[libvirt] [PATCH RFC 1/3] security_dac: Remember owner prior chown() and restore on relabel
Daniel P. Berrange
berrange at redhat.com
Wed Feb 27 10:22:45 UTC 2013
On Tue, Feb 26, 2013 at 05:23:18PM -0700, Eric Blake wrote:
> On 02/26/2013 09:08 AM, Michal Privoznik wrote:
> > Currently, if we label a file to match qemu process DAC label, we
> > do not store the original owner anywhere. So when relabeling
> > back, the only option we have is to relabel to root:root
> > which is obviously wrong.
> >
> > However, bare remembering is not enough. We need to keep track of
> > how many times we labeled a file so only the last restore
> > chown()-s file back to the original owner.
>
> Definitely important for a read-only file shared by more than one domain.
>
> >
> > In order to not pollute domain XML, this info is kept in driver's
> > private data in a hash table with path being key and pair
> > <oldLabel, refcount> being value.
>
> Makes sense.
>
> Have you looked at what it would take to use ACLs to grant access to
> qemu without having to do a full-blown chown? That would also need to
> use the hash table to undo the ACL at the end of the day, and we would
> need to fall back to chown() on file systems where ACL doesn't work, but
> it certainly sounds like that would be sharing some of the work in this
> patch.
Yep, independantly this patch we ought to make use of ACLs. It would
remove a whole class of problems users experiance and make udev happier
since it hates things chown'ing device nodes behind its back and has a
tendancy to change them back at any moment.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list