Really fix restore file labelling this time

2009-11-19 12:51:32 +00:00 · 2009-11-19 12:51:32 +00:00 · 50fce74b00
commit 50fce74b00
parent e29f71d1c9
5 changed files with 128 additions and 5 deletions
--- a/libvirt-logrotate-avoid-compressing-small-logs.patch
+++ b/libvirt-logrotate-avoid-compressing-small-logs.patch
@ -27,5 +27,5 @@ index 093651c..0c51fd3 100644
 +        minsize 100k
 }
 -- 
-1.6.2.5
+1.6.5.2

--- a/libvirt-qemu-machine-type-fixes2.patch
+++ b/libvirt-qemu-machine-type-fixes2.patch
@ -38,5 +38,5 @@ index ac63570..b881f1e 100644
         return 0;
 
 -- 
-1.6.2.5
+1.6.5.2

--- a/libvirt-qemu-save-restore-2.patch
+++ b/libvirt-qemu-save-restore-2.patch
@ -0,0 +1,118 @@
+From 096fc1216eb2654bbff376dcc5bb8177d6498f82 Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrange <berrange@redhat.com>
+Date: Thu, 19 Nov 2009 12:16:30 +0000
+Subject: [PATCH] Fix labelling on QEMU restore images
+
+Even though QEMU does not directly open the saved image when
+restoring, it must be correctly labelled to allow QEMU to
+read from it because labelling is passed around with open
+file descriptors.
+
+The labelling should not allow writing to the saved image
+again, only reading.
+
+* src/qemu/qemu_driver.c: Label the save image when restoring
+* src/security/security_driver.h: Add a virSecurityDomainSetSavedStateLabelRO
+  method for labelling a saved image for restore
+* src/security/security_selinux.c: Implement labelling of RO
+  save images for restore
+
+Fedora-patch: libvirt-qemu-save-restore-2.patch
+---
+ src/qemu/qemu_driver.c          |   11 ++++++++++-
+ src/security/security_driver.h  |    5 +++++
+ src/security/security_selinux.c |   11 +++++++++++
+ 3 files changed, 26 insertions(+), 1 deletions(-)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index 171ac8f..e6abb05 100644
+--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
+@@ -3266,7 +3266,7 @@ static int qemudDomainSave(virDomainPtr dom,
+ 
+     if (driver->securityDriver &&
+         driver->securityDriver->domainRestoreSavedStateLabel &&
+-        driver->securityDriver->domainRestoreSavedStateLabel(dom->conn, path) == -1)
+        driver->securityDriver->domainRestoreSavedStateLabel(dom->conn, vm, path) == -1)
+         goto cleanup;
+ 
+     ret = 0;
+@@ -3813,6 +3813,11 @@ static int qemudDomainRestore(virConnectPtr conn,
+     }
+     def = NULL;
+ 
+    if (driver->securityDriver &&
+        driver->securityDriver->domainSetSavedStateLabelRO &&
+        driver->securityDriver->domainSetSavedStateLabelRO(conn, vm, path) == -1)
+        goto cleanup;
+
+     if (header.version == 2) {
+         const char *intermediate_argv[3] = { NULL, "-dc", NULL };
+         const char *prog = qemudSaveCompressionTypeToString(header.compressed);
+@@ -3847,6 +3852,10 @@ static int qemudDomainRestore(virConnectPtr conn,
+         close(intermediatefd);
+     close(fd);
+     fd = -1;
+    if (driver->securityDriver &&
+        driver->securityDriver->domainRestoreSavedStateLabel &&
+        driver->securityDriver->domainRestoreSavedStateLabel(conn, vm, path) == -1)
+        VIR_WARN("Unable to restore labelling on %s", path);
+     if (ret < 0) {
+         if (!vm->persistent) {
+             virDomainRemoveInactive(&driver->domains,
+diff --git a/src/security/security_driver.h b/src/security/security_driver.h
+index 5514962..5144976 100644
+--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
+@@ -45,7 +45,11 @@ typedef int (*virSecurityDomainSetHostdevLabel) (virConnectPtr conn,
+ typedef int (*virSecurityDomainSetSavedStateLabel) (virConnectPtr conn,
+                                                     virDomainObjPtr vm,
+                                                     const char *savefile);
+typedef int (*virSecurityDomainSetSavedStateLabelRO) (virConnectPtr conn,
+                                                      virDomainObjPtr vm,
+                                                      const char *savefile);
+ typedef int (*virSecurityDomainRestoreSavedStateLabel) (virConnectPtr conn,
+                                                        virDomainObjPtr vm,
+                                                         const char *savefile);
+ typedef int (*virSecurityDomainGenLabel) (virConnectPtr conn,
+                                           virDomainObjPtr sec);
+@@ -77,6 +81,7 @@ struct _virSecurityDriver {
+     virSecurityDomainRestoreHostdevLabel domainRestoreSecurityHostdevLabel;
+     virSecurityDomainSetHostdevLabel domainSetSecurityHostdevLabel;
+     virSecurityDomainSetSavedStateLabel domainSetSavedStateLabel;
+    virSecurityDomainSetSavedStateLabelRO domainSetSavedStateLabelRO;
+     virSecurityDomainRestoreSavedStateLabel domainRestoreSavedStateLabel;
+ 
+     /*
+diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
+index 4f2d1d3..0c130e5 100644
+--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
+@@ -639,7 +639,17 @@ SELinuxSetSavedStateLabel(virConnectPtr conn,
+ 
+ 
+ static int
+SELinuxSetSavedStateLabelRO(virConnectPtr conn,
+                            virDomainObjPtr vm ATTRIBUTE_UNUSED,
+                            const char *savefile)
+{
+    return SELinuxSetFilecon(conn, savefile, default_content_context);
+}
+
+
+static int
+ SELinuxRestoreSavedStateLabel(virConnectPtr conn,
+                              virDomainObjPtr vm ATTRIBUTE_UNUSED,
+                               const char *savefile)
+ {
+     return SELinuxRestoreSecurityFileLabel(conn, savefile);
+@@ -716,5 +726,6 @@ virSecurityDriver virSELinuxSecurityDriver = {
+     .domainSetSecurityHostdevLabel = SELinuxSetSecurityHostdevLabel,
+     .domainRestoreSecurityHostdevLabel = SELinuxRestoreSecurityHostdevLabel,
+     .domainSetSavedStateLabel = SELinuxSetSavedStateLabel,
+    .domainSetSavedStateLabelRO = SELinuxSetSavedStateLabelRO,
+     .domainRestoreSavedStateLabel = SELinuxRestoreSavedStateLabel,
+ };
+-- 
+1.6.5.2
+
--- a/libvirt-qemu-save-restore.patch
+++ b/libvirt-qemu-save-restore.patch
@ -1,4 +1,4 @@
-From 076fffe1514b72ffc9a041f7f68348f5487ee8ba Mon Sep 17 00:00:00 2001
+From 1151cdcad3f4b68478b076832843338256b94644 Mon Sep 17 00:00:00 2001
 From: Daniel P. Berrange <berrange@redhat.com>
 Date: Wed, 11 Nov 2009 12:07:00 +0000
 Subject: [PATCH] Fix save and restore with non-privileged guests and SELinux
@ -164,5 +164,5 @@ index 7e0f71a..4f2d1d3 100644
 +    .domainRestoreSavedStateLabel = SELinuxRestoreSavedStateLabel,
 };
 -- 
-1.6.2.5
+1.6.5.2

--- a/libvirt.spec
+++ b/libvirt.spec
@ -155,7 +155,7 @@
 Summary: Library providing a simple API virtualization
 Name: libvirt
 Version: 0.7.2
-Release: 5%{?dist}%{?extra_release}
+Release: 6%{?dist}%{?extra_release}
 License: LGPLv2+
 Group: Development/Libraries
 Source: http://libvirt.org/sources/libvirt-%{version}.tar.gz
@ -168,6 +168,7 @@ Patch02: libvirt-logrotate-avoid-compressing-small-logs.patch

 # Fix QEMU save/restore permissions / labelling
 Patch03: libvirt-qemu-save-restore.patch
+Patch04: libvirt-qemu-save-restore-2.patch

 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 URL: http://libvirt.org/
@ -384,6 +385,7 @@ of recent versions of Linux (and other OSes).
 %patch01 -p1
 %patch02 -p1
 %patch03 -p1
+%patch04 -p1

 %build
 %if ! %{with_xen}
@ -796,6 +798,9 @@ fi
 %endif

 %changelog
+* Thu Nov 19 2009 Daniel P. Berrange <berrange@redhat.com> - 0.7.2-6
+- Really fix restore file labelling this time
+
 * Wed Nov 11 2009 Daniel P. Berrange <berrange@redhat.com> - 0.7.2-5
 - Disable numactl on s390[x]. Again.