[libvirt] [PATCH v2 2/4] security: introduce virSecurityManagerCheckAllLabel function
Ján Tomko
jtomko at redhat.com
Wed Feb 11 08:40:19 UTC 2015
On Tue, Feb 10, 2015 at 05:17:34PM +0100, Erik Skultety wrote:
> We do have a check for valid per-domain security model, however we still
> do permit an invalid security model for a domain's device (those which
> are specified with <source> element).
> This patch introduces a new function virSecurityManagerCheckAllLabel
> which compares user specified security model against currently
> registered security drivers. That being said, it also permits 'none'
> being specified as a device security model.
>
> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1165485
> ---
> src/libvirt_private.syms | 1 +
> src/qemu/qemu_process.c | 6 ++
missing src/lxc/lxc_process.c
> src/security/security_manager.c | 126 ++++++++++++++++++++++++++++++++++++++++
> src/security/security_manager.h | 2 +
> 4 files changed, 135 insertions(+)
>
> diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
> index 3b4ff41..1b1d891 100644
> --- a/src/libvirt_private.syms
> +++ b/src/libvirt_private.syms
> @@ -953,6 +953,7 @@ virSecurityDriverLookup;
>
>
> # security/security_manager.h
> +virSecurityManagerCheckAllLabel;
> virSecurityManagerClearSocketLabel;
> virSecurityManagerGenLabel;
> virSecurityManagerGetBaseLabel;
> diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
> index d5df60d..66ae779 100644
> --- a/src/qemu/qemu_process.c
> +++ b/src/qemu/qemu_process.c
> @@ -4428,6 +4428,10 @@ int qemuProcessStart(virConnectPtr conn,
> NULL) < 0)
> goto cleanup;
>
> + VIR_DEBUG("Checking domain and device security labels");
> + if (virSecurityManagerCheckAllLabel(driver->securityManager, vm->def) < 0)
> + goto cleanup;
> +
> /* If you are using a SecurityDriver with dynamic labelling,
> then generate a security label for isolation */
> VIR_DEBUG("Generating domain security label (if required)");
> @@ -5424,6 +5428,8 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED,
> }
> }
>
> + if (virSecurityManagerCheckAllLabel(driver->securityManager, vm->def) < 0)
> + goto error;
> if (virSecurityManagerGenLabel(driver->securityManager, vm->def) < 0)
> goto error;
>
> diff --git a/src/security/security_manager.c b/src/security/security_manager.c
> index 000bc82..32bc9fe 100644
> --- a/src/security/security_manager.c
> +++ b/src/security/security_manager.c
> @@ -685,6 +685,132 @@ virSecurityManagerReleaseLabel(virSecurityManagerPtr mgr,
> }
>
>
> +static int
> +virSecurityManagerCheckSecurityDiskLabel(virDomainDefPtr def ATTRIBUTE_UNUSED,
> + virDomainDiskDefPtr disk,
> + void *opaque)
> +{
> + size_t i, j;
> + virSecurityManagerPtr mgr = opaque;
> + virSecurityManagerPtr *sec_managers = NULL;
> +
> + if ((sec_managers = virSecurityManagerGetNested(mgr)) == NULL)
> + return 0;
> +
> + for (i = 0; i < disk->src->nseclabels; i++) {
> + if (STREQ_NULLABLE(disk->src->seclabels[i]->model, "none"))
> + continue;
> +
> + for (j = 0; sec_managers[j]; j++) {
> + if (STREQ_NULLABLE(disk->src->seclabels[i]->model,
> + sec_managers[j]->drv->name)) {
> + break;
If you continue; here (or return success if it's in a separate
function), the error message below can be unconditional.
> + }
> + }
> + if (!sec_managers[j]) {
> + virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
> + _("Unable to find security driver for model %s"),
> + disk->src->seclabels[i]->model);
> + return -1;
> + }
This hunk of code is used three times, would be better as a separate
function.
Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20150211/22c3293a/attachment-0001.sig>
More information about the libvir-list
mailing list