Re: [PATCH 0/5] security_stack: Perform rollback if one of stacked drivers fails

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 9/16/19 5:12 AM, Michal Privoznik wrote:
See 5/5 for explanation.

Michal Prívozník (5):
   security: Pass @migrated to virSecurityManagerSetAllLabel
   security: Rename virSecurityManagerGetDriver() to
     virSecurityManagerGetVirtDriver()
   security: Introduce virSecurityManagerGetDriver()
   security_stack: Turn list of nested drivers into a doubly linked list
   security_stack: Perform rollback if one of stacked drivers fails

  src/lxc/lxc_process.c            |   2 +-
  src/qemu/qemu_process.c          |   3 +-
  src/qemu/qemu_security.c         |   6 +-
  src/qemu/qemu_security.h         |   3 +-
  src/security/security_apparmor.c |   3 +-
  src/security/security_dac.c      |   3 +-
  src/security/security_driver.h   |   3 +-
  src/security/security_manager.c  |  17 ++-
  src/security/security_manager.h  |   4 +-
  src/security/security_nop.c      |   3 +-
  src/security/security_selinux.c  |   9 +-
  src/security/security_stack.c    | 220 +++++++++++++++++++++++++------
  tests/qemusecuritytest.c         |   2 +-
  tests/securityselinuxlabeltest.c |   2 +-
  14 files changed, 222 insertions(+), 58 deletions(-)


I gotta admit I'm seriously wondering if supporting this label remembering stuff is worth it. I know you've put a heroic amount of work into it over a long period of time, but I think it's worth taking another look at this whole thing end to end to decide whether it's worth the complexity for what we are actually getting

The old RHEL bug that was tracking this is here: https://bugzilla.redhat.com/show_bug.cgi?id=547546

It's closed because it was against RHEL7 and these patches aren't going to hit RHEL7. Is there still a major product or project issue that this is solving?

In that bug, I see that rjones (cc'd) said that libvirt not remembering labels/uid causes issues for libguestfs that requires workarounds. Rich, do you have links to threads or bug reports where this is described in more detail?

From the end user distro perspective, the main place I have historically heard people complain about this is basically:

* download $ISO to home, owned by uid=crobinso
* point virt-manager at it, which uses qemu:///system
* VM starts, $ISO chown'd to uid=qemu
* VM stops, $ISO chown'd to uid=root
* Now there's a root owned image in your homedir.

Worse, if you have a /media directory somewhere shared over http or some other service, owned as a non-root user, then changing to root owner can disrupt that access. This issue definitely annoys users. Unfortunately remember_owner doesn't help here because it's limited to RW media, which generally is less often shared than things like ISOs.

I'm interested in hearing other concrete usecases that are solved by remember_owner (or at one time we thought would be solved by this)

(in the mean time I will review your patches tomorrow)

Thanks,
Cole

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux