v4: https://lists.libvirt.org/archives/list/devel@xxxxxxxxxxxxxxxxx/message/FWR7YCZJUHBZH33EX465GSE4EQI6KRWA/ For justification see v3: https://lists.libvirt.org/archives/list/devel@xxxxxxxxxxxxxxxxx/message/PISBZCI5MAQQWPN7NMMEGV4VPLJKGEFJ/ This version includes patches that deal with seclabel remembering without instructing users to disable it. Diff to v4: - added patch 7 cleaning up a helper function (noticed just while reading the code) - added patch 8 properly unrefing security labels in dac/selinux drivers on outgoing migration - patch 11: added handling of the 'nvram' image file (and refactored the function to allow reuse) Tested migrating both ways including uefi nvram image. Didn't test TPM though. Diff to v3 (numbering fixed): - Patch 2/8 was modified to change the docs for the new option. - Patches 1-5 will get an R-b by me as I've adopted them. - Patches 6, 9-11 are new. - Patches 7, 8 were not part of v3 Andrea Bolognani (5): security: Fix alignment qemu: Introduce shared_filesystems configuration option qemu: Propagate shared_filesystems utils: Use overrides in virFileIsSharedFS() qemu: Always set labels for TPM state Peter Krempa (6): virFileIsSharedFSOverride: Export virParseOwnershipIds: Refactor virSecuritySELinuxRestoreImageLabelInt: Move FD image relabeling after 'migrated' check security_(dac|selinux): Unref remebered security labels on outgoing migration storage_source: Add field for skipping seclabel remembering qemu: migration: Don't remember seclabel for images shared from current host src/conf/storage_source_conf.c | 3 + src/conf/storage_source_conf.h | 9 +++ src/libvirt_private.syms | 1 + src/lxc/lxc_controller.c | 3 +- src/lxc/lxc_driver.c | 2 +- src/lxc/lxc_process.c | 4 +- src/qemu/libvirtd_qemu.aug | 3 + src/qemu/qemu.conf.in | 26 +++++++++ src/qemu/qemu_conf.c | 31 ++++++++++ src/qemu/qemu_conf.h | 2 + src/qemu/qemu_domain.c | 7 ++- src/qemu/qemu_extdevice.c | 2 +- src/qemu/qemu_migration.c | 86 +++++++++++++++++++++++---- src/qemu/qemu_security.c | 85 ++++++++++++++++++++------- src/qemu/qemu_tpm.c | 38 ++++++------ src/qemu/qemu_tpm.h | 10 ++-- src/qemu/test_libvirtd_qemu.aug.in | 5 ++ src/security/security_apparmor.c | 8 ++- src/security/security_dac.c | 53 +++++++++++++---- src/security/security_driver.h | 8 ++- src/security/security_manager.c | 33 ++++++++--- src/security/security_manager.h | 9 ++- src/security/security_nop.c | 5 ++ src/security/security_selinux.c | 94 +++++++++++++++++++++--------- src/security/security_stack.c | 32 +++++++--- src/util/virfile.c | 63 +++++++++++++++++++- src/util/virfile.h | 5 +- src/util/virutil.c | 20 +++---- tests/securityselinuxlabeltest.c | 2 +- tests/virfiletest.c | 2 +- 30 files changed, 517 insertions(+), 134 deletions(-) -- 2.45.2
