230790 – HVM: QEMU leaks virtual disk file descriptors to network script causing SELinux AVCs

Bug 230790 - HVM: QEMU leaks virtual disk file descriptors to network script causing SELinux AVCs

Summary: HVM: QEMU leaks virtual disk file descriptors to network script causing SELin...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	xen
Sub Component:
Version:	5.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Xen Maintainance List
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	240342 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-03-02 21:25 UTC by Daniel Berrangé
Modified:	2007-11-30 22:07 UTC (History)
CC List:	1 user (show)
Fixed In Version:	RHEA-2007-0635
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-11-07 17:10:01 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Set the close-on-exec flag (7.43 KB, patch) 2007-03-02 21:30 UTC, Daniel Berrangé	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2007:0635	0	normal	SHIPPED_LIVE	xen enhancement update	2007-10-30 15:49:02 UTC

Description Daniel Berrangé 2007-03-02 21:25:01 UTC

Description of problem:
QEMU opens the virtual disks before it sets up networking. Unfortunately it is
not setting the close-on-exec flag for the file handles associated with the
virtual disk. So when it runs /etc/xen/qemu-ifup the file handles for the
virtual disks get propagated into the networking scripts - ifconfig /brctl run
as a different SELinux domain, so we see AVC denials about the leaked file
handles. These AVCs don't (apparently) cause any hard failure, but this is
none-the-less a bug that should be resolved.

Version-Release number of selected component (if applicable):
xen-3.0.3-25.el5

How reproducible:
Always

Steps to Reproduce:
1. setenforce 0
2. Edit /etc/xen/qemu-ifup and add in:

  ls -l /proc/$$/fd/ >> /tmp/files.txt

3. Start an HVM guest
4. Look in /tmp/files.txt
  
Actual results:
There are file handles open for each virtual disk associated with the HVM guest
There are also AVC denials in the audit logs

Expected results:
There are no file handles open for the virtual disks

Additional info:

Comment 1 Daniel Berrangé 2007-03-02 21:30:13 UTC

Created attachment 149154 [details]
Set the close-on-exec flag

The attached patch modifies all the various disk driver backends in QEMU to
ensure the close-on-exec flag is turned on. This prevents disk file descriptors
propagating to the networking scripts.

Comment 3 RHEL Program Management 2007-05-01 17:32:20 UTC

This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 5 Daniel Berrangé 2007-06-14 14:50:43 UTC

Built into dist-5E-qu-candidate as xen-3.0.3-27.el5


* Thu Jun 14 2007 Daniel P. Berrange <berrange> - 3.0.3-27.el5
- Update low level (non-XenD) userspace to work with 3.1.0 hypervisor
(rhbz#243462, rhbz#234166, rhbz#230790)

Comment 7 Daniel Berrangé 2007-07-16 20:42:08 UTC

*** Bug 240342 has been marked as a duplicate of this bug. ***

Comment 9 errata-xmlrpc 2007-11-07 17:10:01 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2007-0635.html

Note You need to log in before you can comment on or make changes to this bug.