storage_source: Add field for skipping seclabel remembering

In case of incoming migration where a local directory is shared to other
hosts we'll need to avoid seclabel remembering as the code would
remember the seclabel already allowing access to the image.

As the decision requires a lot of information not available in the
security driver it would either require plumbing in unpleasant callbacks
able to pass in the data or alternatively we can mark this in the
'virStorageSource' struct.

This patch chose to do the latter approach by adding a field called
'seclabelSkipRemember' which will be filled before starting the process
in cases when it will be required.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>

diff --git a/src/conf/storage_source_conf.c b/src/conf/storage_source_conf.c
index 908bc5fab20fa8f3a8701924bfca1d8e7216b7b2..5b9a80f1001d0db25d2dcb6eb5eb893d4f067b4c 100644 (file)
--- a/src/conf/storage_source_conf.c
+++ b/src/conf/storage_source_conf.c
@@ -820,6 +820,9 @@ virStorageSourceCopy(const virStorageSource *src,
     /* storage driver metadata are not copied */
     def->drv = NULL;
 
+    /* flag to avoid seclabel remember is not copied */
+    def->seclabelSkipRemember = false;
+
     def->path = g_strdup(src->path);
     def->fdgroup = g_strdup(src->fdgroup);
     def->volume = g_strdup(src->volume);

diff --git a/src/conf/storage_source_conf.h b/src/conf/storage_source_conf.h
index 05b4bda16cf29f7912ef542c85df71fd5c32c32e..a5071160074a379895f917b2053680be5ea4eb3a 100644 (file)
--- a/src/conf/storage_source_conf.h
+++ b/src/conf/storage_source_conf.h
@@ -431,6 +431,15 @@ struct _virStorageSource {
     bool thresholdEventWithIndex;
 
     virStorageSourceFDTuple *fdtuple;
+
+    /* Setting 'seclabelSkipRemember' to true will cause the security driver to
+     * not remember the security label even if it otherwise were to be
+     * remembered. This is needed in cases such as incoming migration for
+     * shared images where the existing security label may no longer be the
+     * correct. The security driver otherwise doesn't have enough information
+     * to do this decision.
+     */
+    bool seclabelSkipRemember;
 };
 
 G_DEFINE_AUTOPTR_CLEANUP_FUNC(virStorageSource, virObjectUnref);

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index c327e4c9e0814d51a56f46c68a3148dc6f446748..fdc11876c9924175d609d14b7ef407b89a479962 100644 (file)
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -940,6 +940,9 @@ virSecurityDACSetImageLabelInternal(virSecurityManager *mgr,
      */
     remember = isChainTop && !src->readonly && !src->shared;
 
+    if (src->seclabelSkipRemember)
+        remember = false;
+
     return virSecurityDACSetOwnership(mgr, src, NULL, user, group, remember);
 }
 

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 779a52ac1144f15efe00032b9a99b00c17ca01d5..3e213a553b7e22191fb9d57a5b85a3231f57fbea 100644 (file)
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1992,6 +1992,9 @@ virSecuritySELinuxSetImageLabelInternal(virSecurityManager *mgr,
 
         ret = virSecuritySELinuxFSetFilecon(src->fdtuple->fds[0], use_label);
     } else {
+        if (src->seclabelSkipRemember)
+            remember = false;
+
         ret = virSecuritySELinuxSetFilecon(mgr, path, use_label, remember);
     }