[libvirt] [PATCH 3/4] Fix QEMU save/restore with block devices

Laine Stump laine at laine.org
Wed Apr 28 14:36:53 UTC 2010


On 04/28/2010 08:49 AM, Daniel P. Berrange wrote:
> On Sun, Apr 25, 2010 at 03:04:21AM -0400, Laine Stump wrote:
>    
>> On 04/24/2010 12:50 AM, Laine Stump wrote:
>>      
>>> Is it really necessary to add this padding even when we *aren't* using
>>> dd? (ie, when is_reg == 1).
>>>        
>> Nevermind. Now that I've actual RTFC, I see that this new code *always*
>> use dd.
>>
>> However, I just noticed an SELinux complaint about dd attempting to
>> write to a file on an NFS-mounted directory. My system is running
>> SELinux in permissive mode, so it succeeded, but won't this be a problem
>> if it's in enforcing mode?
>>      
> If there is a SELinux problem I don't think it can be related to this
> patch. Both before&  after this change we're running a child process
> to actually write the data. Previously cat, now dd. So SELinux would
> impact them equally badly/well.
>    

Correct (that it's a problem with dd breaking an SELinux policy, not 
us). I don't recall if there was previously a complaint about cat doing 
it, but it seems probable that SELinux would be setup to not complain 
about a cat of a file on an NFS-mounted directory, yet complain loudly 
if someone used dd.

So while nothing needs changing in this code, it's one of those things 
that we need to inform the SELinux people about - it really is 
foreseeable that someone would want to access an NFS-mounted file with dd.




More information about the libvir-list mailing list