Re: [libvirt] Patch to allow setting of svirt XML.
On Thu, Mar 26, 2009 at 11:51:21AM -0400, Daniel J Walsh wrote:
This patch fixes the seclabel handling in domain_conf.c to allow
virt-manager to set the seclabel model, type and label.
Also adds missing error messages when the xml is incorrect.
I'm not sure why this change to the XML parser is needed ? The calling
app is already able to supply a seclabel, provided it sets type='static'
to indicate a statically defined label. If it doesn't set this, then
libvirt will ignore anything i nthe XML, and generate a dynamic label.
This change is appears to just be making it parse dynamic label from
the XML, which shouldn't be needed.
How much verification should we be doing on this? I have another
patch
that verifies the model as being a known model and a patch to verify the
label is a correct label. (IE SELinux verifies the label is understood
by the kernel.)
During the parsing stage, the only semantic validation we do is for
stuff listed in the hypervisor capabilities object (virCapabilitiesPtr).
There is a record of the security model in the capabilities object,
so you could validate that. Validating the actual user supplied
label would be done later at the time it is used.
The problem with this second patch is it sucks in security.[ch],
security_selinux.[ch] into the libvirt_lxc. Should I be doing this?
The second patch here seems to be empty ... ?
--- a/src/domain_conf.c
+++ b/src/domain_conf.c
@@ -1859,12 +1859,28 @@ virSecurityLabelDefParseXML(virConnectPtr conn,
if (virXPathNode(conn, "./seclabel", ctxt) == NULL)
return 0;
+ p = virXPathStringLimit(conn, "string(./seclabel/@model)",
+ VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
+ if (p == NULL) {
+ virDomainReportError(conn, VIR_ERR_XML_ERROR,
+ "%s", _("missing seclabel model"));
+ goto error;
+ }
+ def->seclabel.model = p;
+
p = virXPathStringLimit(conn, "string(./seclabel/@type)",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
- if (p == NULL)
+ if (p == NULL) {
+ virDomainReportError(conn, VIR_ERR_XML_ERROR,
+ "%s", _("missing seclabel type"));
goto error;
- if ((def->seclabel.type = virDomainSeclabelTypeFromString(p)) < 0)
+ }
+
+ if ((def->seclabel.type = virDomainSeclabelTypeFromString(p)) < 0) {
+ virDomainReportError(conn, VIR_ERR_XML_ERROR,
+ _("unknown seclabel type %s"), p);
goto error;
+ }
VIR_FREE(p);
/* Only parse details, if using static labels, or
@@ -1872,16 +1888,14 @@ virSecurityLabelDefParseXML(virConnectPtr conn,
*/
if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC ||
!(flags & VIR_DOMAIN_XML_INACTIVE)) {
- p = virXPathStringLimit(conn, "string(./seclabel/@model)",
- VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
- if (p == NULL)
- goto error;
- def->seclabel.model = p;
p = virXPathStringLimit(conn, "string(./seclabel/label[1])",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
- if (p == NULL)
- goto error;
+ if (p == NULL) {
+ virDomainReportError(conn, VIR_ERR_XML_ERROR,
+ _("seclabel label is too long"));
+ goto error;
+ }
def->seclabel.label = p;
}
@@ -1890,8 +1904,11 @@ virSecurityLabelDefParseXML(virConnectPtr conn,
!(flags & VIR_DOMAIN_XML_INACTIVE)) {
p = virXPathStringLimit(conn, "string(./seclabel/imagelabel[1])",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
- if (p == NULL)
+ if (p == NULL) {
+ virDomainReportError(conn, VIR_ERR_XML_ERROR,
+ _("seclabel image label is too long"));
goto error;
+ }
def->seclabel.imagelabel = p;
}
diff --git a/src/security_selinux.c b/src/security_selinux.c
index 1708d55..5937f48 100644
Regards,
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|