[libvirt] [PATCHv2 1/6] schema: rewrite seclabel rng to match code
Osier Yang
jyang at redhat.com
Thu Dec 29 13:48:58 UTC 2011
On 2011年12月23日 08:47, Eric Blake wrote:
> The RNG for<seclabel> was too strict - if it was present, then it
> had to have sub-elements, even if those didn't make sense for the
> given attributes. Also, we didn't have any tests of<seclabel>
> parsing or XML output.
>
> In this patch, I added more parsing tests than output tests (since
> the output populates and/or reorders fields not present in certain
> inputs). Making the RNG reliable is a precursor to using<seclabel>
> variants in more places in the XML in later patches.
>
> See also:
> http://berrange.com/posts/2011/09/29/two-small-improvements-to-svirt-guest-configuration-flexibility-with-kvmlibvirt/
>
> * docs/schemas/domaincommon.rng (seclabel): Tighten rules.
> * tests/qemuxml2argvtest.c (mymain): New tests.
> * tests/qemuxml2xmltest.c (mymain): Likewise.
> * tests/qemuxml2argvdata/qemuxml2argv-seclabel-*.*: New files.
> ---
> docs/schemas/domaincommon.rng | 88 ++++++++++++++------
> .../qemuxml2argv-seclabel-dynamic-baselabel.args | 4 +
> .../qemuxml2argv-seclabel-dynamic-baselabel.xml | 28 ++++++
> .../qemuxml2argv-seclabel-dynamic.args | 4 +
> .../qemuxml2argv-seclabel-dynamic.xml | 26 ++++++
> .../qemuxml2argv-seclabel-static-relabel.args | 4 +
> .../qemuxml2argv-seclabel-static-relabel.xml | 29 +++++++
> .../qemuxml2argv-seclabel-static.args | 4 +
> .../qemuxml2argv-seclabel-static.xml | 28 ++++++
> tests/qemuxml2argvtest.c | 5 +
> tests/qemuxml2xmltest.c | 3 +
> 11 files changed, 199 insertions(+), 24 deletions(-)
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-baselabel.args
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-baselabel.xml
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic.args
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic.xml
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-static-relabel.args
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-static-relabel.xml
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-static.args
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-seclabel-static.xml
>
> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
> index 553a6f0..dd76f91 100644
> --- a/docs/schemas/domaincommon.rng
> +++ b/docs/schemas/domaincommon.rng
> @@ -50,30 +50,70 @@
> </define>
> <define name="seclabel">
> <element name="seclabel">
> -<attribute name="model">
> -<text/>
> -</attribute>
> -<attribute name="type">
> -<choice>
> -<value>dynamic</value>
> -<value>static</value>
> -</choice>
> -</attribute>
> -<attribute name="relabel">
> -<choice>
> -<value>yes</value>
> -<value>no</value>
> -</choice>
> -</attribute>
> -<element name="label">
> -<text/>
> -</element>
> -<element name="imagelabel">
> -<text/>
> -</element>
> -<element name="baselabel">
> -<text/>
> -</element>
> +<optional>
> +<attribute name='model'>
> +<text/>
> +</attribute>
> +</optional>
> +<choice>
> +<group>
> +<!-- with dynamic label (default), relabel must be yes, baselabel
> + is optional, and label and imagelabel are output-only -->
> +<optional>
> +<attribute name='type'>
> +<value>dynamic</value>
> +</attribute>
> +</optional>
> +<optional>
> +<attribute name='relabel'>
> +<value>yes</value>
> +</attribute>
> +</optional>
> +<interleave>
> +<optional>
> +<element name='label'>
> +<text/>
> +</element>
> +</optional>
> +<optional>
> +<element name='imagelabel'>
> +<text/>
> +</element>
> +</optional>
> +<optional>
> +<element name='baselabel'>
> +<text/>
> +</element>
> +</optional>
> +</interleave>
> +</group>
> +<group>
> +<!-- with static label, relabel can be either format (default
> + no), label is required, imagelabel is output-only, and no
> + baselabel is present -->
> +<attribute name='type'>
> +<value>static</value>
> +</attribute>
> +<optional>
> +<attribute name='relabel'>
> +<choice>
> +<value>yes</value>
> +<value>no</value>
> +</choice>
> +</attribute>
> +</optional>
> +<interleave>
> +<element name='label'>
> +<text/>
> +</element>
> +<optional>
> +<element name='imagelabel'>
> +<text/>
> +</element>
> +</optional>
> +</interleave>
> +</group>
> +</choice>
> </element>
> </define>
> <define name="hvs">
> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-baselabel.args b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-baselabel.args
> new file mode 100644
> index 0000000..651793d
> --- /dev/null
> +++ b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-baselabel.args
> @@ -0,0 +1,4 @@
> +LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M \
> +pc -m 214 -smp 1 -name QEMUGuest1 -nographic -monitor unix:/tmp/test-monitor,\
> +server,nowait -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -net none -serial \
> +none -parallel none -usb
> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-baselabel.xml b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-baselabel.xml
> new file mode 100644
> index 0000000..fea0eb7
> --- /dev/null
> +++ b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-baselabel.xml
> @@ -0,0 +1,28 @@
> +<domain type='qemu'>
> +<name>QEMUGuest1</name>
> +<uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
> +<memory>219100</memory>
> +<currentMemory>219100</currentMemory>
> +<vcpu cpuset='1-4,8-20,525'>1</vcpu>
> +<os>
> +<type arch='i686' machine='pc'>hvm</type>
> +<boot dev='hd'/>
> +</os>
> +<clock offset='utc'/>
> +<on_poweroff>destroy</on_poweroff>
> +<on_reboot>restart</on_reboot>
> +<on_crash>destroy</on_crash>
> +<devices>
> +<emulator>/usr/bin/qemu</emulator>
> +<disk type='block' device='disk'>
> +<source dev='/dev/HostVG/QEMUGuest1'/>
> +<target dev='hda' bus='ide'/>
> +<address type='drive' controller='0' bus='0' unit='0'/>
> +</disk>
> +<controller type='ide' index='0'/>
> +<memballoon model='virtio'/>
> +</devices>
> +<seclabel type='dynamic' model='selinux' relabel='yes'>
> +<baselabel>system_u:system_r:svirt_custom_t:s0</baselabel>
> +</seclabel>
> +</domain>
> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic.args b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic.args
> new file mode 100644
> index 0000000..651793d
> --- /dev/null
> +++ b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic.args
> @@ -0,0 +1,4 @@
> +LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M \
> +pc -m 214 -smp 1 -name QEMUGuest1 -nographic -monitor unix:/tmp/test-monitor,\
> +server,nowait -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -net none -serial \
> +none -parallel none -usb
> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic.xml b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic.xml
> new file mode 100644
> index 0000000..096c766
> --- /dev/null
> +++ b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic.xml
> @@ -0,0 +1,26 @@
> +<domain type='qemu'>
> +<name>QEMUGuest1</name>
> +<uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
> +<memory>219100</memory>
> +<currentMemory>219100</currentMemory>
> +<vcpu cpuset='1-4,8-20,525'>1</vcpu>
> +<os>
> +<type arch='i686' machine='pc'>hvm</type>
> +<boot dev='hd'/>
> +</os>
> +<clock offset='utc'/>
> +<on_poweroff>destroy</on_poweroff>
> +<on_reboot>restart</on_reboot>
> +<on_crash>destroy</on_crash>
> +<devices>
> +<emulator>/usr/bin/qemu</emulator>
> +<disk type='block' device='disk'>
> +<source dev='/dev/HostVG/QEMUGuest1'/>
> +<target dev='hda' bus='ide'/>
> +<address type='drive' controller='0' bus='0' unit='0'/>
> +</disk>
> +<controller type='ide' index='0'/>
> +<memballoon model='virtio'/>
> +</devices>
> +<seclabel type='dynamic' relabel='yes'/>
> +</domain>
> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-seclabel-static-relabel.args b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-static-relabel.args
> new file mode 100644
> index 0000000..651793d
> --- /dev/null
> +++ b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-static-relabel.args
> @@ -0,0 +1,4 @@
> +LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M \
> +pc -m 214 -smp 1 -name QEMUGuest1 -nographic -monitor unix:/tmp/test-monitor,\
> +server,nowait -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -net none -serial \
> +none -parallel none -usb
> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-seclabel-static-relabel.xml b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-static-relabel.xml
> new file mode 100644
> index 0000000..3b2ad04
> --- /dev/null
> +++ b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-static-relabel.xml
> @@ -0,0 +1,29 @@
> +<domain type='qemu'>
> +<name>QEMUGuest1</name>
> +<uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
> +<memory>219100</memory>
> +<currentMemory>219100</currentMemory>
> +<vcpu cpuset='1-4,8-20,525'>1</vcpu>
> +<os>
> +<type arch='i686' machine='pc'>hvm</type>
> +<boot dev='hd'/>
> +</os>
> +<clock offset='utc'/>
> +<on_poweroff>destroy</on_poweroff>
> +<on_reboot>restart</on_reboot>
> +<on_crash>destroy</on_crash>
> +<devices>
> +<emulator>/usr/bin/qemu</emulator>
> +<disk type='block' device='disk'>
> +<source dev='/dev/HostVG/QEMUGuest1'/>
> +<target dev='hda' bus='ide'/>
> +<address type='drive' controller='0' bus='0' unit='0'/>
> +</disk>
> +<controller type='ide' index='0'/>
> +<memballoon model='virtio'/>
> +</devices>
> +<seclabel type='static' model='selinux' relabel='yes'>
> +<label>system_u:system_r:svirt_custom_t:s0:c192,c392</label>
> +<imagelabel>system_u:system_r:svirt_custom_t:s0:c192,c392</imagelabel>
> +</seclabel>
> +</domain>
> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-seclabel-static.args b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-static.args
> new file mode 100644
> index 0000000..651793d
> --- /dev/null
> +++ b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-static.args
> @@ -0,0 +1,4 @@
> +LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M \
> +pc -m 214 -smp 1 -name QEMUGuest1 -nographic -monitor unix:/tmp/test-monitor,\
> +server,nowait -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -net none -serial \
> +none -parallel none -usb
> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-seclabel-static.xml b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-static.xml
> new file mode 100644
> index 0000000..416bd86
> --- /dev/null
> +++ b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-static.xml
> @@ -0,0 +1,28 @@
> +<domain type='qemu'>
> +<name>QEMUGuest1</name>
> +<uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
> +<memory>219100</memory>
> +<currentMemory>219100</currentMemory>
> +<vcpu cpuset='1-4,8-20,525'>1</vcpu>
> +<os>
> +<type arch='i686' machine='pc'>hvm</type>
> +<boot dev='hd'/>
> +</os>
> +<clock offset='utc'/>
> +<on_poweroff>destroy</on_poweroff>
> +<on_reboot>restart</on_reboot>
> +<on_crash>destroy</on_crash>
> +<devices>
> +<emulator>/usr/bin/qemu</emulator>
> +<disk type='block' device='disk'>
> +<source dev='/dev/HostVG/QEMUGuest1'/>
> +<target dev='hda' bus='ide'/>
> +<address type='drive' controller='0' bus='0' unit='0'/>
> +</disk>
> +<controller type='ide' index='0'/>
> +<memballoon model='virtio'/>
> +</devices>
> +<seclabel type='static' model='selinux' relabel='no'>
> +<label>system_u:system_r:svirt_custom_t:s0:c192,c392</label>
> +</seclabel>
> +</domain>
> diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
> index e1221eb..18e8941 100644
> --- a/tests/qemuxml2argvtest.c
> +++ b/tests/qemuxml2argvtest.c
> @@ -660,6 +660,11 @@ mymain(void)
> QEMU_CAPS_CHARDEV, QEMU_CAPS_MONITOR_JSON, QEMU_CAPS_NODEFCONFIG,
> QEMU_CAPS_NO_SHUTDOWN);
>
> + DO_TEST("seclabel-dynamic", false, QEMU_CAPS_NAME);
> + DO_TEST("seclabel-dynamic-baselabel", false, QEMU_CAPS_NAME);
> + DO_TEST("seclabel-static", false, QEMU_CAPS_NAME);
> + DO_TEST("seclabel-static-relabel", false, QEMU_CAPS_NAME);
> +
> free(driver.stateDir);
> virCapabilitiesFree(driver.caps);
> free(map);
> diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
> index 35bfdce..e4b99c4 100644
> --- a/tests/qemuxml2xmltest.c
> +++ b/tests/qemuxml2xmltest.c
> @@ -194,6 +194,9 @@ mymain(void)
> DO_TEST("usb-redir");
> DO_TEST("blkdeviotune");
>
> + DO_TEST("seclabel-dynamic-baselabel");
> + DO_TEST("seclabel-static");
> +
> /* These tests generate different XML */
> DO_TEST_DIFFERENT("balloon-device-auto");
> DO_TEST_DIFFERENT("channel-virtio-auto");
ACK.
More information about the libvir-list
mailing list