On Tue, Nov 03, 2020 at 02:13:29PM +0100, Michal Privoznik wrote: > The remember owner feature uses XATTRs to store original > seclabels. But that means we don't want a regular user to be able > to change what we stored and thus trick us into setting different > seclabel. Therefore, we use namespaces that are reserved to > CAP_SYS_ADMIN only. Such namespaces exist on Linux and FreeBSD. > That also means, that the whole feature is enabled only for > qemu:///system. Now, while the secdriver code is capable of > dealing with XATTRs being unsupported (it has to, not all > filesystems support them) if the feature is enabled users will > get an harmless error message in the logs and the feature > disables itself. > > Since we have virSecurityXATTRNamespaceDefined() we can use it to > make a wiser decision on the default state of the feature. > > Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx> > --- > src/qemu/qemu_conf.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c > index ead9d1ee99..923aea8bd7 100644 > --- a/src/qemu/qemu_conf.c > +++ b/src/qemu/qemu_conf.c > @@ -49,6 +49,7 @@ > #include "storage_conf.h" > #include "virutil.h" > #include "configmake.h" > +#include "security/security_util.h" > > #define VIR_FROM_THIS VIR_FROM_QEMU > > @@ -131,7 +132,11 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged, > cfg->group = (gid_t)-1; > } > cfg->dynamicOwnership = privileged; > - cfg->rememberOwner = privileged; > + > + if (privileged) > + cfg->rememberOwner = virSecurityXATTRNamespaceDefined(); > + else > + cfg->rememberOwner = false; > > cfg->cgroupControllers = -1; /* -1 == auto-detect */ > > -- > 2.26.2 > Reviewed-by: Roman Bolshakov <r.bolshakov@xxxxxxxxx> Thanks, Roman
