Re: [libvirt] [PATCH 4/6] Support relabelling of USB and PCI devices

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Sep 01, 2009 at 04:28:57PM +0100, Daniel P. Berrange wrote:
> * src/security.h: Driver API for relabelling host devices
> * src/security_selinux.c: Implement relabelling of PCI and USB
>   devices
> * src/qemu_driver.c: Relabel USB/PCI devices before hotplug
> ---
>  src/qemu_driver.c      |   12 ++-
>  src/security.h         |    7 ++
>  src/security_selinux.c |  175 +++++++++++++++++++++++++++++++++++++++++++-----
>  3 files changed, 174 insertions(+), 20 deletions(-)
> 
> diff --git a/src/qemu_driver.c b/src/qemu_driver.c
> index e9a09df..d75e28e 100644
> --- a/src/qemu_driver.c
> +++ b/src/qemu_driver.c
> @@ -5498,6 +5498,9 @@ static int qemudDomainAttachHostDevice(virConnectPtr conn,
>  
>      if (qemuDomainSetDeviceOwnership(conn, driver, dev, 0) < 0)
>          return -1;
> +    if (driver->securityDriver &&
> +        driver->securityDriver->domainSetSecurityHostdevLabel(conn, vm, dev->data.hostdev) < 0)
> +        return -1;

  shouldn't we test against the entry point being null ?
       if (driver->securityDriver &&
           driver->securityDriver->domainSetSecurityHostdevLabel &&
           driver->securityDriver->domainSetSecurityHostdevLabel(conn,
                                                    vm, dev->data.hostdev) < 0)

Also the long line should probably be split.

[...]
> +    if (driver->securityDriver &&
> +        driver->securityDriver->domainSetSecurityHostdevLabel(conn, vm, dev->data.hostdev) < 0)
> +        VIR_WARN0("Failed to restore device labelling");
> +

  idem

[...]
>  static int
> +SELinuxRestoreSecurityImageLabel(virConnectPtr conn,
> +                                 virDomainDiskDefPtr disk)
> +{
> +    /* Don't restore labels on readoly/shared disks, because

  typo readonly

> +     * other VMs may still be accessing these
> +     * Alternatively we could iterate over all running
> +     * domains and try to figure out if it is in use, but
> +     * this would not work for clustered filesystems, since
> +     * we can't see running VMs using the file on other nodes
> +     * Safest bet is thus to skip the restore step.
> +     */
> +    if (disk->readonly || disk->shared)
> +        return 0;
> +
> +    if (!disk->src)
> +        return 0;
> +
> +    return SELinuxRestoreSecurityFileLabel(conn, disk->src);
> +}
> +
> +static int
>  SELinuxSetSecurityImageLabel(virConnectPtr conn,
>                               virDomainObjPtr vm,
>                               virDomainDiskDefPtr disk)
> @@ -414,6 +427,126 @@ SELinuxSetSecurityImageLabel(virConnectPtr conn,
>      return 0;
>  }
>  
> +
> +static int
> +SELinuxSetSecurityPCILabel(virConnectPtr conn,
> +                           pciDevice *dev ATTRIBUTE_UNUSED,
> +                           const char *file, void *opaque)
> +{
> +    virDomainObjPtr vm = opaque;
> +    const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
> +
> +    return SELinuxSetFilecon(conn, file, secdef->imagelabel);
> +}

  it would be nice if we could check the type of the opaque passed
  in some ways, even if we know it was called a few line below.

> +static int
> +SELinuxSetSecurityHostdevLabel(virConnectPtr conn,
> +                               virDomainObjPtr vm,
> +                               virDomainHostdevDefPtr dev)
> +
> +{
> +    int ret = -1;
> +
> +    if (dev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
> +        return 0;
> +
> +    switch (dev->source.subsys.type) {
> +    case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB:
> +        break;
> +
> +    case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI: {
> +        pciDevice *pci = pciGetDevice(conn,
> +                                      dev->source.subsys.u.pci.domain,
> +                                      dev->source.subsys.u.pci.bus,
> +                                      dev->source.subsys.u.pci.slot,
> +                                      dev->source.subsys.u.pci.function);
> +
> +        if (!pci)
> +            goto done;
> +
> +        ret = pciDeviceFileIterate(conn, pci, SELinuxSetSecurityPCILabel, vm);
> +        pciFreeDevice(conn, pci);
> +
> +        break;
> +    }
> +
> +    default:
> +        ret = 0;
> +        break;
> +    }
> +
> +done:
> +    return ret;
> +}

  Looks fine, ACK, but I won't pretend I understand all the implications
  of the security calls though,

Daniel

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel@xxxxxxxxxxxx  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]