[libvirt] [PATCH 09/15] util: add security label setting to virCommand
Laine Stump
laine at laine.org
Fri Feb 8 18:44:49 UTC 2013
On 02/08/2013 11:23 AM, Daniel P. Berrange wrote:
> On Thu, Feb 07, 2013 at 04:37:50PM -0500, Laine Stump wrote:
>> virCommand gets the new API virCommandSetSecLabel(), which saves a
>> copy of a null-terminated string in the virCommand. During
>> virCommandRun, if the seclabel is non-NULL and we've been compiled
>> with a security driver, the appropriate security library function is
>> called to set the label for the child process. In the case of SELinux,
>> setexeccon_raw() is called, and for AppArmor, aa_change_profile() is
>> called.
>>
>> This functionality has been added so that users of virCommand can use
>> the upcoming virSecurityManagerSetChildProcessLabel() prior to running
>> a child process, rather than needing to setup a hook function to be
>> called (and in turn call virSecurityManagerSetProcessLabel()) *during*
>> the setup of the child process.
>> ---
>>
>> +#if defined(WITH_SECDRIVER_SELINUX)
>> +# include <selinux/selinux.h>
>> +#elif defined(WITH_SECDRIVER_APPARMOR)
>> +# include <sys/apparmor.h>
>> +#endif
> [snip]
>
>> +/**
>> + * virCommandSetSecLabel:
>> + * @cmd: the command to modify
>> + * @label: the label to use
>> + *
>> + * Saves a copy of @label to use when calling the appropriate security
>> + * driver after the child process has been started. In the case of
>> + * SELinux, this label will be sent to setexeccon_raw(), and in the
>> + * case of AppArmor, it will be sent to aa_change_profile(). If
>> + * neither of these is configured into libvirt, or if label is NULL,
>> + * nothing will be done.
>> + */
>> +void
>> +virCommandSetSecLabel(virCommandPtr cmd, const char *label)
>> +{
>> + if (!cmd || cmd->has_error)
>> + return;
>> +
>> + VIR_FREE(cmd->seclabel);
>> + if (label && !(cmd->seclabel = strdup(label)))
>> + cmd->has_error = ENOMEM;
>> + return;
>> +}
> It is technically possible to build libvirt with both apparmour and
> selinux enabled, and choose between the impl with a libvirtd config.
Until I broke it in the previous patch :-). I'll fix that as well.
>
> This means we need to have separate methods for each in virCommand.
> So I'd suggest a pair of methods
>
> virCommandSetSELinuxLabel(...)
> virCommandSetAppArmourProfile(...)
>
>
> Daniel
More information about the libvir-list
mailing list