[libvirt] [PATCH v2 03/18] security: Include security_util

Daniel P. Berrangé berrange at redhat.com
Thu Dec 6 11:38:23 UTC 2018 

On Thu, Nov 29, 2018 at 02:52:18PM +0100, Michal Privoznik wrote:
> This file implements wrappers over XATTR getter/setter. It
> ensures the proper XATTR namespace is used.
> 
> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
> ---
>  src/security/Makefile.inc.am |   2 +
>  src/security/security_util.c | 226 +++++++++++++++++++++++++++++++++++
>  src/security/security_util.h |  32 +++++
>  3 files changed, 260 insertions(+)
>  create mode 100644 src/security/security_util.c
>  create mode 100644 src/security/security_util.h
> 


> +/**
> + * virSecurityGetRememberedLabel:
> + * @name: security driver name
> + * @path: file name
> + * @label: label
> + *
> + * For given @path and security driver (@name) fetch remembered
> + * @label. The caller must not restore label if an error is
> + * indicated or if @label is NULL upon return.
> + *
> + * Returns: 0 on success,
> + *         -1 otherwise (with error reported)
> + */
> +int
> +virSecurityGetRememberedLabel(const char *name,
> +                              const char *path,
> +                              char **label)
> +{
> +    char *ref_name = NULL;
> +    char *attr_name = NULL;
> +    char *value = NULL;
> +    unsigned int refcount = 0;
> +    int ret = -1;
> +
> +    *label = NULL;
> +
> +    if (!(ref_name = virSecurityGetRefCountAttrName(name)))
> +        goto cleanup;
> +
> +    if (virFileGetXAtrr(path, ref_name, &value) < 0) {
> +        if (errno == ENOSYS || errno == ENODATA || errno == ENOTSUP) {
> +            ret = 0;
> +        } else {
> +            virReportSystemError(errno,
> +                                 _("Unable to get XATTR %s on %s"),
> +                                 ref_name,
> +                                 path);
> +        }
> +        goto cleanup;
> +    }
> +
> +    if (virStrToLong_ui(value, NULL, 10, &refcount) < 0) {
> +        virReportError(VIR_ERR_INTERNAL_ERROR,
> +                       _("malformed refcount %s on %s"),
> +                       value, path);
> +        goto cleanup;
> +    }
> +
> +    VIR_FREE(value);
> +
> +    refcount--;
> +
> +    if (refcount > 0) {
> +        if (virAsprintf(&value, "%u", refcount) < 0)
> +            goto cleanup;
> +
> +        if (virFileSetXAtrr(path, ref_name, value) < 0)
> +            goto cleanup;
> +    } else {
> +        if (virFileRemoveXAttr(path, ref_name) < 0)
> +            goto cleanup;
> +
> +        if (!(attr_name = virSecurityGetAttrName(name)))
> +            goto cleanup;
> +
> +        if (virFileGetXAtrr(path, attr_name, label) < 0)
> +            goto cleanup;

I'm not understanding why we only fetch the label value in
this half of the conditional ? Shouldn't we be unconditionally
getting the label, regardless of the updated refcount value.

If not, the method description could have an explanation of
intended behaviour.

> +
> +        if (virFileRemoveXAttr(path, attr_name) < 0)
> +            goto cleanup;
> +    }
> +
> +    ret = 0;
> + cleanup:
> +    VIR_FREE(value);
> +    VIR_FREE(attr_name);
> +    VIR_FREE(ref_name);
> +    return ret;
> +}
> +
> +
> +int
> +virSecuritySetRememberedLabel(const char *name,
> +                              const char *path,
> +                              const char *label)
> +{
> +    char *ref_name = NULL;
> +    char *attr_name = NULL;
> +    char *value = NULL;
> +    unsigned int refcount = 0;
> +    int ret = -1;
> +
> +    if (!(ref_name = virSecurityGetRefCountAttrName(name)))
> +        goto cleanup;
> +
> +    if (virFileGetXAtrr(path, ref_name, &value) < 0) {
> +        if (errno == ENOSYS || errno == ENOTSUP) {
> +            ret = 0;
> +            goto cleanup;
> +        } else if (errno != ENODATA) {
> +            virReportSystemError(errno,
> +                                 _("Unable to get XATTR %s on %s"),
> +                                 ref_name,
> +                                 path);
> +            goto cleanup;
> +        }
> +    }
> +
> +    if (value &&
> +        virStrToLong_ui(value, NULL, 10, &refcount) < 0) {
> +        virReportError(VIR_ERR_INTERNAL_ERROR,
> +                       _("malformed refcount %s on %s"),
> +                       value, path);
> +        goto cleanup;
> +    }
> +
> +    VIR_FREE(value);
> +
> +    refcount++;
> +
> +    if (refcount == 1) {
> +        if (!(attr_name = virSecurityGetAttrName(name)))
> +            goto cleanup;
> +
> +        if (virFileSetXAtrr(path, attr_name, label) < 0)
> +            goto cleanup;
> +    }

Do we need to have a

     } else {
        .... check the currently remember label matches
	      what was passed into this method ?
     }

if not, can you add API docs for this method explainng the
intended semantics when label is already remembered.

> +
> +    if (virAsprintf(&value, "%u", refcount) < 0)
> +        goto cleanup;
> +
> +    if (virFileSetXAtrr(path, ref_name, value) < 0)
> +        goto cleanup;
> +
> +    ret = 0;
> + cleanup:
> +    VIR_FREE(value);
> +    VIR_FREE(attr_name);
> +    VIR_FREE(ref_name);
> +    return ret;
> +}

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

More information about the libvir-list mailing list