[libvirt] [Qemu-devel] [PATCH v2 0/4] file descriptor passing using passfd

Corey Bryant coreyb at linux.vnet.ibm.com
Wed Jun 13 14:31:55 UTC 2012 


On 06/13/2012 06:28 AM, Kevin Wolf wrote:
> Am 08.06.2012 17:42, schrieb Corey Bryant:
>> libvirt's sVirt security driver provides SELinux MAC isolation for
>> Qemu guest processes and their corresponding image files.  In other
>> words, sVirt uses SELinux to prevent a QEMU process from opening
>> files that do not belong to it.
>>
>> sVirt provides this support by labeling guests and resources with
>> security labels that are stored in file system extended attributes.
>> Some file systems, such as NFS, do not support the extended
>> attribute security namespace, and therefore cannot support sVirt
>> isolation.
>>
>> A solution to this problem is to provide fd passing support, where
>> libvirt opens files and passes file descriptors to QEMU.  This,
>> along with SELinux policy to prevent QEMU from opening files, can
>> provide image file isolation for NFS files stored on the same NFS
>> mount.
>>
>> This patch series adds the passfd QMP monitor command, which allows
>> an fd to be passed via SCM_RIGHTS, and returns the received file
>> descriptor.  Support is also added to the block layer to allow QEMU
>> to dup the fd when the filename is of the /dev/fd/X format.  This
>> is useful if MAC policy prevents QEMU from opening specific types
>> of files.
>>
>> One nice thing about this approach is that no new SELinux policy is
>> required to prevent open of NFS files (files with type nfs_t).  The
>> virt_use_nfs boolean type simply needs to be set to false, and open
>> will be prevented (and dup will be allowed).  For example:
>>
>>      # setsebool virt_use_nfs 0
>>      # getsebool virt_use_nfs
>>      virt_use_nfs --> off
>>
>> Corey Bryant (4):
>>    qapi: Convert getfd and closefd
>>    qapi: Add passfd QMP command
>>    osdep: Enable qemu_open to dup pre-opened fd
>>    block: Convert open calls to qemu_open
>>
>>   block/raw-posix.c |   18 +++++++++---------
>>   block/raw-win32.c |    4 ++--
>>   block/vdi.c       |    5 +++--
>>   block/vmdk.c      |   21 +++++++++------------
>>   block/vpc.c       |    2 +-
>>   block/vvfat.c     |   21 +++++++++++----------
>>   hmp-commands.hx   |    6 ++----
>>   hmp.c             |   18 ++++++++++++++++++
>>   hmp.h             |    2 ++
>>   monitor.c         |   36 ++++++++++++++++++++----------------
>>   osdep.c           |   13 +++++++++++++
>>   qapi-schema.json  |   44 ++++++++++++++++++++++++++++++++++++++++++++
>>   qmp-commands.hx   |   33 +++++++++++++++++++++++++++++----
>>   13 files changed, 163 insertions(+), 60 deletions(-)
>
> Looks good to me. If Luiz is okay with the QMP part, I'm going to apply
> this to the block branch.
>
> Corey, please make sure to check the host_floppy problem and send a
> patch if necessary.
>
> Kevin
>

Thanks!  I just sent a patch for the host_floppy issue.

-- 
Regards,
Corey

More information about the libvir-list mailing list