On 22/07/13 23:40, John Ferlan wrote:
On 07/22/2013 07:06 AM, Osier Yang wrote:
On 19/07/13 20:32, John Ferlan wrote:
Although they produce no seclabel data, add some tests for coverage of
various network and volume disk definitions
---
tests/securityselinuxlabeldata/netdisks.txt | 5 +++
tests/securityselinuxlabeldata/netdisks.xml | 58
+++++++++++++++++++++++++++++
tests/securityselinuxlabeldata/voldisks.txt | 5 +++
tests/securityselinuxlabeldata/voldisks.xml | 45 ++++++++++++++++++++++
tests/securityselinuxlabeltest.c | 2 +
5 files changed, 115 insertions(+)
create mode 100644 tests/securityselinuxlabeldata/netdisks.txt
create mode 100644 tests/securityselinuxlabeldata/netdisks.xml
create mode 100644 tests/securityselinuxlabeldata/voldisks.txt
create mode 100644 tests/securityselinuxlabeldata/voldisks.xml
diff --git a/tests/securityselinuxlabeldata/netdisks.txt
b/tests/securityselinuxlabeldata/netdisks.txt
new file mode 100644
index 0000000..b6bf95f
--- /dev/null
+++ b/tests/securityselinuxlabeldata/netdisks.txt
@@ -0,0 +1,5 @@
+/nbd.raw;
+/iscsi.raw;
+/rbd.raw;
+/sheepdog.raw;
+/gluster.raw;
diff --git a/tests/securityselinuxlabeldata/netdisks.xml
b/tests/securityselinuxlabeldata/netdisks.xml
new file mode 100644
index 0000000..ab5e964
--- /dev/null
+++ b/tests/securityselinuxlabeldata/netdisks.xml
@@ -0,0 +1,58 @@
+<domain type='kvm'>
+ <name>vm1</name>
+ <uuid>c7b3edbd-edaf-9455-926a-d65c16db1800</uuid>
+ <memory unit='KiB'>219200</memory>
+ <os>
+ <type arch='i686' machine='pc-1.0'>hvm</type>
+ <boot dev='cdrom'/>
+ </os>
+ <devices>
+ <disk type='network' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source protocol='nbd' file="/nbd.raw">
+ <host name='example.org' port='6000'/>
+ </source>
+ <target dev='vda' bus='virtio'/>
+ </disk>
+ <disk type='network' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source protocol='iscsi' name='iqn.1992-01.com.example/1'
file="/iscsi.raw">
i'm not clear with the security tests, but this xml looks incorrect.
"file" is one
way to represent the disk source, it's exclusive with other ways (e.g.
protocol/name
here) in semantics. similar for below. why do you use both "file" and
other ways
for disk source represention together?
Following syntax found in the following files
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-*.xml
where '*' is {gluster, nbd, rbd, sheepdog, & iscsi}
I can hold off pushing this patch if desired.
i believe you will need a further patch to fix it if it's pushed. :\
The 'file' names are found in the 'netdisks.txt' file which are where
the seclabels get listed for other tests. For the network types there
are no seclabels.
these still don't answer my question, the (file="$file") and other
representation
ways are conflicted in semantics, though xml parsing could report no error,
since one of the ways (e.g. "file") is ignored when parsing.
see the disk source rng schema:
<group>
<attribute name="type">
<value>file</value>
</attribute>
<interleave>
<optional>
<element name="source">
<optional>
<attribute name="file">
<ref name="absFilePath"/>
</attribute>
</optional>
<optional>
<ref name="startupPolicy"/>
</optional>
<optional>
<ref name='devSeclabel'/>
</optional>
</element>
</optional>
<ref name="diskspec"/>
</interleave>
</group>
<group>
<attribute name="type">
<value>block</value>
</attribute>
<interleave>
<optional>
<element name="source">
<attribute name="dev">
<ref name="absFilePath"/>
</attribute>
<optional>
<ref name='devSeclabel'/>
</optional>
</element>
</optional>
<ref name="diskspec"/>
</interleave>
</group>
<group>
<attribute name="type">
<value>dir</value>
</attribute>
<interleave>
<optional>
<element name="source">
<attribute name="dir">
<ref name="absFilePath"/>
</attribute>
<empty/>
</element>
</optional>
<ref name="diskspec"/>
</interleave>
</group>
<group>
<attribute name="type">
<value>network</value>
</attribute>
<interleave>
<optional>
<element name="source">
<ref name='diskSourceNetwork'/>
</element>
</optional>
<ref name="diskspec"/>
</interleave>
</group>
<group>
<attribute name="type">
<value>volume</value>
</attribute>
<interleave>
<optional>
<element name="source">
<attribute name="pool">
<ref name="genericName"/>
</attribute>
<attribute name="volume">
<ref name="volName"/>
</attribute>
<optional>
<ref name="startupPolicy"/>
</optional>
<optional>
<ref name='devSeclabel'/>
</optional>
</element>
</optional>
<ref name="diskspec"/>
</interleave>
</group>
this patch is not that important for the feature. so i think it can be
delayed till
there is a right solution.
John
+ <host name='example.org' port='6000'/>
+ </source>
+ <target dev='vdb' bus='virtio'/>
+ </disk>
+ <disk type='network'>
+ <driver name="qemu" type="raw"/>
+ <source protocol="rbd" name="image_name2" file="/rbd.raw">
+ <host name="hostname" port="7000"/>
+ </source>
+ <target dev="hdb" bus="ide"/>
+ <auth username='myuser'>
+ <secret type='ceph' usage='mypassid'/>
+ </auth>
+ </disk>
+ <disk type='network'>
+ <driver name="qemu" type="raw"/>
+ <source protocol="sheepdog" name="image_name"
file="/sheepdog.raw">
+ <host name="hostname" port="7000"/>
+ </source>
+ <target dev="hdb" bus="ide"/>
+ </disk>
+ <disk type='network' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source protocol='gluster' name='Volume/Image'
file='/gluster.raw'>
+ <host name='example.org' port='6000' transport='tcp'/>
+ </source>
+ <target dev='vda' bus='virtio'/>
+ </disk>
+
+ <input type='mouse' bus='ps2'/>
+ <graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0'>
+ <listen type='address' address='0.0.0.0'/>
+ </graphics>
+ </devices>
+ <seclabel model="selinux" type="dynamic" relabel="yes">
+ <label>system_u:system_r:svirt_t:s0:c41,c264</label>
+ <imagelabel>system_u:object_r:svirt_image_t:s0:c41,c264</imagelabel>
+ </seclabel>
+</domain>
diff --git a/tests/securityselinuxlabeldata/voldisks.txt
b/tests/securityselinuxlabeldata/voldisks.txt
new file mode 100644
index 0000000..bd5d755
--- /dev/null
+++ b/tests/securityselinuxlabeldata/voldisks.txt
@@ -0,0 +1,5 @@
+/file.raw;
+/disk.raw;
+/host.raw;
+/direct.raw;
+/cdrom.raw;
diff --git a/tests/securityselinuxlabeldata/voldisks.xml
b/tests/securityselinuxlabeldata/voldisks.xml
new file mode 100644
index 0000000..ae7e629
--- /dev/null
+++ b/tests/securityselinuxlabeldata/voldisks.xml
@@ -0,0 +1,45 @@
+<domain type='kvm'>
+ <name>vm1</name>
+ <uuid>c7b3edbd-edaf-9455-926a-d65c16db1800</uuid>
+ <memory unit='KiB'>219200</memory>
+ <os>
+ <type arch='i686' machine='pc-1.0'>hvm</type>
+ <boot dev='cdrom'/>
+ </os>
+ <devices>
+ <disk type='volume' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source pool='dir-pool0' volume='dir-pool0-vol0'
file='/file.raw'/>
+ <target dev='hda' bus='ide'/>
+ </disk>
+ <disk type='volume' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source pool='dir-pool0' volume='dir-pool0-vol0' mode='host'
file='/host.raw'/>
+ <target dev='hda' bus='ide'/>
+ </disk>
+ <disk type='volume' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source pool='dir-pool0' volume='dir-pool0-vol0' mode='direct'
file='/direct.raw'/>
+ <target dev='hda' bus='ide'/>
+ </disk>
+ <disk type='volume' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source pool='blk-pool0' volume='blk-pool0-vol0'
file='/plain.raw'/>
+ <target dev='hda' bus='ide'/>
+ </disk>
+ <disk type='volume' device='cdrom'>
+ <driver name='qemu' type='raw'/>
+ <source pool='blk-pool0' volume='blk-pool0-vol1'
file='/cdrom.raw'/>
+ <target dev='hda' bus='ide'/>
+ <readonly/>
+ </disk>
+ <input type='mouse' bus='ps2'/>
+ <graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0'>
+ <listen type='address' address='0.0.0.0'/>
+ </graphics>
+ </devices>
+ <seclabel model="selinux" type="dynamic" relabel="yes">
+ <label>system_u:system_r:svirt_t:s0:c41,c264</label>
+ <imagelabel>system_u:object_r:svirt_image_t:s0:c41,c264</imagelabel>
+ </seclabel>
+</domain>
diff --git a/tests/securityselinuxlabeltest.c
b/tests/securityselinuxlabeltest.c
index efe825a..8c88cfd 100644
--- a/tests/securityselinuxlabeltest.c
+++ b/tests/securityselinuxlabeltest.c
@@ -332,6 +332,8 @@ mymain(void)
setcon((security_context_t)"system_r:system_u:libvirtd_t:s0:c0.c1023");
DO_TEST_LABELING("disks");
+ DO_TEST_LABELING("netdisks");
+ DO_TEST_LABELING("voldisks");
DO_TEST_LABELING("kernel");
DO_TEST_LABELING("chardev");
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list