Bug 230790 - HVM: QEMU leaks virtual disk file descriptors to network script causing SELinux AVCs
HVM: QEMU leaks virtual disk file descriptors to network script causing SELin...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: xen (Show other bugs)
5.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Xen Maintainance List
:
: 240342 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-03-02 16:25 EST by Daniel Berrange
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: RHEA-2007-0635
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-07 12:10:01 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Set the close-on-exec flag (7.43 KB, patch)
2007-03-02 16:30 EST, Daniel Berrange
no flags Details | Diff

  None (edit)
Description Daniel Berrange 2007-03-02 16:25:01 EST
Description of problem:
QEMU opens the virtual disks before it sets up networking. Unfortunately it is
not setting the close-on-exec flag for the file handles associated with the
virtual disk. So when it runs /etc/xen/qemu-ifup the file handles for the
virtual disks get propagated into the networking scripts - ifconfig /brctl run
as a different SELinux domain, so we see AVC denials about the leaked file
handles. These AVCs don't (apparently) cause any hard failure, but this is
none-the-less a bug that should be resolved.

Version-Release number of selected component (if applicable):
xen-3.0.3-25.el5

How reproducible:
Always

Steps to Reproduce:
1. setenforce 0
2. Edit /etc/xen/qemu-ifup and add in:

  ls -l /proc/$$/fd/ >> /tmp/files.txt

3. Start an HVM guest
4. Look in /tmp/files.txt
  
Actual results:
There are file handles open for each virtual disk associated with the HVM guest
There are also AVC denials in the audit logs

Expected results:
There are no file handles open for the virtual disks

Additional info:
Comment 1 Daniel Berrange 2007-03-02 16:30:13 EST
Created attachment 149154 [details]
Set the close-on-exec flag

The attached patch modifies all the various disk driver backends in QEMU to
ensure the close-on-exec flag is turned on. This prevents disk file descriptors
propagating to the networking scripts.
Comment 3 RHEL Product and Program Management 2007-05-01 13:32:20 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 5 Daniel Berrange 2007-06-14 10:50:43 EDT
Built into dist-5E-qu-candidate as xen-3.0.3-27.el5


* Thu Jun 14 2007 Daniel P. Berrange <berrange@redhat.com> - 3.0.3-27.el5
- Update low level (non-XenD) userspace to work with 3.1.0 hypervisor
(rhbz#243462, rhbz#234166, rhbz#230790)
Comment 7 Daniel Berrange 2007-07-16 16:42:08 EDT
*** Bug 240342 has been marked as a duplicate of this bug. ***
Comment 9 errata-xmlrpc 2007-11-07 12:10:01 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2007-0635.html

Note You need to log in before you can comment on or make changes to this bug.