libvirt's sVirt security driver provides SELinux MAC isolation for Qemu guest processes and their corresponding image files. In other words, sVirt uses SELinux to prevent a QEMU process from opening files that do not belong to it. sVirt provides this support by labeling guests and resources with security labels that are stored in file system extended attributes. Some file systems, such as NFS, do not support the extended attribute security namespace, and therefore cannot support sVirt isolation. A solution to this problem is to provide fd passing support, where libvirt opens files and passes file descriptors to QEMU. This, along with SELinux policy to prevent QEMU from opening files, can provide image file isolation for NFS files stored on the same NFS mount. This patch series adds the pass-fd QMP monitor command, which allows an fd to be passed via SCM_RIGHTS, and returns the received file descriptor. Support is also added to the block layer to allow QEMU to dup the fd when the filename is of the /dev/fd/X format. This is useful if MAC policy prevents QEMU from opening specific types of files. One nice thing about this approach is that no new SELinux policy is required to prevent open of NFS files (files with type nfs_t). The virt_use_nfs boolean type simply needs to be set to false, and open will be prevented (and dup will be allowed). For example: # setsebool virt_use_nfs 0 # getsebool virt_use_nfs virt_use_nfs --> off Corey Bryant (7): qemu-char: Add MSG_CMSG_CLOEXEC flag to recvmsg qapi: Convert getfd and closefd qapi: Add pass-fd QMP command qapi: Re-arrange monitor.c functions block: Prevent /dev/fd/X filename from being detected as floppy block: Convert open calls to qemu_open osdep: Enable qemu_open to dup pre-opened fd block/raw-posix.c | 22 +++++----- block/raw-win32.c | 4 +- block/vdi.c | 5 ++- block/vmdk.c | 21 ++++------ block/vpc.c | 2 +- block/vvfat.c | 21 +++++----- cutils.c | 26 +++++++++--- dump.c | 3 +- hmp-commands.hx | 6 +-- hmp.c | 18 ++++++++ hmp.h | 2 + main-loop.c | 6 +-- migration-fd.c | 2 +- monitor.c | 120 ++++++++++++++++++++++++++++++++--------------------- monitor.h | 2 +- net.c | 6 ++- osdep.c | 91 ++++++++++++++++++++++++++++++++++++++++ qapi-schema.json | 71 +++++++++++++++++++++++++++++++ qemu-char.c | 2 +- qemu-common.h | 2 +- qmp-commands.hx | 56 ++++++++++++++++++++++--- 21 files changed, 378 insertions(+), 110 deletions(-) -- 1.7.10.2 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list