On Thu, Mar 26, 2009 at 11:51:21AM -0400, Daniel J Walsh wrote:
> This patch fixes the seclabel handling in domain_conf.c to allow
> virt-manager to set the seclabel model, type and label.
>
> Also adds missing error messages when the xml is incorrect.
I'm not sure why this change to the XML parser is needed ? The calling
app is already able to supply a seclabel, provided it sets type='static'
to indicate a statically defined label. If it doesn't set this, then
libvirt will ignore anything i nthe XML, and generate a dynamic label.
This change is appears to just be making it parse dynamic label from
the XML, which shouldn't be needed.
> How much verification should we be doing on this? I have another patch
> that verifies the model as being a known model and a patch to verify the
> label is a correct label. (IE SELinux verifies the label is understood
> by the kernel.)
During the parsing stage, the only semantic validation we do is for
stuff listed in the hypervisor capabilities object (virCapabilitiesPtr).
There is a record of the security model in the capabilities object,
so you could validate that. Validating the actual user supplied
label would be done later at the time it is used.
>
> The problem with this second patch is it sucks in security.[ch],
> security_selinux.[ch] into the libvirt_lxc. Should I be doing this?
The second patch here seems to be empty ... ?
> --- a/src/domain_conf.c
> +++ b/src/domain_conf.c
> @@ -1859,12 +1859,28 @@ virSecurityLabelDefParseXML(virConnectPtr conn,
> if (virXPathNode(conn, "./seclabel", ctxt) == NULL)
> return 0;
>
> + p = virXPathStringLimit(conn, "string(./seclabel/@model)",
> + VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
> + if (p == NULL) {
> + virDomainReportError(conn, VIR_ERR_XML_ERROR,
> + "%s", _("missing seclabel model"));
> + goto error;
> + }
> + def->seclabel.model = p;
> +
> p = virXPathStringLimit(conn, "string(./seclabel/@type)",
> VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
> - if (p == NULL)
> + if (p == NULL) {
> + virDomainReportError(conn, VIR_ERR_XML_ERROR,
> + "%s", _("missing seclabel type"));
> goto error;
> - if ((def->seclabel.type = virDomainSeclabelTypeFromString(p)) < 0)
> + }
> +
> + if ((def->seclabel.type = virDomainSeclabelTypeFromString(p)) < 0) {
> + virDomainReportError(conn, VIR_ERR_XML_ERROR,
> + _("unknown seclabel type %s"), p);
> goto error;
> + }
> VIR_FREE(p);
>
> /* Only parse details, if using static labels, or
> @@ -1872,16 +1888,14 @@ virSecurityLabelDefParseXML(virConnectPtr conn,
> */
> if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC ||
> !(flags & VIR_DOMAIN_XML_INACTIVE)) {
> - p = virXPathStringLimit(conn, "string(./seclabel/@model)",
> - VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
> - if (p == NULL)
> - goto error;
> - def->seclabel.model = p;
>
> p = virXPathStringLimit(conn, "string(./seclabel/label[1])",
> VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
> - if (p == NULL)
> - goto error;
> + if (p == NULL) {
> + virDomainReportError(conn, VIR_ERR_XML_ERROR,
> + _("seclabel label is too long"));
> + goto error;
> + }
> def->seclabel.label = p;
> }
>
> @@ -1890,8 +1904,11 @@ virSecurityLabelDefParseXML(virConnectPtr conn,
> !(flags & VIR_DOMAIN_XML_INACTIVE)) {
> p = virXPathStringLimit(conn, "string(./seclabel/imagelabel[1])",
> VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
> - if (p == NULL)
> + if (p == NULL) {
> + virDomainReportError(conn, VIR_ERR_XML_ERROR,
> + _("seclabel image label is too long"));
> goto error;
> + }
> def->seclabel.imagelabel = p;
> }
>
> diff --git a/src/security_selinux.c b/src/security_selinux.c
> index 1708d55..5937f48 100644
Regards,
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list