virSecurityManagerRestoreImageLabel;
virSecurityManagerRestoreSavedStateLabel;
virSecurityManagerSetAllLabel;
+virSecurityManagerSetChildProcessLabel;
virSecurityManagerSetDaemonSocketLabel;
virSecurityManagerSetHostdevLabel;
virSecurityManagerSetHugepages;
/*
* AppArmor security driver for libvirt
*
- * Copyright (C) 2011 Red Hat, Inc.
+ * Copyright (C) 2011-2013 Red Hat, Inc.
* Copyright (C) 2009-2010 Canonical Ltd.
*
* This library is free software; you can redistribute it and/or
return rc;
}
+/* Called directly by API user prior to virCommandRun().
+ * virCommandRun() will then call aa_change_profile() (if a
+ * cmd->appArmorProfile has been set) *after forking the child
+ * process*.
+ */
+static int
+AppArmorSetSecurityChildProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+ virDomainDefPtr def,
+ virCommandPtr cmd)
+{
+ int rc = -1;
+ char *profile_name = NULL;
+ const virSecurityLabelDefPtr secdef =
+ virDomainDefGetSecurityLabelDef(def, SECURITY_APPARMOR_NAME);
+
+ if (!secdef)
+ goto cleanup;
+
+ if (STRNEQ(SECURITY_APPARMOR_NAME, secdef->model)) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("security label driver mismatch: "
+ "\'%s\' model configured for domain, but "
+ "hypervisor driver is \'%s\'."),
+ secdef->model, SECURITY_APPARMOR_NAME);
+ if (use_apparmor() > 0)
+ goto cleanup;
+ }
+
+ if ((profile_name = get_profile_name(def)) == NULL)
+ goto cleanup;
+
+ virCommandSetAppArmorProfile(cmd, profile_name);
+ rc = 0;
+
+ cleanup:
+ VIR_FREE(profile_name);
+ return rc;
+}
+
static int
AppArmorSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr vm ATTRIBUTE_UNUSED)
.domainGetSecurityProcessLabel = AppArmorGetSecurityProcessLabel,
.domainSetSecurityProcessLabel = AppArmorSetSecurityProcessLabel,
+ .domainSetSecurityChildProcessLabel = AppArmorSetSecurityChildProcessLabel,
.domainSetSecurityAllLabel = AppArmorSetSecurityAllLabel,
.domainRestoreSecurityAllLabel = AppArmorRestoreSecurityAllLabel,
/*
- * Copyright (C) 2010-2012 Red Hat, Inc.
+ * Copyright (C) 2010-2013 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
}
+static int
+virSecurityDACSetChildProcessLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
+ virCommandPtr cmd)
+{
+ uid_t user;
+ gid_t group;
+ virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+
+ if (virSecurityDACGetIds(def, priv, &user, &group))
+ return -1;
+
+ VIR_DEBUG("Setting child to drop privileges of DEF to %u:%u",
+ (unsigned int) user, (unsigned int) group);
+
+ virCommandSetUID(cmd, user);
+ virCommandSetGID(cmd, group);
+ return 0;
+}
+
+
static int
virSecurityDACVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr def ATTRIBUTE_UNUSED)
.domainGetSecurityProcessLabel = virSecurityDACGetProcessLabel,
.domainSetSecurityProcessLabel = virSecurityDACSetProcessLabel,
+ .domainSetSecurityChildProcessLabel = virSecurityDACSetChildProcessLabel,
.domainSetSecurityAllLabel = virSecurityDACSetSecurityAllLabel,
.domainRestoreSecurityAllLabel = virSecurityDACRestoreSecurityAllLabel,
/*
- * Copyright (C) 2008, 2010 Red Hat, Inc.
+ * Copyright (C) 2008, 2010-2013 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
virSecurityLabelPtr sec);
typedef int (*virSecurityDomainSetProcessLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def);
+typedef int (*virSecurityDomainSetChildProcessLabel) (virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virCommandPtr cmd);
typedef int (*virSecurityDomainSecurityVerify) (virSecurityManagerPtr mgr,
virDomainDefPtr def);
typedef int (*virSecurityDomainSetImageFDLabel) (virSecurityManagerPtr mgr,
virSecurityDomainGetProcessLabel domainGetSecurityProcessLabel;
virSecurityDomainSetProcessLabel domainSetSecurityProcessLabel;
+ virSecurityDomainSetChildProcessLabel domainSetSecurityChildProcessLabel;
virSecurityDomainSetAllLabel domainSetSecurityAllLabel;
virSecurityDomainRestoreAllLabel domainRestoreSecurityAllLabel;
/*
* security_manager.c: Internal security manager API
*
- * Copyright (C) 2010-2011 Red Hat, Inc.
+ * Copyright (C) 2010-2013 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
return -1;
}
+int virSecurityManagerSetChildProcessLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ virCommandPtr cmd)
+{
+ if (mgr->drv->domainSetSecurityChildProcessLabel)
+ return mgr->drv->domainSetSecurityChildProcessLabel(mgr, vm, cmd);
+
+ virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ return -1;
+}
+
int virSecurityManagerVerify(virSecurityManagerPtr mgr,
virDomainDefPtr def)
{
/*
* security_manager.h: Internal security manager API
*
- * Copyright (C) 2010-2011 Red Hat, Inc.
+ * Copyright (C) 2010-2013 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
# define VIR_SECURITY_MANAGER_H__
# include "domain_conf.h"
+# include "vircommand.h"
typedef struct _virSecurityManager virSecurityManager;
typedef virSecurityManager *virSecurityManagerPtr;
virSecurityLabelPtr sec);
int virSecurityManagerSetProcessLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def);
+int virSecurityManagerSetChildProcessLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virCommandPtr cmd);
int virSecurityManagerVerify(virSecurityManagerPtr mgr,
virDomainDefPtr def);
int virSecurityManagerSetImageFDLabel(virSecurityManagerPtr mgr,
/*
- * Copyright (C) 2010-2011 Red Hat, Inc.
+ * Copyright (C) 2010-2013 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
return 0;
}
+static int virSecurityDomainSetChildProcessLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+ virDomainDefPtr vm ATTRIBUTE_UNUSED,
+ virCommandPtr cmd ATTRIBUTE_UNUSED)
+{
+ return 0;
+}
+
static int virSecurityDomainVerifyNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr def ATTRIBUTE_UNUSED)
{
.domainGetSecurityProcessLabel = virSecurityDomainGetProcessLabelNop,
.domainSetSecurityProcessLabel = virSecurityDomainSetProcessLabelNop,
+ .domainSetSecurityChildProcessLabel = virSecurityDomainSetChildProcessLabelNop,
.domainSetSecurityAllLabel = virSecurityDomainSetAllLabelNop,
.domainRestoreSecurityAllLabel = virSecurityDomainRestoreAllLabelNop,
return 0;
}
+static int
+virSecuritySELinuxSetSecurityChildProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+ virDomainDefPtr def,
+ virCommandPtr cmd)
+{
+ /* TODO: verify DOI */
+ virSecurityLabelDefPtr secdef;
+
+ secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+ if (secdef == NULL)
+ return -1;
+
+ if (secdef->label == NULL)
+ return 0;
+
+ VIR_DEBUG("label=%s", secdef->label);
+ if (!STREQ(SECURITY_SELINUX_NAME, secdef->model)) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("security label driver mismatch: "
+ "'%s' model configured for domain, but "
+ "hypervisor driver is '%s'."),
+ secdef->model, SECURITY_SELINUX_NAME);
+ if (security_getenforce() == 1)
+ return -1;
+ }
+
+ /* save in cmd to be set after fork/before child process is exec'ed */
+ virCommandSetSELinuxLabel(cmd, secdef->label);
+ return 0;
+}
+
static int
virSecuritySELinuxSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr def)
.domainGetSecurityProcessLabel = virSecuritySELinuxGetSecurityProcessLabel,
.domainSetSecurityProcessLabel = virSecuritySELinuxSetSecurityProcessLabel,
+ .domainSetSecurityChildProcessLabel = virSecuritySELinuxSetSecurityChildProcessLabel,
.domainSetSecurityAllLabel = virSecuritySELinuxSetSecurityAllLabel,
.domainRestoreSecurityAllLabel = virSecuritySELinuxRestoreSecurityAllLabel,
/*
- * Copyright (C) 2010-2011 Red Hat, Inc.
+ * Copyright (C) 2010-2013 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
return rc;
}
+static int
+virSecurityStackSetChildProcessLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ virCommandPtr cmd)
+{
+ virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+ virSecurityStackItemPtr item = priv->itemsHead;
+ int rc = 0;
+
+ for (; item; item = item->next) {
+ if (virSecurityManagerSetChildProcessLabel(item->securityManager, vm, cmd) < 0)
+ rc = -1;
+ }
+
+ return rc;
+}
+
static int
virSecurityStackGetProcessLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
.domainGetSecurityProcessLabel = virSecurityStackGetProcessLabel,
.domainSetSecurityProcessLabel = virSecurityStackSetProcessLabel,
+ .domainSetSecurityChildProcessLabel = virSecurityStackSetChildProcessLabel,
.domainSetSecurityAllLabel = virSecurityStackSetSecurityAllLabel,
.domainRestoreSecurityAllLabel = virSecurityStackRestoreSecurityAllLabel,
projects / libvirt.git / commitdiff