Re: [Qemu-devel] [PATCH v2 0/4] file descriptor passing using passfd

[Kevin Wolf]

Am 08.06.2012 17:42, schrieb Corey Bryant:
> libvirt's sVirt security driver provides SELinux MAC isolation for
> Qemu guest processes and their corresponding image files.  In other
> words, sVirt uses SELinux to prevent a QEMU process from opening
> files that do not belong to it.
> 
> sVirt provides this support by labeling guests and resources with
> security labels that are stored in file system extended attributes.
> Some file systems, such as NFS, do not support the extended
> attribute security namespace, and therefore cannot support sVirt
> isolation.
> 
> A solution to this problem is to provide fd passing support, where
> libvirt opens files and passes file descriptors to QEMU.  This,
> along with SELinux policy to prevent QEMU from opening files, can
> provide image file isolation for NFS files stored on the same NFS
> mount.
> 
> This patch series adds the passfd QMP monitor command, which allows
> an fd to be passed via SCM_RIGHTS, and returns the received file
> descriptor.  Support is also added to the block layer to allow QEMU
> to dup the fd when the filename is of the /dev/fd/X format.  This
> is useful if MAC policy prevents QEMU from opening specific types
> of files.
> 
> One nice thing about this approach is that no new SELinux policy is
> required to prevent open of NFS files (files with type nfs_t).  The
> virt_use_nfs boolean type simply needs to be set to false, and open
> will be prevented (and dup will be allowed).  For example:
> 
>     # setsebool virt_use_nfs 0
>     # getsebool virt_use_nfs
>     virt_use_nfs --> off
> 
> Corey Bryant (4):
>   qapi: Convert getfd and closefd
>   qapi: Add passfd QMP command
>   osdep: Enable qemu_open to dup pre-opened fd
>   block: Convert open calls to qemu_open
> 
>  block/raw-posix.c |   18 +++++++++---------
>  block/raw-win32.c |    4 ++--
>  block/vdi.c       |    5 +++--
>  block/vmdk.c      |   21 +++++++++------------
>  block/vpc.c       |    2 +-
>  block/vvfat.c     |   21 +++++++++++----------
>  hmp-commands.hx   |    6 ++----
>  hmp.c             |   18 ++++++++++++++++++
>  hmp.h             |    2 ++
>  monitor.c         |   36 ++++++++++++++++++++----------------
>  osdep.c           |   13 +++++++++++++
>  qapi-schema.json  |   44 ++++++++++++++++++++++++++++++++++++++++++++
>  qmp-commands.hx   |   33 +++++++++++++++++++++++++++++----
>  13 files changed, 163 insertions(+), 60 deletions(-)

Looks good to me. If Luiz is okay with the QMP part, I'm going to apply
this to the block branch.

Corey, please make sure to check the host_floppy problem and send a
patch if necessary.

Kevin