Re: [PATCH 6/7] domain: Always validate seclabel model

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Jan 12, 2011 at 12:23:02PM -0500, Cole Robinson wrote:
> This will help facilitate disabling seclabel for an individual VM. One
> functional change is that the user can now hardcode type='dynamic', but
> there was no good reason to deny it anyways.
> 
> Signed-off-by: Cole Robinson <crobinso@xxxxxxxxxx>
> ---
>  src/conf/domain_conf.c                             |   34 ++++++++++----------
>  src/security/security_apparmor.c                   |    6 ++--
>  src/security/security_selinux.c                    |    6 ++--
>  .../qemuxml2xml-seclabel-dynamic-out.xml           |    1 +
>  4 files changed, 24 insertions(+), 23 deletions(-)
> 
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index 077a396..e5b89a2 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -4238,28 +4238,28 @@ virSecurityLabelDefParseXML(const virDomainDefPtr def,
>          goto error;
>      }
>  
> +    p = virXPathStringLimit("string(./seclabel/@model)",
> +                            VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
> +    if (p == NULL) {
> +        virDomainReportError(VIR_ERR_XML_ERROR,
> +                             "%s", _("missing security model"));
> +        goto error;
> +    }
> +
> +    def->seclabel.model = virDomainSeclabelModelTypeFromString(p);
> +    if (def->seclabel.model < 0) {
> +        virDomainReportError(VIR_ERR_XML_ERROR,
> +                             _("unknown security model '%s'"), p);
> +        VIR_FREE(p);
> +        goto error;
> +    }
> +    VIR_FREE(p);
> +
>      /* Only parse details, if using static labels, or
>       * if the 'live' VM XML is requested
>       */
>      if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC ||
>          !(flags & VIR_DOMAIN_XML_INACTIVE)) {
> -        p = virXPathStringLimit("string(./seclabel/@model)",
> -                                VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
> -        if (p == NULL) {
> -            virDomainReportError(VIR_ERR_XML_ERROR,
> -                                 "%s", _("missing security model"));
> -            goto error;
> -        }
> -
> -        def->seclabel.model = virDomainSeclabelModelTypeFromString(p);
> -        if (def->seclabel.model < 0) {
> -            virDomainReportError(VIR_ERR_XML_ERROR,
> -                                 _("unknown security model '%s'"), p);
> -            VIR_FREE(p);
> -            goto error;
> -        }
> -        VIR_FREE(p);
> -
>          p = virXPathStringLimit("string(./seclabel/label[1])",
>                                  VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
>          if (p == NULL) {

This changes semantics. If the seclabel type is dynamic, then we
want to ignore any kind of 'model' at all, because the model should
automatically become whatever is current active driver. This ensures
that if you change security drivers, then all dynamic VMs will
automatically use the new driver and not be stuck with the model
of the old driver.

Since, we're not supporting per-VM disabled models, I don't think
we need this patch anyway.

Regards,
Daniel

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]