[libvirt] [PATCH] qemu: Enforce qemuSecurity wrappers
Peter Krempa
pkrempa at redhat.com
Mon Feb 20 11:50:23 UTC 2017
On Tue, Feb 14, 2017 at 15:30:44 +0100, Michal Privoznik wrote:
> Now that we have some qemuSecurity wrappers over
> virSecurityManager APIs, lets make sure everybody sticks with
> them. We have them for a reason and calling virSecurityManager
> API directly instead of wrapper may lead into accidentally
> labelling a file on the host instead of namespace.
>
> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
> ---
>
> This is an alternative approach to:
>
> https://www.redhat.com/archives/libvir-list/2017-February/msg00271.html
>
> cfg.mk | 5 ++++
> src/qemu/qemu_command.c | 7 +++---
> src/qemu/qemu_conf.c | 9 ++++---
> src/qemu/qemu_domain.c | 17 ++++++-------
> src/qemu/qemu_driver.c | 63 ++++++++++++++++++++++-------------------------
> src/qemu/qemu_hotplug.c | 4 +--
> src/qemu/qemu_migration.c | 13 +++++-----
> src/qemu/qemu_process.c | 61 ++++++++++++++++++++++-----------------------
> src/qemu/qemu_security.h | 32 ++++++++++++++++++++++++
> 9 files changed, 122 insertions(+), 89 deletions(-)
>
[...]
> diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
> index 54638908d..d86db3f6b 100644
> --- a/src/qemu/qemu_security.h
> +++ b/src/qemu/qemu_security.h
> @@ -28,6 +28,7 @@
>
> # include "qemu_conf.h"
> # include "domain_conf.h"
> +# include "security/security_manager.h"
>
> int qemuSecuritySetAllLabel(virQEMUDriverPtr driver,
> virDomainObjPtr vm,
> @@ -60,4 +61,35 @@ int qemuSecuritySetHostdevLabel(virQEMUDriverPtr driver,
> int qemuSecurityRestoreHostdevLabel(virQEMUDriverPtr driver,
> virDomainObjPtr vm,
> virDomainHostdevDefPtr hostdev);
> +
> +/* Please note that for these APIs there is no wrapper yet. Do NOT blindly add
> + * new APIs here. If an API can touch a /dev file add a proper wrapper instead.
> + */
> +# define qemuSecurityCheckAllLabel virSecurityManagerCheckAllLabel
> +# define qemuSecurityClearSocketLabel virSecurityManagerClearSocketLabel
> +# define qemuSecurityDomainSetPathLabel virSecurityManagerDomainSetPathLabel
> +# define qemuSecurityGenLabel virSecurityManagerGenLabel
> +# define qemuSecurityGetBaseLabel virSecurityManagerGetBaseLabel
> +# define qemuSecurityGetDOI virSecurityManagerGetDOI
> +# define qemuSecurityGetModel virSecurityManagerGetModel
> +# define qemuSecurityGetMountOptions virSecurityManagerGetMountOptions
> +# define qemuSecurityGetNested virSecurityManagerGetNested
> +# define qemuSecurityGetProcessLabel virSecurityManagerGetProcessLabel
> +# define qemuSecurityNew virSecurityManagerNew
> +# define qemuSecurityNewDAC virSecurityManagerNewDAC
> +# define qemuSecurityNewStack virSecurityManagerNewStack
> +# define qemuSecurityPostFork virSecurityManagerPostFork
> +# define qemuSecurityPreFork virSecurityManagerPreFork
> +# define qemuSecurityReleaseLabel virSecurityManagerReleaseLabel
> +# define qemuSecurityReserveLabel virSecurityManagerReserveLabel
> +# define qemuSecurityRestoreSavedStateLabel virSecurityManagerRestoreSavedStateLabel
> +# define qemuSecuritySetChildProcessLabel virSecurityManagerSetChildProcessLabel
> +# define qemuSecuritySetDaemonSocketLabel virSecurityManagerSetDaemonSocketLabel
> +# define qemuSecuritySetImageFDLabel virSecurityManagerSetImageFDLabel
> +# define qemuSecuritySetSavedStateLabel virSecurityManagerSetSavedStateLabel
> +# define qemuSecuritySetSocketLabel virSecurityManagerSetSocketLabel
> +# define qemuSecuritySetTapFDLabel virSecurityManagerSetTapFDLabel
> +# define qemuSecurityStackAddNested virSecurityManagerStackAddNested
> +# define qemuSecurityVerify virSecurityManagerVerify
I don't like this either for similar reasons that I've stated on the
original series.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20170220/eb90d7fb/attachment-0001.sig>
More information about the libvir-list
mailing list