[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] Patch to allow setting of svirt XML.



On Thu, Mar 26, 2009 at 11:51:21AM -0400, Daniel J Walsh wrote:
> This patch fixes the seclabel handling in domain_conf.c to allow 
> virt-manager to set the seclabel model, type and label.
> 
> Also adds missing error messages when the xml is incorrect.

I'm not sure why this change to the XML parser is needed ? The calling
app is already able to supply a seclabel, provided it sets type='static'
to indicate a statically defined label. If it doesn't set this, then
libvirt will ignore anything i nthe XML, and generate a dynamic label.
This change is appears to just be making it parse dynamic label from
the XML, which shouldn't be needed.

> How much verification should we be doing on this?  I have another patch 
> that verifies the model as being a known model and a patch to verify the 
> label is a correct label.  (IE SELinux verifies the label is understood 
> by the kernel.)

During the parsing stage, the only semantic validation we do is for
stuff listed in the hypervisor capabilities object (virCapabilitiesPtr).

There is a record of the security model in the capabilities object,
so you could validate that.  Validating the actual user supplied
label would be done later at the time it is used.


> 
> The problem with this second patch is it sucks in security.[ch], 
> security_selinux.[ch] into the libvirt_lxc.  Should I be doing this?

The second patch here seems to be empty ... ? 

> --- a/src/domain_conf.c
> +++ b/src/domain_conf.c
> @@ -1859,12 +1859,28 @@ virSecurityLabelDefParseXML(virConnectPtr conn,
>      if (virXPathNode(conn, "./seclabel", ctxt) == NULL)
>          return 0;
>  
> +    p = virXPathStringLimit(conn, "string(./seclabel/@model)",
> +                            VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
> +    if (p == NULL) {
> +       virDomainReportError(conn, VIR_ERR_XML_ERROR,
> +                            "%s", _("missing seclabel model"));
> +       goto error;
> +    }
> +    def->seclabel.model = p;
> +
>      p = virXPathStringLimit(conn, "string(./seclabel/@type)",
>                              VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
> -    if (p == NULL)
> +    if (p == NULL) {
> +        virDomainReportError(conn, VIR_ERR_XML_ERROR,
> +                             "%s", _("missing seclabel type"));
>          goto error;
> -    if ((def->seclabel.type = virDomainSeclabelTypeFromString(p)) < 0)
> +    }
> +
> +    if ((def->seclabel.type = virDomainSeclabelTypeFromString(p)) < 0) {
> +        virDomainReportError(conn, VIR_ERR_XML_ERROR,
> +                             _("unknown seclabel type %s"), p);
>          goto error;
> +    }
>      VIR_FREE(p);
>  
>      /* Only parse details, if using static labels, or
> @@ -1872,16 +1888,14 @@ virSecurityLabelDefParseXML(virConnectPtr conn,
>       */
>      if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC ||
>          !(flags & VIR_DOMAIN_XML_INACTIVE)) {
> -        p = virXPathStringLimit(conn, "string(./seclabel/@model)",
> -                                VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
> -        if (p == NULL)
> -            goto error;
> -        def->seclabel.model = p;
>  
>          p = virXPathStringLimit(conn, "string(./seclabel/label[1])",
>                                  VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
> -        if (p == NULL)
> -            goto error;
> +        if (p == NULL) {
> +           virDomainReportError(conn, VIR_ERR_XML_ERROR,
> +                                _("seclabel label is too long"));
> +           goto error;
> +        }
>          def->seclabel.label = p;
>      }
>  
> @@ -1890,8 +1904,11 @@ virSecurityLabelDefParseXML(virConnectPtr conn,
>          !(flags & VIR_DOMAIN_XML_INACTIVE)) {
>          p = virXPathStringLimit(conn, "string(./seclabel/imagelabel[1])",
>                                  VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
> -        if (p == NULL)
> +        if (p == NULL) {
> +            virDomainReportError(conn, VIR_ERR_XML_ERROR,
> +                                 _("seclabel image label is too long"));
>              goto error;
> +        }
>          def->seclabel.imagelabel = p;
>      }
>  
> diff --git a/src/security_selinux.c b/src/security_selinux.c
> index 1708d55..5937f48 100644



Regards,
Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]