2012-09-19 21:00:34 +08:00
|
|
|
/*
|
conf: prepare to track multiple host source files per <disk>
It's finally time to start tracking disk backing chains in
<domain> XML. The first step is to start refactoring code
so that we have an object more convenient for representing
each host source resource in the context of a single guest
<disk>. Ultimately, I plan to move the new type into src/util
where it can be reused by virStorageFile, but to make the
transition easier to review, this patch just creates the
new type then fixes everything until it compiles again.
* src/conf/domain_conf.h (_virDomainDiskDef): Split...
(_virDomainDiskSourceDef): ...to new struct.
(virDomainDiskAuthClear): Use new type.
* src/conf/domain_conf.c (virDomainDiskDefFree): Split...
(virDomainDiskSourceDefClear): ...to new function.
(virDomainDiskGetType, virDomainDiskSetType)
(virDomainDiskGetSource, virDomainDiskSetSource)
(virDomainDiskGetDriver, virDomainDiskSetDriver)
(virDomainDiskGetFormat, virDomainDiskSetFormat)
(virDomainDiskAuthClear, virDomainDiskGetActualType)
(virDomainDiskDefParseXML, virDomainDiskSourceDefFormat)
(virDomainDiskDefFormat, virDomainDiskDefForeachPath)
(virDomainDiskDefGetSecurityLabelDef)
(virDomainDiskSourceIsBlockType): Adjust all users.
* src/lxc/lxc_controller.c (virLXCControllerSetupDisk):
Likewise.
* src/lxc/lxc_driver.c (lxcDomainAttachDeviceMknodHelper):
Likewise.
* src/qemu/qemu_command.c (qemuAddRBDHost, qemuParseRBDString)
(qemuParseDriveURIString, qemuParseGlusterString)
(qemuParseISCSIString, qemuParseNBDString)
(qemuDomainDiskGetSourceString, qemuBuildDriveStr)
(qemuBuildCommandLine, qemuParseCommandLineDisk)
(qemuParseCommandLine): Likewise.
* src/qemu/qemu_conf.c (qemuCheckSharedDevice)
(qemuAddISCSIPoolSourceHost, qemuTranslateDiskSourcePool):
Likewise.
* src/qemu/qemu_driver.c (qemuDomainUpdateDeviceConfig)
(qemuDomainPrepareDiskChainElement)
(qemuDomainSnapshotCreateInactiveExternal)
(qemuDomainSnapshotPrepareDiskExternalBackingInactive)
(qemuDomainSnapshotPrepareDiskInternal)
(qemuDomainSnapshotPrepare)
(qemuDomainSnapshotCreateSingleDiskActive)
(qemuDomainSnapshotUndoSingleDiskActive)
(qemuDomainBlockPivot, qemuDomainBlockJobImpl)
(qemuDomainBlockCopy, qemuDomainBlockCommit): Likewise.
* src/qemu/qemu_migration.c (qemuMigrationIsSafe): Likewise.
* src/qemu/qemu_process.c (qemuProcessGetVolumeQcowPassphrase)
(qemuProcessInitPasswords): Likewise.
* src/security/security_selinux.c
(virSecuritySELinuxSetSecurityFileLabel): Likewise.
* src/storage/storage_driver.c (virStorageFileInitFromDiskDef):
Likewise.
* tests/securityselinuxlabeltest.c (testSELinuxLoadDef):
Likewise.
Signed-off-by: Eric Blake <eblake@redhat.com>
2014-03-20 01:11:16 +08:00
|
|
|
* Copyright (C) 2011-2014 Red Hat, Inc.
|
2012-09-19 21:00:34 +08:00
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
* License along with this library; if not, write to the Free Software
|
|
|
|
* License along with this library; If not, see
|
|
|
|
* <http://www.gnu.org/licenses/>.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
|
|
|
#include <time.h>
|
|
|
|
|
|
|
|
#include <selinux/selinux.h>
|
|
|
|
#include <selinux/context.h>
|
2018-08-03 22:35:53 +08:00
|
|
|
#include <sys/xattr.h>
|
2012-09-19 21:00:34 +08:00
|
|
|
|
|
|
|
#include "internal.h"
|
|
|
|
#include "testutils.h"
|
|
|
|
#include "testutilsqemu.h"
|
|
|
|
#include "qemu/qemu_domain.h"
|
|
|
|
#include "viralloc.h"
|
|
|
|
#include "virerror.h"
|
|
|
|
#include "virfile.h"
|
|
|
|
#include "virlog.h"
|
|
|
|
#include "security/security_manager.h"
|
2013-04-03 18:36:23 +08:00
|
|
|
#include "virstring.h"
|
2012-09-19 21:00:34 +08:00
|
|
|
|
|
|
|
#define VIR_FROM_THIS VIR_FROM_NONE
|
|
|
|
|
2014-02-28 20:16:17 +08:00
|
|
|
VIR_LOG_INIT("tests.securityselinuxlabeltest");
|
|
|
|
|
tests: Avoid use of virQEMUDriverCreateXMLConf(NULL)
We use the function to create a virDomainXMLOption object that is
required for some functions. However, we don't pass the driver
pointer to the object anywhere - rather than pass NULL. This
causes trouble later when parsing a domain XML and calling post
parse callbacks:
Program received signal SIGSEGV, Segmentation fault.
0x000000000043fa3e in qemuDomainDefPostParse (def=0x7d36c0, caps=0x7caf10, opaque=0x0) at qemu/qemu_domain.c:1043
1043 qemuCaps = virQEMUCapsCacheLookup(driver->qemuCapsCache, def->emulator);
(gdb) bt
#0 0x000000000043fa3e in qemuDomainDefPostParse (def=0x7d36c0, caps=0x7caf10, opaque=0x0) at qemu/qemu_domain.c:1043
#1 0x00007ffff2928bf9 in virDomainDefPostParse (def=0x7d36c0, caps=0x7caf10, xmlopt=0x7c82c0) at conf/domain_conf.c:4269
#2 0x00007ffff294de04 in virDomainDefParseXML (xml=0x7da8c0, root=0x7dab80, ctxt=0x7da980, caps=0x7caf10, xmlopt=0x7c82c0, flags=0) at conf/domain_conf.c:16400
#3 0x00007ffff294e5b5 in virDomainDefParseNode (xml=0x7da8c0, root=0x7dab80, caps=0x7caf10, xmlopt=0x7c82c0, flags=0) at conf/domain_conf.c:16582
#4 0x00007ffff294e424 in virDomainDefParse (xmlStr=0x0, filename=0x7c7ef0 "/home/zippy/work/libvirt/libvirt.git/tests/securityselinuxlabeldata/disks.xml", caps=0x7caf10, xmlopt=0x7c82c0, flags=0) at conf/domain_conf.c:16529
#5 0x00007ffff294e4b2 in virDomainDefParseFile (filename=0x7c7ef0 "/home/zippy/work/libvirt/libvirt.git/tests/securityselinuxlabeldata/disks.xml", caps=0x7caf10, xmlopt=0x7c82c0, flags=0) at conf/domain_conf.c:16553
#6 0x00000000004303ca in testSELinuxLoadDef (testname=0x53c929 "disks") at securityselinuxlabeltest.c:192
#7 0x00000000004309e8 in testSELinuxLabeling (opaque=0x53c929) at securityselinuxlabeltest.c:313
#8 0x0000000000431207 in virtTestRun (title=0x53c92f "Labelling \"disks\"", body=0x430964 <testSELinuxLabeling>, data=0x53c929) at testutils.c:211
#9 0x0000000000430c5d in mymain () at securityselinuxlabeltest.c:373
#10 0x00000000004325c2 in virtTestMain (argc=1, argv=0x7fffffffd7e8, func=0x430b4a <mymain>) at testutils.c:863
#11 0x0000000000430deb in main (argc=1, argv=0x7fffffffd7e8) at securityselinuxlabeltest.c:381
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-09-22 22:27:57 +08:00
|
|
|
static virQEMUDriver driver;
|
2012-09-19 21:00:34 +08:00
|
|
|
|
2021-03-11 15:16:13 +08:00
|
|
|
static virSecurityManager *mgr;
|
2012-09-19 21:00:34 +08:00
|
|
|
|
|
|
|
typedef struct testSELinuxFile testSELinuxFile;
|
|
|
|
|
|
|
|
struct testSELinuxFile {
|
|
|
|
char *file;
|
|
|
|
char *context;
|
|
|
|
};
|
|
|
|
|
2014-06-09 19:36:07 +08:00
|
|
|
static int
|
|
|
|
testUserXattrEnabled(void)
|
|
|
|
{
|
|
|
|
int ret = -1;
|
|
|
|
ssize_t len;
|
|
|
|
const char *con_value = "system_u:object_r:svirt_image_t:s0:c41,c264";
|
|
|
|
char *path = NULL;
|
2019-10-22 21:26:14 +08:00
|
|
|
path = g_strdup_printf("%s/securityselinuxlabeldata/testxattr", abs_builddir);
|
2014-06-09 19:36:07 +08:00
|
|
|
|
2021-02-26 16:37:10 +08:00
|
|
|
if (g_mkdir_with_parents(abs_builddir "/securityselinuxlabeldata", 0777) < 0 ||
|
2014-07-01 20:52:28 +08:00
|
|
|
virFileTouch(path, 0600) < 0)
|
2014-06-09 19:36:07 +08:00
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
len = setxattr(path, "user.libvirt.selinux", con_value,
|
|
|
|
strlen(con_value), 0);
|
|
|
|
if (len < 0) {
|
|
|
|
if (errno == EOPNOTSUPP)
|
|
|
|
ret = 0;
|
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = 1;
|
|
|
|
|
|
|
|
cleanup:
|
|
|
|
unlink(path);
|
2014-07-01 20:52:28 +08:00
|
|
|
rmdir(abs_builddir "/securityselinuxlabeldata");
|
2014-06-09 19:36:07 +08:00
|
|
|
VIR_FREE(path);
|
|
|
|
return ret;
|
|
|
|
}
|
2012-09-19 21:00:34 +08:00
|
|
|
|
|
|
|
static int
|
|
|
|
testSELinuxMungePath(char **path)
|
|
|
|
{
|
|
|
|
char *tmp;
|
|
|
|
|
2019-10-22 21:26:14 +08:00
|
|
|
tmp = g_strdup_printf("%s/securityselinuxlabeldata%s", abs_builddir, *path);
|
2012-09-19 21:00:34 +08:00
|
|
|
|
|
|
|
VIR_FREE(*path);
|
|
|
|
*path = tmp;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
testSELinuxLoadFileList(const char *testname,
|
|
|
|
testSELinuxFile **files,
|
|
|
|
size_t *nfiles)
|
|
|
|
{
|
|
|
|
int ret = -1;
|
|
|
|
char *path = NULL;
|
|
|
|
FILE *fp = NULL;
|
2013-07-03 21:14:33 +08:00
|
|
|
char *line = NULL;
|
2012-09-19 21:00:34 +08:00
|
|
|
|
|
|
|
*files = NULL;
|
|
|
|
*nfiles = 0;
|
|
|
|
|
2019-10-22 21:26:14 +08:00
|
|
|
path = g_strdup_printf("%s/securityselinuxlabeldata/%s.txt", abs_srcdir,
|
|
|
|
testname);
|
2012-09-19 21:00:34 +08:00
|
|
|
|
2014-11-13 22:20:43 +08:00
|
|
|
if (!(fp = fopen(path, "r")))
|
2012-09-19 21:00:34 +08:00
|
|
|
goto cleanup;
|
|
|
|
|
2020-09-23 07:04:17 +08:00
|
|
|
line = g_new0(char, 1024);
|
2013-07-03 21:14:33 +08:00
|
|
|
|
2012-09-19 21:00:34 +08:00
|
|
|
while (!feof(fp)) {
|
2014-01-13 23:48:00 +08:00
|
|
|
char *file = NULL, *context = NULL, *tmp;
|
2012-09-19 21:00:34 +08:00
|
|
|
if (!fgets(line, 1024, fp)) {
|
|
|
|
if (!feof(fp))
|
|
|
|
goto cleanup;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2013-07-03 21:14:33 +08:00
|
|
|
tmp = strchr(line, ';');
|
|
|
|
if (!tmp) {
|
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
"unexpected format for line '%s'",
|
|
|
|
line);
|
|
|
|
goto cleanup;
|
|
|
|
}
|
2012-09-19 21:00:34 +08:00
|
|
|
*tmp = '\0';
|
|
|
|
tmp++;
|
|
|
|
|
2019-10-22 21:26:14 +08:00
|
|
|
file = g_strdup_printf("%s/securityselinuxlabeldata%s", abs_builddir,
|
|
|
|
line);
|
2012-09-19 21:00:34 +08:00
|
|
|
if (*tmp != '\0' && *tmp != '\n') {
|
2019-10-20 19:49:46 +08:00
|
|
|
context = g_strdup(tmp);
|
2012-09-19 21:00:34 +08:00
|
|
|
|
|
|
|
tmp = strchr(context, '\n');
|
2013-07-03 21:14:33 +08:00
|
|
|
if (tmp)
|
|
|
|
*tmp = '\0';
|
2012-09-19 21:00:34 +08:00
|
|
|
}
|
|
|
|
|
2021-03-20 07:37:03 +08:00
|
|
|
VIR_EXPAND_N(*files, *nfiles, 1);
|
2012-09-19 21:00:34 +08:00
|
|
|
(*files)[(*nfiles)-1].file = file;
|
|
|
|
(*files)[(*nfiles)-1].context = context;
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = 0;
|
|
|
|
|
2014-03-25 14:53:44 +08:00
|
|
|
cleanup:
|
2012-09-19 21:00:34 +08:00
|
|
|
VIR_FORCE_FCLOSE(fp);
|
|
|
|
VIR_FREE(path);
|
2013-07-03 21:14:33 +08:00
|
|
|
VIR_FREE(line);
|
2012-09-19 21:00:34 +08:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2021-03-11 15:16:13 +08:00
|
|
|
static virDomainDef *
|
2012-09-19 21:00:34 +08:00
|
|
|
testSELinuxLoadDef(const char *testname)
|
|
|
|
{
|
|
|
|
char *xmlfile = NULL;
|
2021-03-11 15:16:13 +08:00
|
|
|
virDomainDef *def = NULL;
|
2012-09-19 21:00:34 +08:00
|
|
|
size_t i;
|
|
|
|
|
2019-10-22 21:26:14 +08:00
|
|
|
xmlfile = g_strdup_printf("%s/securityselinuxlabeldata/%s.xml", abs_srcdir,
|
|
|
|
testname);
|
2012-09-19 21:00:34 +08:00
|
|
|
|
2019-11-27 20:29:21 +08:00
|
|
|
if (!(def = virDomainDefParseFile(xmlfile, driver.xmlopt,
|
2016-12-20 06:35:02 +08:00
|
|
|
NULL, 0)))
|
2012-09-19 21:00:34 +08:00
|
|
|
goto cleanup;
|
|
|
|
|
2013-05-21 15:53:48 +08:00
|
|
|
for (i = 0; i < def->ndisks; i++) {
|
2014-05-22 07:13:12 +08:00
|
|
|
if (def->disks[i]->src->type != VIR_STORAGE_TYPE_FILE &&
|
|
|
|
def->disks[i]->src->type != VIR_STORAGE_TYPE_BLOCK)
|
2012-09-19 21:00:34 +08:00
|
|
|
continue;
|
|
|
|
|
2014-05-22 07:13:12 +08:00
|
|
|
if (testSELinuxMungePath(&def->disks[i]->src->path) < 0)
|
2012-09-19 21:00:34 +08:00
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
2013-05-21 15:53:48 +08:00
|
|
|
for (i = 0; i < def->nserials; i++) {
|
2016-10-21 19:45:54 +08:00
|
|
|
if (def->serials[i]->source->type != VIR_DOMAIN_CHR_TYPE_FILE &&
|
|
|
|
def->serials[i]->source->type != VIR_DOMAIN_CHR_TYPE_PIPE &&
|
|
|
|
def->serials[i]->source->type != VIR_DOMAIN_CHR_TYPE_DEV &&
|
|
|
|
def->serials[i]->source->type != VIR_DOMAIN_CHR_TYPE_UNIX)
|
2012-09-19 21:00:34 +08:00
|
|
|
continue;
|
|
|
|
|
2016-10-21 19:45:54 +08:00
|
|
|
if (def->serials[i]->source->type == VIR_DOMAIN_CHR_TYPE_UNIX) {
|
|
|
|
if (testSELinuxMungePath(&def->serials[i]->source->data.nix.path) < 0)
|
2012-09-19 21:00:34 +08:00
|
|
|
goto cleanup;
|
|
|
|
} else {
|
2016-10-21 19:45:54 +08:00
|
|
|
if (testSELinuxMungePath(&def->serials[i]->source->data.file.path) < 0)
|
2012-09-19 21:00:34 +08:00
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (def->os.kernel &&
|
|
|
|
testSELinuxMungePath(&def->os.kernel) < 0)
|
|
|
|
goto cleanup;
|
|
|
|
if (def->os.initrd &&
|
|
|
|
testSELinuxMungePath(&def->os.initrd) < 0)
|
|
|
|
goto cleanup;
|
|
|
|
|
2014-03-25 14:53:44 +08:00
|
|
|
cleanup:
|
2012-09-19 21:00:34 +08:00
|
|
|
VIR_FREE(xmlfile);
|
|
|
|
return def;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
testSELinuxCreateDisks(testSELinuxFile *files, size_t nfiles)
|
|
|
|
{
|
|
|
|
size_t i;
|
|
|
|
|
2021-02-26 16:37:10 +08:00
|
|
|
if (g_mkdir_with_parents(abs_builddir "/securityselinuxlabeldata/nfs", 0777) < 0)
|
2012-09-19 21:00:34 +08:00
|
|
|
return -1;
|
|
|
|
|
2013-05-21 15:53:48 +08:00
|
|
|
for (i = 0; i < nfiles; i++) {
|
2012-09-19 21:00:34 +08:00
|
|
|
if (virFileTouch(files[i].file, 0600) < 0)
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
testSELinuxDeleteDisks(testSELinuxFile *files, size_t nfiles)
|
|
|
|
{
|
|
|
|
size_t i;
|
|
|
|
|
2013-05-21 15:53:48 +08:00
|
|
|
for (i = 0; i < nfiles; i++) {
|
2012-09-19 21:00:34 +08:00
|
|
|
if (unlink(files[i].file) < 0)
|
|
|
|
return -1;
|
|
|
|
}
|
2013-08-14 04:19:14 +08:00
|
|
|
if (rmdir(abs_builddir "/securityselinuxlabeldata/nfs") < 0)
|
|
|
|
return -1;
|
|
|
|
/* Ignore failure to remove non-empty directory with in-tree build */
|
|
|
|
rmdir(abs_builddir "/securityselinuxlabeldata");
|
2012-09-19 21:00:34 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
testSELinuxCheckLabels(testSELinuxFile *files, size_t nfiles)
|
|
|
|
{
|
|
|
|
size_t i;
|
2020-07-15 18:32:48 +08:00
|
|
|
char *ctx;
|
2012-09-19 21:00:34 +08:00
|
|
|
|
2013-05-21 15:53:48 +08:00
|
|
|
for (i = 0; i < nfiles; i++) {
|
2013-08-14 04:19:14 +08:00
|
|
|
ctx = NULL;
|
2012-09-19 21:00:34 +08:00
|
|
|
if (getfilecon(files[i].file, &ctx) < 0) {
|
|
|
|
if (errno == ENODATA) {
|
2013-08-14 04:19:14 +08:00
|
|
|
/* nothing to do */
|
|
|
|
} else if (errno == EOPNOTSUPP) {
|
2019-10-20 19:49:46 +08:00
|
|
|
ctx = g_strdup("EOPNOTSUPP");
|
2012-09-19 21:00:34 +08:00
|
|
|
} else {
|
|
|
|
virReportSystemError(errno,
|
|
|
|
"Cannot read label on %s",
|
|
|
|
files[i].file);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
2015-10-21 00:15:12 +08:00
|
|
|
if (STRNEQ_NULLABLE(files[i].context, ctx)) {
|
2012-09-19 21:00:34 +08:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
2018-12-05 01:08:14 +08:00
|
|
|
"File %s context '%s' did not match expected '%s'",
|
2012-09-19 21:00:34 +08:00
|
|
|
files[i].file, ctx, files[i].context);
|
2013-08-14 04:19:14 +08:00
|
|
|
VIR_FREE(ctx);
|
2012-09-19 21:00:34 +08:00
|
|
|
return -1;
|
|
|
|
}
|
2013-08-14 04:19:14 +08:00
|
|
|
VIR_FREE(ctx);
|
2012-09-19 21:00:34 +08:00
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
testSELinuxLabeling(const void *opaque)
|
|
|
|
{
|
|
|
|
const char *testname = opaque;
|
|
|
|
int ret = -1;
|
|
|
|
testSELinuxFile *files = NULL;
|
|
|
|
size_t nfiles = 0;
|
|
|
|
size_t i;
|
2021-03-11 15:16:13 +08:00
|
|
|
virDomainDef *def = NULL;
|
2012-09-19 21:00:34 +08:00
|
|
|
|
|
|
|
if (testSELinuxLoadFileList(testname, &files, &nfiles) < 0)
|
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
if (testSELinuxCreateDisks(files, nfiles) < 0)
|
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
if (!(def = testSELinuxLoadDef(testname)))
|
|
|
|
goto cleanup;
|
|
|
|
|
2019-09-11 13:53:09 +08:00
|
|
|
if (virSecurityManagerSetAllLabel(mgr, def, NULL, false, false) < 0)
|
2012-09-19 21:00:34 +08:00
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
if (testSELinuxCheckLabels(files, nfiles) < 0)
|
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
ret = 0;
|
|
|
|
|
2014-03-25 14:53:44 +08:00
|
|
|
cleanup:
|
2012-09-19 21:00:34 +08:00
|
|
|
if (testSELinuxDeleteDisks(files, nfiles) < 0)
|
2013-08-14 04:19:14 +08:00
|
|
|
VIR_WARN("unable to fully clean up");
|
2012-09-19 21:00:34 +08:00
|
|
|
|
|
|
|
virDomainDefFree(def);
|
2013-05-21 15:53:48 +08:00
|
|
|
for (i = 0; i < nfiles; i++) {
|
2012-09-19 21:00:34 +08:00
|
|
|
VIR_FREE(files[i].file);
|
|
|
|
VIR_FREE(files[i].context);
|
|
|
|
}
|
|
|
|
VIR_FREE(files);
|
2016-10-10 18:30:28 +08:00
|
|
|
if (ret < 0)
|
2019-05-03 16:45:58 +08:00
|
|
|
VIR_TEST_VERBOSE("%s", virGetLastErrorMessage());
|
2012-09-19 21:00:34 +08:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
mymain(void)
|
|
|
|
{
|
|
|
|
int ret = 0;
|
2014-06-09 19:36:07 +08:00
|
|
|
int rc = testUserXattrEnabled();
|
2019-10-18 23:30:11 +08:00
|
|
|
g_autoptr(virQEMUCaps) qemuCaps = NULL;
|
2014-06-09 19:36:07 +08:00
|
|
|
|
2021-07-23 21:25:44 +08:00
|
|
|
if (rc < 0) {
|
|
|
|
VIR_TEST_VERBOSE("failed to determine xattr support");
|
2014-06-09 19:36:07 +08:00
|
|
|
return EXIT_FAILURE;
|
2021-07-23 21:25:44 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
if (rc == 0) {
|
|
|
|
VIR_TEST_VERBOSE("xattr unsupported");
|
2014-06-09 19:36:07 +08:00
|
|
|
return EXIT_AM_SKIP;
|
2021-07-23 21:25:44 +08:00
|
|
|
}
|
2012-09-19 21:00:34 +08:00
|
|
|
|
2018-10-02 21:08:28 +08:00
|
|
|
if (!(mgr = virSecurityManagerNew("selinux", "QEMU",
|
2015-10-06 23:01:48 +08:00
|
|
|
VIR_SECURITY_MANAGER_DEFAULT_CONFINED |
|
|
|
|
VIR_SECURITY_MANAGER_PRIVILEGED))) {
|
2019-05-03 16:45:58 +08:00
|
|
|
VIR_TEST_VERBOSE("Unable to initialize security driver: %s",
|
2016-08-04 15:20:31 +08:00
|
|
|
virGetLastErrorMessage());
|
2013-02-23 06:42:39 +08:00
|
|
|
return EXIT_FAILURE;
|
2012-09-19 21:00:34 +08:00
|
|
|
}
|
|
|
|
|
tests: Avoid use of virQEMUDriverCreateXMLConf(NULL)
We use the function to create a virDomainXMLOption object that is
required for some functions. However, we don't pass the driver
pointer to the object anywhere - rather than pass NULL. This
causes trouble later when parsing a domain XML and calling post
parse callbacks:
Program received signal SIGSEGV, Segmentation fault.
0x000000000043fa3e in qemuDomainDefPostParse (def=0x7d36c0, caps=0x7caf10, opaque=0x0) at qemu/qemu_domain.c:1043
1043 qemuCaps = virQEMUCapsCacheLookup(driver->qemuCapsCache, def->emulator);
(gdb) bt
#0 0x000000000043fa3e in qemuDomainDefPostParse (def=0x7d36c0, caps=0x7caf10, opaque=0x0) at qemu/qemu_domain.c:1043
#1 0x00007ffff2928bf9 in virDomainDefPostParse (def=0x7d36c0, caps=0x7caf10, xmlopt=0x7c82c0) at conf/domain_conf.c:4269
#2 0x00007ffff294de04 in virDomainDefParseXML (xml=0x7da8c0, root=0x7dab80, ctxt=0x7da980, caps=0x7caf10, xmlopt=0x7c82c0, flags=0) at conf/domain_conf.c:16400
#3 0x00007ffff294e5b5 in virDomainDefParseNode (xml=0x7da8c0, root=0x7dab80, caps=0x7caf10, xmlopt=0x7c82c0, flags=0) at conf/domain_conf.c:16582
#4 0x00007ffff294e424 in virDomainDefParse (xmlStr=0x0, filename=0x7c7ef0 "/home/zippy/work/libvirt/libvirt.git/tests/securityselinuxlabeldata/disks.xml", caps=0x7caf10, xmlopt=0x7c82c0, flags=0) at conf/domain_conf.c:16529
#5 0x00007ffff294e4b2 in virDomainDefParseFile (filename=0x7c7ef0 "/home/zippy/work/libvirt/libvirt.git/tests/securityselinuxlabeldata/disks.xml", caps=0x7caf10, xmlopt=0x7c82c0, flags=0) at conf/domain_conf.c:16553
#6 0x00000000004303ca in testSELinuxLoadDef (testname=0x53c929 "disks") at securityselinuxlabeltest.c:192
#7 0x00000000004309e8 in testSELinuxLabeling (opaque=0x53c929) at securityselinuxlabeltest.c:313
#8 0x0000000000431207 in virtTestRun (title=0x53c92f "Labelling \"disks\"", body=0x430964 <testSELinuxLabeling>, data=0x53c929) at testutils.c:211
#9 0x0000000000430c5d in mymain () at securityselinuxlabeltest.c:373
#10 0x00000000004325c2 in virtTestMain (argc=1, argv=0x7fffffffd7e8, func=0x430b4a <mymain>) at testutils.c:863
#11 0x0000000000430deb in main (argc=1, argv=0x7fffffffd7e8) at securityselinuxlabeltest.c:381
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-09-22 22:27:57 +08:00
|
|
|
if (qemuTestDriverInit(&driver) < 0)
|
2013-03-05 23:17:24 +08:00
|
|
|
return EXIT_FAILURE;
|
|
|
|
|
2019-10-18 23:30:11 +08:00
|
|
|
if (!(qemuCaps = virQEMUCapsNew()))
|
|
|
|
return EXIT_FAILURE;
|
|
|
|
|
|
|
|
virQEMUCapsSet(qemuCaps, QEMU_CAPS_DEVICE_CIRRUS_VGA);
|
2019-12-17 17:02:10 +08:00
|
|
|
virQEMUCapsSet(qemuCaps, QEMU_CAPS_VNC);
|
2019-10-18 23:30:11 +08:00
|
|
|
|
|
|
|
if (qemuTestCapsCacheInsert(driver.qemuCapsCache, qemuCaps) < 0)
|
|
|
|
return EXIT_FAILURE;
|
|
|
|
|
2017-11-03 20:09:47 +08:00
|
|
|
#define DO_TEST_LABELING(name) \
|
|
|
|
if (virTestRun("Labelling " # name, testSELinuxLabeling, name) < 0) \
|
2013-09-21 02:13:35 +08:00
|
|
|
ret = -1;
|
2012-09-19 21:00:34 +08:00
|
|
|
|
2020-07-15 18:32:48 +08:00
|
|
|
setcon("system_r:system_u:libvirtd_t:s0:c0.c1023");
|
2012-09-19 21:00:34 +08:00
|
|
|
|
|
|
|
DO_TEST_LABELING("disks");
|
|
|
|
DO_TEST_LABELING("kernel");
|
|
|
|
DO_TEST_LABELING("chardev");
|
2013-08-14 04:19:14 +08:00
|
|
|
DO_TEST_LABELING("nfs");
|
2012-09-19 21:00:34 +08:00
|
|
|
|
tests: Avoid use of virQEMUDriverCreateXMLConf(NULL)
We use the function to create a virDomainXMLOption object that is
required for some functions. However, we don't pass the driver
pointer to the object anywhere - rather than pass NULL. This
causes trouble later when parsing a domain XML and calling post
parse callbacks:
Program received signal SIGSEGV, Segmentation fault.
0x000000000043fa3e in qemuDomainDefPostParse (def=0x7d36c0, caps=0x7caf10, opaque=0x0) at qemu/qemu_domain.c:1043
1043 qemuCaps = virQEMUCapsCacheLookup(driver->qemuCapsCache, def->emulator);
(gdb) bt
#0 0x000000000043fa3e in qemuDomainDefPostParse (def=0x7d36c0, caps=0x7caf10, opaque=0x0) at qemu/qemu_domain.c:1043
#1 0x00007ffff2928bf9 in virDomainDefPostParse (def=0x7d36c0, caps=0x7caf10, xmlopt=0x7c82c0) at conf/domain_conf.c:4269
#2 0x00007ffff294de04 in virDomainDefParseXML (xml=0x7da8c0, root=0x7dab80, ctxt=0x7da980, caps=0x7caf10, xmlopt=0x7c82c0, flags=0) at conf/domain_conf.c:16400
#3 0x00007ffff294e5b5 in virDomainDefParseNode (xml=0x7da8c0, root=0x7dab80, caps=0x7caf10, xmlopt=0x7c82c0, flags=0) at conf/domain_conf.c:16582
#4 0x00007ffff294e424 in virDomainDefParse (xmlStr=0x0, filename=0x7c7ef0 "/home/zippy/work/libvirt/libvirt.git/tests/securityselinuxlabeldata/disks.xml", caps=0x7caf10, xmlopt=0x7c82c0, flags=0) at conf/domain_conf.c:16529
#5 0x00007ffff294e4b2 in virDomainDefParseFile (filename=0x7c7ef0 "/home/zippy/work/libvirt/libvirt.git/tests/securityselinuxlabeldata/disks.xml", caps=0x7caf10, xmlopt=0x7c82c0, flags=0) at conf/domain_conf.c:16553
#6 0x00000000004303ca in testSELinuxLoadDef (testname=0x53c929 "disks") at securityselinuxlabeltest.c:192
#7 0x00000000004309e8 in testSELinuxLabeling (opaque=0x53c929) at securityselinuxlabeltest.c:313
#8 0x0000000000431207 in virtTestRun (title=0x53c92f "Labelling \"disks\"", body=0x430964 <testSELinuxLabeling>, data=0x53c929) at testutils.c:211
#9 0x0000000000430c5d in mymain () at securityselinuxlabeltest.c:373
#10 0x00000000004325c2 in virtTestMain (argc=1, argv=0x7fffffffd7e8, func=0x430b4a <mymain>) at testutils.c:863
#11 0x0000000000430deb in main (argc=1, argv=0x7fffffffd7e8) at securityselinuxlabeltest.c:381
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-09-22 22:27:57 +08:00
|
|
|
qemuTestDriverFree(&driver);
|
|
|
|
|
2012-09-19 21:00:34 +08:00
|
|
|
return (ret == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
|
|
|
|
}
|
|
|
|
|
2019-11-15 18:56:46 +08:00
|
|
|
VIR_TEST_MAIN_PRELOAD(mymain,
|
|
|
|
VIR_TEST_MOCK("domaincaps"),
|
2020-05-28 08:40:50 +08:00
|
|
|
abs_builddir "/libsecurityselinuxhelper.so")
|