[PATCH 3/4] qemusecuritytest: Skip on non supported platforms

Roman Bolshakov r.bolshakov at yadro.com
Tue Nov 3 14:54:41 UTC 2020 

On Tue, Nov 03, 2020 at 02:13:28PM +0100, Michal Privoznik wrote:
> For seclabel remembering we need to have XATTRs and a special
> namespace that is accessibly to CAP_SYS_ADMIN only (we don't want
> regular users to trick us into restoring to a different label).
> And what qemusecuritytest does is it checks whether we have not
> left any path behind with XATTRs or not restored to original
> seclabel after setAll + restoreAll round trip. But it can hardly
> do so if ran on a platform where there's no XATTR namespace we
> can use.
> 
> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
> ---
>  src/libvirt_private.syms     |  4 ++++
>  src/security/security_util.c | 11 +++++++++++
>  src/security/security_util.h |  3 +++
>  tests/qemusecuritytest.c     |  6 ++++++
>  4 files changed, 24 insertions(+)
> 
> diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
> index 95e50835ad..eb588a9357 100644
> --- a/src/libvirt_private.syms
> +++ b/src/libvirt_private.syms
> @@ -1609,6 +1609,10 @@ virSecurityManagerTransactionStart;
>  virSecurityManagerVerify;
>  
>  
> +# security/security_util.h
> +virSecurityXATTRNamespaceDefined;
> +
> +
>  # util/glibcompat.h
>  vir_g_canonicalize_filename;
>  vir_g_fsync;
> diff --git a/src/security/security_util.c b/src/security/security_util.c
> index 622bd901ee..26a7861e29 100644
> --- a/src/security/security_util.c
> +++ b/src/security/security_util.c
> @@ -107,6 +107,17 @@ virSecurityGetTimestampAttrName(const char *name G_GNUC_UNUSED)
>  #endif /* !XATTR_NAMESPACE */
>  
>  
> +bool
> +virSecurityXATTRNamespaceDefined(void)
> +{
> +#ifdef XATTR_NAMESPACE
> +    return true;
> +#else
> +    return false;
> +#endif
> +}
> +
> +
>  static char *
>  virSecurityGetTimestamp(void)
>  {
> diff --git a/src/security/security_util.h b/src/security/security_util.h
> index 91de704e62..7af6f009e2 100644
> --- a/src/security/security_util.h
> +++ b/src/security/security_util.h
> @@ -32,3 +32,6 @@ int
>  virSecurityMoveRememberedLabel(const char *name,
>                                 const char *src,
>                                 const char *dst);
> +
> +bool
> +virSecurityXATTRNamespaceDefined(void);
> diff --git a/tests/qemusecuritytest.c b/tests/qemusecuritytest.c
> index 7ee1ccd1b6..dc3deb37d2 100644
> --- a/tests/qemusecuritytest.c
> +++ b/tests/qemusecuritytest.c
> @@ -22,6 +22,7 @@
>  #include "testutils.h"
>  #include "testutilsqemu.h"
>  #include "security/security_manager.h"
> +#include "security/security_util.h"
>  #include "conf/domain_conf.h"
>  #include "qemu/qemu_domain.h"
>  #include "qemu/qemu_security.h"
> @@ -148,6 +149,11 @@ mymain(void)
>          qemuTestDriverInit(&driver) < 0)
>          return -1;
>  
> +    if (!virSecurityXATTRNamespaceDefined()) {
> +        ret = EXIT_AM_SKIP;
> +        goto cleanup;
> +    }
> +
>      /* Now fix the secdriver */
>      virObjectUnref(driver.securityManager);
>  
> -- 
> 2.26.2
> 

Reviewed-by: Roman Bolshakov <r.bolshakov at yadro.com>

More information about the libvir-list mailing list