[PATCH 3/4] qemusecuritytest: Skip on non supported platforms

Michal Privoznik <mprivozn@xxxxxxxxxx> · Tue, 3 Nov 2020 14:13:28 +0100

For seclabel remembering we need to have XATTRs and a special
namespace that is accessibly to CAP_SYS_ADMIN only (we don't want
regular users to trick us into restoring to a different label).
And what qemusecuritytest does is it checks whether we have not
left any path behind with XATTRs or not restored to original
seclabel after setAll + restoreAll round trip. But it can hardly
do so if ran on a platform where there's no XATTR namespace we
can use.

Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
---
 src/libvirt_private.syms     |  4 ++++
 src/security/security_util.c | 11 +++++++++++
 src/security/security_util.h |  3 +++
 tests/qemusecuritytest.c     |  6 ++++++
 4 files changed, 24 insertions(+)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 95e50835ad..eb588a9357 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1609,6 +1609,10 @@ virSecurityManagerTransactionStart;
 virSecurityManagerVerify;
 
 
+# security/security_util.h
+virSecurityXATTRNamespaceDefined;
+
+
 # util/glibcompat.h
 vir_g_canonicalize_filename;
 vir_g_fsync;
diff --git a/src/security/security_util.c b/src/security/security_util.c
index 622bd901ee..26a7861e29 100644
--- a/src/security/security_util.c
+++ b/src/security/security_util.c
@@ -107,6 +107,17 @@ virSecurityGetTimestampAttrName(const char *name G_GNUC_UNUSED)
 #endif /* !XATTR_NAMESPACE */
 
 
+bool
+virSecurityXATTRNamespaceDefined(void)
+{
+#ifdef XATTR_NAMESPACE
+    return true;
+#else
+    return false;
+#endif
+}
+
+
 static char *
 virSecurityGetTimestamp(void)
 {
diff --git a/src/security/security_util.h b/src/security/security_util.h
index 91de704e62..7af6f009e2 100644
--- a/src/security/security_util.h
+++ b/src/security/security_util.h
@@ -32,3 +32,6 @@ int
 virSecurityMoveRememberedLabel(const char *name,
                                const char *src,
                                const char *dst);
+
+bool
+virSecurityXATTRNamespaceDefined(void);
diff --git a/tests/qemusecuritytest.c b/tests/qemusecuritytest.c
index 7ee1ccd1b6..dc3deb37d2 100644
--- a/tests/qemusecuritytest.c
+++ b/tests/qemusecuritytest.c
@@ -22,6 +22,7 @@
 #include "testutils.h"
 #include "testutilsqemu.h"
 #include "security/security_manager.h"
+#include "security/security_util.h"
 #include "conf/domain_conf.h"
 #include "qemu/qemu_domain.h"
 #include "qemu/qemu_security.h"
@@ -148,6 +149,11 @@ mymain(void)
         qemuTestDriverInit(&driver) < 0)
         return -1;
 
+    if (!virSecurityXATTRNamespaceDefined()) {
+        ret = EXIT_AM_SKIP;
+        goto cleanup;
+    }
+
     /* Now fix the secdriver */
     virObjectUnref(driver.securityManager);
 
-- 
2.26.2







