security: Don't remember seclabel for paths we haven't locked successfully

There are some cases where we want to remember the original owner
of a file but we fail to lock it for XATTR change (e.g. root
squashed NFS). If that is the case we error out and refuse to
start a domain. Well, we can do better if we disable remembering
for paths we haven't locked successfully.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index d75b18170b04ce2d3a19b0c11d97d25ade2a07e0..f412054d0eed8d473834c00c9e1273188bc3ad78 100644 (file)
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -240,6 +240,20 @@ virSecurityDACTransactionRun(pid_t pid G_GNUC_UNUSED,
 
         if (!(state = virSecurityManagerMetadataLock(list->manager, paths, npaths)))
             goto cleanup;
+
+        for (i = 0; i < list->nItems; i++) {
+            virSecurityDACChownItemPtr item = list->items[i];
+            size_t j;
+
+            for (j = 0; j < state->nfds; j++) {
+                if (STREQ_NULLABLE(item->path, state->paths[j]))
+                    break;
+            }
+
+            /* If path wasn't locked, don't try to remember its label. */
+            if (j == state->nfds)
+                item->remember = false;
+        }
     }
 
     for (i = 0; i < list->nItems; i++) {

diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index aea8cc2fb9671a69ec7078daf9f3c4ee1f11565e..1e998a6579952a3cc08f970d56b48bff0f9ee7e4 100644 (file)
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -1245,13 +1245,6 @@ virSecurityManagerRestoreTPMLabels(virSecurityManagerPtr mgr,
 }
 
 
-struct _virSecurityManagerMetadataLockState {
-    size_t nfds; /* Captures size of both @fds and @paths */
-    int *fds;
-    const char **paths;
-};
-
-
 static int
 cmpstringp(const void *p1, const void *p2)
 {

diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index f835356b7e177d1a552f9bdd12d2a60fd7c9e78e..b92ea5dc8787ea5592d362a7126ec66d7e736ed3 100644 (file)
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -203,6 +203,12 @@ int virSecurityManagerRestoreTPMLabels(virSecurityManagerPtr mgr,
 
 typedef struct _virSecurityManagerMetadataLockState virSecurityManagerMetadataLockState;
 typedef virSecurityManagerMetadataLockState *virSecurityManagerMetadataLockStatePtr;
+struct _virSecurityManagerMetadataLockState {
+    size_t nfds; /* Captures size of both @fds and @paths */
+    int *fds;
+    const char **paths;
+};
+
 
 virSecurityManagerMetadataLockStatePtr
 virSecurityManagerMetadataLock(virSecurityManagerPtr mgr,

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 3f6968a57ac66fed689c11e027899c53d21b3754..2241a35e6e8342da17537d33df5fd08cce61defc 100644 (file)
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -271,6 +271,20 @@ virSecuritySELinuxTransactionRun(pid_t pid G_GNUC_UNUSED,
 
         if (!(state = virSecurityManagerMetadataLock(list->manager, paths, npaths)))
             goto cleanup;
+
+        for (i = 0; i < list->nItems; i++) {
+            virSecuritySELinuxContextItemPtr item = list->items[i];
+            size_t j;
+
+            for (j = 0; j < state->nfds; j++) {
+                if (STREQ_NULLABLE(item->path, state->paths[j]))
+                    break;
+            }
+
+            /* If path wasn't locked, don't try to remember its label. */
+            if (j == state->nfds)
+                item->remember = false;
+        }
     }
 
     rv = 0;