568935 – RFE: Skip labelling: Ability to skip disk re-labelling step on a per file basis

Bug 568935 - RFE: Skip labelling: Ability to skip disk re-labelling step on a per file basis

Summary: RFE: Skip labelling: Ability to skip disk re-labelling step on a per file basis

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Virtualization Tools
Classification:	Community
Component:	libvirt
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Libvirt Maintainers
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	libvirtTodoSecurity
TreeView+	depends on / blocked

Reported:	2010-02-27 00:33 UTC by Cristian Ciupitu
Modified:	2012-04-18 19:44 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2012-04-18 19:44:06 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	568933	0	low	CLOSED	RFE: Allow qemu-kvm virtual machines to read public_content_t files	2021-02-22 00:41:40 UTC

Description Cristian Ciupitu 2010-02-27 00:33:18 UTC

Description of problem:
When I use an install ISO image labeled public_content_t, virt-manager will relabel it as virt_content_t without any warnings. It will also change its owner and group to qemu. It should allow virtual machines to read those files (which might also be shared via http, samba or nfs).

Version-Release number of selected component (if applicable):
virt-manager-0.8.2-1.fc12.noarch.rpm

How reproducible:
Every time.

Steps to Reproduce:
1. Create a new VM.
2. Select an ISO image labeled public_content_t.
3. Continue all the steps until the machine is started.
  
Actual results:
The ISO image will be labeled virt_content_t and its owner and group will be changed to qemu.

Expected results:
A warning should be displayed if the permissions of the file need to be changed or even better allow the virtual machine to read public_content_t files.

Additional info:
I'm also using the following packages:
libvirt-0.7.1-15.fc12.x86_64.rpm
selinux-policy-targeted-3.6.32-89.fc12.noarch.rpm

A related RFE is bug #568933.

Comment 1 Cole Robinson 2010-02-27 01:42:34 UTC

Libvirt is doing the relabeling here. Reassigning.

Comment 2 Cristian Ciupitu 2010-06-05 16:28:07 UTC

It's still present in libvirt-0.7.7-4.fc13.x86_64.rpm.

Comment 3 Cristian Ciupitu 2010-08-24 16:59:57 UTC

It's still present in libvirt-0.8.2-1.fc13.x86_64.rpm.

Comment 4 Eric Blake 2012-04-18 19:44:06 UTC

Done with this commit in 0.9.9:
commit b43432931aef92325920953ff92beabfbe5224c8
Author: Eric Blake <eblake>
Date:   Thu Dec 22 17:47:50 2011 -0700

    seclabel: allow a seclabel override on a disk src
    
    Implement the parsing and formatting of the XML addition of
    the previous commit.  The new XML doesn't affect qemu command
    line, so we can now test round-trip XML->memory->XML handling.
    
    I chose to reuse the existing structure, even though per-device
    override doesn't use all of those fields, rather than create a
    new structure, in order to reuse more code.
    
    * src/conf/domain_conf.h (_virDomainDiskDef): Add seclabel member.
    * src/conf/domain_conf.c (virDomainDiskDefFree): Free it.
    (virSecurityLabelDefFree): New function.
    (virDomainDiskDefFormat): Print it.
    (virSecurityLabelDefFormat): Reduce output if model not present.
    (virDomainDiskDefParseXML): Alter signature, and parse seclabel.
    (virSecurityLabelDefParseXML): Split...
    (virSecurityLabelDefParseXMLHelper): ...into new helper.
    (virDomainDeviceDefParse, virDomainDefParseXML): Update callers.
    * tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-override.args:
    New file.
    * tests/qemuxml2xmltest.c (mymain): Enhance test.
    * tests/qemuxml2argvtest.c (mymain): Likewise.

Note You need to log in before you can comment on or make changes to this bug.