[libvirt] [PATCH RFC 1/3] security_dac: Remember owner prior chown() and restore on relabel
Daniel P. Berrange
berrange at redhat.com
Wed Feb 27 10:33:20 UTC 2013
On Wed, Feb 27, 2013 at 11:30:31AM +0100, Michal Privoznik wrote:
> On 27.02.2013 11:21, Daniel P. Berrange wrote:
> > On Tue, Feb 26, 2013 at 05:08:40PM +0100, Michal Privoznik wrote:
> >> Currently, if we label a file to match qemu process DAC label, we
> >> do not store the original owner anywhere. So when relabeling
> >> back, the only option we have is to relabel to root:root
> >> which is obviously wrong.
> >>
> >> However, bare remembering is not enough. We need to keep track of
> >> how many times we labeled a file so only the last restore
> >> chown()-s file back to the original owner.
> >
> > Your patches don't deal with this scenario correctly I'm afraid.
> > A shared file may be on NFS, so simply ref-counting inside
> > libvirtd doesn't cut it. We need a ref count visible to all
> > libvirtd instances that can see the file. My thought is that
> > we ought to make use of an extended attribute for recording
> > the ref count and original ownership.
> >
> > Daniel
> >
>
> Okay, but I think we should not deal with NFS at all. If a disk is
> shared libvirt should not event try to label it. And if so, then
> definitely not relabel it back.
I completely disagree. We absolutely must correctly support shared
filesystems, whether NFS, GFS or any number of FUSE cluster filesystems
that are increasingly common. NFS is an exception in that its POSIX
compliance is poor & root squash concept can fsck things up, but not
all shared filesystems are so badly designed/limiting.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list