Re: [libvirt] [PATCH v3 00/18] Implement original label remembering
On 12/21/18 10:32 AM, Marc Hartmayer wrote: > On Thu, Dec 20, 2018 at 09:15 PM +0100, Michal Prívozník > wrote: >> On 12/20/18 12:48 PM, Marc Hartmayer wrote: >>> On Wed, Dec 19, 2018 at 03:37 PM +0100, Michal Privoznik >>> wrote: On 12/19/18 2:54 PM, Ján Tomko wrote: > > Reviewed-by: Ján Tomko Thanks to you and Dan. I've pushed these. >>> >>> I tried out the current master (e05d8e570b) and I got the following >>> error message regularly: >>> >>> 2018-12-20 11:37:37.056+: 30026: error : virProcessWait:274 : internal >>> error: Child process (31926) unexpected fatal signal 11 >>> 2018-12-20 11:37:37.060+: 30026: warning : >>> qemuSecurityRestoreAllLabel:89 : Unable to run security manager transaction >> >> Looks like there is some crash. Can you try to get stack trace please? > > Hmm with the newest master (9d42d51eef793d7c) I get no error > message. I’ll try to revalidate the behavior/error messages with the > previous version. > I pushed a patch that probably is a fix for what you saw... See commit 9d42d51eef - essentially avoids passing contents of a empty @con into virSecuritySELinuxSetFileconImpl which I assume is where you had a fairly spectacular failure. John -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v3 00/18] Implement original label remembering
On Thu, Dec 20, 2018 at 09:15 PM +0100, Michal Prívozník wrote: > On 12/20/18 12:48 PM, Marc Hartmayer wrote: >> On Wed, Dec 19, 2018 at 03:37 PM +0100, Michal Privoznik >> wrote: >>> On 12/19/18 2:54 PM, Ján Tomko wrote: Reviewed-by: Ján Tomko >>> >>> Thanks to you and Dan. I've pushed these. >> >> I tried out the current master (e05d8e570b) and I got the following >> error message regularly: >> >> 2018-12-20 11:37:37.056+: 30026: error : virProcessWait:274 : internal >> error: Child process (31926) unexpected fatal signal 11 >> 2018-12-20 11:37:37.060+: 30026: warning : >> qemuSecurityRestoreAllLabel:89 : Unable to run security manager transaction > > Looks like there is some crash. Can you try to get stack trace please? Hmm with the newest master (9d42d51eef793d7c) I get no error message. I’ll try to revalidate the behavior/error messages with the previous version. > > Michal > -- Kind regards / Beste Grüße Marc Hartmayer IBM Deutschland Research & Development GmbH Vorsitzende des Aufsichtsrats: Matthias Hartmann Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v3 00/18] Implement original label remembering
On 12/20/18 12:48 PM, Marc Hartmayer wrote: > On Wed, Dec 19, 2018 at 03:37 PM +0100, Michal Privoznik > wrote: >> On 12/19/18 2:54 PM, Ján Tomko wrote: >>> >>> Reviewed-by: Ján Tomko >> >> Thanks to you and Dan. I've pushed these. > > I tried out the current master (e05d8e570b) and I got the following > error message regularly: > > 2018-12-20 11:37:37.056+: 30026: error : virProcessWait:274 : internal > error: Child process (31926) unexpected fatal signal 11 > 2018-12-20 11:37:37.060+: 30026: warning : qemuSecurityRestoreAllLabel:89 > : Unable to run security manager transaction Looks like there is some crash. Can you try to get stack trace please? Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v3 00/18] Implement original label remembering
On Wed, Dec 19, 2018 at 03:37 PM +0100, Michal Privoznik wrote: > On 12/19/18 2:54 PM, Ján Tomko wrote: >> >> Reviewed-by: Ján Tomko > > Thanks to you and Dan. I've pushed these. I tried out the current master (e05d8e570b) and I got the following error message regularly: 2018-12-20 11:37:37.056+: 30026: error : virProcessWait:274 : internal error: Child process (31926) unexpected fatal signal 11 2018-12-20 11:37:37.060+: 30026: warning : qemuSecurityRestoreAllLabel:89 : Unable to run security manager transaction Did you try it with SELinux? > > Michal > > -- > libvir-list mailing list > libvir-list@redhat.com > https://www.redhat.com/mailman/listinfo/libvir-list > -- Kind regards / Beste Grüße Marc Hartmayer IBM Deutschland Research & Development GmbH Vorsitzende des Aufsichtsrats: Matthias Hartmann Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v3 00/18] Implement original label remembering
On 12/19/18 2:54 PM, Ján Tomko wrote: > > Reviewed-by: Ján Tomko Thanks to you and Dan. I've pushed these. Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v3 00/18] Implement original label remembering
On Wed, Dec 12, 2018 at 01:40:44PM +0100, Michal Privoznik wrote: v3 of: https://www.redhat.com/archives/libvir-list/2018-November/msg01070.html diff to v2: - dropped 01/18 from v2 - Introduced a test - Couple of minor adjustments as suggested in review of v2 Michal Prívozník (18): util: Introduce xattr getter/setter/remover security: Include security_util security_dac: Restore label on failed chown() attempt virSecurityDACTransactionRun: Implement rollback virSecurityDACRestoreAllLabel: Reorder device relabeling virSecurityDACRestoreAllLabel: Restore more labels security_dac: Allow callers to enable/disable label remembering/recall security_dac: Remember old labels virSecurityDACRestoreImageLabelInt: Restore even shared/RO disks security_selinux: Track if transaction is restore security_selinux: Remember old labels security_selinux: Restore label on failed setfilecon() attempt virSecuritySELinuxTransactionRun: Implement rollback virSecuritySELinuxRestoreAllLabel: Reorder device relabeling virSecuritySELinuxRestoreAllLabel: Restore more labels tests: Introduce qemusecuritytest tools: Provide a script to recover fubar'ed XATTRs setup qemu.conf: Allow users to enable/disable label remembering cfg.mk | 4 +- src/libvirt_private.syms | 3 + src/qemu/libvirtd_qemu.aug | 1 + src/qemu/qemu.conf | 4 + src/qemu/qemu_conf.c | 4 + src/qemu/test_libvirtd_qemu.aug.in | 1 + src/security/Makefile.inc.am | 2 + src/security/security_dac.c| 227 ++ src/security/security_selinux.c| 272 src/security/security_util.c | 256 +++ src/security/security_util.h | 32 ++ src/util/virfile.c | 121 src/util/virfile.h | 20 +- tests/Makefile.am | 10 + tests/qemusecuritymock.c | 480 + tests/qemusecuritytest.c | 173 +++ tests/qemusecuritytest.h | 28 ++ tools/Makefile.am | 1 + tools/libvirt_recover_xattrs.sh| 96 ++ 19 files changed, 1600 insertions(+), 135 deletions(-) create mode 100644 src/security/security_util.c create mode 100644 src/security/security_util.h create mode 100644 tests/qemusecuritymock.c create mode 100644 tests/qemusecuritytest.c create mode 100644 tests/qemusecuritytest.h create mode 100755 tools/libvirt_recover_xattrs.sh Reviewed-by: Ján Tomko Jano signature.asc Description: PGP signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v3 00/18] Implement original label remembering
v3 of: https://www.redhat.com/archives/libvir-list/2018-November/msg01070.html diff to v2: - dropped 01/18 from v2 - Introduced a test - Couple of minor adjustments as suggested in review of v2 Michal Prívozník (18): util: Introduce xattr getter/setter/remover security: Include security_util security_dac: Restore label on failed chown() attempt virSecurityDACTransactionRun: Implement rollback virSecurityDACRestoreAllLabel: Reorder device relabeling virSecurityDACRestoreAllLabel: Restore more labels security_dac: Allow callers to enable/disable label remembering/recall security_dac: Remember old labels virSecurityDACRestoreImageLabelInt: Restore even shared/RO disks security_selinux: Track if transaction is restore security_selinux: Remember old labels security_selinux: Restore label on failed setfilecon() attempt virSecuritySELinuxTransactionRun: Implement rollback virSecuritySELinuxRestoreAllLabel: Reorder device relabeling virSecuritySELinuxRestoreAllLabel: Restore more labels tests: Introduce qemusecuritytest tools: Provide a script to recover fubar'ed XATTRs setup qemu.conf: Allow users to enable/disable label remembering cfg.mk | 4 +- src/libvirt_private.syms | 3 + src/qemu/libvirtd_qemu.aug | 1 + src/qemu/qemu.conf | 4 + src/qemu/qemu_conf.c | 4 + src/qemu/test_libvirtd_qemu.aug.in | 1 + src/security/Makefile.inc.am | 2 + src/security/security_dac.c| 227 ++ src/security/security_selinux.c| 272 src/security/security_util.c | 256 +++ src/security/security_util.h | 32 ++ src/util/virfile.c | 121 src/util/virfile.h | 20 +- tests/Makefile.am | 10 + tests/qemusecuritymock.c | 480 + tests/qemusecuritytest.c | 173 +++ tests/qemusecuritytest.h | 28 ++ tools/Makefile.am | 1 + tools/libvirt_recover_xattrs.sh| 96 ++ 19 files changed, 1600 insertions(+), 135 deletions(-) create mode 100644 src/security/security_util.c create mode 100644 src/security/security_util.h create mode 100644 tests/qemusecuritymock.c create mode 100644 tests/qemusecuritytest.c create mode 100644 tests/qemusecuritytest.h create mode 100755 tools/libvirt_recover_xattrs.sh -- 2.19.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list