[libvirt] [PATCH RFC 1/3] security_dac: Remember owner prior chown() and restore on relabel

Daniel P. Berrange berrange at redhat.com
Wed Feb 27 10:22:45 UTC 2013


On Tue, Feb 26, 2013 at 05:23:18PM -0700, Eric Blake wrote:
> On 02/26/2013 09:08 AM, Michal Privoznik wrote:
> > Currently, if we label a file to match qemu process DAC label, we
> > do not store the original owner anywhere. So when relabeling
> > back, the only option we have is to relabel to root:root
> > which is obviously wrong.
> > 
> > However, bare remembering is not enough. We need to keep track of
> > how many times we labeled a file so only the last restore
> > chown()-s file back to the original owner.
> 
> Definitely important for a read-only file shared by more than one domain.
> 
> > 
> > In order to not pollute domain XML, this info is kept in driver's
> > private data in a hash table with path being key and pair
> > <oldLabel, refcount> being value.
> 
> Makes sense.
> 
> Have you looked at what it would take to use ACLs to grant access to
> qemu without having to do a full-blown chown?  That would also need to
> use the hash table to undo the ACL at the end of the day, and we would
> need to fall back to chown() on file systems where ACL doesn't work, but
> it certainly sounds like that would be sharing some of the work in this
> patch.

Yep, independantly this patch we ought to make use of ACLs. It would
remove a whole class of problems users experiance and make udev happier
since it hates things chown'ing device nodes behind its back and has a
tendancy to change them back at any moment.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|




More information about the libvir-list mailing list