On Thu, Sep 20, 2012 at 04:06:29PM -0600, Eric Blake wrote:
> On 09/20/2012 09:01 AM, Daniel P. Berrange wrote:
> > From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
> >
> > There are many aspects of the guest XML which result in the
> > SELinux driver applying file labelling. With the increasing
> > configuration options it is desirable to test this behaviour.
> > It is not possible to assume that the test suite has the
> > ability to set SELinux labels. Most filesystems though will
> > support extended attributes. Thus for the purpose of testing,
> > it is possible to extend the existing LD_PRELOAD hack to
> > override setfilecon() and getfilecon() to simply use the
> > 'user.libvirt.selinux' attribute for the sake of testing.
> >
> > Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
> > ---
> > .gitignore | 1 +
> > configure.ac | 3 +
>
> If you were to open-code the configure.ac changes, instead of trying to
> rely on the new m4/virt-lib.m4, then I'd feel better about taking this
> patch prior to 0.10.2, while we still hammer out the details of nicer
> configure.ac for later.
Ok, will repost.
> > +
> > +int getfilecon(const char *path, security_context_t *con)
> > +{
> > + char *constr = NULL;
> > + ssize_t len = getxattr(path, "user.libvirt.selinux",
> > + NULL, 0);
> > + if (len < 0)
> > + return -1;
> > + if (!(constr = malloc(len+1)))
>
> Any reason you can't use VIR_ALLOC_N here? But since it is an
> LD_PRELOAD wrapper, I guess it makes sense that you have to stick to
> low-level functionality.
Yep, wanted to avoid linking to libvirt.so in the preload wrapper.
> > + }
> > +
> > + if (!(fp = fopen(path, "r"))) {
> > + goto cleanup;
> > + }
> > +
> > + while (!feof(fp)) {
> > + char *line;
> > + char *file, *context;
> > + if (VIR_ALLOC_N(line, 1024) < 0) {
> > + virReportOOMError();
> > + goto cleanup;
> > + }
> > + if (!fgets(line, 1024, fp)) {
>
> Is readline() any easier to use than VIR_ALLOC_N/fgets()?
Is readline() really what you meant ? That function is for
prompting on stdio and reading a response.
> > +static int
> > +testSELinuxCreateDisks(testSELinuxFile *files, size_t nfiles)
> > +{
> > + size_t i;
> > +
> > + if (virFileMakePath(abs_builddir "/securityselinuxlabeldata") < 0)
> > + return -1;
> > +
> > + for (i = 0 ; i < nfiles ; i++) {
> > + if (virFileTouch(files[i].file, 0600) < 0)
> > + return -1;
> > + //setfilecon(files[i].file, (security_context_t)"system_u:object_r:original_t:s0");
>
> Leftover debugging?
Opps, yes.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list