From patchwork Sun Aug 27 16:20:41 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Cole Robinson <crobinso@redhat.com>
X-Patchwork-Id: 111089
Delivered-To: patch@linaro.org
Received: by 10.140.95.78 with SMTP id h72csp3737975qge;
 Sun, 27 Aug 2017 09:20:56 -0700 (PDT)
X-Received: by 10.55.112.71 with SMTP id l68mr2921458qkc.10.1503850856545;
 Sun, 27 Aug 2017 09:20:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1503850856; cv=none;
 d=google.com; s=arc-20160816;
 b=yiHFAmcoa9TJu4kEiqQXE/WDZHTPh5HwcO8wRZCPbdWQnfsryNG2LdS+KHSfRopDOC
 xsFZPJue20vqSqsIK7VjuXv/3bTmMjZv7rpeF4DMA/ZqnyGJbWiHWOINkbfzrLWnnH1W
 MQdJAtuhqIIpqG8AwXSZol6mMyys+gPhgcW4mo0BN0DgTTjFscrSQzsCsrXJJOzyfNb2
 V3dQdRXZopuWlHJGNtn1m1uWBw8Eslk9g5lDOUQftligTDRPcKqNypKQSBYWOKPX1l25
 AfuB6AVqkkTRg3aldhKUIxT1YlaqIdthil/gvuQ5AjKhlfbbcwy/ld22GzoRuBIko3lC
 BmCw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=errors-to:sender:content-transfer-encoding:mime-version
 :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
 :list-id:precedence:subject:references:in-reply-to:references
 :in-reply-to:message-id:date:to:from:delivered-to:dmarc-filter
 :arc-authentication-results;
 bh=W9Z2q+88TRUipI04+NgJOQn0hcg6eyBASwmE9JKobO0=;
 b=koPGaCeODD438EjkUnHfnUU2ypVgY4wOVUYOkVDxFiBBeF7e3Jh/c3rbEHJi70hBXQ
 r7JycgvHnG5H/Ee8EGcMzUDv/fw/WUZ5GD8vcbDV/aGZ7jCrljBO4yj7qwW/mel0lzPM
 YxciOoC8rd/qmendpSgL79vco3P9JOS3g+qIRZ1uL4Y5S3FjKucJ7cS3v+zJ34qF9HCs
 WnsYYxrBNpYLGlGA+qkwFyxWmybtF/0xYQHAfC7V1JG7dxHCsfx2ebgwysmGPu71C7JW
 xPGOIQkvnF7T2YIw63seJR2RUVUqm8vMGrDOZedQWjdNa0MZbb40uz41DVN1cwTRDEjW
 IWvg==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: domain of libvir-list-bounces@redhat.com
 designates 209.132.183.28 as permitted sender)
 smtp.mailfrom=libvir-list-bounces@redhat.com; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com. [209.132.183.28])
 by mx.google.com with ESMTPS id
 j61si10188745qtd.429.2017.08.27.09.20.56
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Sun, 27 Aug 2017 09:20:56 -0700 (PDT)
Received-SPF: pass (google.com: domain of libvir-list-bounces@redhat.com
 designates 209.132.183.28 as permitted sender)
 client-ip=209.132.183.28; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: domain of libvir-list-bounces@redhat.com
 designates 209.132.183.28 as permitted sender)
 smtp.mailfrom=libvir-list-bounces@redhat.com; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from smtp.corp.redhat.com
 (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 22EAE883B9;
 Sun, 27 Aug 2017 16:20:55 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 22EAE883B9
Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com;
 dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; spf=fail
 smtp.mailfrom=libvir-list-bounces@redhat.com
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id CBAFB6292D;
 Sun, 27 Aug 2017 16:20:54 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
 by colo-mx.corp.redhat.com (Postfix) with ESMTP id 16E821806100;
 Sun, 27 Aug 2017 16:20:53 +0000 (UTC)
Received: from smtp.corp.redhat.com
 (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16])
 by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with
 ESMTP
 id v7RGKpN6027605 for <libvir-list@listman.util.phx.redhat.com>;
 Sun, 27 Aug 2017 12:20:51 -0400
Received: by smtp.corp.redhat.com (Postfix)
 id 94D6C5C670; Sun, 27 Aug 2017 16:20:51 +0000 (UTC)
Delivered-To: libvirt-list@redhat.com
Received: from colepc.redhat.com (ovpn-116-34.phx2.redhat.com [10.3.116.34])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 2E5C45C880;
 Sun, 27 Aug 2017 16:20:51 +0000 (UTC)
From: Cole Robinson <crobinso@redhat.com>
To: libvirt-list@redhat.com
Date: Sun, 27 Aug 2017 12:20:41 -0400
Message-Id: <eb1fd117fc9d31ac9c0a527de253babd3ce8f88b.1503850638.git.crobinso@redhat.com>
In-Reply-To: <cover.1503850638.git.crobinso@redhat.com>
References: <cover.1503850638.git.crobinso@redhat.com>
In-Reply-To: <cover.1503850638.git.crobinso@redhat.com>
References: <cover.1503850638.git.crobinso@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v2 1/2] security: add MANAGER_MOUNT_NAMESPACE flag
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.26]);
 Sun, 27 Aug 2017 16:20:55 +0000 (UTC)

The VIR_SECURITY_MANAGER_MOUNT_NAMESPACE flag informs the DAC driver
if mount namespaces are in use for the VM. Will be used for future
changes.

Wire it up in the qemu driver

Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
 src/qemu/qemu_driver.c          |  2 ++
 src/security/security_dac.c     | 10 ++++++++++
 src/security/security_dac.h     |  3 +++
 src/security/security_manager.c |  4 +++-
 src/security/security_manager.h |  1 +
 5 files changed, 19 insertions(+), 1 deletion(-)

-- 
2.13.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 2ba6c80c4..ea1a85b41 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -419,6 +419,8 @@ qemuSecurityInit(virQEMUDriverPtr driver)
     if (virQEMUDriverIsPrivileged(driver)) {
         if (cfg->dynamicOwnership)
             flags |= VIR_SECURITY_MANAGER_DYNAMIC_OWNERSHIP;
+        if (virBitmapIsBitSet(cfg->namespaces, QEMU_DOMAIN_NS_MOUNT))
+            flags |= VIR_SECURITY_MANAGER_MOUNT_NAMESPACE;
         if (!(mgr = qemuSecurityNewDAC(QEMU_DRIVER_NAME,
                                        cfg->user,
                                        cfg->group,
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index ca7a6af6d..507be44a2 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -57,6 +57,7 @@ struct _virSecurityDACData {
     gid_t *groups;
     int ngroups;
     bool dynamicOwnership;
+    bool mountNamespace;
     char *baselabel;
     virSecurityManagerDACChownCallback chownCallback;
 };
@@ -238,6 +239,15 @@ virSecurityDACSetDynamicOwnership(virSecurityManagerPtr mgr,
 }
 
 void
+virSecurityDACSetMountNamespace(virSecurityManagerPtr mgr,
+                                bool mountNamespace)
+{
+    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+    priv->mountNamespace = mountNamespace;
+}
+
+
+void
 virSecurityDACSetChownCallback(virSecurityManagerPtr mgr,
                                virSecurityManagerDACChownCallback chownCallback)
 {
diff --git a/src/security/security_dac.h b/src/security/security_dac.h
index 846cefbb5..97681c961 100644
--- a/src/security/security_dac.h
+++ b/src/security/security_dac.h
@@ -32,6 +32,9 @@ int virSecurityDACSetUserAndGroup(virSecurityManagerPtr mgr,
 void virSecurityDACSetDynamicOwnership(virSecurityManagerPtr mgr,
                                        bool dynamic);
 
+void virSecurityDACSetMountNamespace(virSecurityManagerPtr mgr,
+                                     bool mountNamespace);
+
 void virSecurityDACSetChownCallback(virSecurityManagerPtr mgr,
                                     virSecurityManagerDACChownCallback chownCallback);
 
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 95b995230..e43c99d4f 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -146,7 +146,8 @@ virSecurityManagerNewDAC(const char *virtDriver,
     virSecurityManagerPtr mgr;
 
     virCheckFlags(VIR_SECURITY_MANAGER_NEW_MASK |
-                  VIR_SECURITY_MANAGER_DYNAMIC_OWNERSHIP, NULL);
+                  VIR_SECURITY_MANAGER_DYNAMIC_OWNERSHIP |
+                  VIR_SECURITY_MANAGER_MOUNT_NAMESPACE, NULL);
 
     mgr = virSecurityManagerNewDriver(&virSecurityDriverDAC,
                                       virtDriver,
@@ -161,6 +162,7 @@ virSecurityManagerNewDAC(const char *virtDriver,
     }
 
     virSecurityDACSetDynamicOwnership(mgr, flags & VIR_SECURITY_MANAGER_DYNAMIC_OWNERSHIP);
+    virSecurityDACSetMountNamespace(mgr, flags & VIR_SECURITY_MANAGER_MOUNT_NAMESPACE);
     virSecurityDACSetChownCallback(mgr, chownCallback);
 
     return mgr;
diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index 01296d339..08fb89203 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -36,6 +36,7 @@ typedef enum {
     VIR_SECURITY_MANAGER_REQUIRE_CONFINED   = 1 << 2,
     VIR_SECURITY_MANAGER_PRIVILEGED         = 1 << 3,
     VIR_SECURITY_MANAGER_DYNAMIC_OWNERSHIP  = 1 << 4,
+    VIR_SECURITY_MANAGER_MOUNT_NAMESPACE    = 1 << 5,
 } virSecurityManagerNewFlags;
 
 # define VIR_SECURITY_MANAGER_NEW_MASK  \