[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v8 0/7] file descriptor passing using fd sets
From: |
Kevin Wolf |
Subject: |
Re: [Qemu-devel] [PATCH v8 0/7] file descriptor passing using fd sets |
Date: |
Fri, 10 Aug 2012 18:36:24 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120605 Thunderbird/13.0 |
Am 10.08.2012 04:10, schrieb Corey Bryant:
> libvirt's sVirt security driver provides SELinux MAC isolation for
> Qemu guest processes and their corresponding image files. In other
> words, sVirt uses SELinux to prevent a QEMU process from opening
> files that do not belong to it.
>
> sVirt provides this support by labeling guests and resources with
> security labels that are stored in file system extended attributes.
> Some file systems, such as NFS, do not support the extended
> attribute security namespace, and therefore cannot support sVirt
> isolation.
>
> A solution to this problem is to provide fd passing support, where
> libvirt opens files and passes file descriptors to QEMU. This,
> along with SELinux policy to prevent QEMU from opening files, can
> provide image file isolation for NFS files stored on the same NFS
> mount.
>
> This patch series adds the add-fd, remove-fd, and query-fdsets
> QMP monitor commands, which allow file descriptors to be passed
> via SCM_RIGHTS, and assigned to specified fd sets. This allows
> fd sets to be created per file with fds having, for example,
> different access rights. When QEMU needs to reopen a file with
> different access rights, it can search for a matching fd in the
> fd set. Fd sets also allow for easy tracking of fds per file,
> helping to prevent fd leaks.
>
> Support is also added to the block layer to allow QEMU to dup an
> fd from an fdset when the filename is of the /dev/fdset/nnn format,
> where nnn is the fd set ID.
>
> No new SELinux policy is required to prevent open of NFS files
> (files with type nfs_t). The virt_use_nfs boolean type simply
> needs to be set to false, and open will be prevented (and dup will
> be allowed). For example:
>
> # setsebool virt_use_nfs 0
> # getsebool virt_use_nfs
> virt_use_nfs --> off
>
> Corey Bryant (7):
> qemu-char: Add MSG_CMSG_CLOEXEC flag to recvmsg
> qapi: Introduce add-fd, remove-fd, query-fdsets
> monitor: Clean up fd sets on monitor disconnect
> block: Prevent detection of /dev/fdset/ as floppy
> block: Convert open calls to qemu_open
> block: Convert close calls to qemu_close
> block: Enable qemu_open/close to work with fd sets
>
> block/raw-posix.c | 46 +++++----
> block/raw-win32.c | 6 +-
> block/vdi.c | 5 +-
> block/vmdk.c | 25 ++---
> block/vpc.c | 4 +-
> block/vvfat.c | 16 +--
> cutils.c | 5 +
> monitor.c | 294
> +++++++++++++++++++++++++++++++++++++++++++++++++++++
> monitor.h | 5 +
> osdep.c | 117 +++++++++++++++++++++
> qapi-schema.json | 98 ++++++++++++++++++
> qemu-char.c | 12 ++-
> qemu-common.h | 2 +
> qemu-tool.c | 20 ++++
> qmp-commands.hx | 117 +++++++++++++++++++++
> savevm.c | 4 +-
> 16 files changed, 721 insertions(+), 55 deletions(-)
Apart from the few comments I made, I like this series. Maybe v9 will be
the last one. :-)
Kevin
- [Qemu-devel] [PATCH v8 2/7] qapi: Introduce add-fd, remove-fd, query-fdsets, (continued)
- [Qemu-devel] [PATCH v8 2/7] qapi: Introduce add-fd, remove-fd, query-fdsets, Corey Bryant, 2012/08/09
- Re: [Qemu-devel] [PATCH v8 2/7] qapi: Introduce add-fd, remove-fd, query-fdsets, Eric Blake, 2012/08/10
- Re: [Qemu-devel] [PATCH v8 2/7] qapi: Introduce add-fd, remove-fd, query-fdsets, Stefan Hajnoczi, 2012/08/10
- Re: [Qemu-devel] [PATCH v8 2/7] qapi: Introduce add-fd, remove-fd, query-fdsets, Kevin Wolf, 2012/08/10
- [Qemu-devel] [PATCH v8 6/7] block: Convert close calls to qemu_close, Corey Bryant, 2012/08/09
- [Qemu-devel] [PATCH v8 4/7] block: Prevent detection of /dev/fdset/ as floppy, Corey Bryant, 2012/08/09
- [Qemu-devel] [PATCH v8 5/7] block: Convert open calls to qemu_open, Corey Bryant, 2012/08/09
- Re: [Qemu-devel] [PATCH v8 0/7] file descriptor passing using fd sets,
Kevin Wolf <=