[PATCH 4/4] qemu_conf: Don't even attempt to enable rememberOwner if unsupported

[Roman Bolshakov]

On Tue, Nov 03, 2020 at 02:13:29PM +0100, Michal Privoznik wrote:
> The remember owner feature uses XATTRs to store original
> seclabels. But that means we don't want a regular user to be able
> to change what we stored and thus trick us into setting different
> seclabel. Therefore, we use namespaces that are reserved to
> CAP_SYS_ADMIN only. Such namespaces exist on Linux and FreeBSD.
> That also means, that the whole feature is enabled only for
> qemu:///system. Now, while the secdriver code is capable of
> dealing with XATTRs being unsupported (it has to, not all
> filesystems support them) if the feature is enabled users will
> get an harmless error message in the logs and the feature
> disables itself.
> 
> Since we have virSecurityXATTRNamespaceDefined() we can use it to
> make a wiser decision on the default state of the feature.
> 
> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
> ---
>  src/qemu/qemu_conf.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
> index ead9d1ee99..923aea8bd7 100644
> --- a/src/qemu/qemu_conf.c
> +++ b/src/qemu/qemu_conf.c
> @@ -49,6 +49,7 @@
>  #include "storage_conf.h"
>  #include "virutil.h"
>  #include "configmake.h"
> +#include "security/security_util.h"
>  
>  #define VIR_FROM_THIS VIR_FROM_QEMU
>  
> @@ -131,7 +132,11 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged,
>          cfg->group = (gid_t)-1;
>      }
>      cfg->dynamicOwnership = privileged;
> -    cfg->rememberOwner = privileged;
> +
> +    if (privileged)
> +        cfg->rememberOwner = virSecurityXATTRNamespaceDefined();
> +    else
> +        cfg->rememberOwner = false;
>  
>      cfg->cgroupControllers = -1; /* -1 == auto-detect */
>  
> -- 
> 2.26.2
> 

Reviewed-by: Roman Bolshakov <r.bolshakov at yadro.com>

Thanks,
Roman