On 9/16/19 5:12 AM, Michal Privoznik wrote:
See 5/5 for explanation.
Michal Prívozník (5):
security: Pass @migrated to virSecurityManagerSetAllLabel
security: Rename virSecurityManagerGetDriver() to
virSecurityManagerGetVirtDriver()
security: Introduce virSecurityManagerGetDriver()
security_stack: Turn list of nested drivers into a doubly linked list
security_stack: Perform rollback if one of stacked drivers fails
src/lxc/lxc_process.c | 2 +-
src/qemu/qemu_process.c | 3 +-
src/qemu/qemu_security.c | 6 +-
src/qemu/qemu_security.h | 3 +-
src/security/security_apparmor.c | 3 +-
src/security/security_dac.c | 3 +-
src/security/security_driver.h | 3 +-
src/security/security_manager.c | 17 ++-
src/security/security_manager.h | 4 +-
src/security/security_nop.c | 3 +-
src/security/security_selinux.c | 9 +-
src/security/security_stack.c | 220 +++++++++++++++++++++++++------
tests/qemusecuritytest.c | 2 +-
tests/securityselinuxlabeltest.c | 2 +-
14 files changed, 222 insertions(+), 58 deletions(-)
I gotta admit I'm seriously wondering if supporting this label
remembering stuff is worth it. I know you've put a heroic amount of work
into it over a long period of time, but I think it's worth taking
another look at this whole thing end to end to decide whether it's worth
the complexity for what we are actually getting
The old RHEL bug that was tracking this is here:
https://bugzilla.redhat.com/show_bug.cgi?id=547546
It's closed because it was against RHEL7 and these patches aren't going
to hit RHEL7. Is there still a major product or project issue that this
is solving?
In that bug, I see that rjones (cc'd) said that libvirt not remembering
labels/uid causes issues for libguestfs that requires workarounds. Rich,
do you have links to threads or bug reports where this is described in
more detail?
From the end user distro perspective, the main place I have
historically heard people complain about this is basically:
* download $ISO to home, owned by uid=crobinso
* point virt-manager at it, which uses qemu:///system
* VM starts, $ISO chown'd to uid=qemu
* VM stops, $ISO chown'd to uid=root
* Now there's a root owned image in your homedir.
Worse, if you have a /media directory somewhere shared over http or some
other service, owned as a non-root user, then changing to root owner can
disrupt that access. This issue definitely annoys users. Unfortunately
remember_owner doesn't help here because it's limited to RW media, which
generally is less often shared than things like ISOs.
I'm interested in hearing other concrete usecases that are solved by
remember_owner (or at one time we thought would be solved by this)
(in the mean time I will review your patches tomorrow)
Thanks,
Cole
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
