Revert "qemu: Temporary disable owner remembering"

This reverts commit fc3990c7e64be1da1631952d3ec384ebef50e125. Now that all the reported bugs are fixed let's turn the feature back on. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Cole Robinson <crobinso@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2025-01-26 14:03:49 +03:00 · 2019-01-15 09:50:58 +01:00 · 2019-01-15 09:50:58 +01:00 · 8695793d72
commit 8695793d72
parent 3973d4dff1
5 changed files with 24 additions and 0 deletions
--- a/docs/news.xml
+++ b/docs/news.xml
@ -25,6 +25,19 @@
    <section title="New features">
    </section>
    <section title="Improvements">
+      <change>
+        <summary>
+          Remember original owners and SELinux labels of files
+        </summary>
+        <description>
+          When a domain is starting up libvirt changes DAC and
+          SELinux labels so that domain can access it. However,
+          it never remembered the original labels and therefore
+          the file was returned back to <code>root:root</code>.
+          With this release, the original labels are remembered
+          and restored properly.
+        </description>
+      </change>
    </section>
    <section title="Bug fixes">
    </section>
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@ -72,6 +72,7 @@ module Libvirtd_qemu =
                 | str_entry "user"
                 | str_entry "group"
                 | bool_entry "dynamic_ownership"
+                 | bool_entry "remember_owner"
                 | str_array_entry "cgroup_controllers"
                 | str_array_entry "cgroup_device_acl"
                 | int_entry "seccomp_sandbox"
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@ -456,6 +456,11 @@
 # Set to 0 to disable file ownership changes.
 #dynamic_ownership = 1

+# Whether libvirt should remember and restore the original
+# ownership over files it is relabeling. Defaults to 1, set
+# to 0 to disable the feature.
+#remember_owner = 1
+
 # What cgroup controllers to make use of with QEMU guests
 #
 #  - 'cpu' - use for scheduler tunables
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@ -125,6 +125,7 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)
        cfg->group = (gid_t)-1;
    }
    cfg->dynamicOwnership = privileged;
+    cfg->rememberOwner = privileged;

    cfg->cgroupControllers = -1; /* -1 == auto-detect */

@ -890,6 +891,9 @@ virQEMUDriverConfigLoadSecurityEntry(virQEMUDriverConfigPtr cfg,
    if (virConfGetValueBool(conf, "dynamic_ownership", &cfg->dynamicOwnership) < 0)
        return -1;

+    if (virConfGetValueBool(conf, "remember_owner", &cfg->rememberOwner) < 0)
+        return -1;
+
    if (virConfGetValueStringList(conf, "cgroup_controllers", false,
                                  &controllers) < 0)
        return -1;
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@ -44,6 +44,7 @@ module Test_libvirtd_qemu =
 { "user" = "root" }
 { "group" = "root" }
 { "dynamic_ownership" = "1" }
+{ "remember_owner" = "1" }
 { "cgroup_controllers"
    { "1" = "cpu" }
    { "2" = "devices" }