+Thu Apr 3 11:55:00 BST 2009 Daniel P. Berrange <berrange@redhat.com>
+
+ Improve error reporting/ verification of security labels
+ (Dan Walsh)
+ * src/domain_conf.c: Improve error reporting for parsing of
+ seclabel XML
+ * src/libvirt_private.syms: Export virSecurityDriverVerify
+ * src/qemu_driver.c: Verify seclabel when creating or
+ defining a new domain
+ * src/security.c, src/security.h, src/security_linux.c: Add
+ functions for verifying security labels
+ * tests/.gitignore: Ignore seclabeltest
+ * tests/Makefile.am, tests/seclabeltest.c: Add test for
+ security driver
+
Thu Apr 2 19:41:00 BST 2009 Daniel P. Berrange <berrange@redhat.com>
Mingw portability fixes
$(STORAGE_DRIVER_DISK_SOURCES) \
$(NODE_DEVICE_DRIVER_SOURCES) \
$(NODE_DEVICE_DRIVER_HAL_SOURCES) \
- $(NODE_DEVICE_DRIVER_DEVKIT_SOURCES)
+ $(NODE_DEVICE_DRIVER_DEVKIT_SOURCES) \
+ $(SECURITY_DRIVER_SELINUX_SOURCES)
#
# Build our version script. This is composed of three parts:
if (virXPathNode(conn, "./seclabel", ctxt) == NULL)
return 0;
+ p = virXPathStringLimit(conn, "string(./seclabel/@model)",
+ VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
+ if (p == NULL) {
+ virDomainReportError(conn, VIR_ERR_XML_ERROR,
+ "%s", _("missing security model"));
+ goto error;
+ }
+ def->seclabel.model = p;
+
p = virXPathStringLimit(conn, "string(./seclabel/@type)",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
- if (p == NULL)
- goto error;
- if ((def->seclabel.type = virDomainSeclabelTypeFromString(p)) < 0)
+ if (p == NULL) {
+ virDomainReportError(conn, VIR_ERR_XML_ERROR,
+ "%s", _("missing security type"));
goto error;
+ }
+ def->seclabel.type = virDomainSeclabelTypeFromString(p);
VIR_FREE(p);
+ if (def->seclabel.type < 0) {
+ virDomainReportError(conn, VIR_ERR_XML_ERROR,
+ _("invalid security type"));
+ goto error;
+ }
/* Only parse details, if using static labels, or
* if the 'live' VM XML is requested
*/
if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC ||
!(flags & VIR_DOMAIN_XML_INACTIVE)) {
- p = virXPathStringLimit(conn, "string(./seclabel/@model)",
- VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
- if (p == NULL)
- goto error;
- def->seclabel.model = p;
p = virXPathStringLimit(conn, "string(./seclabel/label[1])",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
- if (p == NULL)
+ if (p == NULL) {
+ virDomainReportError(conn, VIR_ERR_XML_ERROR,
+ _("security label is missing"));
goto error;
+ }
+
def->seclabel.label = p;
}
# security.h
+virSecurityDriverVerify;
virSecurityDriverStartup;
virSecurityDriverInit;
virSecurityDriverSetDOI;
VIR_DOMAIN_XML_INACTIVE)))
goto cleanup;
+ if (virSecurityDriverVerify(conn, def) < 0)
+ goto cleanup;
+
vm = virDomainFindByName(&driver->domains, def->name);
if (vm) {
qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED,
VIR_DOMAIN_XML_INACTIVE)))
goto cleanup;
+ if (virSecurityDriverVerify(conn, def) < 0)
+ goto cleanup;
+
vm = virDomainFindByName(&driver->domains, def->name);
if (vm) {
virDomainObjUnlock(vm);
NULL
};
+int
+virSecurityDriverVerify(virConnectPtr conn, virDomainDefPtr def)
+{
+ unsigned int i;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
+
+ if (STREQ(secdef->model, "none"))
+ return 0;
+
+ for (i = 0; security_drivers[i] != NULL ; i++) {
+ if (STREQ(security_drivers[i]->name, secdef->model)) {
+ return security_drivers[i]->domainSecurityVerify(conn, def);
+ }
+ }
+ virSecurityReportError(conn, VIR_ERR_XML_ERROR,
+ _("invalid security model"));
+ return -1;
+}
+
int
virSecurityDriverStartup(virSecurityDriverPtr *drv,
const char *name)
typedef int (*virSecurityDomainSetLabel) (virConnectPtr conn,
virSecurityDriverPtr drv,
virDomainObjPtr vm);
+typedef int (*virSecurityDomainSecurityVerify) (virConnectPtr conn,
+ virDomainDefPtr def);
struct _virSecurityDriver {
const char *name;
virSecurityDriverProbe probe;
virSecurityDriverOpen open;
+ virSecurityDomainSecurityVerify domainSecurityVerify;
virSecurityDomainRestoreImageLabel domainRestoreSecurityImageLabel;
virSecurityDomainSetImageLabel domainSetSecurityImageLabel;
virSecurityDomainGenLabel domainGenSecurityLabel;
int virSecurityDriverStartup(virSecurityDriverPtr *drv,
const char *name);
+int
+virSecurityDriverVerify(virConnectPtr conn, virDomainDefPtr def);
+
void
virSecurityReportError(virConnectPtr conn, int code, const char *fmt, ...)
ATTRIBUTE_FORMAT(printf, 3, 4);
/*
- * Copyright (C) 2008 Red Hat, Inc.
+ * Copyright (C) 2008,2009 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
*
* Authors:
* James Morris <jmorris@namei.org>
+ * Dan Walsh <dwalsh@redhat.com>
*
* SELinux security driver.
*/
return rc;
}
+static int
+SELinuxSecurityVerify(virConnectPtr conn, virDomainDefPtr def)
+{
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
+ if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC) {
+ if (security_check_context(secdef->label) != 0) {
+ virSecurityReportError(conn, VIR_ERR_XML_ERROR,
+ _("Invalid security label %s"), secdef->label);
+ return -1;
+ }
+ }
+ return 0;
+}
+
static int
SELinuxSetSecurityLabel(virConnectPtr conn,
virSecurityDriverPtr drv,
.name = SECURITY_SELINUX_NAME,
.probe = SELinuxSecurityDriverProbe,
.open = SELinuxSecurityDriverOpen,
+ .domainSecurityVerify = SELinuxSecurityVerify,
.domainSetSecurityImageLabel = SELinuxSetSecurityImageLabel,
.domainRestoreSecurityImageLabel = SELinuxRestoreSecurityImageLabel,
.domainGenSecurityLabel = SELinuxGenSecurityLabel,
nodeinfotest
statstest
qparamtest
+seclabeltest
*.gcda
*.gcno
*.exe
nodeinfotest
statstest
qparamtest
+seclabeltest
*.gcda
*.gcno
*.exe
noinst_PROGRAMS += qemuxml2argvtest qemuxml2xmltest
endif
+if WITH_SECDRIVER_SELINUX
+noinst_PROGRAMS += seclabeltest
+endif
+
noinst_PROGRAMS += nodedevxml2xmltest
test_scripts = \
TESTS += qemuxml2argvtest qemuxml2xmltest
endif
+if WITH_SECDRIVER_SELINUX
+TESTS += seclabeltest
+endif
+
TESTS += nodedevxml2xmltest
path_add = $$abs_top_builddir/src$(PATH_SEPARATOR)$$abs_top_builddir/qemud
statstest.c testutils.h testutils.c
statstest_LDADD = $(LDADDS)
+if WITH_SECDRIVER_SELINUX
+seclabeltest_SOURCES = \
+ seclabeltest.c
+seclabeltest_LDADD = ../src/libvirt_driver_security.la $(LDADDS)
+else
+EXTRA_DIST += seclabeltest.c
+endif
+
qparamtest_SOURCES = \
qparamtest.c testutils.h testutils.c
qparamtest_LDADD = $(LDADDS)
--- /dev/null
+#include <config.h>
+
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include "security.h"
+
+int
+main (int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED)
+{
+ int ret;
+
+ const char *doi, *model;
+ virSecurityDriverPtr security_drv;
+
+ ret = virSecurityDriverStartup (&security_drv, "selinux");
+ if (ret == -1)
+ {
+ fprintf (stderr, "Failed to start security driver");
+ exit (-1);
+ }
+ /* No security driver wanted to be enabled: just return */
+ if (ret == -2)
+ return 0;
+
+ model = virSecurityDriverGetModel (security_drv);
+ if (!model)
+ {
+ fprintf (stderr, "Failed to copy secModel model: %s",
+ strerror (errno));
+ exit (-1);
+ }
+
+ doi = virSecurityDriverGetDOI (security_drv);
+ if (!doi)
+ {
+ fprintf (stderr, "Failed to copy secModel DOI: %s",
+ strerror (errno));
+ exit (-1);
+ }
+
+ return 0;
+}
projects / libvirt.git / commitdiff