[libvirt] [PATCH 2/3] Set SELinux context label of pipes used for qemu migration
Daniel P. Berrange
berrange at redhat.com
Tue Jan 25 17:49:41 UTC 2011
On Tue, Jan 25, 2011 at 04:24:19AM -0500, Laine Stump wrote:
> This patch is a partial resolution to the following bug:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=667756
>
> (to complete the fix, an updated selinux-policy package is required,
> to add the policy that allows libvirt to set the context of a fifo,
> which was previously not allowed).
>
> Explanation : When an incoming migration is over a pipe (for example,
> if the image was compressed and is being fed through gzip, or was on a
> root-squash nfs server, so needed to be opened by a child process
> running as a different uid), qemu cannot read it unless the selinux
> context label for the pipe has been set properly.
>
> The solution is to check the fd used as the source of the migration
> just before passing it to qemu; if it's a fifo (implying that it's a
> pipe), we call the newly added virSecurityManagerSetFDLabel() function
> to set the context properly.
> ---
> src/qemu/qemu_driver.c | 18 ++++++++++++++++++
> 1 files changed, 18 insertions(+), 0 deletions(-)
>
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index 34cc29f..985b062 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -2667,6 +2667,24 @@ static int qemudStartVMDaemon(virConnectPtr conn,
> vm, stdin_path) < 0)
> goto cleanup;
>
> + if (stdin_fd != -1) {
> + /* if there's an fd to migrate from, and it's a pipe, put the
> + * proper security label on it
> + */
> + struct stat stdin_sb;
> +
> + DEBUG0("setting security label on pipe used for migration");
> +
> + if (fstat(stdin_fd, &stdin_sb) < 0) {
> + virReportSystemError(errno,
> + _("cannot stat fd %d"), stdin_fd);
> + goto cleanup;
> + }
> + if (S_ISFIFO(stdin_sb.st_mode) &&
> + virSecurityManagerSetFDLabel(driver->securityManager, vm, stdin_fd) < 0)
> + goto cleanup;
> + }
This feels like the wrong place to put this call. The callers
of qemudStartVMDaemon() which opened 'stdin_fd' in the first
place will already know if it is a pipe or not. If we put
the virSecurityManagerSetFDLabel call in the appropriate
callers, then the fstat() complexity is avoided.
Daniel
More information about the libvir-list
mailing list