search for: guestfs_sh

Hi, I was investigating rh#1089100, which is about /etc/resolv.conf not being properly SELinux-labelled. Basically the problem is due to /etc/resolv.conf in the guest (so available as /sysroot/etc/resolv.conf in the appliance) being moved when executing shell commands (eg guestfs_sh) by the daemon. This operation involves: a) moving away guest's /etc/resolv.conf b) replacing it with the /etc/resolv.conf in the appliance c) executing the actual shell command d) moving the guest's /etc/resolv.conf back ... but only if the network is enabled (which is by default). So far...

...) commands. > > > > However, "g.command([self.mkconfig, '-o', self.config])" shouldn't > > have the appliances /sys available (I looked briefly in command.c and > > I don't see the same bind-mount code), or maybe I'm missing something. > > guestfs_sh, guestfs_sh_lines, guestfs_command, guestfs_command_lines > all attempt to bind-mount /sys and other directories into the chroot > while running the command. (See daemon/sh.c) > > Anyway I misunderstood before - I thought you were trying to run grub > to install the bootloader. Run...

On Thu, Aug 27, 2020 at 11:08 AM Richard W.M. Jones <rjones@redhat.com> wrote: > > On Thu, Aug 27, 2020 at 10:50:12AM +0300, Sam Eiderman wrote: > > Hi, > > > > I'm using libguestfs 1.42, > > > > When I run the following python3 commands on a rhel7.8: > > > > print(g.ls('/sys')) > > [] > > This lists the files in /sys in

...s, but because we always give a virtio-serial port to each guest (since that is how guest-host communication happens), an escalation from the appliance to the host qemu process is possible. This could affect you if: - your libguestfs program runs untrusted programs out of the guest (eg. using guestfs_sh etc) - another exploit was found in (eg) kernel filesystem code that allowed a malformed filesystem to take over the appliance If you use sVirt to confine qemu, that would thwart some/all attacks. Patching qemu recommended. Rich. -- Richard Jones, Virtualization Group, Red Hat http://peop...

...we bind /sys > for g.sh() commands. > > However, "g.command([self.mkconfig, '-o', self.config])" shouldn't > have the appliances /sys available (I looked briefly in command.c and > I don't see the same bind-mount code), or maybe I'm missing something. guestfs_sh, guestfs_sh_lines, guestfs_command, guestfs_command_lines all attempt to bind-mount /sys and other directories into the chroot while running the command. (See daemon/sh.c) Anyway I misunderstood before - I thought you were trying to run grub to install the bootloader. Running grub2-mkconfig as d...

The existing mechanism was clunky, slow and used ~ 10 MB of local disk. Rich.

...enable SELinux and load the guest's -policy: - -=over 4 - -=item 1. - -Before launching, do: - - guestfs_set_selinux (g, 1); - -=item 2. - -After mounting the guest's filesystem(s), load the policy. This -is best done by running the L<load_policy(8)> command in the -guest itself: - - guestfs_sh (g, "/usr/sbin/load_policy"); - -(Older versions of C<load_policy> require you to specify the -name of the policy file). - -=item 3. - -Optionally, set the security context for the API. The correct -security context to use can only be known by inspecting the -guest. As an example:...

...enable SELinux and load the guest's -policy: - -=over 4 - -=item 1. - -Before launching, do: - - guestfs_set_selinux (g, 1); - -=item 2. - -After mounting the guest's filesystem(s), load the policy. This -is best done by running the L<load_policy(8)> command in the -guest itself: - - guestfs_sh (g, "/usr/sbin/load_policy"); - -(Older versions of C<load_policy> require you to specify the -name of the policy file). - -=item 3. - -Optionally, set the security context for the API. The correct -security context to use can only be known by inspecting the -guest. As an example:...

...t to each guest (since that is how guest- host communication happens), an escalation from the appliance to the host qemu process is possible. This could affect you if: ? your libguestfs program runs untrusted programs out of the guest (using "guestfs_sh" etc), or ? another exploit was found in (for example) kernel filesystem code that allowed a malformed filesystem to take over the appliance. If you use sVirt to confine qemu, that would thwart some attacks. Virt-customize permiss...

.... What we do at the moment is run: if load_policy && fixfiles restore; then rm -f /.autorelabel else touch /.autorelabel echo '%s: SELinux relabelling failed, will relabel at boot instead.' fi while chrooted into the guest (using the 'guestfs_sh' API). This has a number of problems: - It has to load the policy using 'load_policy', but this doesn't work sometimes: * RHEL 5 load_policy takes a parameter. * Doesn't work if appliance kernel is significantly different from guest kernel version, because...

We can use the setfiles(8) command to relabel the guest filesystem, even though we don't have a policy loaded nor SELinux enabled in the appliance kernel. This also deprecates or removes the old and broken SELinux support. This patch isn't quite complete - I would like to add some tests to the new API. I'm posting here to garner early feedback. Rich.

v1 -> v2: - Add simple test of the setfiles API. - Use SELinux_relabel module in virt-v2v (instead of touch /.autorelabel). - Small fixes. Rich.

If we want to permit more than 255 drives to be added, then we will have to add the disks to the same virtio-scsi target using different unit (LUN) numbers. Unfortunately SCSI LUN enumeration in the Linux is not deterministic (eg. two disks with target=0, lun=[0,1] can be enumerated as /dev/sda or /dev/sdb randomly). Dealing with that will require some very complex device name translation on the

Two (not related to each other) refactorings: Patches 1-12 split configure.ac into smaller files using the m4_include mechanism. Patches 13-15 split out parts of guestfs.pod (ie. guestfs(3)) into three new manual pages: guestfs-hacking(3) - how to extend and contribute to libguestfs guestfs-internals(3) - architecture and internals guestfs-security(3) - security and CVEs Patch 16 is a

This is a follow-up to the other generator changes in: https://www.redhat.com/archives/libguestfs/2017-February/msg00217.html Rich.

Split up the huge generator/actions.ml into several smaller files. Rich.

...uot;lines", [StringList "arguments"], []; + style = RStringList "lines", [StringList (PlainString, "arguments")], []; protocol_limit_warning = true; tests = [ InitScratchFS, IfNotCrossAppliance, TestResult ( @@ -2536,7 +2536,7 @@ See also: C<guestfs_sh_lines>" }; { defaults with name = "statvfs"; added = (1, 9, 2); - style = RStruct ("statbuf", "statvfs"), [Pathname "path"], []; + style = RStruct ("statbuf", "statvfs"), [String (Pathname, "path")], [];...

Very large but mechanical change to the generator. Rich.

...ning: "guestfs_sfdisk_N" has no tests warning: "guestfs_sfdisk_l" has no tests warning: "guestfs_sfdisk_kernel_geometry" has no tests warning: "guestfs_sfdisk_disk_geometry" has no tests warning: "guestfs_vg_activate_all" has no tests warning: "guestfs_sh" has no tests warning: "guestfs_sh_lines" has no tests warning: "guestfs_scrub_freespace" has no tests warning: "guestfs_df" has no tests warning: "guestfs_df_h" has no tests warning: "guestfs_mount_loop" has no tests warning: "guestfs_rea...

...ning: "guestfs_sfdisk_N" has no tests warning: "guestfs_sfdisk_l" has no tests warning: "guestfs_sfdisk_kernel_geometry" has no tests warning: "guestfs_sfdisk_disk_geometry" has no tests warning: "guestfs_vg_activate_all" has no tests warning: "guestfs_sh" has no tests warning: "guestfs_sh_lines" has no tests warning: "guestfs_scrub_freespace" has no tests warning: "guestfs_df" has no tests warning: "guestfs_df_h" has no tests warning: "guestfs_mount_loop" has no tests warning: "guestfs_rea...