render / rpms / libvirt

Forked from rpms/libvirt a year ago
Clone
Source Code
GIT

Blame SOURCES/libvirt-security-fix-SELinux-label-generation-logic.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-rhel c8-sig-altarch-stream-rhel c8-stream-rhel c8s-sig-hyperscale c8s-stream-rhel c9 c9-beta c9s-sig-hyperscale libvirt-hyperscale-10.10.0 libvirt-hyperscale-10.4.0 upgrade-hyperscale-libvirt
  1.   8c03ec6cc944cf4270ebd4895bf06266e170e1fd
  2.   SOURCES
  3.   libvirt-security-fix-SELinux-label-generation-logic.patch
Blob History Raw
8c03ec 
From 0f7c8a271f07b3f9aff07dd814d7bec80ddac362 Mon Sep 17 00:00:00 2001
8c03ec 
Message-Id: <0f7c8a271f07b3f9aff07dd814d7bec80ddac362@dist-git>
8c03ec 
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
8c03ec 
Date: Wed, 28 Jul 2021 14:59:00 +0200
8c03ec 
Subject: [PATCH] security: fix SELinux label generation logic
8c03ec 
MIME-Version: 1.0
8c03ec 
Content-Type: text/plain; charset=UTF-8
8c03ec 
Content-Transfer-Encoding: 8bit
8c03ec
8c03ec 
A process can access a file if the set of MCS categories
8c03ec 
for the file is equal-to *or* a subset-of, the set of
8c03ec 
MCS categories for the process.
8c03ec
8c03ec 
If there are two VMs:
8c03ec
8c03ec 
  a) svirt_t:s0:c117
8c03ec 
  b) svirt_t:s0:c117,c720
8c03ec
8c03ec 
Then VM (b) is able to access files labelled for VM (a).
8c03ec
8c03ec 
IOW, we must discard case where the categories are equal
8c03ec 
because that is a subset of many other valid category pairs.
8c03ec
8c03ec 
Fixes: https://gitlab.com/libvirt/libvirt/-/issues/153
8c03ec 
CVE-2021-3631
8c03ec 
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
8c03ec 
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
8c03ec 
(cherry picked from commit 15073504dbb624d3f6c911e85557019d3620fdb2)
8c03ec 
Message-Id: <38c6a7b570b8eb2114d9f1ff0c84a8346e01472f.1627476632.git.pkrempa@redhat.com>
8c03ec 
Reviewed-by: Ján Tomko <jtomko@redhat.com>
8c03ec 
---
8c03ec 
 src/security/security_selinux.c | 10 +++++++++-
8c03ec 
 1 file changed, 9 insertions(+), 1 deletion(-)
8c03ec
8c03ec 
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
8c03ec 
index 985c7eda1a..93fae831ca 100644
8c03ec 
--- a/src/security/security_selinux.c
8c03ec 
+++ b/src/security/security_selinux.c
8c03ec 
@@ -391,7 +391,15 @@ virSecuritySELinuxMCSFind(virSecurityManagerPtr mgr,
8c03ec 
         VIR_DEBUG("Try cat %s:c%d,c%d", sens, c1 + catMin, c2 + catMin);
8c03ec
8c03ec 
         if (c1 == c2) {
8c03ec 
-            mcs = g_strdup_printf("%s:c%d", sens, catMin + c1);
8c03ec 
+            /*
8c03ec 
+             * A process can access a file if the set of MCS categories
8c03ec 
+             * for the file is equal-to *or* a subset-of, the set of
8c03ec 
+             * MCS categories for the process.
8c03ec 
+             *
8c03ec 
+             * IOW, we must discard case where the categories are equal
8c03ec 
+             * because that is a subset of other category pairs.
8c03ec 
+             */
8c03ec 
+            continue;
8c03ec 
         } else {
8c03ec 
             if (c1 > c2) {
8c03ec 
                 int t = c1;
8c03ec 
--
8c03ec 
2.32.0
8c03ec

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation