From b8e2de8899594edcd78b3a7cb1b39b89bbed2891 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 12 Oct 2010 12:23:55 +0100 Subject: [PATCH] Audit SELinux label assignment. A more natural auditing point would perhaps be SELinuxSetSecurityProcessLabel, but this happens in the child after root permissions are dropped, so the kernel would refuse the audit record. --- src/security/security_selinux.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index a9dd836e6f..0995d67007 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -28,6 +28,8 @@ #include "pci.h" #include "hostusb.h" #include "storage_file.h" +#include "uuid.h" +#include "virtaudit.h" #define VIR_FROM_THIS VIR_FROM_SECURITY @@ -160,20 +162,22 @@ SELinuxGenSecurityLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED, virDomainObjPtr vm) { int rc = -1; - char mcs[1024]; + char mcs[1024], uuidstr[VIR_UUID_STRING_BUFLEN]; char *scontext = NULL; int c1 = 0; int c2 = 0; - if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC) - return 0; + if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC) { + rc = 0; + goto done; + } if (vm->def->seclabel.label || vm->def->seclabel.model || vm->def->seclabel.imagelabel) { virSecurityReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("security label already defined for VM")); - return rc; + goto done; } do { @@ -217,6 +221,16 @@ err: VIR_FREE(vm->def->seclabel.model); done: VIR_FREE(scontext); + + virUUIDFormat(vm->def->uuid, uuidstr); + /* The derived socket context is not audited. */ +#define STR(X) ((X) != NULL ? (X) : "?") + VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_ID, rc == 0, + "name=%s uuid=%s process-context=%s image-context=%s", + vm->def->name, uuidstr, STR(vm->def->seclabel.label), + STR(vm->def->seclabel.imagelabel)); +#undef STR + return rc; }