[libvirt] [PATCH 0/6] Don't run whole sec driver in namespace

Michal Privoznik mprivozn at redhat.com
Mon Dec 19 15:57:49 UTC 2016 

In eadaa97548 I've tried to solve the issue of setting seclabels
on private /dev/* entries. While my approach works, it has tiny
flaw - anything that happens in the namespace stays in the
namespace. I mean, if there's a internal state change occurring
on relabel operation (it should not, and it doesn't nowadays, but
it's no guarantee), this change is not reflected in the daemon.
This is because when entering the namespace, the daemon forks,
enters the namespace and then executes the RelabelAll() function.

This imperfection is:
a) very easy to forget
b) very hard to debug

Therefore, we may have transaction APIs as suggested here [1]. On
transactionBegin() the sec driver will record [path. seclabel]
somewhere instead of applying the label. Then on
transactionCommit() new process is forked, enters the namespace
and perform previously recorded changes. This way it is only the
minimal code that runs in the namespace. Moreover, it runs over
constant data thus there can be no internal state transition.

1: https://www.redhat.com/archives/libvir-list/2016-December/msg00254.html

Michal Privoznik (6):
  security_selinux: s/virSecuritySELinuxSecurity/virSecuritySELinux/
  security_dac: Resolve virSecurityDACSetOwnershipInternal const
    correctness
  security driver: Introduce transaction APIs
  security_dac: Implement transaction APIs
  security_selinux: Implement transaction APIs
  qemu: Use transactions from security driver

 src/libvirt_private.syms              |   3 +
 src/qemu/qemu_driver.c                |  28 +++--
 src/qemu/qemu_security.c              |  98 +++++----------
 src/security/security_dac.c           | 197 +++++++++++++++++++++++++++++-
 src/security/security_driver.h        |   9 ++
 src/security/security_manager.c       |  38 ++++++
 src/security/security_manager.h       |   7 +-
 src/security/security_selinux.c       | 219 +++++++++++++++++++++++++++++++---
 src/security/security_stack.c         |  49 ++++++++
 src/storage/storage_backend.h         |   2 +-
 src/storage/storage_backend_fs.c      |   2 +-
 src/storage/storage_backend_gluster.c |   2 +-
 src/storage/storage_driver.c          |   6 +-
 src/storage/storage_driver.h          |   4 +-
 src/util/virstoragefile.c             |   2 +-
 src/util/virstoragefile.h             |   2 +-
 16 files changed, 561 insertions(+), 107 deletions(-)

-- 
2.11.0

More information about the libvir-list mailing list