[libvirt] Patch to allow setting of svirt XML.
Daniel J Walsh
dwalsh at redhat.com
Mon Mar 30 13:15:33 UTC 2009
On 03/28/2009 07:51 AM, Daniel P. Berrange wrote:
> On Thu, Mar 26, 2009 at 11:51:21AM -0400, Daniel J Walsh wrote:
>> This patch fixes the seclabel handling in domain_conf.c to allow
>> virt-manager to set the seclabel model, type and label.
>>
>> Also adds missing error messages when the xml is incorrect.
>
> I'm not sure why this change to the XML parser is needed ? The calling
> app is already able to supply a seclabel, provided it sets type='static'
> to indicate a statically defined label. If it doesn't set this, then
> libvirt will ignore anything i nthe XML, and generate a dynamic label.
> This change is appears to just be making it parse dynamic label from
> the XML, which shouldn't be needed.
>
Currently you get no error messages if you specify anything wrong the
code fails silently.
>> How much verification should we be doing on this? I have another patch
>> that verifies the model as being a known model and a patch to verify the
>> label is a correct label. (IE SELinux verifies the label is understood
>> by the kernel.)
>
> During the parsing stage, the only semantic validation we do is for
> stuff listed in the hypervisor capabilities object (virCapabilitiesPtr).
>
> There is a record of the security model in the capabilities object,
> so you could validate that. Validating the actual user supplied
> label would be done later at the time it is used.
>
>
But if a user specifies that a label that the libvirt system does not
understand, he needs to know that right away.
If I am in virt-manager and I specify
system_u:system_r:svirt1_t:s0
I really want to know then that I made a typo, not in a log file later
when the object fails to start.
More importantly from an MLS point of view, it would be good to know if
I spacify
system_u:system_r:svirt_t:TopSecret
I get an error back telling me the machine is only cleared to Secret.
>> The problem with this second patch is it sucks in security.[ch],
>> security_selinux.[ch] into the libvirt_lxc. Should I be doing this?
>
> The second patch here seems to be empty ... ?
>
>> --- a/src/domain_conf.c
>> +++ b/src/domain_conf.c
>> @@ -1859,12 +1859,28 @@ virSecurityLabelDefParseXML(virConnectPtr conn,
>> if (virXPathNode(conn, "./seclabel", ctxt) == NULL)
>> return 0;
>>
>> + p = virXPathStringLimit(conn, "string(./seclabel/@model)",
>> + VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
>> + if (p == NULL) {
>> + virDomainReportError(conn, VIR_ERR_XML_ERROR,
>> + "%s", _("missing seclabel model"));
>> + goto error;
>> + }
>> + def->seclabel.model = p;
>> +
>> p = virXPathStringLimit(conn, "string(./seclabel/@type)",
>> VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
>> - if (p == NULL)
>> + if (p == NULL) {
>> + virDomainReportError(conn, VIR_ERR_XML_ERROR,
>> + "%s", _("missing seclabel type"));
>> goto error;
>> - if ((def->seclabel.type = virDomainSeclabelTypeFromString(p))< 0)
>> + }
>> +
>> + if ((def->seclabel.type = virDomainSeclabelTypeFromString(p))< 0) {
>> + virDomainReportError(conn, VIR_ERR_XML_ERROR,
>> + _("unknown seclabel type %s"), p);
>> goto error;
>> + }
>> VIR_FREE(p);
>>
>> /* Only parse details, if using static labels, or
>> @@ -1872,16 +1888,14 @@ virSecurityLabelDefParseXML(virConnectPtr conn,
>> */
>> if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC ||
>> !(flags& VIR_DOMAIN_XML_INACTIVE)) {
>> - p = virXPathStringLimit(conn, "string(./seclabel/@model)",
>> - VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
>> - if (p == NULL)
>> - goto error;
>> - def->seclabel.model = p;
>>
>> p = virXPathStringLimit(conn, "string(./seclabel/label[1])",
>> VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
>> - if (p == NULL)
>> - goto error;
>> + if (p == NULL) {
>> + virDomainReportError(conn, VIR_ERR_XML_ERROR,
>> + _("seclabel label is too long"));
>> + goto error;
>> + }
>> def->seclabel.label = p;
>> }
>>
>> @@ -1890,8 +1904,11 @@ virSecurityLabelDefParseXML(virConnectPtr conn,
>> !(flags& VIR_DOMAIN_XML_INACTIVE)) {
>> p = virXPathStringLimit(conn, "string(./seclabel/imagelabel[1])",
>> VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
>> - if (p == NULL)
>> + if (p == NULL) {
>> + virDomainReportError(conn, VIR_ERR_XML_ERROR,
>> + _("seclabel image label is too long"));
>> goto error;
>> + }
>> def->seclabel.imagelabel = p;
>> }
>>
>> diff --git a/src/security_selinux.c b/src/security_selinux.c
>> index 1708d55..5937f48 100644
>
>
>
> Regards,
> Daniel
More information about the libvir-list
mailing list