[libvirt] [PATCH 1/2] add security hook for permitting hugetlbfs access (v2)

Daniel P. Berrange berrange at redhat.com
Tue Dec 11 20:27:01 UTC 2012 

On Tue, Dec 11, 2012 at 08:20:29PM +0000, serge at hallyn.com wrote:
> From: Serge Hallyn <serge.hallyn at ubuntu.com>
> 
> When a qemu domain is backed by huge pages, apparmor needs to grant the domain
> rw access to files under the hugetlbfs mount point.  Add a hook, called in
> qemu_process.c, which ends up adding the read-write access through
> virt-aa-helper.  Qemu will be creating a randomly named file under the
> mountpoint and unlinking it as soon as it has mmap()d it, therefore we
> cannot predict the full pathname, but for the same reason it is generally
> safe to provide access to $path/**.
> 
> Changelog:
>  v2: use virBuffer* in place of snprintf
>  v2: add test to virt-aa-helper-tests for the virt-aa-helper -F command used.
> 
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> ---
>  src/libvirt_private.syms        |    1 +
>  src/qemu/qemu_process.c         |    9 +++++++++
>  src/security/security_driver.h  |    4 ++++
>  src/security/security_manager.c |   10 ++++++++++
>  src/security/security_manager.h |    3 +++
>  src/security/security_stack.c   |   19 +++++++++++++++++++
>  tests/virt-aa-helper-test       |    3 +++
>  7 files changed, 49 insertions(+)
> 
> diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
> index 7d083e4..cd798a7 100644
> --- a/src/libvirt_private.syms
> +++ b/src/libvirt_private.syms
> @@ -1074,6 +1074,7 @@ virSecurityManagerSetTapFDLabel;
>  virSecurityManagerStackAddNested;
>  virSecurityManagerVerify;
>  virSecurityManagerGetMountOptions;
> +virSecurityManagerSetHugepages;
>  
>  # sexpr.h
>  sexpr_append;
> diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
> index ab04599..4418f33 100644
> --- a/src/qemu/qemu_process.c
> +++ b/src/qemu/qemu_process.c
> @@ -3482,6 +3482,15 @@ int qemuProcessStart(virConnectPtr conn,
>      }
>      virDomainAuditSecurityLabel(vm, true);
>  
> +    if (driver->hugepage_path && vm->def->mem.hugepage_backed) {
> +        if (virSecurityManagerSetHugepages(driver->securityManager,
> +                    vm->def, driver->hugepage_path) < 0) {
> +            virReportError(VIR_ERR_INTERNAL_ERROR,
> +                    "%s", _("Unable to set huge path in security driver"));
> +            goto cleanup;
> +        }
> +    }
> +
>      /* Ensure no historical cgroup for this VM is lying around bogus
>       * settings */
>      VIR_DEBUG("Ensuring no historical cgroup is lying around");
> diff --git a/src/security/security_driver.h b/src/security/security_driver.h
> index d49b401..ad5097b 100644
> --- a/src/security/security_driver.h
> +++ b/src/security/security_driver.h
> @@ -100,6 +100,9 @@ typedef int (*virSecurityDomainSetTapFDLabel) (virSecurityManagerPtr mgr,
>                                                 int fd);
>  typedef char *(*virSecurityDomainGetMountOptions) (virSecurityManagerPtr mgr,
>                                                           virDomainDefPtr def);
> +typedef int (*virSecurityDomainSetHugepages) (virSecurityManagerPtr mgr,
> +                                                         virDomainDefPtr def,
> +                                                         const char *path);
>  
>  struct _virSecurityDriver {
>      size_t privateDataLen;
> @@ -140,6 +143,7 @@ struct _virSecurityDriver {
>      virSecurityDomainSetTapFDLabel domainSetSecurityTapFDLabel;
>  
>      virSecurityDomainGetMountOptions domainGetSecurityMountOptions;
> +    virSecurityDomainSetHugepages domainSetSecurityHugepages;
>  };
>  
>  virSecurityDriverPtr virSecurityDriverLookup(const char *name,
> diff --git a/src/security/security_manager.c b/src/security/security_manager.c
> index 0ebd53b..690e4da 100644
> --- a/src/security/security_manager.c
> +++ b/src/security/security_manager.c
> @@ -508,3 +508,13 @@ virSecurityManagerGetNested(virSecurityManagerPtr mgr)
>      list[1] = NULL;
>      return list;
>  }
> +
> +int virSecurityManagerSetHugepages(virSecurityManagerPtr mgr,
> +                                    virDomainDefPtr vm,
> +                                    const char *path)
> +{
> +    if (mgr->drv->domainSetSecurityHugepages)
> +        return mgr->drv->domainSetSecurityHugepages(mgr, vm, path);
> +
> +    return 0;
> +}
> diff --git a/src/security/security_manager.h b/src/security/security_manager.h
> index 1fdaf8e..2de4d30 100644
> --- a/src/security/security_manager.h
> +++ b/src/security/security_manager.h
> @@ -112,5 +112,8 @@ char *virSecurityManagerGetMountOptions(virSecurityManagerPtr mgr,
>                                                virDomainDefPtr vm);
>  virSecurityManagerPtr*
>  virSecurityManagerGetNested(virSecurityManagerPtr mgr);
> +int virSecurityManagerSetHugepages(virSecurityManagerPtr mgr,
> +                                  virDomainDefPtr sec,
> +                                  const char *hugepages_path);
>  
>  #endif /* VIR_SECURITY_MANAGER_H__ */
> diff --git a/src/security/security_stack.c b/src/security/security_stack.c
> index 1094cbe..c2ccbd0 100644
> --- a/src/security/security_stack.c
> +++ b/src/security/security_stack.c
> @@ -462,6 +462,23 @@ virSecurityStackSetTapFDLabel(virSecurityManagerPtr mgr,
>      return rc;
>  }
>  
> +static int
> +virSecurityStackSetHugepages(virSecurityManagerPtr mgr,
> +                              virDomainDefPtr vm,
> +                              const char *path)
> +{
> +    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
> +    virSecurityStackItemPtr item = priv->itemsHead;
> +    int rc = 0;
> +
> +    for (; item; item = item->next) {
> +        if (virSecurityManagerSetHugepages(item->securityManager, vm, path) < 0)
> +            rc = -1;
> +    }
> +
> +    return rc;
> +}
> +
>  static char *virSecurityStackGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
>                                               virDomainDefPtr vm ATTRIBUTE_UNUSED) {
>      return NULL;
> @@ -529,4 +546,6 @@ virSecurityDriver virSecurityDriverStack = {
>      .domainSetSecurityTapFDLabel        = virSecurityStackSetTapFDLabel,
>  
>      .domainGetSecurityMountOptions      = virSecurityStackGetMountOptions,
> +
> +    .domainSetSecurityHugepages         = virSecurityStackSetHugepages,
>  };
> diff --git a/tests/virt-aa-helper-test b/tests/virt-aa-helper-test
> index 21a2766..f14db8b 100755
> --- a/tests/virt-aa-helper-test
> +++ b/tests/virt-aa-helper-test
> @@ -316,6 +316,9 @@ testme "0" "initrd is /initrd.img" "-r -u $valid_uuid" "$test_xml"
>  sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,<graphics*,<graphics type='sdl' display=':0.0' xauth='/home/myself/.Xauthority'/>,g" "$template_xml" > "$test_xml"
>  testme "0" "sdl Xauthority" "-r -u $valid_uuid" "$test_xml"
>  
> +sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" > "$test_xml"
> +testme "0" "hugepages" "-r -u $valid_uuid -F /run/hugepages/kvm/\*\*" "$test_xml"
> +
>  testme "0" "help" "-h"
>  
>  echo "" >$output
> -- 

ACK

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the libvir-list mailing list