[PATCH 6/7] domain: Always validate seclabel model

[Cole Robinson <crobinso@xxxxxxxxxx>]

This will help facilitate disabling seclabel for an individual VM. One
functional change is that the user can now hardcode type='dynamic', but
there was no good reason to deny it anyways.

Signed-off-by: Cole Robinson <crobinso@xxxxxxxxxx>
---
 src/conf/domain_conf.c                             |   34 ++++++++++----------
 src/security/security_apparmor.c                   |    6 ++--
 src/security/security_selinux.c                    |    6 ++--
 .../qemuxml2xml-seclabel-dynamic-out.xml           |    1 +
 4 files changed, 24 insertions(+), 23 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 077a396..e5b89a2 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -4238,28 +4238,28 @@ virSecurityLabelDefParseXML(const virDomainDefPtr def,
         goto error;
     }
 
+    p = virXPathStringLimit("string(./seclabel/@model)",
+                            VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
+    if (p == NULL) {
+        virDomainReportError(VIR_ERR_XML_ERROR,
+                             "%s", _("missing security model"));
+        goto error;
+    }
+
+    def->seclabel.model = virDomainSeclabelModelTypeFromString(p);
+    if (def->seclabel.model < 0) {
+        virDomainReportError(VIR_ERR_XML_ERROR,
+                             _("unknown security model '%s'"), p);
+        VIR_FREE(p);
+        goto error;
+    }
+    VIR_FREE(p);
+
     /* Only parse details, if using static labels, or
      * if the 'live' VM XML is requested
      */
     if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC ||
         !(flags & VIR_DOMAIN_XML_INACTIVE)) {
-        p = virXPathStringLimit("string(./seclabel/@model)",
-                                VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
-        if (p == NULL) {
-            virDomainReportError(VIR_ERR_XML_ERROR,
-                                 "%s", _("missing security model"));
-            goto error;
-        }
-
-        def->seclabel.model = virDomainSeclabelModelTypeFromString(p);
-        if (def->seclabel.model < 0) {
-            virDomainReportError(VIR_ERR_XML_ERROR,
-                                 _("unknown security model '%s'"), p);
-            VIR_FREE(p);
-            goto error;
-        }
-        VIR_FREE(p);
-
         p = virXPathStringLimit("string(./seclabel/label[1])",
                                 VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
         if (p == NULL) {
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 7a6fe5c..9a49e29 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -431,7 +431,7 @@ AppArmorSecurityManagerGetDOI(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
  * called on shutdown.
 */
 static int
-AppArmorGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+AppArmorGenSecurityLabel(virSecurityManagerPtr mgr,
                          virDomainObjPtr vm)
 {
     int rc = -1;
@@ -440,8 +440,8 @@ AppArmorGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
     if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC)
         return 0;
 
-    if ((vm->def->seclabel.label) ||
-        (vm->def->seclabel.model != VIR_DOMAIN_SECLABEL_MODEL_DEFAULT) ||
+    if ((!virSecurityIsSpecifiedDriver(mgr, vm->def)) ||
+        (vm->def->seclabel.label) ||
         (vm->def->seclabel.imagelabel)) {
         virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                "%s",
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 2266c21..a03e7d2 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -160,7 +160,7 @@ SELinuxInitialize(void)
 }
 
 static int
-SELinuxGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+SELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
                         virDomainObjPtr vm)
 {
     int rc = -1;
@@ -172,8 +172,8 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
     if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC)
         return 0;
 
-    if (vm->def->seclabel.label ||
-        vm->def->seclabel.model != VIR_DOMAIN_SECLABEL_MODEL_DEFAULT ||
+    if (!virSecurityIsSpecifiedDriver(mgr, vm->def) ||
+        vm->def->seclabel.label ||
         vm->def->seclabel.imagelabel) {
         virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                "%s", _("security label already defined for VM"));
diff --git a/tests/qemuxml2xmldata/qemuxml2xml-seclabel-dynamic-out.xml b/tests/qemuxml2xmldata/qemuxml2xml-seclabel-dynamic-out.xml
index 8b344d7..8d3f837 100644
--- a/tests/qemuxml2xmldata/qemuxml2xml-seclabel-dynamic-out.xml
+++ b/tests/qemuxml2xmldata/qemuxml2xml-seclabel-dynamic-out.xml
@@ -17,4 +17,5 @@
     <controller type='ide' index='0'/>
     <memballoon model='virtio'/>
   </devices>
+  <seclabel type='dynamic' model='selinux'/>
 </domain>
-- 
1.7.3.2

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list