[libvirt] [PATCH 09/15] util: add security label setting to virCommand

Daniel P. Berrange berrange at redhat.com
Fri Feb 8 16:23:35 UTC 2013 

On Thu, Feb 07, 2013 at 04:37:50PM -0500, Laine Stump wrote:
> virCommand gets the new API virCommandSetSecLabel(), which saves a
> copy of a null-terminated string in the virCommand. During
> virCommandRun, if the seclabel is non-NULL and we've been compiled
> with a security driver, the appropriate security library function is
> called to set the label for the child process. In the case of SELinux,
> setexeccon_raw() is called, and for AppArmor, aa_change_profile() is
> called.
> 
> This functionality has been added so that users of virCommand can use
> the upcoming virSecurityManagerSetChildProcessLabel() prior to running
> a child process, rather than needing to setup a hook function to be
> called (and in turn call virSecurityManagerSetProcessLabel()) *during*
> the setup of the child process.
> ---
>  
> +#if defined(WITH_SECDRIVER_SELINUX)
> +# include <selinux/selinux.h>
> +#elif defined(WITH_SECDRIVER_APPARMOR)
> +# include <sys/apparmor.h>
> +#endif

[snip]

> +/**
> + * virCommandSetSecLabel:
> + * @cmd: the command to modify
> + * @label: the label to use
> + *
> + * Saves a copy of @label to use when calling the appropriate security
> + * driver after the child process has been started. In the case of
> + * SELinux, this label will be sent to setexeccon_raw(), and in the
> + * case of AppArmor, it will be sent to aa_change_profile(). If
> + * neither of these is configured into libvirt, or if label is NULL,
> + * nothing will be done.
> + */
> +void
> +virCommandSetSecLabel(virCommandPtr cmd, const char *label)
> +{
> +    if (!cmd || cmd->has_error)
> +        return;
> +
> +    VIR_FREE(cmd->seclabel);
> +    if (label && !(cmd->seclabel = strdup(label)))
> +        cmd->has_error = ENOMEM;
> +    return;
> +}

It is technically possible to build libvirt with both apparmour and
selinux enabled, and choose between the impl with a libvirtd config.

This means we need to have separate methods for each in virCommand.
So I'd suggest a pair of methods

 virCommandSetSELinuxLabel(...)
 virCommandSetAppArmourProfile(...)


Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the libvir-list mailing list