2013-03-18 05:06:52 +08:00
|
|
|
#
|
2013-10-28 04:59:46 +08:00
|
|
|
# Copyright 2010, 2012-2013 Red Hat, Inc.
|
2013-03-18 05:06:52 +08:00
|
|
|
# Cole Robinson <crobinso@redhat.com>
|
|
|
|
#
|
|
|
|
# This program is free software; you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
2013-10-28 04:59:47 +08:00
|
|
|
# the Free Software Foundation; either version 2 of the License, or
|
|
|
|
# (at your option) any later version.
|
2013-03-18 05:06:52 +08:00
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
# along with this program; if not, write to the Free Software
|
|
|
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
|
|
|
|
# MA 02110-1301 USA.
|
|
|
|
|
2013-07-14 06:56:09 +08:00
|
|
|
from virtinst.xmlbuilder import XMLBuilder, XMLProperty
|
2013-03-18 05:06:52 +08:00
|
|
|
|
2013-04-14 02:34:52 +08:00
|
|
|
|
2013-07-14 06:56:09 +08:00
|
|
|
class Seclabel(XMLBuilder):
|
2013-03-18 05:06:52 +08:00
|
|
|
"""
|
|
|
|
Class for generating <seclabel> XML
|
|
|
|
"""
|
|
|
|
|
2013-07-17 00:30:43 +08:00
|
|
|
TYPE_DYNAMIC = "dynamic"
|
|
|
|
TYPE_STATIC = "static"
|
|
|
|
TYPE_DEFAULT = "default"
|
|
|
|
TYPES = [TYPE_DYNAMIC, TYPE_STATIC]
|
2013-03-18 05:06:52 +08:00
|
|
|
|
|
|
|
MODEL_DEFAULT = "default"
|
|
|
|
|
2013-07-17 00:30:43 +08:00
|
|
|
MODEL_TEST = "testSecurity"
|
|
|
|
MODEL_SELINUX = "selinux"
|
|
|
|
MODEL_DAC = "dac"
|
|
|
|
MODEL_NONE = "none"
|
|
|
|
MODELS = [MODEL_SELINUX, MODEL_DAC, MODEL_NONE]
|
2013-03-18 05:06:52 +08:00
|
|
|
|
2013-09-11 23:47:09 +08:00
|
|
|
_XML_ROOT_NAME = "seclabel"
|
2013-07-17 00:30:43 +08:00
|
|
|
_XML_PROP_ORDER = ["type", "model", "relabel", "label", "imagelabel"]
|
2013-03-18 05:06:52 +08:00
|
|
|
|
2013-07-17 00:30:43 +08:00
|
|
|
def _guess_secmodel(self):
|
2013-03-18 05:06:52 +08:00
|
|
|
# We always want the testSecurity model when running tests
|
2013-07-17 00:30:43 +08:00
|
|
|
if (self.MODEL_TEST in
|
2013-07-07 02:12:13 +08:00
|
|
|
[x.model for x in self.conn.caps.host.secmodels]):
|
2013-07-17 00:30:43 +08:00
|
|
|
return self.MODEL_TEST
|
|
|
|
|
|
|
|
label = self.label
|
|
|
|
imagelabel = self.imagelabel
|
2013-03-18 05:06:52 +08:00
|
|
|
|
|
|
|
if not label and not imagelabel:
|
2013-07-17 00:30:43 +08:00
|
|
|
for model in self.MODELS:
|
|
|
|
if model in [x.model for x in self.conn.caps.host.secmodels]:
|
|
|
|
return model
|
|
|
|
raise RuntimeError("No supported model found in capabilities")
|
2013-03-18 05:06:52 +08:00
|
|
|
|
|
|
|
lab_len = imglab_len = None
|
|
|
|
if label:
|
|
|
|
lab_len = min(3, len(label.split(':')))
|
|
|
|
if imagelabel:
|
|
|
|
imglab_len = min(3, len(imagelabel.split(':')))
|
|
|
|
if lab_len and imglab_len and lab_len != imglab_len:
|
|
|
|
raise ValueError("Label and Imagelabel are incompatible")
|
|
|
|
|
|
|
|
lab_len = lab_len or imglab_len
|
|
|
|
if lab_len == 3:
|
2013-07-17 00:30:43 +08:00
|
|
|
return self.MODEL_SELINUX
|
2013-03-18 05:06:52 +08:00
|
|
|
elif lab_len == 2:
|
2013-07-17 00:30:43 +08:00
|
|
|
return self.MODEL_DAC
|
2013-03-18 05:06:52 +08:00
|
|
|
else:
|
|
|
|
raise ValueError("Unknown model type for label '%s'" % self.label)
|
2013-07-17 00:30:43 +08:00
|
|
|
def _get_default_model(self):
|
|
|
|
if self.type is None or self.type == self.TYPE_DEFAULT:
|
|
|
|
return None
|
|
|
|
return self._guess_secmodel()
|
2013-09-20 01:27:30 +08:00
|
|
|
model = XMLProperty("./@model",
|
2013-07-17 00:30:43 +08:00
|
|
|
default_cb=_get_default_model,
|
|
|
|
default_name=MODEL_DEFAULT)
|
|
|
|
|
|
|
|
def _get_default_type(self):
|
|
|
|
if self.model is None or self.model == self.MODEL_DEFAULT:
|
|
|
|
return None
|
|
|
|
return self.TYPE_DYNAMIC
|
2013-09-20 01:27:30 +08:00
|
|
|
type = XMLProperty("./@type",
|
2013-07-17 00:30:43 +08:00
|
|
|
default_cb=_get_default_type,
|
|
|
|
default_name=TYPE_DEFAULT)
|
|
|
|
|
2013-09-20 01:27:30 +08:00
|
|
|
label = XMLProperty("./label")
|
|
|
|
imagelabel = XMLProperty("./imagelabel")
|
|
|
|
relabel = XMLProperty("./@relabel", is_yesno=True)
|