On 19/07/13 20:32, John Ferlan wrote:
Although they produce no seclabel data, add some tests for coverage
of
various network and volume disk definitions
---
tests/securityselinuxlabeldata/netdisks.txt | 5 +++
tests/securityselinuxlabeldata/netdisks.xml | 58 +++++++++++++++++++++++++++++
tests/securityselinuxlabeldata/voldisks.txt | 5 +++
tests/securityselinuxlabeldata/voldisks.xml | 45 ++++++++++++++++++++++
tests/securityselinuxlabeltest.c | 2 +
5 files changed, 115 insertions(+)
create mode 100644 tests/securityselinuxlabeldata/netdisks.txt
create mode 100644 tests/securityselinuxlabeldata/netdisks.xml
create mode 100644 tests/securityselinuxlabeldata/voldisks.txt
create mode 100644 tests/securityselinuxlabeldata/voldisks.xml
diff --git a/tests/securityselinuxlabeldata/netdisks.txt
b/tests/securityselinuxlabeldata/netdisks.txt
new file mode 100644
index 0000000..b6bf95f
--- /dev/null
+++ b/tests/securityselinuxlabeldata/netdisks.txt
@@ -0,0 +1,5 @@
+/nbd.raw;
+/iscsi.raw;
+/rbd.raw;
+/sheepdog.raw;
+/gluster.raw;
diff --git a/tests/securityselinuxlabeldata/netdisks.xml
b/tests/securityselinuxlabeldata/netdisks.xml
new file mode 100644
index 0000000..ab5e964
--- /dev/null
+++ b/tests/securityselinuxlabeldata/netdisks.xml
@@ -0,0 +1,58 @@
+<domain type='kvm'>
+ <name>vm1</name>
+ <uuid>c7b3edbd-edaf-9455-926a-d65c16db1800</uuid>
+ <memory unit='KiB'>219200</memory>
+ <os>
+ <type arch='i686' machine='pc-1.0'>hvm</type>
+ <boot dev='cdrom'/>
+ </os>
+ <devices>
+ <disk type='network' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source protocol='nbd' file="/nbd.raw">
+ <host name='example.org' port='6000'/>
+ </source>
+ <target dev='vda' bus='virtio'/>
+ </disk>
+ <disk type='network' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source protocol='iscsi' name='iqn.1992-01.com.example/1'
file="/iscsi.raw">
i'm not clear with the security tests, but this xml looks incorrect.
"file" is one
way to represent the disk source, it's exclusive with other ways (e.g.
protocol/name
here) in semantics. similar for below. why do you use both "file" and
other ways
for disk source represention together?
+ <host name='example.org'
port='6000'/>
+ </source>
+ <target dev='vdb' bus='virtio'/>
+ </disk>
+ <disk type='network'>
+ <driver name="qemu" type="raw"/>
+ <source protocol="rbd" name="image_name2"
file="/rbd.raw">
+ <host name="hostname" port="7000"/>
+ </source>
+ <target dev="hdb" bus="ide"/>
+ <auth username='myuser'>
+ <secret type='ceph' usage='mypassid'/>
+ </auth>
+ </disk>
+ <disk type='network'>
+ <driver name="qemu" type="raw"/>
+ <source protocol="sheepdog" name="image_name"
file="/sheepdog.raw">
+ <host name="hostname" port="7000"/>
+ </source>
+ <target dev="hdb" bus="ide"/>
+ </disk>
+ <disk type='network' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source protocol='gluster' name='Volume/Image'
file='/gluster.raw'>
+ <host name='example.org' port='6000'
transport='tcp'/>
+ </source>
+ <target dev='vda' bus='virtio'/>
+ </disk>
+
+ <input type='mouse' bus='ps2'/>
+ <graphics type='vnc' port='-1' autoport='yes'
listen='0.0.0.0'>
+ <listen type='address' address='0.0.0.0'/>
+ </graphics>
+ </devices>
+ <seclabel model="selinux" type="dynamic"
relabel="yes">
+ <label>system_u:system_r:svirt_t:s0:c41,c264</label>
+ <imagelabel>system_u:object_r:svirt_image_t:s0:c41,c264</imagelabel>
+ </seclabel>
+</domain>
diff --git a/tests/securityselinuxlabeldata/voldisks.txt
b/tests/securityselinuxlabeldata/voldisks.txt
new file mode 100644
index 0000000..bd5d755
--- /dev/null
+++ b/tests/securityselinuxlabeldata/voldisks.txt
@@ -0,0 +1,5 @@
+/file.raw;
+/disk.raw;
+/host.raw;
+/direct.raw;
+/cdrom.raw;
diff --git a/tests/securityselinuxlabeldata/voldisks.xml
b/tests/securityselinuxlabeldata/voldisks.xml
new file mode 100644
index 0000000..ae7e629
--- /dev/null
+++ b/tests/securityselinuxlabeldata/voldisks.xml
@@ -0,0 +1,45 @@
+<domain type='kvm'>
+ <name>vm1</name>
+ <uuid>c7b3edbd-edaf-9455-926a-d65c16db1800</uuid>
+ <memory unit='KiB'>219200</memory>
+ <os>
+ <type arch='i686' machine='pc-1.0'>hvm</type>
+ <boot dev='cdrom'/>
+ </os>
+ <devices>
+ <disk type='volume' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source pool='dir-pool0' volume='dir-pool0-vol0'
file='/file.raw'/>
+ <target dev='hda' bus='ide'/>
+ </disk>
+ <disk type='volume' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source pool='dir-pool0' volume='dir-pool0-vol0'
mode='host' file='/host.raw'/>
+ <target dev='hda' bus='ide'/>
+ </disk>
+ <disk type='volume' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source pool='dir-pool0' volume='dir-pool0-vol0'
mode='direct' file='/direct.raw'/>
+ <target dev='hda' bus='ide'/>
+ </disk>
+ <disk type='volume' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source pool='blk-pool0' volume='blk-pool0-vol0'
file='/plain.raw'/>
+ <target dev='hda' bus='ide'/>
+ </disk>
+ <disk type='volume' device='cdrom'>
+ <driver name='qemu' type='raw'/>
+ <source pool='blk-pool0' volume='blk-pool0-vol1'
file='/cdrom.raw'/>
+ <target dev='hda' bus='ide'/>
+ <readonly/>
+ </disk>
+ <input type='mouse' bus='ps2'/>
+ <graphics type='vnc' port='-1' autoport='yes'
listen='0.0.0.0'>
+ <listen type='address' address='0.0.0.0'/>
+ </graphics>
+ </devices>
+ <seclabel model="selinux" type="dynamic"
relabel="yes">
+ <label>system_u:system_r:svirt_t:s0:c41,c264</label>
+ <imagelabel>system_u:object_r:svirt_image_t:s0:c41,c264</imagelabel>
+ </seclabel>
+</domain>
diff --git a/tests/securityselinuxlabeltest.c b/tests/securityselinuxlabeltest.c
index efe825a..8c88cfd 100644
--- a/tests/securityselinuxlabeltest.c
+++ b/tests/securityselinuxlabeltest.c
@@ -332,6 +332,8 @@ mymain(void)
setcon((security_context_t)"system_r:system_u:libvirtd_t:s0:c0.c1023");
DO_TEST_LABELING("disks");
+ DO_TEST_LABELING("netdisks");
+ DO_TEST_LABELING("voldisks");
DO_TEST_LABELING("kernel");
DO_TEST_LABELING("chardev");