[PATCH 4/4] qemu_conf: Don't even attempt to enable rememberOwner if unsupported
Roman Bolshakov
r.bolshakov at yadro.com
Tue Nov 3 14:55:28 UTC 2020
On Tue, Nov 03, 2020 at 02:13:29PM +0100, Michal Privoznik wrote:
> The remember owner feature uses XATTRs to store original
> seclabels. But that means we don't want a regular user to be able
> to change what we stored and thus trick us into setting different
> seclabel. Therefore, we use namespaces that are reserved to
> CAP_SYS_ADMIN only. Such namespaces exist on Linux and FreeBSD.
> That also means, that the whole feature is enabled only for
> qemu:///system. Now, while the secdriver code is capable of
> dealing with XATTRs being unsupported (it has to, not all
> filesystems support them) if the feature is enabled users will
> get an harmless error message in the logs and the feature
> disables itself.
>
> Since we have virSecurityXATTRNamespaceDefined() we can use it to
> make a wiser decision on the default state of the feature.
>
> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
> ---
> src/qemu/qemu_conf.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
> index ead9d1ee99..923aea8bd7 100644
> --- a/src/qemu/qemu_conf.c
> +++ b/src/qemu/qemu_conf.c
> @@ -49,6 +49,7 @@
> #include "storage_conf.h"
> #include "virutil.h"
> #include "configmake.h"
> +#include "security/security_util.h"
>
> #define VIR_FROM_THIS VIR_FROM_QEMU
>
> @@ -131,7 +132,11 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged,
> cfg->group = (gid_t)-1;
> }
> cfg->dynamicOwnership = privileged;
> - cfg->rememberOwner = privileged;
> +
> + if (privileged)
> + cfg->rememberOwner = virSecurityXATTRNamespaceDefined();
> + else
> + cfg->rememberOwner = false;
>
> cfg->cgroupControllers = -1; /* -1 == auto-detect */
>
> --
> 2.26.2
>
Reviewed-by: Roman Bolshakov <r.bolshakov at yadro.com>
Thanks,
Roman
More information about the libvir-list
mailing list