From 953eead14ccfe47904e73cee9cea6e1255f57356 Mon Sep 17 00:00:00 2001 From: Nicolás Reynolds Date: Fri, 17 Jan 2014 03:43:05 +0000 Subject: Fri Jan 17 03:37:47 UTC 2014 --- ...store-user-group-ID-values-in-virIdentity.patch | 156 -------------------- ...stem-identity-includes-process-start-time.patch | 70 --------- ...-for-using-3-arg-pkcheck-syntax-for-proce.patch | 159 --------------------- community/libvirt/PKGBUILD | 10 +- community/libvirt/libvirt.install | 4 - 5 files changed, 5 insertions(+), 394 deletions(-) delete mode 100644 community/libvirt/0001-Also-store-user-group-ID-values-in-virIdentity.patch delete mode 100644 community/libvirt/0002-Ensure-system-identity-includes-process-start-time.patch delete mode 100644 community/libvirt/0003-Add-support-for-using-3-arg-pkcheck-syntax-for-proce.patch (limited to 'community/libvirt') diff --git a/community/libvirt/0001-Also-store-user-group-ID-values-in-virIdentity.patch b/community/libvirt/0001-Also-store-user-group-ID-values-in-virIdentity.patch deleted file mode 100644 index 70a613820..000000000 --- a/community/libvirt/0001-Also-store-user-group-ID-values-in-virIdentity.patch +++ /dev/null @@ -1,156 +0,0 @@ -From 02432e3afa32e9866fbf1317069b422ef552d1d4 Mon Sep 17 00:00:00 2001 -From: "Daniel P. Berrange" -Date: Thu, 22 Aug 2013 16:00:01 +0100 -Subject: [PATCH 1/3] Also store user & group ID values in virIdentity - -Future improvements to the polkit code will require access to -the numeric user ID, not merely user name. - -Signed-off-by: Daniel P. Berrange ---- - src/rpc/virnetserverclient.c | 18 ++++++++++++++++++ - src/util/viridentity.c | 23 +++++++++++++++++++---- - src/util/viridentity.h | 2 ++ - 3 files changed, 39 insertions(+), 4 deletions(-) - -diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c -index 83d5cf1..f30dd08 100644 ---- a/src/rpc/virnetserverclient.c -+++ b/src/rpc/virnetserverclient.c -@@ -652,7 +652,9 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client) - char *processid = NULL; - char *processtime = NULL; - char *username = NULL; -+ char *userid = NULL; - char *groupname = NULL; -+ char *groupid = NULL; - #if WITH_SASL - char *saslname = NULL; - #endif -@@ -672,8 +674,12 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client) - - if (!(username = virGetUserName(uid))) - goto cleanup; -+ if (virAsprintf(&userid, "%d", uid) < 0) -+ goto cleanup; - if (!(groupname = virGetGroupName(gid))) - goto cleanup; -+ if (virAsprintf(&userid, "%d", gid) < 0) -+ goto cleanup; - if (virAsprintf(&processid, "%llu", - (unsigned long long)pid) < 0) - goto cleanup; -@@ -710,11 +716,21 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client) - VIR_IDENTITY_ATTR_UNIX_USER_NAME, - username) < 0) - goto error; -+ if (userid && -+ virIdentitySetAttr(ret, -+ VIR_IDENTITY_ATTR_UNIX_USER_ID, -+ userid) < 0) -+ goto error; - if (groupname && - virIdentitySetAttr(ret, - VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, - groupname) < 0) - goto error; -+ if (groupid && -+ virIdentitySetAttr(ret, -+ VIR_IDENTITY_ATTR_UNIX_GROUP_ID, -+ groupid) < 0) -+ goto error; - if (processid && - virIdentitySetAttr(ret, - VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, -@@ -745,7 +761,9 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client) - - cleanup: - VIR_FREE(username); -+ VIR_FREE(userid); - VIR_FREE(groupname); -+ VIR_FREE(groupid); - VIR_FREE(processid); - VIR_FREE(processtime); - VIR_FREE(seccontext); -diff --git a/src/util/viridentity.c b/src/util/viridentity.c -index 781f660..03c375b 100644 ---- a/src/util/viridentity.c -+++ b/src/util/viridentity.c -@@ -133,7 +133,9 @@ int virIdentitySetCurrent(virIdentityPtr ident) - virIdentityPtr virIdentityGetSystem(void) - { - char *username = NULL; -+ char *userid = NULL; - char *groupname = NULL; -+ char *groupid = NULL; - char *seccontext = NULL; - virIdentityPtr ret = NULL; - #if WITH_SELINUX -@@ -147,8 +149,13 @@ virIdentityPtr virIdentityGetSystem(void) - - if (!(username = virGetUserName(getuid()))) - goto cleanup; -+ if (virAsprintf(&userid, "%d", (int)getuid()) < 0) -+ goto cleanup; -+ - if (!(groupname = virGetGroupName(getgid()))) - goto cleanup; -+ if (virAsprintf(&groupid, "%d", (int)getgid()) < 0) -+ goto cleanup; - - #if WITH_SELINUX - if (getcon(&con) < 0) { -@@ -166,16 +173,22 @@ virIdentityPtr virIdentityGetSystem(void) - if (!(ret = virIdentityNew())) - goto cleanup; - -- if (username && -- virIdentitySetAttr(ret, -+ if (virIdentitySetAttr(ret, - VIR_IDENTITY_ATTR_UNIX_USER_NAME, - username) < 0) - goto error; -- if (groupname && -- virIdentitySetAttr(ret, -+ if (virIdentitySetAttr(ret, -+ VIR_IDENTITY_ATTR_UNIX_USER_ID, -+ userid) < 0) -+ goto error; -+ if (virIdentitySetAttr(ret, - VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, - groupname) < 0) - goto error; -+ if (virIdentitySetAttr(ret, -+ VIR_IDENTITY_ATTR_UNIX_GROUP_ID, -+ groupid) < 0) -+ goto error; - if (seccontext && - virIdentitySetAttr(ret, - VIR_IDENTITY_ATTR_SELINUX_CONTEXT, -@@ -188,7 +201,9 @@ virIdentityPtr virIdentityGetSystem(void) - - cleanup: - VIR_FREE(username); -+ VIR_FREE(userid); - VIR_FREE(groupname); -+ VIR_FREE(groupid); - VIR_FREE(seccontext); - VIR_FREE(processid); - return ret; -diff --git a/src/util/viridentity.h b/src/util/viridentity.h -index 4bae8d6..a240c2d 100644 ---- a/src/util/viridentity.h -+++ b/src/util/viridentity.h -@@ -29,7 +29,9 @@ typedef virIdentity *virIdentityPtr; - - typedef enum { - VIR_IDENTITY_ATTR_UNIX_USER_NAME, -+ VIR_IDENTITY_ATTR_UNIX_USER_ID, - VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, -+ VIR_IDENTITY_ATTR_UNIX_GROUP_ID, - VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, - VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME, - VIR_IDENTITY_ATTR_SASL_USER_NAME, --- -1.8.3.1 - diff --git a/community/libvirt/0002-Ensure-system-identity-includes-process-start-time.patch b/community/libvirt/0002-Ensure-system-identity-includes-process-start-time.patch deleted file mode 100644 index 1fba7d56c..000000000 --- a/community/libvirt/0002-Ensure-system-identity-includes-process-start-time.patch +++ /dev/null @@ -1,70 +0,0 @@ -From f26b6e44bf0c3efe8167a528141224ccb7623b4a Mon Sep 17 00:00:00 2001 -From: "Daniel P. Berrange" -Date: Wed, 28 Aug 2013 15:22:05 +0100 -Subject: [PATCH 2/3] Ensure system identity includes process start time - -The polkit access driver will want to use the process start -time field. This was already set for network identities, but -not for the system identity. - -Signed-off-by: Daniel P. Berrange ---- - src/util/viridentity.c | 16 ++++++++++++++++ - 1 file changed, 16 insertions(+) - -diff --git a/src/util/viridentity.c b/src/util/viridentity.c -index 03c375b..f681f85 100644 ---- a/src/util/viridentity.c -+++ b/src/util/viridentity.c -@@ -35,6 +35,7 @@ - #include "virthread.h" - #include "virutil.h" - #include "virstring.h" -+#include "virprocess.h" - - #define VIR_FROM_THIS VIR_FROM_IDENTITY - -@@ -142,11 +143,20 @@ virIdentityPtr virIdentityGetSystem(void) - security_context_t con; - #endif - char *processid = NULL; -+ unsigned long long timestamp; -+ char *processtime = NULL; - - if (virAsprintf(&processid, "%llu", - (unsigned long long)getpid()) < 0) - goto cleanup; - -+ if (virProcessGetStartTime(getpid(), ×tamp) < 0) -+ goto cleanup; -+ -+ if (timestamp != 0 && -+ virAsprintf(&processtime, "%llu", timestamp) < 0) -+ goto cleanup; -+ - if (!(username = virGetUserName(getuid()))) - goto cleanup; - if (virAsprintf(&userid, "%d", (int)getuid()) < 0) -@@ -198,6 +208,11 @@ virIdentityPtr virIdentityGetSystem(void) - VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, - processid) < 0) - goto error; -+ if (processtime && -+ virIdentitySetAttr(ret, -+ VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME, -+ processtime) < 0) -+ goto error; - - cleanup: - VIR_FREE(username); -@@ -206,6 +221,7 @@ cleanup: - VIR_FREE(groupid); - VIR_FREE(seccontext); - VIR_FREE(processid); -+ VIR_FREE(processtime); - return ret; - - error: --- -1.8.3.1 - diff --git a/community/libvirt/0003-Add-support-for-using-3-arg-pkcheck-syntax-for-proce.patch b/community/libvirt/0003-Add-support-for-using-3-arg-pkcheck-syntax-for-proce.patch deleted file mode 100644 index 8882f1227..000000000 --- a/community/libvirt/0003-Add-support-for-using-3-arg-pkcheck-syntax-for-proce.patch +++ /dev/null @@ -1,159 +0,0 @@ -From 4a061ec8fe94857dd21acf401c66195ec51b1234 Mon Sep 17 00:00:00 2001 -From: "Daniel P. Berrange" -Date: Wed, 28 Aug 2013 15:25:40 +0100 -Subject: [PATCH 3/3] Add support for using 3-arg pkcheck syntax for process - -With the existing pkcheck (pid, start time) tuple for identifying -the process, there is a race condition, where a process can make -a libvirt RPC call and in another thread exec a setuid application, -causing it to change to effective UID 0. This in turn causes polkit -to do its permission check based on the wrong UID. - -To address this, libvirt must get the UID the caller had at time -of connect() (from SO_PEERCRED) and pass a (pid, start time, uid) -triple to the pkcheck program. - -Signed-off-by: Colin Walters -Signed-off-by: Daniel P. Berrange ---- - configure.ac | 8 ++++++++ - daemon/remote.c | 21 +++++++++++++++++--- - src/access/viraccessdriverpolkit.c | 40 +++++++++++++++++++++++++++++++++----- - 3 files changed, 61 insertions(+), 8 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 94a2e19..3dfbb4d 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1184,6 +1184,14 @@ if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then - AC_PATH_PROG([PKCHECK_PATH],[pkcheck], [], [/usr/sbin:$PATH]) - if test "x$PKCHECK_PATH" != "x" ; then - AC_DEFINE_UNQUOTED([PKCHECK_PATH],["$PKCHECK_PATH"],[Location of pkcheck program]) -+ AC_MSG_CHECKING([whether pkcheck supports uid value]) -+ pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1) -+ if test "x$pkcheck_supports_uid" = "xtrue"; then -+ AC_MSG_RESULT([yes]) -+ AC_DEFINE_UNQUOTED([PKCHECK_SUPPORTS_UID], 1, [Pass uid to pkcheck]) -+ else -+ AC_MSG_RESULT([no]) -+ fi - AC_DEFINE_UNQUOTED([WITH_POLKIT], 1, - [use PolicyKit for UNIX socket access checks]) - AC_DEFINE_UNQUOTED([WITH_POLKIT1], 1, -diff --git a/daemon/remote.c b/daemon/remote.c -index 03d5557..6132091 100644 ---- a/daemon/remote.c -+++ b/daemon/remote.c -@@ -2731,10 +2731,12 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED, - int status = -1; - char *ident = NULL; - bool authdismissed = 0; -+ bool supportsuid = 0; - char *pkout = NULL; - struct daemonClientPrivate *priv = - virNetServerClientGetPrivateData(client); - virCommandPtr cmd = NULL; -+ static bool polkitInsecureWarned = false; - - virMutexLock(&priv->lock); - action = virNetServerClientGetReadonly(client) ? -@@ -2756,14 +2758,27 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED, - goto authfail; - } - -+ if (timestamp == 0) { -+ VIR_WARN("Failing polkit auth due to missing client (pid=%lld) start time", -+ (long long)callerPid); -+ goto authfail; -+ } -+ - VIR_INFO("Checking PID %lld running as %d", - (long long) callerPid, callerUid); - - virCommandAddArg(cmd, "--process"); -- if (timestamp != 0) { -- virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp); -+# ifdef PKCHECK_SUPPORTS_UID -+ supportsuid = 1; -+# endif -+ if (supportsuid) { -+ virCommandAddArgFormat(cmd, "%lld,%llu,%lu", (long long) callerPid, timestamp, (unsigned long) callerUid); - } else { -- virCommandAddArgFormat(cmd, "%lld", (long long) callerPid); -+ if (!polkitInsecureWarned) { -+ VIR_WARN("No support for caller UID with pkcheck. This deployment is known to be insecure."); -+ polkitInsecureWarned = true; -+ } -+ virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp); - } - virCommandAddArg(cmd, "--allow-user-interaction"); - -diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c -index 4c76e64..d980820 100644 ---- a/src/access/viraccessdriverpolkit.c -+++ b/src/access/viraccessdriverpolkit.c -@@ -72,8 +72,12 @@ static char * - virAccessDriverPolkitFormatProcess(const char *actionid) - { - virIdentityPtr identity = virIdentityGetCurrent(); -- const char *process = NULL; -+ const char *callerPid = NULL; -+ const char *callerTime = NULL; -+ const char *callerUid = NULL; - char *ret = NULL; -+ bool supportsuid = 0; -+ static bool polkitInsecureWarned = false; - - if (!identity) { - virAccessError(VIR_ERR_ACCESS_DENIED, -@@ -81,17 +85,43 @@ virAccessDriverPolkitFormatProcess(const char *actionid) - actionid); - return NULL; - } -- if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, &process) < 0) -+ if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, &callerPid) < 0) -+ goto cleanup; -+ if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME, &callerTime) < 0) -+ goto cleanup; -+ if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_USER_ID, &callerUid) < 0) - goto cleanup; - -- if (!process) { -+ if (!callerPid) { - virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", - _("No UNIX process ID available")); - goto cleanup; - } -- -- if (VIR_STRDUP(ret, process) < 0) -+ if (!callerTime) { -+ virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", -+ _("No UNIX process start time available")); -+ goto cleanup; -+ } -+ if (!callerUid) { -+ virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", -+ _("No UNIX caller UID available")); - goto cleanup; -+ } -+ -+#ifdef PKCHECK_SUPPORTS_UID -+ supportsuid = 1; -+#endif -+ if (supportsuid) { -+ if (virAsprintf(&ret, "%s,%s,%s", callerPid, callerTime, callerUid) < 0) -+ goto cleanup; -+ } else { -+ if (!polkitInsecureWarned) { -+ VIR_WARN("No support for caller UID with pkcheck. This deployment is known to be insecure."); -+ polkitInsecureWarned = true; -+ } -+ if (virAsprintf(&ret, "%s,%s", callerPid, callerTime) < 0) -+ goto cleanup; -+ } - - cleanup: - virObjectUnref(identity); --- -1.8.3.1 - diff --git a/community/libvirt/PKGBUILD b/community/libvirt/PKGBUILD index a19d67276..e8f834235 100644 --- a/community/libvirt/PKGBUILD +++ b/community/libvirt/PKGBUILD @@ -1,9 +1,9 @@ -# $Id: PKGBUILD 101981 2013-12-03 09:49:12Z spupykin $ +# $Id: PKGBUILD 104165 2014-01-16 14:47:41Z spupykin $ # Maintainer: Sergej Pupykin # Contributor: Jonathan Wiersma pkgname=libvirt -pkgver=1.2.0 +pkgver=1.2.1 pkgrel=1 pkgdesc="API for controlling virtualization engines (openvz,kvm,qemu,virtualbox,xen,etc)" arch=('i686' 'x86_64') @@ -13,7 +13,7 @@ depends=('e2fsprogs' 'gnutls' 'iptables' 'libxml2' 'parted' 'polkit' 'python2' 'avahi' 'yajl' 'libpciaccess' 'udev' 'dbus-core' 'libxau' 'libxdmcp' 'libpcap' 'curl' 'libsasl' 'libgcrypt' 'libgpg-error' 'openssl' 'libxcb' 'gcc-libs' 'iproute2' 'libnl' 'libx11' 'audit' 'numactl') -makedepends=('pkgconfig' 'lvm2' 'linux-api-headers' 'dnsmasq') +makedepends=('pkgconfig' 'lvm2' 'linux-api-headers' 'dnsmasq' 'lxc') optdepends=('bridge-utils: for briged networking (default)' 'dnsmasq: for NAT/DHCP for guests' 'openbsd-netcat: for remote management over ssh' @@ -33,7 +33,7 @@ source=("http://libvirt.org/sources/$pkgname-$pkgver.tar.gz" libvirtd.conf.d libvirtd-guests.conf.d libvirt.tmpfiles.d) -md5sums=('f74f78059def4e68d69b975ad6e6c3e2' +md5sums=('cce374220f67895afb6331bd2ddedbfd' '3ed0e24f5b5e25bf553f5427d64915e6' '0a96ed876ffb1fcb9dff5a9b3a609c1e' '020971887442ebbf1b6949e031c8dd3f') @@ -54,7 +54,7 @@ build() { --with-storage-lvm --without-xen --with-udev --without-hal --disable-static \ --with-init-script=systemd --with-audit \ --with-qemu-user=nobody --with-qemu-group=nobody \ - --without-netcf --with-interface + --without-netcf --with-interface --with-lxc make sed -i 's|/etc/sysconfig/|/etc/conf.d/|' daemon/libvirtd.service tools/libvirt-guests.service diff --git a/community/libvirt/libvirt.install b/community/libvirt/libvirt.install index efb652a88..b75d85ec8 100644 --- a/community/libvirt/libvirt.install +++ b/community/libvirt/libvirt.install @@ -13,7 +13,3 @@ post_upgrade() { echo ">>> libvirt runs qemu from nobody:nobody by default" echo ">>> change it in /etc/libvirt/qemu.conf" } - -post_remove() { - rm -f /usr/lib/python[0-9].[0-9]/site-packages/libvirt.pyc -} -- cgit v1.2.3-54-g00ecf