From 8695793d726e37e31498f9fcbf0bce0adc56dc91 Mon Sep 17 00:00:00 2001
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 15 Jan 2019 09:50:58 +0100
Subject: [PATCH] Revert "qemu: Temporary disable owner remembering"
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

This reverts commit fc3990c7e64be1da1631952d3ec384ebef50e125.

Now that all the reported bugs are fixed let's turn the feature
back on.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
---
 docs/news.xml                      | 13 +++++++++++++
 src/qemu/libvirtd_qemu.aug         |  1 +
 src/qemu/qemu.conf                 |  5 +++++
 src/qemu/qemu_conf.c               |  4 ++++
 src/qemu/test_libvirtd_qemu.aug.in |  1 +
 5 files changed, 24 insertions(+)

diff --git a/docs/news.xml b/docs/news.xml
index e78c7ef982..ca1180d3d8 100644
--- a/docs/news.xml
+++ b/docs/news.xml
@@ -25,6 +25,19 @@
     <section title="New features">
     </section>
     <section title="Improvements">
+      <change>
+        <summary>
+          Remember original owners and SELinux labels of files
+        </summary>
+        <description>
+          When a domain is starting up libvirt changes DAC and
+          SELinux labels so that domain can access it. However,
+          it never remembered the original labels and therefore
+          the file was returned back to <code>root:root</code>.
+          With this release, the original labels are remembered
+          and restored properly.
+        </description>
+      </change>
     </section>
     <section title="Bug fixes">
     </section>
diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index 6821cc4a29..eea9094d39 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -72,6 +72,7 @@ module Libvirtd_qemu =
                  | str_entry "user"
                  | str_entry "group"
                  | bool_entry "dynamic_ownership"
+                 | bool_entry "remember_owner"
                  | str_array_entry "cgroup_controllers"
                  | str_array_entry "cgroup_device_acl"
                  | int_entry "seccomp_sandbox"
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 1969b3f0a1..fd2ed9dc21 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -456,6 +456,11 @@
 # Set to 0 to disable file ownership changes.
 #dynamic_ownership = 1
 
+# Whether libvirt should remember and restore the original
+# ownership over files it is relabeling. Defaults to 1, set
+# to 0 to disable the feature.
+#remember_owner = 1
+
 # What cgroup controllers to make use of with QEMU guests
 #
 #  - 'cpu' - use for scheduler tunables
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 8312f99f80..e0195dac29 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -125,6 +125,7 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)
         cfg->group = (gid_t)-1;
     }
     cfg->dynamicOwnership = privileged;
+    cfg->rememberOwner = privileged;
 
     cfg->cgroupControllers = -1; /* -1 == auto-detect */
 
@@ -890,6 +891,9 @@ virQEMUDriverConfigLoadSecurityEntry(virQEMUDriverConfigPtr cfg,
     if (virConfGetValueBool(conf, "dynamic_ownership", &cfg->dynamicOwnership) < 0)
         return -1;
 
+    if (virConfGetValueBool(conf, "remember_owner", &cfg->rememberOwner) < 0)
+        return -1;
+
     if (virConfGetValueStringList(conf, "cgroup_controllers", false,
                                   &controllers) < 0)
         return -1;
diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in
index 50b728ad22..388ba24b8b 100644
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -44,6 +44,7 @@ module Test_libvirtd_qemu =
 { "user" = "root" }
 { "group" = "root" }
 { "dynamic_ownership" = "1" }
+{ "remember_owner" = "1" }
 { "cgroup_controllers"
     { "1" = "cpu" }
     { "2" = "devices" }
-- 
2.47.2