Bug 230790 - HVM: QEMU leaks virtual disk file descriptors to network script causing SELinux AVCs
Summary: HVM: QEMU leaks virtual disk file descriptors to network script causing SELin...
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: xen   
(Show other bugs)
Version: 5.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Xen Maintainance List
QA Contact:
URL:
Whiteboard:
Keywords:
: 240342 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-03-02 21:25 UTC by Daniel Berrange
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Fixed In Version: RHEA-2007-0635
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-07 17:10:01 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Set the close-on-exec flag (7.43 KB, patch)
2007-03-02 21:30 UTC, Daniel Berrange
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2007:0635 normal SHIPPED_LIVE xen enhancement update 2007-10-30 15:49:02 UTC

Description Daniel Berrange 2007-03-02 21:25:01 UTC
Description of problem:
QEMU opens the virtual disks before it sets up networking. Unfortunately it is
not setting the close-on-exec flag for the file handles associated with the
virtual disk. So when it runs /etc/xen/qemu-ifup the file handles for the
virtual disks get propagated into the networking scripts - ifconfig /brctl run
as a different SELinux domain, so we see AVC denials about the leaked file
handles. These AVCs don't (apparently) cause any hard failure, but this is
none-the-less a bug that should be resolved.

Version-Release number of selected component (if applicable):
xen-3.0.3-25.el5

How reproducible:
Always

Steps to Reproduce:
1. setenforce 0
2. Edit /etc/xen/qemu-ifup and add in:

  ls -l /proc/$$/fd/ >> /tmp/files.txt

3. Start an HVM guest
4. Look in /tmp/files.txt
  
Actual results:
There are file handles open for each virtual disk associated with the HVM guest
There are also AVC denials in the audit logs

Expected results:
There are no file handles open for the virtual disks

Additional info:

Comment 1 Daniel Berrange 2007-03-02 21:30:13 UTC
Created attachment 149154 [details]
Set the close-on-exec flag

The attached patch modifies all the various disk driver backends in QEMU to
ensure the close-on-exec flag is turned on. This prevents disk file descriptors
propagating to the networking scripts.

Comment 3 RHEL Product and Program Management 2007-05-01 17:32:20 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 5 Daniel Berrange 2007-06-14 14:50:43 UTC
Built into dist-5E-qu-candidate as xen-3.0.3-27.el5


* Thu Jun 14 2007 Daniel P. Berrange <berrange@redhat.com> - 3.0.3-27.el5
- Update low level (non-XenD) userspace to work with 3.1.0 hypervisor
(rhbz#243462, rhbz#234166, rhbz#230790)

Comment 7 Daniel Berrange 2007-07-16 20:42:08 UTC
*** Bug 240342 has been marked as a duplicate of this bug. ***

Comment 9 errata-xmlrpc 2007-11-07 17:10:01 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2007-0635.html



Note You need to log in before you can comment on or make changes to this bug.