From 503330ba5d137138aa2e44a0a68f1c8e331b7519 Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Thu, 9 Oct 2014 13:00:53 -0400 Subject: [PATCH] Fix selinux errors with /dev/net/tun (bz #1147057) --- ...emu_command-Split-qemuBuildCpuArgStr.patch | 8 +- ...n-t-compare-CPU-against-host-for-TCG.patch | 20 ++--- ...ty_selinux-Don-t-relabel-dev-net-tun.patch | 81 +++++++++++++++++++ libvirt.spec | 9 ++- 4 files changed, 103 insertions(+), 15 deletions(-) create mode 100644 0003-security_selinux-Don-t-relabel-dev-net-tun.patch diff --git a/0001-qemu_command-Split-qemuBuildCpuArgStr.patch b/0001-qemu_command-Split-qemuBuildCpuArgStr.patch index 52521f1..e28c9b8 100644 --- a/0001-qemu_command-Split-qemuBuildCpuArgStr.patch +++ b/0001-qemu_command-Split-qemuBuildCpuArgStr.patch @@ -1,4 +1,4 @@ -From e543e857120b8a1b352bf34fd8a983e95ea70487 Mon Sep 17 00:00:00 2001 +From 96a7f7fa1953707e1eb9f0f638baf213507a5cb2 Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Tue, 23 Sep 2014 11:35:57 -0400 Subject: [PATCH] qemu_command: Split qemuBuildCpuArgStr @@ -12,10 +12,10 @@ code movement and re-indentation. 1 file changed, 122 insertions(+), 104 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c -index 2184caa..96ba081 100644 +index eb72451..db5ea35 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c -@@ -6052,139 +6052,162 @@ qemuBuildClockArgStr(virDomainClockDefPtr def) +@@ -6140,139 +6140,162 @@ qemuBuildClockArgStr(virDomainClockDefPtr def) return NULL; } @@ -277,7 +277,7 @@ index 2184caa..96ba081 100644 have_cpu = true; } else { /* -@@ -6309,11 +6332,6 @@ qemuBuildCpuArgStr(virQEMUDriverPtr driver, +@@ -6398,11 +6421,6 @@ qemuBuildCpuArgStr(virQEMUDriverPtr driver, ret = 0; cleanup: diff --git a/0002-qemu-Don-t-compare-CPU-against-host-for-TCG.patch b/0002-qemu-Don-t-compare-CPU-against-host-for-TCG.patch index 8bc4548..6bc426c 100644 --- a/0002-qemu-Don-t-compare-CPU-against-host-for-TCG.patch +++ b/0002-qemu-Don-t-compare-CPU-against-host-for-TCG.patch @@ -1,4 +1,4 @@ -From fe13df3feab361cd7596e67af87ad1ca2c4158c5 Mon Sep 17 00:00:00 2001 +From bbdbfbfc03494f5cbba4ee869149cca37c1fd53c Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Tue, 23 Sep 2014 13:07:09 -0400 Subject: [PATCH] qemu: Don't compare CPU against host for TCG @@ -53,10 +53,10 @@ correctly. 25 files changed, 90 insertions(+), 69 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c -index 96ba081..a3bcab9 100644 +index db5ea35..cd34445 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c -@@ -6072,6 +6072,8 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver, +@@ -6160,6 +6160,8 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver, virCPUCompareResult cmp; const char *preferred; virCapsPtr caps = NULL; @@ -65,7 +65,7 @@ index 96ba081..a3bcab9 100644 if (!(caps = virQEMUDriverGetCapabilities(driver, false))) goto cleanup; -@@ -6094,30 +6096,33 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver, +@@ -6182,30 +6184,33 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver, cpuUpdate(cpu, host) < 0) goto cleanup; @@ -117,7 +117,7 @@ index 96ba081..a3bcab9 100644 int hasSVM = cpuHasFeature(data, "svm"); if (hasSVM < 0) goto cleanup; -@@ -6145,16 +6150,23 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver, +@@ -6233,16 +6238,23 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver, if (VIR_STRDUP(guest->vendor_id, cpu->vendor_id) < 0) goto cleanup; @@ -150,7 +150,7 @@ index 96ba081..a3bcab9 100644 virBufferAdd(buf, guest->model, -1); if (guest->vendor_id) -@@ -6171,7 +6183,7 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver, +@@ -6259,7 +6271,7 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver, } ret = 0; @@ -470,10 +470,10 @@ index 1e09680..9927294 100644 -mon chardev=charmonitor,id=monitor,mode=readline -no-acpi -boot c -usb \ -chardev pty,id=charserial0 \ diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c -index 3feb2fe..e649aa5 100644 +index b380fd8..483ca90 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c -@@ -920,7 +920,7 @@ mymain(void) +@@ -933,7 +933,7 @@ mymain(void) QEMU_CAPS_DEVICE, QEMU_CAPS_SPICE, QEMU_CAPS_DEVICE_QXL); DO_TEST("graphics-spice-timeout", @@ -482,7 +482,7 @@ index 3feb2fe..e649aa5 100644 QEMU_CAPS_VGA, QEMU_CAPS_VGA_QXL, QEMU_CAPS_DEVICE, QEMU_CAPS_SPICE, QEMU_CAPS_DEVICE_QXL_VGA); -@@ -1192,14 +1192,14 @@ mymain(void) +@@ -1208,14 +1208,14 @@ mymain(void) DO_TEST("cpu-topology1", QEMU_CAPS_SMP_TOPOLOGY); DO_TEST("cpu-topology2", QEMU_CAPS_SMP_TOPOLOGY); DO_TEST("cpu-topology3", NONE); @@ -505,7 +505,7 @@ index 3feb2fe..e649aa5 100644 DO_TEST("cpu-numa1", NONE); DO_TEST("cpu-numa2", QEMU_CAPS_SMP_TOPOLOGY); DO_TEST_PARSE_ERROR("cpu-numa3", NONE); -@@ -1284,7 +1284,8 @@ mymain(void) +@@ -1303,7 +1303,8 @@ mymain(void) DO_TEST("pseries-usb-kbd", QEMU_CAPS_PCI_OHCI, QEMU_CAPS_DEVICE_USB_KBD, QEMU_CAPS_CHARDEV, QEMU_CAPS_DEVICE, QEMU_CAPS_NODEFCONFIG); diff --git a/0003-security_selinux-Don-t-relabel-dev-net-tun.patch b/0003-security_selinux-Don-t-relabel-dev-net-tun.patch new file mode 100644 index 0000000..2d9224b --- /dev/null +++ b/0003-security_selinux-Don-t-relabel-dev-net-tun.patch @@ -0,0 +1,81 @@ +From 1c20d4a0a608d65d02953b360c6f10397d3c4069 Mon Sep 17 00:00:00 2001 +From: Michal Privoznik +Date: Tue, 7 Oct 2014 16:22:17 +0200 +Subject: [PATCH] security_selinux: Don't relabel /dev/net/tun + +https://bugzilla.redhat.com/show_bug.cgi?id=1147057 + +The code for relabelling the TAP FD is there due to a race. When +libvirt creates a /dev/tapN device it's labeled as +'system_u:object_r:device_t:s0' by default. Later, when +udev/systemd reacts to this device, it's relabelled to the +expected label 'system_u:object_r:tun_tap_device_t:s0'. Hence, we +have a code that relabels the device, to cut the race down. For +more info see ae368ebfcc4. + +But the problem is, the relabel function is called on all TUN/TAP +devices. Yes, on /dev/net/tun too. This is however a special kind +of device - other processes uses it too. We shouldn't touch it's +label then. + +Ideally, there would an API in SELinux that would label just the +passed FD and not the underlying path. That way, we wouldn't need +to care as we would be not labeling /dev/net/tun but the FD +passed to the domain. Unfortunately, there's no such API so we +have to workaround until then. + +Tested-by: Richard W.M. Jones +Signed-off-by: Michal Privoznik +(cherry picked from commit ebc05263960f41065fa7d882959ea754b9281ab1) +--- + src/security/security_selinux.c | 23 +++++++++++++++++++++-- + 1 file changed, 21 insertions(+), 2 deletions(-) + +diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c +index b7c1015..352f1ab 100644 +--- a/src/security/security_selinux.c ++++ b/src/security/security_selinux.c +@@ -2352,7 +2352,7 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManagerPtr mgr, + struct stat buf; + security_context_t fcon = NULL; + virSecurityLabelDefPtr secdef; +- char *str = NULL; ++ char *str = NULL, *proc = NULL, *fd_path = NULL; + int rc = -1; + + secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); +@@ -2370,7 +2370,24 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManagerPtr mgr, + goto cleanup; + } + +- if (getContext(mgr, "/dev/tap.*", buf.st_mode, &fcon) < 0) { ++ /* Label /dev/tap.* devices only. Leave /dev/net/tun alone! */ ++ if (virAsprintf(&proc, "/proc/self/fd/%d", fd) == -1) ++ goto cleanup; ++ ++ if (virFileResolveLink(proc, &fd_path) < 0) { ++ virReportSystemError(errno, ++ _("Unable to resolve link: %s"), proc); ++ goto cleanup; ++ } ++ ++ if (!STRPREFIX(fd_path, "/dev/tap")) { ++ VIR_DEBUG("fd=%d points to %s not setting SELinux label", ++ fd, fd_path); ++ rc = 0; ++ goto cleanup; ++ } ++ ++ if (getContext(mgr, "/dev/tap*", buf.st_mode, &fcon) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("cannot lookup default selinux label for tap fd %d"), fd); + goto cleanup; +@@ -2384,6 +2401,8 @@ virSecuritySELinuxSetTapFDLabel(virSecurityManagerPtr mgr, + + cleanup: + freecon(fcon); ++ VIR_FREE(fd_path); ++ VIR_FREE(proc); + VIR_FREE(str); + return rc; + } diff --git a/libvirt.spec b/libvirt.spec index 492466b..fc39d1a 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -363,7 +363,7 @@ Summary: Library providing a simple virtualization API Name: libvirt Version: 1.2.9 -Release: 2%{?dist}%{?extra_release} +Release: 3%{?dist}%{?extra_release} License: LGPLv2+ Group: Development/Libraries BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root @@ -377,6 +377,8 @@ Source: http://libvirt.org/sources/%{?mainturl}libvirt-%{version}.tar.gz # Fix specifying CPU for qemu aarch64 Patch0001: 0001-qemu_command-Split-qemuBuildCpuArgStr.patch Patch0002: 0002-qemu-Don-t-compare-CPU-against-host-for-TCG.patch +# Fix selinux errors with /dev/net/tun (bz #1147057) +Patch0003: 0003-security_selinux-Don-t-relabel-dev-net-tun.patch %if %{with_libvirtd} Requires: libvirt-daemon = %{version}-%{release} @@ -1205,6 +1207,8 @@ driver # Fix specifying CPU for qemu aarch64 %patch0001 -p1 %patch0002 -p1 +# Fix selinux errors with /dev/net/tun (bz #1147057) +%patch0003 -p1 %build %if ! %{with_xen} @@ -2282,6 +2286,9 @@ exit 0 %doc examples/systemtap %changelog +* Thu Oct 09 2014 Cole Robinson - 1.2.9-3 +- Fix selinux errors with /dev/net/tun (bz #1147057) + * Fri Oct 03 2014 Cole Robinson - 1.2.9-2 - Fix specifying CPU for qemu aarch64