qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH] util: secure memfd_create fallback mechanism


From: Rafael David Tinoco
Subject: [Qemu-devel] [PATCH] util: secure memfd_create fallback mechanism
Date: Tue, 27 Sep 2016 03:06:21 +0000

Commit: 35f9b6ef3acc9d0546c395a566b04e63ca84e302 added a fallback
mechanism for systems not supporting memfd_create syscall (started
being supported since 3.17).

Backporting memfd_create might not be accepted for distros relying
on older kernels. Nowadays there is no way for security driver
to discover memfd filename to be created: <tmpdir>/memfd-XXXXXX.

It is more appropriate to include UUID and/or VM names in the
temporary filename, allowing security driver rules to be applied
while maintaining the required unpredictability with mkstemp.

This change will allow libvirt to know exact memfd file to be created
for vhost log AND to create appropriate security rules to allow access
per instance (instead of a opened rule like <tmpdir>/memfd-*).

Example of apparmor deny messages with this change:

Per VM UUID (preferred, generated automatically by libvirt):

kernel: [26632.154856] type=1400 audit(1474945148.633:78): apparmor=
"DENIED" operation="mknod" profile="libvirt-0b96011f-0dc0-44a3-92c3-
196de2efab6d" name="/tmp/memfd-0b96011f-0dc0-44a3-92c3-196de2efab6d-
qeHrBV" pid=75161 comm="qemu-system-x86" requested_mask="c" denied_
mask="c" fsuid=107 ouid=107

Per VM name (if no UUID is specified):

kernel: [26447.505653] type=1400 audit(1474944963.985:72): apparmor=
"DENIED" operation="mknod" profile="libvirt-00000000-0000-0000-0000-
000000000000" name="/tmp/memfd-instance-teste-osYpHh" pid=74648
comm="qemu-system-x86" requested_mask="c" denied_mask="c" fsuid=107
ouid=107

Signed-off-by: Rafael David Tinoco <address@hidden>
---
 util/memfd.c | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/util/memfd.c b/util/memfd.c
index 4571d1a..4b715ac 100644
--- a/util/memfd.c
+++ b/util/memfd.c
@@ -30,6 +30,9 @@
 #include <glib/gprintf.h>
 
 #include "qemu/memfd.h"
+#include "qmp-commands.h"
+#include "qemu-common.h"
+#include "sysemu/sysemu.h"
 
 #ifdef CONFIG_MEMFD
 #include <sys/memfd.h>
@@ -94,11 +97,32 @@ void *qemu_memfd_alloc(const char *name, size_t size, 
unsigned int seals,
             return NULL;
         }
     } else {
+        int ret = 0;
         const char *tmpdir = g_get_tmp_dir();
+        UuidInfo *uinfo;
+        NameInfo *ninfo;
         gchar *fname;
 
-        fname = g_strdup_printf("%s/memfd-XXXXXX", tmpdir);
+        uinfo = qmp_query_uuid(NULL);
+
+        ret = strcmp(uinfo->UUID, UUID_NONE);
+        if (ret == 0) {
+            ninfo = qmp_query_name(NULL);
+            if (ninfo->has_name) {
+                fname = g_strdup_printf("%s/memfd-%s-XXXXXX", tmpdir,
+                                        ninfo->name);
+            } else {
+                fname = g_strdup_printf("%s/memfd-XXXXXX", tmpdir);
+            }
+            qapi_free_NameInfo(ninfo);
+        } else {
+            fname = g_strdup_printf("%s/memfd-%s-XXXXXX", tmpdir,
+                                    uinfo->UUID);
+        }
+
         mfd = mkstemp(fname);
+
+        qapi_free_UuidInfo(uinfo);
         unlink(fname);
         g_free(fname);
 
-- 
2.9.3




reply via email to

[Prev in Thread] Current Thread [Next in Thread]