[libvirt] [PATCH 00/17] Avoid races with udev
Michal Privoznik
mprivozn at redhat.com
Wed Oct 26 12:36:47 UTC 2016
I've came across interesting bug recently. The problem was that
user tried to start a domain, but qemu was denied access to some
device. Even though we relabelled it initially. By debugging I
found the root cause: while we were starting qemu, udev came and
restored original security labels. Sigh. We have two options
here:
a) write out series of udev rules so that whenever it tries to
relabel something our rule will stop it from doing so
b) write a small helper binary that will udev call in order to:
1) detect whether device is in use by libvirt
2) get seclabel that was set by libvirt
These patches implement the latter approach. While these patches
make life easier for us, there is still a race when udev might
restore the device's seclabel before we had chance to flush
internal database of seclabels for the helper binary. This is
something I'm currently focusing on. But before I get there, here
are patches that makes the problem much more bearable.
In case you want to try these patches, here are some scratch builds:
https://mprivozn.fedorapeople.org/udev/
Also, you can find them on my branch:
https://github.com/zippy2/libvirt/commits/udev_labels2
This beast is turned off by default, to turn it on you'll need to add:
write_udev=1
to qemu.conf.
Michal Privoznik (17):
virseclabel.h: Include stdbool.h
virseclabel: Introduce virSecurityDeviceLabelDefNewLabel
security_dac: Pass manager to virSecurityDACSetImageLabel
security_dac: Pass manager to virSecurityDACRestoreFileLabelInternal
virudev: Introduce basic skeleton
virudev: Implement virUdevMgrAddLabel and virUdevMgrRemoveAllLabels
virudev: Introduce virUdevMgrDump
tests: Introduce virudevtest
virudev: Parse virUdevMgr from JSON
virudev: Introduce virUdevMgrLookupLabels
util: Introduce libvirt_udevhelper
security: Wire up virUdevMgr
qemu.conf: Introduce write_udev
qemu: Wire up virUdevMgr
qemu: Reload virUdevMgr on start
virudevtest: Introduce device filtering
qemu: Filter uninteresting paths for virUdevMgr
libvirt.spec.in | 1 +
mingw-libvirt.spec.in | 2 +
po/POTFILES.in | 2 +
src/Makefile.am | 21 ++
src/libvirt_private.syms | 15 +
src/qemu/libvirtd_qemu.aug | 1 +
src/qemu/qemu.conf | 5 +
src/qemu/qemu_conf.c | 3 +
src/qemu/qemu_conf.h | 5 +
src/qemu/qemu_domain.c | 12 +-
src/qemu/qemu_domain.h | 3 +-
src/qemu/qemu_driver.c | 40 +-
src/qemu/qemu_hotplug.c | 35 +-
src/qemu/qemu_process.c | 47 ++-
src/qemu/qemu_process.h | 3 +
src/qemu/test_libvirtd_qemu.aug.in | 1 +
src/security/security_dac.c | 103 ++++--
src/security/security_manager.c | 16 +
src/security/security_manager.h | 5 +
src/security/security_selinux.c | 47 ++-
src/util/udevhelper.c | 137 +++++++
src/util/virseclabel.c | 14 +
src/util/virseclabel.h | 6 +
src/util/virudev.c | 588 ++++++++++++++++++++++++++++++
src/util/virudev.h | 63 ++++
tests/Makefile.am | 12 +
tests/virudevmock.c | 29 ++
tests/virudevtest.c | 312 ++++++++++++++++
tests/virudevtestdata/complex.json | 30 ++
tests/virudevtestdata/empty.json | 5 +
tests/virudevtestdata/simple-dac.json | 13 +
tests/virudevtestdata/simple-selinux.json | 13 +
32 files changed, 1535 insertions(+), 54 deletions(-)
create mode 100644 src/util/udevhelper.c
create mode 100644 src/util/virudev.c
create mode 100644 src/util/virudev.h
create mode 100644 tests/virudevmock.c
create mode 100644 tests/virudevtest.c
create mode 100644 tests/virudevtestdata/complex.json
create mode 100644 tests/virudevtestdata/empty.json
create mode 100644 tests/virudevtestdata/simple-dac.json
create mode 100644 tests/virudevtestdata/simple-selinux.json
--
2.8.4
More information about the libvir-list
mailing list