[libvirt] [PATCH 0/2] conf: Fix parsing and formatting of seclabels

This patchset contains updated patches from Marcelo with the changes I sent previously as a WIP. Marcelo Cerri (2): conf: Fix parsing of seclabels without model conf: Avoid formatting auto-generated DAC labels src/conf/domain_conf.c | 78 ++++++++++++++++++++++++++++++++++---------------- src/conf/domain_conf.h | 1 + 2 files changed, 55 insertions(+), 24 deletions(-) -- 1.7.12

From: Marcelo Cerri <mhcerri@linux.vnet.ibm.com> With this patch libvirt tries to assign a model to a single seclabel when model is missing. Libvirt will look up at host's capabilities and assign the first model to seclabel. This patch fixes: 1. The problem with existing guests that have a seclabel defined in its XML. 2. A XML parse error when a guest is restored. Signed-off-by: Marcelo Cerri <mhcerri@linux.vnet.ibm.com> --- src/conf/domain_conf.c | 63 ++++++++++++++++++++++++++++++++------------------ 1 file changed, 41 insertions(+), 22 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 554298d..5d2de72 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -3106,22 +3106,10 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt, def->baselabel = p; } - /* Only parse model, if static labelling, or a base - * label is set, or doing active XML - */ - if (def->type == VIR_DOMAIN_SECLABEL_STATIC || - def->baselabel || - (!(flags & VIR_DOMAIN_XML_INACTIVE) && - def->type != VIR_DOMAIN_SECLABEL_NONE)) { - - p = virXPathStringLimit("string(./@model)", - VIR_SECURITY_MODEL_BUFLEN-1, ctxt); - if (p == NULL && def->type != VIR_DOMAIN_SECLABEL_NONE) { - virReportError(VIR_ERR_XML_ERROR, - "%s", _("missing security model")); - } - def->model = p; - } + /* Always parse model */ + p = virXPathStringLimit("string(./@model)", + VIR_SECURITY_MODEL_BUFLEN-1, ctxt); + def->model = p; return def; @@ -3133,10 +3121,12 @@ error: static int virSecurityLabelDefsParseXML(virDomainDefPtr def, xmlXPathContextPtr ctxt, + virCapsPtr caps, unsigned int flags) { int i = 0, n; xmlNodePtr *list = NULL, saved_node; + virCapsHostPtr host = &caps->host; /* Check args and save context */ if (def == NULL || ctxt == NULL) @@ -3163,18 +3153,47 @@ virSecurityLabelDefsParseXML(virDomainDefPtr def, ctxt->node = saved_node; VIR_FREE(list); - /* Checking missing model information - * when there is more than one seclabel */ - if (n > 1) { + /* libvirt versions prior to 0.10.0 support just a single seclabel element + * in guest's XML and model attribute can be suppressed if type is none or + * type is dynamic, baselabel is not defined and INACTIVE flag is set. + * + * To avoid compatibility issues, for this specific case the first model + * defined in host's capabilities is used as model for the seclabel. + */ + if (def->nseclabels == 1 && + !def->seclabels[0]->model && + host->nsecModels > 0) { + if (def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_NONE || + (def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC && + !def->seclabels[0]->baselabel && + (flags & VIR_DOMAIN_XML_INACTIVE))) { + /* Copy model from host. */ + VIR_DEBUG("Found seclabel without a model, using '%s'", + host->secModels[0].model); + def->seclabels[0]->model = strdup(host->secModels[0].model); + if (!def->seclabels[0]->model) { + virReportOOMError(); + goto error; + } + } else { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing security model in domain seclabel")); + goto error; + } + } + + /* Checking missing model information */ + if (def->nseclabels > 1) { for(; n; n--) { if (def->seclabels[n - 1]->model == NULL) { virReportError(VIR_ERR_XML_ERROR, "%s", - _("missing security model " - "when using multiple labels")); + _("missing security model " + "when using multiple labels")); goto error; } } } + return 0; error: @@ -8170,7 +8189,7 @@ static virDomainDefPtr virDomainDefParseXML(virCapsPtr caps, /* analysis of security label, done early even though we format it * late, so devices can refer to this for defaults */ - if (virSecurityLabelDefsParseXML(def, ctxt, flags) == -1) + if (virSecurityLabelDefsParseXML(def, ctxt, caps, flags) == -1) goto error; /* Extract domain memory */ -- 1.7.12

On Fri, Aug 31, 2012 at 01:40:40PM +0200, Jiri Denemark wrote:
From: Marcelo Cerri <mhcerri@linux.vnet.ibm.com>
With this patch libvirt tries to assign a model to a single seclabel when model is missing. Libvirt will look up at host's capabilities and assign the first model to seclabel.
This patch fixes:
1. The problem with existing guests that have a seclabel defined in its XML. 2. A XML parse error when a guest is restored.
Signed-off-by: Marcelo Cerri <mhcerri@linux.vnet.ibm.com> --- src/conf/domain_conf.c | 63 ++++++++++++++++++++++++++++++++------------------ 1 file changed, 41 insertions(+), 22 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 554298d..5d2de72 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -3106,22 +3106,10 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt, def->baselabel = p; }
- /* Only parse model, if static labelling, or a base - * label is set, or doing active XML - */ - if (def->type == VIR_DOMAIN_SECLABEL_STATIC || - def->baselabel || - (!(flags & VIR_DOMAIN_XML_INACTIVE) && - def->type != VIR_DOMAIN_SECLABEL_NONE)) { - - p = virXPathStringLimit("string(./@model)", - VIR_SECURITY_MODEL_BUFLEN-1, ctxt); - if (p == NULL && def->type != VIR_DOMAIN_SECLABEL_NONE) { - virReportError(VIR_ERR_XML_ERROR, - "%s", _("missing security model")); - } - def->model = p; - } + /* Always parse model */ + p = virXPathStringLimit("string(./@model)", + VIR_SECURITY_MODEL_BUFLEN-1, ctxt); + def->model = p;
return def;
@@ -3133,10 +3121,12 @@ error: static int virSecurityLabelDefsParseXML(virDomainDefPtr def, xmlXPathContextPtr ctxt, + virCapsPtr caps, unsigned int flags) { int i = 0, n; xmlNodePtr *list = NULL, saved_node; + virCapsHostPtr host = &caps->host;
/* Check args and save context */ if (def == NULL || ctxt == NULL) @@ -3163,18 +3153,47 @@ virSecurityLabelDefsParseXML(virDomainDefPtr def, ctxt->node = saved_node; VIR_FREE(list);
- /* Checking missing model information - * when there is more than one seclabel */ - if (n > 1) { + /* libvirt versions prior to 0.10.0 support just a single seclabel element + * in guest's XML and model attribute can be suppressed if type is none or + * type is dynamic, baselabel is not defined and INACTIVE flag is set. + * + * To avoid compatibility issues, for this specific case the first model + * defined in host's capabilities is used as model for the seclabel. + */ + if (def->nseclabels == 1 && + !def->seclabels[0]->model && + host->nsecModels > 0) { + if (def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_NONE || + (def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC && + !def->seclabels[0]->baselabel && + (flags & VIR_DOMAIN_XML_INACTIVE))) { + /* Copy model from host. */ + VIR_DEBUG("Found seclabel without a model, using '%s'", + host->secModels[0].model); + def->seclabels[0]->model = strdup(host->secModels[0].model); + if (!def->seclabels[0]->model) { + virReportOOMError(); + goto error; + } + } else { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing security model in domain seclabel")); + goto error; + } + } + + /* Checking missing model information */ + if (def->nseclabels > 1) { for(; n; n--) { if (def->seclabels[n - 1]->model == NULL) { virReportError(VIR_ERR_XML_ERROR, "%s", - _("missing security model " - "when using multiple labels")); + _("missing security model " + "when using multiple labels")); goto error; } } } + return 0;
error: @@ -8170,7 +8189,7 @@ static virDomainDefPtr virDomainDefParseXML(virCapsPtr caps,
/* analysis of security label, done early even though we format it * late, so devices can refer to this for defaults */ - if (virSecurityLabelDefsParseXML(def, ctxt, flags) == -1) + if (virSecurityLabelDefsParseXML(def, ctxt, caps, flags) == -1) goto error;
/* Extract domain memory */
Okay, ACK, thanks ! Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/

From: Marcelo Cerri <mhcerri@linux.vnet.ibm.com> To avoid backward compatibility issues, this patch suppresses auto-generated DAC labels from XML. This change affects commands such as dumpxml and save. Signed-off-by: Marcelo Cerri <mhcerri@linux.vnet.ibm.com> --- src/conf/domain_conf.c | 15 +++++++++++++-- src/conf/domain_conf.h | 1 + 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 5d2de72..49327df 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -11244,10 +11244,16 @@ virSecurityLabelDefFormat(virBufferPtr buf, virSecurityLabelDefPtr def) if (def->type == VIR_DOMAIN_SECLABEL_DEFAULT) return; + /* To avoid backward compatibility issues, suppress DAC labels that are + * automatically generated. + */ + if (STREQ_NULLABLE(def->model, "dac") && def->implicit) + return; + virBufferAsprintf(buf, "<seclabel type='%s'", sectype); - if (def->model) + if (def->model && STRNEQ(def->model, "none")) virBufferEscapeString(buf, " model='%s'", def->model); if (def->type == VIR_DOMAIN_SECLABEL_NONE) { @@ -14995,6 +15001,7 @@ virSecurityLabelDefPtr virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model) { int i; + virSecurityLabelDefPtr seclabel = NULL; if (def == NULL || model == NULL) return NULL; @@ -15006,7 +15013,11 @@ virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model) return def->seclabels[i]; } - return virDomainDefAddSecurityLabelDef(def, model); + seclabel = virDomainDefAddSecurityLabelDef(def, model); + if (seclabel) + seclabel->implicit = true; + + return seclabel; } virSecurityDeviceLabelDefPtr diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index dfdae49..034bebf 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -295,6 +295,7 @@ struct _virSecurityLabelDef { char *baselabel; /* base name of label string */ int type; /* virDomainSeclabelType */ bool norelabel; + bool implicit; /* true if seclabel is auto-added */ }; -- 1.7.12

On Fri, Aug 31, 2012 at 01:40:41PM +0200, Jiri Denemark wrote:
From: Marcelo Cerri <mhcerri@linux.vnet.ibm.com>
To avoid backward compatibility issues, this patch suppresses auto-generated DAC labels from XML. This change affects commands such as dumpxml and save.
Signed-off-by: Marcelo Cerri <mhcerri@linux.vnet.ibm.com> --- src/conf/domain_conf.c | 15 +++++++++++++-- src/conf/domain_conf.h | 1 + 2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 5d2de72..49327df 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -11244,10 +11244,16 @@ virSecurityLabelDefFormat(virBufferPtr buf, virSecurityLabelDefPtr def) if (def->type == VIR_DOMAIN_SECLABEL_DEFAULT) return;
+ /* To avoid backward compatibility issues, suppress DAC labels that are + * automatically generated. + */ + if (STREQ_NULLABLE(def->model, "dac") && def->implicit) + return; + virBufferAsprintf(buf, "<seclabel type='%s'", sectype);
- if (def->model) + if (def->model && STRNEQ(def->model, "none")) virBufferEscapeString(buf, " model='%s'", def->model);
if (def->type == VIR_DOMAIN_SECLABEL_NONE) { @@ -14995,6 +15001,7 @@ virSecurityLabelDefPtr virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model) { int i; + virSecurityLabelDefPtr seclabel = NULL;
if (def == NULL || model == NULL) return NULL; @@ -15006,7 +15013,11 @@ virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model) return def->seclabels[i]; }
- return virDomainDefAddSecurityLabelDef(def, model); + seclabel = virDomainDefAddSecurityLabelDef(def, model); + if (seclabel) + seclabel->implicit = true; + + return seclabel; }
virSecurityDeviceLabelDefPtr diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index dfdae49..034bebf 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -295,6 +295,7 @@ struct _virSecurityLabelDef { char *baselabel; /* base name of label string */ int type; /* virDomainSeclabelType */ bool norelabel; + bool implicit; /* true if seclabel is auto-added */ };
Okay, ACK, the WIP version we both tested, I'm pushing it Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/
participants (2)
-
Daniel Veillard
-
Jiri Denemark