jonathan/libvirt
1
0
Fork 0
forked from rpms/libvirt
Code Pull Requests Activity

libvirt-9.5.0-5.el9

Browse Source 
- Revert "qemu_passt: Actually use @logfd" (rhbz#2209191)
- Revert "qemu_passt: Precreate passt logfile" (rhbz#2209191)

Resolves: rhbz#2209191
This commit is contained in:
Jiri Denemark 2023-08-03 00:15:00 +02:00
parent 35bc6239db
commit d98c472cee
3 changed files with 193 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
libvirt-Revert-qemu_passt-Actually-use-logfd.patch Normal file
View File

@ -0,0 +1,38 @@
From f3e5bf77bc6f591e5799ae9de36498df5c2a1811 Mon Sep 17 00:00:00 2001
Message-ID: <f3e5bf77bc6f591e5799ae9de36498df5c2a1811.1691014499.git.jdenemar@redhat.com>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 1 Aug 2023 16:18:47 +0200
Subject: [PATCH] Revert "qemu_passt: Actually use @logfd"
This reverts commit 83686f1eea1a001a37a92f2c054ffb2689c43a40.
This is needed only so that the next revert is clean.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit bc9a254dc72b6904e8368c3fea3ab49b7238ff34)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2209191
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_passt.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_passt.c b/src/qemu/qemu_passt.c
index 3679bf75fc..25b22d8ad9 100644
--- a/src/qemu/qemu_passt.c
+++ b/src/qemu/qemu_passt.c
@@ -204,9 +204,9 @@ qemuPasstStart(virDomainObj *vm,
/* The logFile location is not restricted to a per-domain directory. It
* can be anywhere. Pre-create it as passt may not have enough perms to
* do so. */
- if ((logfd = qemuDomainOpenFile(cfg, vm->def, net->backend.logFile,
- O_CREAT | O_TRUNC | O_APPEND | O_RDWR,
- &needUnlink)) < 0) {
+ if (qemuDomainOpenFile(cfg, vm->def, net->backend.logFile,
+ O_CREAT | O_TRUNC | O_APPEND | O_RDWR,
+ &needUnlink) < 0) {
return -1;
}
--
2.41.0

148
libvirt-Revert-qemu_passt-Precreate-passt-logfile.patch Normal file
View File

@ -0,0 +1,148 @@
From 8897c7d63f763bf9b59f7e79ec6b2f9caf84823b Mon Sep 17 00:00:00 2001
Message-ID: <8897c7d63f763bf9b59f7e79ec6b2f9caf84823b.1691014499.git.jdenemar@redhat.com>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 1 Aug 2023 16:20:58 +0200
Subject: [PATCH] Revert "qemu_passt: Precreate passt logfile"
This reverts commit 8511b96a319836700b4829816cdae27c3630060d.
Turns out, we need to do a bit more than just plain
qemuSecurityDomainSetPathLabel() which sets svirt_image_t. Passt
has its own SELinux policy and as a part of that they invent
passt_log_t for log files. Right now, I don't know how libvirt
could query that and even if I did, passt SELinux policy would
need to permit relabelling from svirt_t to passt_log_t, which it
doesn't [1].
Until these problems are addressed we shouldn't be pre-creating
the file as it puts users into way worse position - even
scenarios that used to work don't work. But then again - using
log file for passt is usually valuable for developers only and
not regular users.
1: https://bugzilla.redhat.com/show_bug.cgi?id=2209191#c10
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit 99349ba18e726465215a71f28d2146a0a2adb65d)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2209191
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_passt.c | 40 +++++-----------------------------------
1 file changed, 5 insertions(+), 35 deletions(-)
diff --git a/src/qemu/qemu_passt.c b/src/qemu/qemu_passt.c
index 25b22d8ad9..99636a3a49 100644
--- a/src/qemu/qemu_passt.c
+++ b/src/qemu/qemu_passt.c
@@ -20,8 +20,6 @@
#include <config.h>
-#include <fcntl.h>
-
#include "qemu_dbus.h"
#include "qemu_extdevice.h"
#include "qemu_security.h"
@@ -138,13 +136,9 @@ void
qemuPasstStop(virDomainObj *vm,
virDomainNetDef *net)
{
- qemuDomainObjPrivate *priv = vm->privateData;
- virQEMUDriver *driver = priv->driver;
g_autofree char *pidfile = qemuPasstCreatePidFilename(vm, net);
g_autofree char *passtSocketName = qemuPasstCreateSocketPath(vm, net);
- qemuSecurityDomainRestorePathLabel(driver, vm, net->backend.logFile);
-
qemuPasstKill(pidfile, passtSocketName);
}
@@ -172,12 +166,10 @@ qemuPasstStart(virDomainObj *vm,
{
qemuDomainObjPrivate *priv = vm->privateData;
virQEMUDriver *driver = priv->driver;
- g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
g_autofree char *passtSocketName = qemuPasstCreateSocketPath(vm, net);
g_autoptr(virCommand) cmd = NULL;
g_autofree char *pidfile = qemuPasstCreatePidFilename(vm, net);
char macaddr[VIR_MAC_STRING_BUFLEN];
- bool needUnlink = false;
size_t i;
cmd = virCommandNew(PASST);
@@ -199,25 +191,8 @@ qemuPasstStart(virDomainObj *vm,
if (net->sourceDev)
virCommandAddArgList(cmd, "--interface", net->sourceDev, NULL);
- if (net->backend.logFile) {
- VIR_AUTOCLOSE logfd = -1;
- /* The logFile location is not restricted to a per-domain directory. It
- * can be anywhere. Pre-create it as passt may not have enough perms to
- * do so. */
- if (qemuDomainOpenFile(cfg, vm->def, net->backend.logFile,
- O_CREAT | O_TRUNC | O_APPEND | O_RDWR,
- &needUnlink) < 0) {
- return -1;
- }
-
- if (qemuSecurityDomainSetPathLabel(driver, vm,
- net->backend.logFile, false) < 0) {
- goto error;
- }
-
- /* Worse, passt deliberately doesn't support FD passing. */
+ if (net->backend.logFile)
virCommandAddArgList(cmd, "--log-file", net->backend.logFile, NULL);
- }
/* Add IP address info */
for (i = 0; i < net->guestIP.nips; i++) {
@@ -228,7 +203,7 @@ qemuPasstStart(virDomainObj *vm,
* a single IPv4 and single IPv6 address
*/
if (!(addr = virSocketAddrFormat(&ip->address)))
- goto error;
+ return -1;
virCommandAddArgList(cmd, "--address", addr, NULL);
@@ -256,14 +231,14 @@ qemuPasstStart(virDomainObj *vm,
/* validation guarantees this will never happen */
virReportError(VIR_ERR_INTERNAL_ERROR,
_("Invalid portForward proto value %1$u"), pf->proto);
- goto error;
+ return -1;
}
if (VIR_SOCKET_ADDR_VALID(&pf->address)) {
g_autofree char *addr = NULL;
if (!(addr = virSocketAddrFormat(&pf->address)))
- goto error;
+ return -1;
virBufferAddStr(&buf, addr);
emitsep = true;
@@ -309,7 +284,7 @@ qemuPasstStart(virDomainObj *vm,
if (qemuExtDeviceLogCommand(driver, vm, cmd, "passt") < 0)
- goto error;
+ return -1;
if (qemuSecurityCommandRun(driver, vm, cmd, -1, -1, true, NULL) < 0)
goto error;
@@ -317,11 +292,6 @@ qemuPasstStart(virDomainObj *vm,
return 0;
error:
- if (needUnlink && unlink(net->backend.logFile) < 0) {
- VIR_WARN("Unable to unlink '%s': %s",
- net->backend.logFile, g_strerror(errno));
- }
-
qemuPasstKill(pidfile, passtSocketName);
return -1;
}
--
2.41.0

8
libvirt.spec
View File

@ -229,7 +229,7 @@
Summary: Library providing a simple virtualization API Summary: Library providing a simple virtualization API
Name: libvirt Name: libvirt
Version: 9.5.0 Version: 9.5.0
Release: 4%{?dist}%{?extra_release} Release: 5%{?dist}%{?extra_release}
License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1 License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1
URL: https://libvirt.org/ URL: https://libvirt.org/
@ -250,6 +250,8 @@ Patch9: libvirt-qemu-S390-does-not-provide-physical-address-size.patch
Patch10: libvirt-nodedev-report-mdev-persistence-properly.patch Patch10: libvirt-nodedev-report-mdev-persistence-properly.patch
Patch11: libvirt-node_device-Don-t-leak-error-message-buffer-from-virMdevctlListDefined-Active.patch Patch11: libvirt-node_device-Don-t-leak-error-message-buffer-from-virMdevctlListDefined-Active.patch
Patch12: libvirt-storage-Fix-returning-of-locked-objects-from-virStoragePoolObjListSearch.patch Patch12: libvirt-storage-Fix-returning-of-locked-objects-from-virStoragePoolObjListSearch.patch
Patch13: libvirt-Revert-qemu_passt-Actually-use-logfd.patch
Patch14: libvirt-Revert-qemu_passt-Precreate-passt-logfile.patch
Requires: libvirt-daemon = %{version}-%{release} Requires: libvirt-daemon = %{version}-%{release}
@ -2486,6 +2488,10 @@ exit 0
%endif %endif
%changelog %changelog
* Wed Aug 2 2023 Jiri Denemark <jdenemar@redhat.com> - 9.5.0-5
- Revert "qemu_passt: Actually use @logfd" (rhbz#2209191)
- Revert "qemu_passt: Precreate passt logfile" (rhbz#2209191)
* Mon Jul 31 2023 Jiri Denemark <jdenemar@redhat.com> - 9.5.0-4 * Mon Jul 31 2023 Jiri Denemark <jdenemar@redhat.com> - 9.5.0-4
- storage: Fix returning of locked objects from 'virStoragePoolObjListSearch' (CVE-2023-3750, rhbz#2221851) - storage: Fix returning of locked objects from 'virStoragePoolObjListSearch' (CVE-2023-3750, rhbz#2221851)