Commit Graph

34 Commits

Author SHA1 Message Date
Michal Privoznik 0aad10cdae Revert "security_manager: Load lock plugin on init"
This reverts commit 3e26b476b5.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-11-16 13:42:39 +01:00
Erik Skultety 5165ff0971 src: More cleanup of some system headers already contained in internal.h
All of the ones being removed are pulled in by internal.h. The only
exception is sanlock which expects the application to include <stdint.h>
before sanlock's headers, because sanlock prototypes use fixed width
int, but they don't include stdint.h themselves, so we have to leave
that one in place.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2018-09-20 10:16:39 +02:00
Erik Skultety 9403b63102 internal: Move <stdio.h> include to internal.h
It doesn't really make sense for us to have stdlib.h and string.h but
not stdio.h in the internal.h header.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
2018-09-20 10:16:38 +02:00
Michal Privoznik 3e26b476b5 security_manager: Load lock plugin on init
Now that we know what metadata lock manager user wishes to use we
can load it when initializing security driver. This is achieved
by adding new argument to virSecurityManagerNewDriver() and
subsequently to all functions that end up calling it.

The cfg.mk change is needed in order to allow lock_manager.h
inclusion in security driver without 'syntax-check' complaining.
This is safe thing to do as locking APIs will always exist (it's
only backend implementation that changes). However, instead of
allowing the include for all other drivers (like cpu, network,
and so on) allow it only for security driver. This will still
trigger the error if including from other drivers.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-09-18 17:12:53 +02:00
Andrea Bolognani 3e7db8d3e8 Remove backslash alignment attempts
Right-aligning backslashes when defining macros or using complex
commands in Makefiles looks cute, but as soon as any changes is
required to the code you end up with either distractingly broken
alignment or unnecessarily big diffs where most of the changes
are just pushing all backslashes a few characters to one side.

Generated using

  $ git grep -El '[[:blank:]][[:blank:]]\\$' | \
    grep -E '*\.([chx]|am|mk)$$' | \
    while read f; do \
      sed -Ei 's/[[:blank:]]*[[:blank:]]\\$/ \\/g' "$f"; \
    done

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2017-11-03 13:24:12 +01:00
John Ferlan f60ec522a3 tests: Fix leak in securityselinuxtest
If we jump to the error: label and @secbuf is allocated, then it's not
free'd at all.

Found by Coverity
2017-08-23 12:32:23 -04:00
Jim Fehlig ff7e0a1a40 Fix building domain def in securityselinuxtest
The virDomainDef created by testBuildDomainDef in securityselinuxtest
adds a seclabel but does not increment nseclabels. Also, it should
populate seclabel->model with 'selinux'.

While at it, use the secdef itself to populate values instead of
the indirection through def->seclabels[0].
2017-08-21 09:10:31 -06:00
Michal Privoznik df4d393cca securityselinuxtest: Don't leak @mgr
The security manager is created so that test cases can use it.
However, it is never released.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-08-10 11:22:27 +02:00
Andrea Bolognani 4ceac4bf29 tests: Rename VIRT_TEST_* macros to VIR_TEST_*
We use the "vir" prefix pretty consistently in our
APIs, both external and internal, which made these
macros stood out.
2017-04-04 17:30:03 +02:00
Tomáš Ryšavý cd7dd1508d tests: Rename virtTestRun to virTestRun.
This function doesn't follow our convention of naming functions.
2016-06-08 11:23:12 -04:00
Jovanka Gulicoska c66150eca1 tests: More usage of virGetLastErrorMessage()
Use virGetLastErrorMessage() instead of virGetLastError() in tests
2016-05-19 15:17:03 -04:00
Michal Privoznik 79bd55b302 virSecurityManagerNew: Turn array of booleans into flags
So imagine you want to crate new security manager:

  if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false, true)));

Hard to parse, right? What about this:

  if (!(mgr = virSecurityManagerNew("selinux", "QEMU",
                                    VIR_SECURITY_MANAGER_DEFAULT_CONFINED |
                                    VIR_SECURITY_MANAGER_PRIVILEGED)));

Now that's better! This is what the commit does.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-10-07 17:51:28 +02:00
Michal Privoznik 307fb9044c virSecurityManager: Track if running as privileged
We may want to do some decisions in drivers based on fact if we
are running as privileged user or not. Propagate this info there.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-09-15 11:30:14 +02:00
Peter Krempa c03411199e conf: Allocate domain definition with the new helper
Use the virDomainDefNew() helper to allocate the definition instead of
doing it via VIR_ALLOC.
2015-02-20 17:43:05 +01:00
Ján Tomko 2dcdb7f654 Indent top-level labels by one space in tests/ 2014-03-25 14:58:41 +01:00
Daniel P. Berrange 2835c1e730 Add virLogSource variables to all source files
Any source file which calls the logging APIs now needs
to have a VIR_LOG_INIT("source.name") declaration at
the start of the file. This provides a static variable
of the virLogSource type.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-18 14:29:22 +00:00
Michael Chapman 5eb5fb80f7 tests: SELinux tests do not need to be skipped
With the previous commit's securityselinuxhelper enhancements, the
SELinux security manager can be tested even without SELinux enabled on
the test system.

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
2014-03-07 14:59:22 +01:00
Daniel P. Berrange eee6eb666c Remove test case average timing
The test case average timing code has not been used by any test
case ever. Delete it to remove complexity.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-08 12:39:30 +01:00
Michal Privoznik 3ea84b9548 Adapt to VIR_ALLOC and virAsprintf in tests/* 2013-07-10 11:07:33 +02:00
Ján Tomko 0b466db29b selinux: assume 's0' if the range is empty
This fixes a crash:
https://bugzilla.redhat.com/show_bug.cgi?id=969878
2013-06-11 13:13:43 +02:00
Ján Tomko a83b77dd73 tests: fix typo in securityselinuxtest 2013-06-04 13:17:30 +02:00
Laine Stump bfe7721d50 util: move virFile* functions from virutil.c to virfile.c
These all existed before virfile.c was created, and for some reason
weren't moved.

This is mostly straightfoward, although the syntax rule prohibiting
write() had to be changed to have an exception for virfile.c instead
of virutil.c.

This movement pointed out that there is a function called
virBuildPath(), and another almost identical function called
virFileBuildPath(). They really should be a single function, which
I'll take care of as soon as I figure out what the arglist should look
like.
2013-05-10 13:09:30 -04:00
Michal Privoznik e60b9783e1 Adapt to VIR_STRDUP and VIR_STRNDUP in tests/* 2013-05-10 11:54:29 +02:00
Michal Privoznik 7c9a2d88cd virutil: Move string related functions to virstring.c
The source code base needs to be adapted as well. Some files
include virutil.h just for the string related functions (here,
the include is substituted to match the new file), some include
virutil.h without any need (here, the include is removed), and
some require both.
2013-05-02 16:56:55 +02:00
Daniel P. Berrange 1732c1c629 Fix parsing of SELinux ranges without a category
Normally libvirtd should run with a SELinux label

  system_u:system_r:virtd_t:s0-s0:c0.c1023

If a user manually runs libvirtd though, it is sometimes
possible to get into a situation where it is running

  system_u:system_r:init_t:s0

The SELinux security driver isn't expecting this and can't
parse the security label since it lacks the ':c0.c1023' part
causing it to complain

  internal error Cannot parse sensitivity level in s0

This updates the parser to cope with this, so if no category
is present, libvirtd will hardcode the equivalent of c0.c1023.

Now this won't work if SELinux is in Enforcing mode, but that's
not an issue, because the user can only get into this problem
if in Permissive mode. This means they can now start VMs in
Permissive mode without hitting that parsing error

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-14 12:42:21 +00:00
Eric Blake dce95297e3 tests: uniformly report test failures
testutils.c likes to print summaries after a test completes,
including if it failed.  But if the test outright exit()s,
this summary is skipped.  Enforce that we return instead of exit.

* cfg.mk (sc_prohibit_exit_in_tests): New syntax check.
* tests/commandhelper.c (main): Fix offenders.
* tests/qemumonitorjsontest.c (mymain): Likewise.
* tests/seclabeltest.c (main): Likewise.
* tests/securityselinuxlabeltest.c (mymain): Likewise.
* tests/securityselinuxtest.c (mymain): Likewise.
* tests/testutils.h (VIRT_TEST_MAIN_PRELOAD): Likewise.
* tests/testutils.c (virtTestMain): Likewise.
(virtTestCaptureProgramOutput): Use symbolic name.
2013-02-25 17:38:11 -07:00
Daniel P. Berrange f24404a324 Rename virterror.c virterror_internal.h to virerror.{c,h} 2012-12-21 11:19:50 +00:00
Daniel P. Berrange 44f6ae27fe Rename util.{c,h} to virutil.{c,h} 2012-12-21 11:19:49 +00:00
Daniel P. Berrange ab9b7ec2f6 Rename memory.{c,h} to viralloc.{c,h} 2012-12-21 11:17:14 +00:00
Daniel P. Berrange 936d95d347 Rename logging.{c,h} to virlog.{c,h} 2012-12-21 11:17:14 +00:00
Daniel P. Berrange 32df483f1d Fix SELinux security label test
If securityselinuxtest was run on a system with newer SELinux
policy it would fail, due to using svirt_tcg_t instead of
svirt_t. Fixing the domain type to be KVM avoids this issue.
2012-12-19 10:05:17 +00:00
Martin Kletzander 9674f2c637 selinux: Use raw contexts
We are currently able to work only with non-translated SELinux
contexts, but we are using functions that work with translated
contexts throughout the code.  This patch swaps all SELinux context
translation relative calls with their raw sisters to avoid parsing
problems.

The problems can be experienced with mcstrans for example.  The
difference is that if you have translations enabled (yum install
mcstrans; service mcstrans start), fgetfilecon_raw() will get you
something like 'system_u:object_r:virt_image_t:s0', whereas
fgetfilecon() will return 'system_u:object_r:virt_image_t:SystemLow'
that we cannot parse.

I was trying to confirm that the _raw variants were here since the dawn of
time, but the only thing I see now is that it was imported together in
the upstream repo [1] from svn, so before 2008.

Thanks Laurent Bigonville for finding this out.

[1] http://oss.tresys.com/git/selinux.git
2012-10-12 17:54:09 +02:00
Eric Blake 4ecb723b9e maint: fix up copyright notice inconsistencies
https://www.gnu.org/licenses/gpl-howto.html recommends that
the 'If not, see <url>.' phrase be a separate sentence.

* tests/securityselinuxhelper.c: Remove doubled line.
* tests/securityselinuxtest.c: Likewise.
* globally: s/;  If/.  If/
2012-09-20 16:30:55 -06:00
Daniel P. Berrange 9136032a66 Add test case for SELinux label generation
This test case validates the correct generation of SELinux labels
for VMs, wrt the current process label. Since we can't actually
change the label of the test program process, we create a shared
library libsecurityselinuxhelper.so which overrides the getcon()
and setcon() libselinux.so functions. When started the test case
will check to see if LD_PRELOAD is set, and if not, it will
re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-21 11:37:57 +01:00