[libvirt] [PATCH 1/6] security: Add check for valid security model
We do have a check for valid per-domain security model, however we still
do permit an invalid security model for a <disk> type device.
This patch introduces a new function virSecurityStackCheckDiskLabels
which compares user specified security model against currently
registered security drivers. That being said, it also permits 'none'
being specified as a device security model.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1165485
---
src/security/security_manager.c | 5 +++++
src/security/security_manager.h | 1 +
src/security/security_stack.c | 48 +++++++++++++++++++++++++++++++++++++++--
3 files changed, 52 insertions(+), 2 deletions(-)
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 302f54d..8eacf0c 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -262,6 +262,11 @@ virSecurityManagerGetDriver(virSecurityManagerPtr mgr)
return mgr->virtDriver;
}
+const char *
+virSecurityManagerGetDriverName(virSecurityManagerPtr mgr)
+{
+ return mgr->drv->name;
+}
const char *
virSecurityManagerGetDOI(virSecurityManagerPtr mgr)
diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index 156f882..4626c4b 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -70,6 +70,7 @@ void virSecurityManagerPostFork(virSecurityManagerPtr mgr);
void *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr);
const char *virSecurityManagerGetDriver(virSecurityManagerPtr mgr);
+const char *virSecurityManagerGetDriverName(virSecurityManagerPtr mgr);
const char *virSecurityManagerGetDOI(virSecurityManagerPtr mgr);
const char *virSecurityManagerGetModel(virSecurityManagerPtr mgr);
const char *virSecurityManagerGetBaseLabel(virSecurityManagerPtr mgr, int virtType);
diff --git a/src/security/security_stack.c b/src/security/security_stack.c
index 1ded57b..75d8b96 100644
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -301,7 +301,46 @@ virSecurityStackRestoreSecurityHostdevLabel(virSecurityManagerPtr
mgr,
return rc;
}
+static int
+virSecurityStackCheckSecurityDiskLabels(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm)
+{
+ virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+ virSecurityStackItemPtr item = priv->itemsHead;
+ size_t i, j;
+ bool sec_model_valid = false;
+
+ for (i = 0; i < vm->ndisks; i++) {
+ virStorageSourcePtr src = vm->disks[i]->src;
+ for (j = 0; j < src->nseclabels; j++) {
+ const char *sec_model = src->seclabels[j]->model;
+
+ if (STREQ_NULLABLE(sec_model, "none")) {
+ sec_model_valid = true;
+ continue;
+ }
+
+ sec_model_valid = false;
+ for (; item; item = item->next) {
+ const char *drv_name = virSecurityManagerGetDriverName(mgr);
+
+ if (STREQ_NULLABLE(sec_model, drv_name)) {
+ sec_model_valid = true;
+ break;
+ }
+ }
+ if (!sec_model_valid) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("No security driver matches security model "
+ "'%s'"),
+ sec_model);
+ return -1;
+ }
+ }
+ }
+ return 0;
+}
static int
virSecurityStackSetSecurityAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
@@ -309,13 +348,18 @@ virSecurityStackSetSecurityAllLabel(virSecurityManagerPtr mgr,
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
virSecurityStackItemPtr item = priv->itemsHead;
- int rc = 0;
+ int rc = -1;
+
+ if (virSecurityStackCheckSecurityDiskLabels(mgr, vm) < 0)
+ goto error;
for (; item; item = item->next) {
if (virSecurityManagerSetAllLabel(item->securityManager, vm, stdin_path) <
0)
- rc = -1;
+ goto error;
}
+ rc = 0;
+ error:
return rc;
}
--
1.9.3