(NULL, errno,
	3233	_("unable to set ownership of '%s' to user %d:%d"),
	3234	path, driver->user, driver->group);
	3235	goto cleanup;
	3236	}
	3237
	3238	if (driver->securityDriver &&
	3239	driver->securityDriver->domainSetSavedStateLabel &&
	3240	driver->securityDriver->domainSetSavedStateLabel(dom->conn, vm, path) == -1)
	3241	goto cleanup;
	3242
3230	3243	if (header.compressed == QEMUD_SAVE_FORMAT_RAW) {
3231	3244	const char *args[] = { "cat", NULL };
3232		ret = qemuMonitorMigrateToCommand(vm, 0, args, path);
	3245	rc = qemuMonitorMigrateToCommand(vm, 0, args, path);
3233	3246	} else {
3234	3247	const char *prog = qemudSaveCompressionTypeToString(header.compressed);
3235	3248	const char *args[] = {
…	…
3250	3250	"-c",
3251	3251	NULL
3252	3252	};
3253		ret = qemuMonitorMigrateToCommand(vm, 0, args, path);
	3253	rc = qemuMonitorMigrateToCommand(vm, 0, args, path);
3254	3254	}
3255	3255
3256		if (ret < 0)
	3256	if (rc < 0)
3257	3257	goto cleanup;
	3258
	3259	if (driver->privileged &&
	3260	chown(path, 0, 0) < 0) {
	3261	virReportSystemError(NULL, errno,
	3262	_("unable to set ownership of '%s' to user %d:%d"),
	3263	path, 0, 0);
	3264	goto cleanup;
	3265	}
	3266
	3267	if (driver->securityDriver &&
	3268	driver->securityDriver->domainRestoreSavedStateLabel &&
	3269	driver->securityDriver->domainRestoreSavedStateLabel(dom->conn, path) == -1)
	3270	goto cleanup;
	3271
	3272	ret = 0;
3258	3273
3259	3274	/* Shut it down */
3260	3275	qemudShutdownVMDaemon(dom->conn, driver, vm);


42	42	typedef int (*virSecurityDomainSetHostdevLabel) (virConnectPtr conn,
43	43	virDomainObjPtr vm,
44	44	virDomainHostdevDefPtr dev);
	45	typedef int (*virSecurityDomainSetSavedStateLabel) (virConnectPtr conn,
	46	virDomainObjPtr vm,
	47	const char *savefile);
	48	typedef int (*virSecurityDomainRestoreSavedStateLabel) (virConnectPtr conn,
	49	const char *savefile);
45	50	typedef int (*virSecurityDomainGenLabel) (virConnectPtr conn,
46	51	virDomainObjPtr sec);
47	52	typedef int (*virSecurityDomainReserveLabel) (virConnectPtr conn,
…	…
76	76	virSecurityDomainRestoreLabel domainRestoreSecurityLabel;
77	77	virSecurityDomainRestoreHostdevLabel domainRestoreSecurityHostdevLabel;
78	78	virSecurityDomainSetHostdevLabel domainSetSecurityHostdevLabel;
	79	virSecurityDomainSetSavedStateLabel domainSetSavedStateLabel;
	80	virSecurityDomainRestoreSavedStateLabel domainRestoreSavedStateLabel;
79	81
80	82	/*
81	83	* This is internally managed driver state and should only be accessed


525	525	return ret;
526	526	}
527	527
	528
528	529	static int
529	530	SELinuxRestoreSecurityPCILabel(virConnectPtr conn,
530	531	pciDevice *dev ATTRIBUTE_UNUSED,
…	…
626	626	return rc;
627	627	}
628	628
	629
629	630	static int
	631	SELinuxSetSavedStateLabel(virConnectPtr conn,
	632	virDomainObjPtr vm,
	633	const char *savefile)
	634	{
	635	const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
	636
	637	return SELinuxSetFilecon(conn, savefile, secdef->imagelabel);
	638	}
	639
	640
	641	static int
	642	SELinuxRestoreSavedStateLabel(virConnectPtr conn,
	643	const char *savefile)
	644	{
	645	return SELinuxRestoreSecurityFileLabel(conn, savefile);
	646	}
	647
	648
	649	static int
630	650	SELinuxSecurityVerify(virConnectPtr conn, virDomainDefPtr def)
631	651	{
632	652	const virSecurityLabelDefPtr secdef = &def->seclabel;
…	…
715	715	.domainSetSecurityLabel = SELinuxSetSecurityLabel,
716	716	.domainSetSecurityHostdevLabel = SELinuxSetSecurityHostdevLabel,
717	717	.domainRestoreSecurityHostdevLabel = SELinuxRestoreSecurityHostdevLabel,
	718	.domainSetSavedStateLabel = SELinuxSetSavedStateLabel,
	719	.domainRestoreSavedStateLabel = SELinuxRestoreSavedStateLabel,
718	720	};

Commit 1151cdcad3f4b68478b076832843338256b94644

Gitorious