Add API to get the system identity

If no user identity is available, some operations may wish to
use the system identity. ie the identity of the current process
itself. Add an API to get such an identity.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

diff --git a/src/util/viridentity.c b/src/util/viridentity.c
index 42d78fb77316192017b02f9aca8caaf24934073e..20921374f18be603d234f0c3e3c0b7a2f840e148 100644 (file)
--- a/src/util/viridentity.c
+++ b/src/util/viridentity.c
@@ -21,6 +21,11 @@
 
 #include <config.h>
 
+#include <unistd.h>
+#if HAVE_SELINUX
+# include <selinux/selinux.h>
+#endif
+
 #include "internal.h"
 #include "viralloc.h"
 #include "virerror.h"
@@ -28,6 +33,7 @@
 #include "virlog.h"
 #include "virobject.h"
 #include "virthread.h"
+#include "virutil.h"
 
 #define VIR_FROM_THIS VIR_FROM_IDENTITY
 
@@ -115,6 +121,75 @@ int virIdentitySetCurrent(virIdentityPtr ident)
 }
 
 
+/**
+ * virIdentityGetSystem:
+ *
+ * Returns an identity that represents the system itself.
+ * This is the identity that the process is running as
+ *
+ * Returns a reference to the system identity, or NULL
+ */
+virIdentityPtr virIdentityGetSystem(void)
+{
+    char *username = NULL;
+    char *groupname = NULL;
+    char *seccontext = NULL;
+    virIdentityPtr ret = NULL;
+#if HAVE_SELINUX
+    security_context_t con;
+#endif
+
+    if (!(username = virGetUserName(getuid())))
+        goto cleanup;
+    if (!(groupname = virGetGroupName(getgid())))
+        goto cleanup;
+
+#if HAVE_SELINUX
+    if (getcon(&con) < 0) {
+        virReportSystemError(errno, "%s",
+                             _("Unable to lookup SELinux process context"));
+        goto cleanup;
+    }
+    seccontext = strdup(con);
+    freecon(con);
+    if (!seccontext) {
+        virReportOOMError();
+        goto cleanup;
+    }
+#endif
+
+    if (!(ret = virIdentityNew()))
+        goto cleanup;
+
+    if (username &&
+        virIdentitySetAttr(ret,
+                           VIR_IDENTITY_ATTR_UNIX_USER_NAME,
+                           username) < 0)
+        goto error;
+    if (groupname &&
+        virIdentitySetAttr(ret,
+                           VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
+                           groupname) < 0)
+        goto error;
+    if (seccontext &&
+        virIdentitySetAttr(ret,
+                           VIR_IDENTITY_ATTR_SECURITY_CONTEXT,
+                           seccontext) < 0)
+        goto error;
+
+cleanup:
+    VIR_FREE(username);
+    VIR_FREE(groupname);
+    VIR_FREE(seccontext);
+    return ret;
+
+error:
+    virObjectUnref(ret);
+    ret = NULL;
+    goto cleanup;
+}
+
+
 /**
  * virIdentityNew:
  *

diff --git a/src/util/viridentity.h b/src/util/viridentity.h
index 68eae1a7135dcec907c528df09297d9e57a4cee8..39ab20ef9ee62eadd0a6f993c00671cc77052255 100644 (file)
--- a/src/util/viridentity.h
+++ b/src/util/viridentity.h
@@ -41,6 +41,8 @@ typedef enum {
 virIdentityPtr virIdentityGetCurrent(void);
 int virIdentitySetCurrent(virIdentityPtr ident);
 
+virIdentityPtr virIdentityGetSystem(void);
+
 virIdentityPtr virIdentityNew(void);
 
 int virIdentitySetAttr(virIdentityPtr ident,