[libvirt] Resubmission: [PATCH 1/6] sVirt AppArmor security driver

Daniel P. Berrange berrange at redhat.com
Thu Sep 10 11:41:42 UTC 2009 

On Tue, Sep 08, 2009 at 04:19:59PM -0500, Jamie Strandboge wrote:
> On Tue, 08 Sep 2009, Jamie Strandboge wrote:
> 
> > > [PATCH 1*]
> > > patch_1a_reenable-nonfile-labels.patch:
> > > When James Morris originally submitted his sVirt patches (as seen in
> > > libvirt 0.6.1), he did not require on disk labelling for
> > > virSecurityDomainRestoreImageLabel. A later commit[2] changed this
> > > behavior to assume on disk labelling, which halts implementations for
> > > path-based MAC systems such as AppArmor and TOMOYO where
> > > vm->def->seclabel is required to obtain the label. This patch simply
> > > adds the 'virDomainObjPtr vm' argument back to *RestoreImageLabel.
> > > 
> > > patch_1b_optional.patch:
> > > Due to the above change, 'make syntax-check' fails because
> > > SELinuxRestoreSecurityImageLabel() does not use the 'virDomainObjPtr
> > > vm'. patch_1b_optional.patch is a simple patch to fix this by checking
> > > if vm->def->seclabel == NULL and returns with error if it does. I
> > > realize this may not be desired in the long term, but it should be
> > > harmless enough to include.

The 'ATTRIBUTE_UNUSED' anotation takes care of this much better.


> diff -Nurp ./libvirt.orig/src/qemu_driver.c ./libvirt/src/qemu_driver.c
> --- ./libvirt.orig/src/qemu_driver.c	2009-09-08 13:00:00.000000000 -0500
> +++ ./libvirt/src/qemu_driver.c	2009-09-08 15:32:22.000000000 -0500
> @@ -6144,7 +6144,7 @@ static int qemudDomainDetachDevice(virDo
>           dev->data.disk->bus == VIR_DOMAIN_DISK_BUS_VIRTIO)) {
>          ret = qemudDomainDetachPciDiskDevice(dom->conn, vm, dev);
>          if (driver->securityDriver)
> -            driver->securityDriver->domainRestoreSecurityImageLabel(dom->conn, dev->data.disk);
> +            driver->securityDriver->domainRestoreSecurityImageLabel(dom->conn, vm, dev->data.disk);
>          if (qemuDomainSetDeviceOwnership(dom->conn, driver, dev, 1) < 0)
>              VIR_WARN0("Fail to restore disk device ownership");
>      } else if (dev->type == VIR_DOMAIN_DEVICE_NET) {
> diff -Nurp ./libvirt.orig/src/security.h ./libvirt/src/security.h
> --- ./libvirt.orig/src/security.h	2009-08-17 11:00:40.000000000 -0500
> +++ ./libvirt/src/security.h	2009-09-08 15:32:22.000000000 -0500
> @@ -32,6 +32,7 @@ typedef virSecurityDriverStatus (*virSec
>  typedef int (*virSecurityDriverOpen) (virConnectPtr conn,
>                                        virSecurityDriverPtr drv);
>  typedef int (*virSecurityDomainRestoreImageLabel) (virConnectPtr conn,
> +                                                   virDomainObjPtr vm,
>                                                     virDomainDiskDefPtr disk);
>  typedef int (*virSecurityDomainSetImageLabel) (virConnectPtr conn,
>                                                 virDomainObjPtr vm,
> diff -Nurp ./libvirt.orig/src/security_selinux.c ./libvirt/src/security_selinux.c
> --- ./libvirt.orig/src/security_selinux.c	2009-09-02 14:34:08.000000000 -0500
> +++ ./libvirt/src/security_selinux.c	2009-09-08 15:32:22.000000000 -0500
> @@ -354,6 +354,7 @@ SELinuxSetFilecon(virConnectPtr conn, co
>  
>  static int
>  SELinuxRestoreSecurityImageLabel(virConnectPtr conn,
> +                                 virDomainObjPtr vm,
>                                   virDomainDiskDefPtr disk)
>  {
>      struct stat buf;
> @@ -423,7 +429,8 @@ SELinuxRestoreSecurityLabel(virConnectPt
>      int rc = 0;
>      if (secdef->imagelabel) {
>          for (i = 0 ; i < vm->def->ndisks ; i++) {
> -            if (SELinuxRestoreSecurityImageLabel(conn, vm->def->disks[i]) < 0)
> +            if (SELinuxRestoreSecurityImageLabel(conn, vm,
> +                                                 vm->def->disks[i]) < 0)
>                  rc = -1;
>          }
>          VIR_FREE(secdef->model);


ACK to this part


> diff -Nurp ./libvirt.orig/src/security_selinux.c ./libvirt/src/security_selinux.c
> --- ./libvirt.orig/src/security_selinux.c	2009-09-02 14:34:08.000000000 -0500
> +++ ./libvirt/src/security_selinux.c	2009-09-08 15:32:22.000000000 -0500
> @@ -364,6 +365,11 @@ SELinuxRestoreSecurityImageLabel(virConn
>      char *newpath = NULL;
>      const char *path = disk->src;
>  
> +    if (&vm->def->seclabel == NULL)  {
> +        virSecurityReportError(conn, VIR_ERR_ERROR, _("seclabel is NULL"));
> +        return rc;
> +    }
> +
>      /* Don't restore labels on readoly/shared disks, because
>       * other VMs may still be accessing these
>       * Alternatively we could iterate over all running

This should have ATTRIBUTE_USED instead


Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

More information about the libvir-list mailing list