[libvirt] Re: [PATCH] Add huge page support to libvirt, v2..

Stephen Smalley sds at tycho.nsa.gov
Tue Jul 28 12:04:31 UTC 2009 

On Mon, 2009-07-27 at 22:55 +0100, Daniel P. Berrange wrote:
> On Thu, Jul 23, 2009 at 09:00:18PM -0400, john cooper wrote:
> > I've incorporated feedback received on the
> > prior version into the patch below.
> > 
> > The host mount point for hugetlbfs is queried by
> > default from /proc/mounts unless overridden in
> > qemu.conf via:
> > 
> >     hugepage_mount = "<path_to_mount_point>"
> > 
> > This should make the concern of establishing
> > a mount point path convention a non-issue for
> > the general case while still allowing the same
> > to be deterministically set if needed.
> 
> In light of what Chris said about extended attribute support
> for SELinux I think we, sadly, have no choice by to mount
> a new instance of hugetlbfs per VM, labelled with the context
> of that VM. The problem is that this doesn't really fit into
> the internal architecture we have in the slightest. The
> SELinux support we have is focused around re-labelling
> existing resources.
> 
> This hugetlbfs support implies that the SELinux driver is
> altering our command line arg generator, which is not an
> easy thing for us to support, given the code flow here. 
> We might have to resort to sick gross hacks.... unless the
> kernel guys think its easy to add extended attribute support
> to hugetlbfs in no time at all.

There is a vfs fallback for setxattr of the security.* namespace to the
security module, which would work for hugetlbfs if not for the fact that
policy defines it as a genfscon-labeled filesystem.  We only started
prohibiting setxattr on genfscon-labeled filesystems in 2.6.30; prior to
that we only did that for mountpoint-labeled filesystems.  I can
actually chcon a file in a hugetlbfs mount on 2.6.29.

To convert hugetlbfs to fully support labeling we'd need
hugetlbfs_mknod() to call security_inode_init_security() to set up new
inode security labels, just like shmem_mknod() does for tmpfs.  And then
we'd need to switch over the policy from genfscon to fs_use_trans.

-- 
Stephen Smalley
National Security Agency

More information about the libvir-list mailing list