openkylin
/
libvirt
mirror of https://gitee.com/openkylin/libvirt.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Replace use of virSecurityReportError with virReportError 

Update the security drivers to use virReportError instead of
the virSecurityReportError custom macro

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2012-07-18 15:39:18 +01:00
parent 0653554bc5
commit b8605b22e5
6 changed files with 130 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cfg.mk
View File

@ -530,7 +530,6 @@ msg_gen_function += virRaiseError
msg_gen_function += virReportError msg_gen_function += virReportError
msg_gen_function += virReportErrorHelper msg_gen_function += virReportErrorHelper
msg_gen_function += virReportSystemError msg_gen_function += virReportSystemError
msg_gen_function += virSecurityReportError
msg_gen_function += virXenError msg_gen_function += virXenError
msg_gen_function += virXenInotifyError msg_gen_function += virXenInotifyError
msg_gen_function += virXenStoreError msg_gen_function += virXenStoreError

94
src/security/security_apparmor.c
View File

@ -238,8 +238,8 @@ use_apparmor(void)
char *libvirt_daemon = NULL; char *libvirt_daemon = NULL;
if (virFileResolveLink("/proc/self/exe", &libvirt_daemon) < 0) { if (virFileResolveLink("/proc/self/exe", &libvirt_daemon) < 0) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("could not find libvirtd")); "%s", _("could not find libvirtd"));
return rc; return rc;
} }
@ -275,10 +275,10 @@ reload_profile(virSecurityManagerPtr mgr,
/* Update the profile only if it is loaded */ /* Update the profile only if it is loaded */
if (profile_loaded(secdef->imagelabel) >= 0) { if (profile_loaded(secdef->imagelabel) >= 0) {
if (load_profile(mgr, secdef->imagelabel, def, fn, append) < 0) { if (load_profile(mgr, secdef->imagelabel, def, fn, append) < 0) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot update AppArmor profile " _("cannot update AppArmor profile "
"\'%s\'"), "\'%s\'"),
secdef->imagelabel); secdef->imagelabel);
goto clean; goto clean;
} }
} }
@ -299,10 +299,10 @@ AppArmorSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
if (reload_profile(ptr->mgr, def, file, true) < 0) { if (reload_profile(ptr->mgr, def, file, true) < 0) {
const virSecurityLabelDefPtr secdef = &def->seclabel; const virSecurityLabelDefPtr secdef = &def->seclabel;
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot update AppArmor profile " _("cannot update AppArmor profile "
"\'%s\'"), "\'%s\'"),
secdef->imagelabel); secdef->imagelabel);
return -1; return -1;
} }
return 0; return 0;
@ -317,10 +317,10 @@ AppArmorSetSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED,
if (reload_profile(ptr->mgr, def, file, true) < 0) { if (reload_profile(ptr->mgr, def, file, true) < 0) {
const virSecurityLabelDefPtr secdef = &def->seclabel; const virSecurityLabelDefPtr secdef = &def->seclabel;
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot update AppArmor profile " _("cannot update AppArmor profile "
"\'%s\'"), "\'%s\'"),
secdef->imagelabel); secdef->imagelabel);
return -1; return -1;
} }
return 0; return 0;
@ -347,8 +347,8 @@ AppArmorSecurityManagerProbe(const char *virtDriver)
} }
if (!virFileExists(template)) { if (!virFileExists(template)) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("template \'%s\' does not exist"), template); _("template \'%s\' does not exist"), template);
goto clean; goto clean;
} }
rc = SECURITY_DRIVER_ENABLE; rc = SECURITY_DRIVER_ENABLE;
@ -403,16 +403,16 @@ AppArmorGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
return 0; return 0;
if (def->seclabel.baselabel) { if (def->seclabel.baselabel) {
virSecurityReportError(VIR_ERR_CONFIG_UNSUPPORTED, virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
"%s", _("Cannot set a base label with AppArmour")); "%s", _("Cannot set a base label with AppArmour"));
return rc; return rc;
} }
if ((def->seclabel.label) || if ((def->seclabel.label) ||
(def->seclabel.model) || (def->seclabel.imagelabel)) { (def->seclabel.model) || (def->seclabel.imagelabel)) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
"%s", "%s",
_("security label already defined for VM")); _("security label already defined for VM"));
return rc; return rc;
} }
@ -441,9 +441,9 @@ AppArmorGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
/* Now that we have a label, load the profile into the kernel. */ /* Now that we have a label, load the profile into the kernel. */
if (load_profile(mgr, def->seclabel.label, def, NULL, false) < 0) { if (load_profile(mgr, def->seclabel.label, def, NULL, false) < 0) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot load AppArmor profile " _("cannot load AppArmor profile "
"\'%s\'"), def->seclabel.label); "\'%s\'"), def->seclabel.label);
goto err; goto err;
} }
@ -493,14 +493,14 @@ AppArmorGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
if (virStrcpy(sec->label, profile_name, if (virStrcpy(sec->label, profile_name,
VIR_SECURITY_LABEL_BUFLEN) == NULL) { VIR_SECURITY_LABEL_BUFLEN) == NULL) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("error copying profile name")); "%s", _("error copying profile name"));
goto clean; goto clean;
} }
if ((sec->enforcing = profile_status(profile_name, 1)) < 0) { if ((sec->enforcing = profile_status(profile_name, 1)) < 0) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("error calling profile_status()")); "%s", _("error calling profile_status()"));
goto clean; goto clean;
} }
rc = 0; rc = 0;
@ -538,9 +538,9 @@ AppArmorRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
if (secdef->type == VIR_DOMAIN_SECLABEL_DYNAMIC) { if (secdef->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
if ((rc = remove_profile(secdef->label)) != 0) { if ((rc = remove_profile(secdef->label)) != 0) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("could not remove profile for \'%s\'"), _("could not remove profile for \'%s\'"),
secdef->label); secdef->label);
} }
} }
return rc; return rc;
@ -560,18 +560,18 @@ AppArmorSetSecurityProcessLabel(virSecurityManagerPtr mgr, virDomainDefPtr def)
return rc; return rc;
if (STRNEQ(virSecurityManagerGetModel(mgr), secdef->model)) { if (STRNEQ(virSecurityManagerGetModel(mgr), secdef->model)) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("security label driver mismatch: " _("security label driver mismatch: "
"\'%s\' model configured for domain, but " "\'%s\' model configured for domain, but "
"hypervisor driver is \'%s\'."), "hypervisor driver is \'%s\'."),
secdef->model, virSecurityManagerGetModel(mgr)); secdef->model, virSecurityManagerGetModel(mgr));
if (use_apparmor() > 0) if (use_apparmor() > 0)
goto clean; goto clean;
} }
if (aa_change_profile(profile_name) < 0) { if (aa_change_profile(profile_name) < 0) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, "%s", virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("error calling aa_change_profile()")); _("error calling aa_change_profile()"));
goto clean; goto clean;
} }
rc = 0; rc = 0;
@ -634,8 +634,8 @@ AppArmorSetSecurityImageLabel(virSecurityManagerPtr mgr,
if (secdef->imagelabel) { if (secdef->imagelabel) {
/* if the device doesn't exist, error out */ /* if the device doesn't exist, error out */
if (!virFileExists(disk->src)) { if (!virFileExists(disk->src)) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("\'%s\' does not exist"), disk->src); _("\'%s\' does not exist"), disk->src);
return rc; return rc;
} }
@ -646,10 +646,10 @@ AppArmorSetSecurityImageLabel(virSecurityManagerPtr mgr,
if (profile_loaded(secdef->imagelabel) >= 0) { if (profile_loaded(secdef->imagelabel) >= 0) {
if (load_profile(mgr, secdef->imagelabel, def, disk->src, if (load_profile(mgr, secdef->imagelabel, def, disk->src,
false) < 0) { false) < 0) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot update AppArmor profile " _("cannot update AppArmor profile "
"\'%s\'"), "\'%s\'"),
secdef->imagelabel); secdef->imagelabel);
goto clean; goto clean;
} }
} }
@ -670,9 +670,9 @@ AppArmorSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC) { if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC) {
if (use_apparmor() < 0 || profile_status(secdef->label, 0) < 0) { if (use_apparmor() < 0 || profile_status(secdef->label, 0) < 0) {
virSecurityReportError(VIR_ERR_XML_ERROR, virReportError(VIR_ERR_XML_ERROR,
_("Invalid security label \'%s\'"), _("Invalid security label \'%s\'"),
secdef->label); secdef->label);
return -1; return -1;
} }
} }

8
src/security/security_driver.c
View File

@ -28,6 +28,8 @@
#include "security_nop.h" #include "security_nop.h"
#define VIR_FROM_THIS VIR_FROM_SECURITY
static virSecurityDriverPtr security_drivers[] = { static virSecurityDriverPtr security_drivers[] = {
#ifdef WITH_SECDRIVER_SELINUX #ifdef WITH_SECDRIVER_SELINUX
&virSecurityDriverSELinux, &virSecurityDriverSELinux,
@ -69,9 +71,9 @@ virSecurityDriverPtr virSecurityDriverLookup(const char *name,
} }
if (!drv) { if (!drv) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("Security driver %s not found"), _("Security driver %s not found"),
NULLSTR(name)); NULLSTR(name));
return NULL; return NULL;
} }

50
src/security/security_manager.c
View File

@ -125,8 +125,8 @@ virSecurityManagerPtr virSecurityManagerNew(const char *name,
/* driver "none" needs some special handling of *Confined bools */ /* driver "none" needs some special handling of *Confined bools */
if (STREQ(drv->name, "none")) { if (STREQ(drv->name, "none")) {
if (requireConfined) { if (requireConfined) {
virSecurityReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("Security driver \"none\" cannot create confined guests")); _("Security driver \"none\" cannot create confined guests"));
return NULL; return NULL;
} }
@ -180,7 +180,7 @@ virSecurityManagerGetDOI(virSecurityManagerPtr mgr)
if (mgr->drv->getDOI) if (mgr->drv->getDOI)
return mgr->drv->getDOI(mgr); return mgr->drv->getDOI(mgr);
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return NULL; return NULL;
} }
@ -190,7 +190,7 @@ virSecurityManagerGetModel(virSecurityManagerPtr mgr)
if (mgr->drv->getModel) if (mgr->drv->getModel)
return mgr->drv->getModel(mgr); return mgr->drv->getModel(mgr);
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return NULL; return NULL;
} }
@ -216,7 +216,7 @@ int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
if (mgr->drv->domainRestoreSecurityImageLabel) if (mgr->drv->domainRestoreSecurityImageLabel)
return mgr->drv->domainRestoreSecurityImageLabel(mgr, vm, disk); return mgr->drv->domainRestoreSecurityImageLabel(mgr, vm, disk);
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
} }
@ -226,7 +226,7 @@ int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr,
if (mgr->drv->domainSetSecurityDaemonSocketLabel) if (mgr->drv->domainSetSecurityDaemonSocketLabel)
return mgr->drv->domainSetSecurityDaemonSocketLabel(mgr, vm); return mgr->drv->domainSetSecurityDaemonSocketLabel(mgr, vm);
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
} }
@ -236,7 +236,7 @@ int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr,
if (mgr->drv->domainSetSecuritySocketLabel) if (mgr->drv->domainSetSecuritySocketLabel)
return mgr->drv->domainSetSecuritySocketLabel(mgr, vm); return mgr->drv->domainSetSecuritySocketLabel(mgr, vm);
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
} }
@ -246,7 +246,7 @@ int virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr,
if (mgr->drv->domainClearSecuritySocketLabel) if (mgr->drv->domainClearSecuritySocketLabel)
return mgr->drv->domainClearSecuritySocketLabel(mgr, vm); return mgr->drv->domainClearSecuritySocketLabel(mgr, vm);
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
} }
@ -257,7 +257,7 @@ int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr,
if (mgr->drv->domainSetSecurityImageLabel) if (mgr->drv->domainSetSecurityImageLabel)
return mgr->drv->domainSetSecurityImageLabel(mgr, vm, disk); return mgr->drv->domainSetSecurityImageLabel(mgr, vm, disk);
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
} }
@ -268,7 +268,7 @@ int virSecurityManagerRestoreHostdevLabel(virSecurityManagerPtr mgr,
if (mgr->drv->domainRestoreSecurityHostdevLabel) if (mgr->drv->domainRestoreSecurityHostdevLabel)
return mgr->drv->domainRestoreSecurityHostdevLabel(mgr, vm, dev); return mgr->drv->domainRestoreSecurityHostdevLabel(mgr, vm, dev);
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
} }
@ -279,7 +279,7 @@ int virSecurityManagerSetHostdevLabel(virSecurityManagerPtr mgr,
if (mgr->drv->domainSetSecurityHostdevLabel) if (mgr->drv->domainSetSecurityHostdevLabel)
return mgr->drv->domainSetSecurityHostdevLabel(mgr, vm, dev); return mgr->drv->domainSetSecurityHostdevLabel(mgr, vm, dev);
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
} }
@ -290,7 +290,7 @@ int virSecurityManagerSetSavedStateLabel(virSecurityManagerPtr mgr,
if (mgr->drv->domainSetSavedStateLabel) if (mgr->drv->domainSetSavedStateLabel)
return mgr->drv->domainSetSavedStateLabel(mgr, vm, savefile); return mgr->drv->domainSetSavedStateLabel(mgr, vm, savefile);
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
} }
@ -301,7 +301,7 @@ int virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr,
if (mgr->drv->domainRestoreSavedStateLabel) if (mgr->drv->domainRestoreSavedStateLabel)
return mgr->drv->domainRestoreSavedStateLabel(mgr, vm, savefile); return mgr->drv->domainRestoreSavedStateLabel(mgr, vm, savefile);
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
} }
@ -317,15 +317,15 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
if ((vm->seclabel.type == VIR_DOMAIN_SECLABEL_NONE) && if ((vm->seclabel.type == VIR_DOMAIN_SECLABEL_NONE) &&
mgr->requireConfined) { mgr->requireConfined) {
virSecurityReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("Unconfined guests are not allowed on this host")); _("Unconfined guests are not allowed on this host"));
return -1; return -1;
} }
if (mgr->drv->domainGenSecurityLabel) if (mgr->drv->domainGenSecurityLabel)
return mgr->drv->domainGenSecurityLabel(mgr, vm); return mgr->drv->domainGenSecurityLabel(mgr, vm);
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
} }
@ -336,7 +336,7 @@ int virSecurityManagerReserveLabel(virSecurityManagerPtr mgr,
if (mgr->drv->domainReserveSecurityLabel) if (mgr->drv->domainReserveSecurityLabel)
return mgr->drv->domainReserveSecurityLabel(mgr, vm, pid); return mgr->drv->domainReserveSecurityLabel(mgr, vm, pid);
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
} }
@ -346,7 +346,7 @@ int virSecurityManagerReleaseLabel(virSecurityManagerPtr mgr,
if (mgr->drv->domainReleaseSecurityLabel) if (mgr->drv->domainReleaseSecurityLabel)
return mgr->drv->domainReleaseSecurityLabel(mgr, vm); return mgr->drv->domainReleaseSecurityLabel(mgr, vm);
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
} }
@ -357,7 +357,7 @@ int virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr,
if (mgr->drv->domainSetSecurityAllLabel) if (mgr->drv->domainSetSecurityAllLabel)
return mgr->drv->domainSetSecurityAllLabel(mgr, vm, stdin_path); return mgr->drv->domainSetSecurityAllLabel(mgr, vm, stdin_path);
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
} }
@ -368,7 +368,7 @@ int virSecurityManagerRestoreAllLabel(virSecurityManagerPtr mgr,
if (mgr->drv->domainRestoreSecurityAllLabel) if (mgr->drv->domainRestoreSecurityAllLabel)
return mgr->drv->domainRestoreSecurityAllLabel(mgr, vm, migrated); return mgr->drv->domainRestoreSecurityAllLabel(mgr, vm, migrated);
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
} }
@ -380,7 +380,7 @@ int virSecurityManagerGetProcessLabel(virSecurityManagerPtr mgr,
if (mgr->drv->domainGetSecurityProcessLabel) if (mgr->drv->domainGetSecurityProcessLabel)
return mgr->drv->domainGetSecurityProcessLabel(mgr, vm, pid, sec); return mgr->drv->domainGetSecurityProcessLabel(mgr, vm, pid, sec);
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
} }
@ -390,7 +390,7 @@ int virSecurityManagerSetProcessLabel(virSecurityManagerPtr mgr,
if (mgr->drv->domainSetSecurityProcessLabel) if (mgr->drv->domainSetSecurityProcessLabel)
return mgr->drv->domainSetSecurityProcessLabel(mgr, vm); return mgr->drv->domainSetSecurityProcessLabel(mgr, vm);
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
} }
@ -408,7 +408,7 @@ int virSecurityManagerVerify(virSecurityManagerPtr mgr,
if (mgr->drv->domainSecurityVerify) if (mgr->drv->domainSecurityVerify)
return mgr->drv->domainSecurityVerify(mgr, def); return mgr->drv->domainSecurityVerify(mgr, def);
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
} }
@ -419,7 +419,7 @@ int virSecurityManagerSetImageFDLabel(virSecurityManagerPtr mgr,
if (mgr->drv->domainSetSecurityImageFDLabel) if (mgr->drv->domainSetSecurityImageFDLabel)
return mgr->drv->domainSetSecurityImageFDLabel(mgr, vm, fd); return mgr->drv->domainSetSecurityImageFDLabel(mgr, vm, fd);
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
} }
@ -431,7 +431,7 @@ char *virSecurityManagerGetMountOptions(virSecurityManagerPtr mgr,
/* /*
I don't think this is an error, these should be optional I don't think this is an error, these should be optional
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
*/ */
return NULL; return NULL;
} }

5
src/security/security_manager.h
View File

@ -23,11 +23,6 @@
#ifndef VIR_SECURITY_MANAGER_H__ #ifndef VIR_SECURITY_MANAGER_H__
# define VIR_SECURITY_MANAGER_H__ # define VIR_SECURITY_MANAGER_H__
# define virSecurityReportError(code, ...) \
virReportErrorHelper(VIR_FROM_SECURITY, code, __FILE__, \
__FUNCTION__, __LINE__, __VA_ARGS__)
typedef struct _virSecurityManager virSecurityManager; typedef struct _virSecurityManager virSecurityManager;
typedef virSecurityManager *virSecurityManagerPtr; typedef virSecurityManager *virSecurityManagerPtr;

106
src/security/security_selinux.c
View File

@ -277,29 +277,29 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
if ((def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) && if ((def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) &&
!def->seclabel.baselabel && !def->seclabel.baselabel &&
def->seclabel.model) { def->seclabel.model) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("security model already defined for VM")); "%s", _("security model already defined for VM"));
return rc; return rc;
} }
if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC && if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
def->seclabel.label) { def->seclabel.label) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("security label already defined for VM")); "%s", _("security label already defined for VM"));
return rc; return rc;
} }
if (def->seclabel.imagelabel) { if (def->seclabel.imagelabel) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("security image label already defined for VM")); "%s", _("security image label already defined for VM"));
return rc; return rc;
} }
if (def->seclabel.model && if (def->seclabel.model &&
STRNEQ(def->seclabel.model, SECURITY_SELINUX_NAME)) { STRNEQ(def->seclabel.model, SECURITY_SELINUX_NAME)) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("security label model %s is not supported with selinux"), _("security label model %s is not supported with selinux"),
def->seclabel.model); def->seclabel.model);
return rc; return rc;
} }
@ -350,8 +350,8 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
def->seclabel.baselabel : def->seclabel.baselabel :
data->domain_context, mcs); data->domain_context, mcs);
if (! def->seclabel.label) { if (! def->seclabel.label) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot generate selinux context for %s"), mcs); _("cannot generate selinux context for %s"), mcs);
goto cleanup; goto cleanup;
} }
break; break;
@ -361,17 +361,17 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
break; break;
default: default:
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("unexpected security label type '%s'"), _("unexpected security label type '%s'"),
virDomainSeclabelTypeToString(def->seclabel.type)); virDomainSeclabelTypeToString(def->seclabel.type));
goto cleanup; goto cleanup;
} }
if (!def->seclabel.norelabel) { if (!def->seclabel.norelabel) {
def->seclabel.imagelabel = SELinuxGenNewContext(data->file_context, mcs); def->seclabel.imagelabel = SELinuxGenNewContext(data->file_context, mcs);
if (!def->seclabel.imagelabel) { if (!def->seclabel.imagelabel) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot generate selinux context for %s"), mcs); _("cannot generate selinux context for %s"), mcs);
goto cleanup; goto cleanup;
} }
} }
@ -517,10 +517,10 @@ SELinuxGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
} }
if (strlen((char *) ctx) >= VIR_SECURITY_LABEL_BUFLEN) { if (strlen((char *) ctx) >= VIR_SECURITY_LABEL_BUFLEN) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("security label exceeds " _("security label exceeds "
"maximum length: %d"), "maximum length: %d"),
VIR_SECURITY_LABEL_BUFLEN - 1); VIR_SECURITY_LABEL_BUFLEN - 1);
freecon(ctx); freecon(ctx);
return -1; return -1;
} }
@ -1106,9 +1106,9 @@ SELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def,
return SELinuxRestoreSecurityChardevLabel(def, &dev->data.passthru); return SELinuxRestoreSecurityChardevLabel(def, &dev->data.passthru);
default: default:
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("unknown smartcard type %d"), _("unknown smartcard type %d"),
dev->type); dev->type);
return -1; return -1;
} }
@ -1225,18 +1225,18 @@ SELinuxSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
{ {
const virSecurityLabelDefPtr secdef = &def->seclabel; const virSecurityLabelDefPtr secdef = &def->seclabel;
if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) { if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("security label driver mismatch: " _("security label driver mismatch: "
"'%s' model configured for domain, but " "'%s' model configured for domain, but "
"hypervisor driver is '%s'."), "hypervisor driver is '%s'."),
secdef->model, virSecurityManagerGetModel(mgr)); secdef->model, virSecurityManagerGetModel(mgr));
return -1; return -1;
} }
if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC) { if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC) {
if (security_check_context(secdef->label) != 0) { if (security_check_context(secdef->label) != 0) {
virSecurityReportError(VIR_ERR_XML_ERROR, virReportError(VIR_ERR_XML_ERROR,
_("Invalid security label %s"), secdef->label); _("Invalid security label %s"), secdef->label);
return -1; return -1;
} }
} }
@ -1255,11 +1255,11 @@ SELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr,
return 0; return 0;
if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) { if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("security label driver mismatch: " _("security label driver mismatch: "
"'%s' model configured for domain, but " "'%s' model configured for domain, but "
"hypervisor driver is '%s'."), "hypervisor driver is '%s'."),
secdef->model, virSecurityManagerGetModel(mgr)); secdef->model, virSecurityManagerGetModel(mgr));
if (security_getenforce() == 1) if (security_getenforce() == 1)
return -1; return -1;
} }
@ -1290,11 +1290,11 @@ SELinuxSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr,
return 0; return 0;
if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) { if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("security label driver mismatch: " _("security label driver mismatch: "
"'%s' model configured for domain, but " "'%s' model configured for domain, but "
"hypervisor driver is '%s'."), "hypervisor driver is '%s'."),
secdef->model, virSecurityManagerGetModel(mgr)); secdef->model, virSecurityManagerGetModel(mgr));
goto done; goto done;
} }
@ -1357,11 +1357,11 @@ SELinuxSetSecuritySocketLabel(virSecurityManagerPtr mgr,
return 0; return 0;
if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) { if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("security label driver mismatch: " _("security label driver mismatch: "
"'%s' model configured for domain, but " "'%s' model configured for domain, but "
"hypervisor driver is '%s'."), "hypervisor driver is '%s'."),
secdef->model, virSecurityManagerGetModel(mgr)); secdef->model, virSecurityManagerGetModel(mgr));
goto done; goto done;
} }
@ -1394,11 +1394,11 @@ SELinuxClearSecuritySocketLabel(virSecurityManagerPtr mgr,
return 0; return 0;
if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) { if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("security label driver mismatch: " _("security label driver mismatch: "
"'%s' model configured for domain, but " "'%s' model configured for domain, but "
"hypervisor driver is '%s'."), "hypervisor driver is '%s'."),
secdef->model, virSecurityManagerGetModel(mgr)); secdef->model, virSecurityManagerGetModel(mgr));
if (security_getenforce() == 1) if (security_getenforce() == 1)
return -1; return -1;
} }
@ -1451,9 +1451,9 @@ SELinuxSetSecuritySmartcardCallback(virDomainDefPtr def,
return SELinuxSetSecurityChardevLabel(def, &dev->data.passthru); return SELinuxSetSecurityChardevLabel(def, &dev->data.passthru);
default: default:
virSecurityReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("unknown smartcard type %d"), _("unknown smartcard type %d"),
dev->type); dev->type);
return -1; return -1;
} }