[Backport] xapi_vm: Implement RBAC checking for keys in VM.other_config and VM.platform#7046
Merged
robhoes merged 3 commits intoxapi-project:26.1-lcmfrom Apr 29, 2026
Merged
Conversation
map_keys_roles parameter was RBAC checked for
{add_to,remove_from}_other_config, but set_other_config allowed
circumventing this check.
Since VM is the only object that has a key ("pci") in other_config
with the privilege level required for modification higher than that of the
other_config field generally, this meant that vm-admin could not modify the
"pci" key in other_config through add_to_other_config, but could circumvent the
check with set_other_config.
Implement a checker for VM.other_config setters based on Task's manual RBAC
checker (introduced in a3f2c6e)
This is part of XSA-489 / CVE-2026-23562
Signed-off-by: Andrii Sultanov <andriy.sultanov@vates.tech>
(cherry picked from commit 2469636)
platform:hvm_serial and other_config:hvm_serial are both keys that allow host filesystem write. Limit these to be modifiable only by pool-admin. Implement set_platform with Helpers.set_map_with_rbac, like for set_other_config. This is part of XSA-489 / CVE-2026-42486 Signed-off-by: Andrii Sultanov <andriy.sultanov@vates.tech> (cherry picked from commit e3cf679)
The only difference in the schematest comes from changing the type of the
other_config and platform fields from RW to StaticRO, which is necessary to
provide custom implementations of setters.
With a modified schematest, the diff is:
< "qualifier": "RW",
---
> "qualifier": "StaticRO",
Signed-off-by: Andrii Sultanov <andriy.sultanov@vates.tech>
(similar to commit 47d8a6f)
robhoes
changed the title
last-genius
approved these changes
Apr 29, 2026
contificate
approved these changes
Apr 29, 2026
Contributor
|
Thanks for doing this. |
psafont
approved these changes
Apr 29, 2026
Merged
via the queue into
xapi-project:26.1-lcm
with commit Apr 29, 2026
53cf465
14 of 15 checks passed
8 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport of #7039.