Re: [PATCH 09/15] util: add security label setting to virCommand

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 02/08/2013 11:23 AM, Daniel P. Berrange wrote:
> On Thu, Feb 07, 2013 at 04:37:50PM -0500, Laine Stump wrote:
>> virCommand gets the new API virCommandSetSecLabel(), which saves a
>> copy of a null-terminated string in the virCommand. During
>> virCommandRun, if the seclabel is non-NULL and we've been compiled
>> with a security driver, the appropriate security library function is
>> called to set the label for the child process. In the case of SELinux,
>> setexeccon_raw() is called, and for AppArmor, aa_change_profile() is
>> called.
>>
>> This functionality has been added so that users of virCommand can use
>> the upcoming virSecurityManagerSetChildProcessLabel() prior to running
>> a child process, rather than needing to setup a hook function to be
>> called (and in turn call virSecurityManagerSetProcessLabel()) *during*
>> the setup of the child process.
>> ---
>>  
>> +#if defined(WITH_SECDRIVER_SELINUX)
>> +# include <selinux/selinux.h>
>> +#elif defined(WITH_SECDRIVER_APPARMOR)
>> +# include <sys/apparmor.h>
>> +#endif
> [snip]
>
>> +/**
>> + * virCommandSetSecLabel:
>> + * @cmd: the command to modify
>> + * @label: the label to use
>> + *
>> + * Saves a copy of @label to use when calling the appropriate security
>> + * driver after the child process has been started. In the case of
>> + * SELinux, this label will be sent to setexeccon_raw(), and in the
>> + * case of AppArmor, it will be sent to aa_change_profile(). If
>> + * neither of these is configured into libvirt, or if label is NULL,
>> + * nothing will be done.
>> + */
>> +void
>> +virCommandSetSecLabel(virCommandPtr cmd, const char *label)
>> +{
>> +    if (!cmd || cmd->has_error)
>> +        return;
>> +
>> +    VIR_FREE(cmd->seclabel);
>> +    if (label && !(cmd->seclabel = strdup(label)))
>> +        cmd->has_error = ENOMEM;
>> +    return;
>> +}
> It is technically possible to build libvirt with both apparmour and
> selinux enabled, and choose between the impl with a libvirtd config.

Until I broke it in the previous patch :-). I'll fix that as well.

>
> This means we need to have separate methods for each in virCommand.
> So I'd suggest a pair of methods
>
>  virCommandSetSELinuxLabel(...)
>  virCommandSetAppArmourProfile(...)
>
>
> Daniel

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]