From: Jes Sorensen <Jes.Sorensen@redhat.com>
To: Eric Blake <eblake@redhat.com>
Cc: Stefan Hajnoczi <stefanha@gmail.com>,
QEMU Developers <qemu-devel@nongnu.org>,
Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Subject: Re: [Qemu-devel] live snapshot wiki updated
Date: Tue, 19 Jul 2011 16:09:49 +0200 [thread overview]
Message-ID: <4E25902D.2000403@redhat.com> (raw)
In-Reply-To: <4E258D70.6000205@redhat.com>
On 07/19/11 15:58, Eric Blake wrote:
> On 07/19/2011 07:27 AM, Jes Sorensen wrote:
>> Eric, what happens if libvirt in an selinux environment tells QEMU to
>> launch using an image file that is backed by backing file(s)?
>
> Before starting qemu, libvirt first parses all the image files, to see
> if any of them have backing images. For every qcow2 or qed image with a
> backing file, libvirt sets the SELinux context of both the qcow2 image
> and its backing file so that qemu will be able to successfully open()
> them. But if any of those files reside on NFS, then it is not possible
> to label individual files, so it requires setting the SELinux bool
> virt_use_nfs, which thus gives qemu the power to open() arbitrary files
> on NFS, and you've lost security.
Urgh, libvirt parsing image files is really unfortunate, it really
doesn't give me warm fuzzy feelings :( libvirt really should not know
about internals of image formats.
> It would be nice if libvirt had a way to pass fds for every disk and
> backing file up front; then, SELinux can work around the lack of NFS
> per-file labelling by blocking open() in qemu. In fact, this has
> already been proposed:
A cleaner solution seems to have libvirt provide a call-back allowing
QEMU to call out and have libvirt open a file descriptor instead. This
way libvirt can validate it and open it for QEMU and pass it back.
If we cannot do something like this, I would prefer to have backing
files on NFS should simply not be supported when running in an selinux
setup.
Cheers,
Jes
next prev parent reply other threads:[~2011-07-19 14:11 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-15 14:58 [Qemu-devel] live snapshot wiki updated Jes Sorensen
2011-07-18 14:08 ` Stefan Hajnoczi
2011-07-19 7:24 ` Jes Sorensen
2011-07-19 13:23 ` Stefan Hajnoczi
2011-07-19 13:27 ` Jes Sorensen
2011-07-19 13:58 ` Eric Blake
2011-07-19 14:09 ` Jes Sorensen [this message]
2011-07-19 14:24 ` Eric Blake
2011-07-19 14:30 ` Jes Sorensen
2011-07-19 15:14 ` Stefan Hajnoczi
2011-07-19 16:46 ` Daniel P. Berrange
2011-07-20 7:30 ` Markus Armbruster
2011-07-20 8:23 ` Jes Sorensen
2011-07-20 9:36 ` Daniel P. Berrange
2011-07-20 10:15 ` [Qemu-devel] [libvirt] " Nicolas Sebrecht
2011-07-20 10:28 ` Daniel P. Berrange
2011-07-20 11:40 ` [Qemu-devel] [libvirt] " Stefan Hajnoczi
[not found] ` <4E27E610.7090502@redhat.com>
[not found] ` <4E282DE6.1020603@redhat.com>
[not found] ` <4E283554.4080903@redhat.com>
2011-07-21 14:51 ` Eric Blake
[not found] ` <4E27E5A2.2030208@redhat.com>
[not found] ` <4E28317D.9020502@redhat.com>
2011-07-21 15:01 ` [Qemu-devel] " Stefan Hajnoczi
2011-07-21 19:42 ` Blue Swirl
2011-07-22 5:06 ` Stefan Hajnoczi
2011-07-22 15:49 ` Blue Swirl
2011-07-22 7:22 ` Kevin Wolf
2011-07-22 9:11 ` Stefan Hajnoczi
2011-07-22 16:05 ` Blue Swirl
2011-07-20 9:50 ` Kevin Wolf
2011-07-20 10:18 ` Daniel P. Berrange
2011-07-19 16:14 ` Anthony Liguori
2011-07-20 8:25 ` Jes Sorensen
2011-07-20 10:01 ` Kevin Wolf
2011-07-20 13:25 ` Jes Sorensen
2011-07-20 13:46 ` Eric Blake
2011-07-20 17:27 ` Blue Swirl
2011-07-20 17:47 ` Eric Blake
2011-07-20 19:51 ` Blue Swirl
[not found] ` <4E27DE5D.5050502@redhat.com>
2011-07-21 19:34 ` Blue Swirl
2011-07-20 13:51 ` Kevin Wolf
2011-07-20 17:20 ` Blue Swirl
2011-07-20 17:41 ` Eric Blake
2011-07-20 18:00 ` Blue Swirl
2011-07-20 18:17 ` Eric Blake
2011-07-20 20:01 ` Blue Swirl
2011-07-20 20:10 ` Eric Blake
[not found] ` <4E27E280.2060306@redhat.com>
2011-07-21 19:01 ` Blue Swirl
2011-07-22 7:36 ` Avi Kivity
2011-07-22 8:11 ` Kevin Wolf
2011-07-22 16:09 ` Blue Swirl
2011-07-20 13:50 ` Cleber Rosa
2011-07-20 14:34 ` Anthony Liguori
2011-07-20 18:34 ` Cleber Rosa
2011-07-19 16:47 ` Daniel P. Berrange
2011-07-20 8:26 ` Jes Sorensen
2011-07-20 9:38 ` Daniel P. Berrange
2011-07-20 14:35 ` Anthony Liguori
2011-07-21 18:56 ` Michael Roth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E25902D.2000403@redhat.com \
--to=jes.sorensen@redhat.com \
--cc=eblake@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@gmail.com \
--cc=stefanha@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.