[libvirt] [PATCH 0/2] conf: Fix parsing and formatting of seclabels

newer
[libvirt] [PATCH] util: Update the...

Jiri Denemark

31 Aug 2012 31 Aug '12

7:40 a.m.

This patchset contains updated patches from Marcelo with the changes I sent previously as a WIP. Marcelo Cerri (2): conf: Fix parsing of seclabels without model conf: Avoid formatting auto-generated DAC labels src/conf/domain_conf.c | 78 ++++++++++++++++++++++++++++++++++---------------- src/conf/domain_conf.h | 1 + 2 files changed, 55 insertions(+), 24 deletions(-) -- 1.7.12

Show replies by date

Jiri Denemark

31 Aug 31 Aug

7:40 a.m.

New subject: [libvirt] [PATCH 1/2] conf: Fix parsing of seclabels without model

From: Marcelo Cerri <mhcerri@linux.vnet.ibm.com> With this patch libvirt tries to assign a model to a single seclabel when model is missing. Libvirt will look up at host's capabilities and assign the first model to seclabel. This patch fixes: 1. The problem with existing guests that have a seclabel defined in its XML. 2. A XML parse error when a guest is restored. Signed-off-by: Marcelo Cerri <mhcerri@linux.vnet.ibm.com> --- src/conf/domain_conf.c | 63 ++++++++++++++++++++++++++++++++------------------ 1 file changed, 41 insertions(+), 22 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 554298d..5d2de72 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -3106,22 +3106,10 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt, def->baselabel = p; } - /* Only parse model, if static labelling, or a base - * label is set, or doing active XML - */ - if (def->type == VIR_DOMAIN_SECLABEL_STATIC || - def->baselabel || - (!(flags & VIR_DOMAIN_XML_INACTIVE) && - def->type != VIR_DOMAIN_SECLABEL_NONE)) { - - p = virXPathStringLimit("string(./@model)", - VIR_SECURITY_MODEL_BUFLEN-1, ctxt); - if (p == NULL && def->type != VIR_DOMAIN_SECLABEL_NONE) { - virReportError(VIR_ERR_XML_ERROR, - "%s", _("missing security model")); - } - def->model = p; - } + /* Always parse model */ + p = virXPathStringLimit("string(./@model)", + VIR_SECURITY_MODEL_BUFLEN-1, ctxt); + def->model = p; return def; @@ -3133,10 +3121,12 @@ error: static int virSecurityLabelDefsParseXML(virDomainDefPtr def, xmlXPathContextPtr ctxt, + virCapsPtr caps, unsigned int flags) { int i = 0, n; xmlNodePtr *list = NULL, saved_node; + virCapsHostPtr host = &caps->host; /* Check args and save context */ if (def == NULL || ctxt == NULL) @@ -3163,18 +3153,47 @@ virSecurityLabelDefsParseXML(virDomainDefPtr def, ctxt->node = saved_node; VIR_FREE(list); - /* Checking missing model information - * when there is more than one seclabel */ - if (n > 1) { + /* libvirt versions prior to 0.10.0 support just a single seclabel element + * in guest's XML and model attribute can be suppressed if type is none or + * type is dynamic, baselabel is not defined and INACTIVE flag is set. + * + * To avoid compatibility issues, for this specific case the first model + * defined in host's capabilities is used as model for the seclabel. + */ + if (def->nseclabels == 1 && + !def->seclabels[0]->model && + host->nsecModels > 0) { + if (def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_NONE || + (def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC && + !def->seclabels[0]->baselabel && + (flags & VIR_DOMAIN_XML_INACTIVE))) { + /* Copy model from host. */ + VIR_DEBUG("Found seclabel without a model, using '%s'", + host->secModels[0].model); + def->seclabels[0]->model = strdup(host->secModels[0].model); + if (!def->seclabels[0]->model) { + virReportOOMError(); + goto error; + } + } else { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing security model in domain seclabel")); + goto error; + } + } + + /* Checking missing model information */ + if (def->nseclabels > 1) { for(; n; n--) { if (def->seclabels[n - 1]->model == NULL) { virReportError(VIR_ERR_XML_ERROR, "%s", - _("missing security model " - "when using multiple labels")); + _("missing security model " + "when using multiple labels")); goto error; } } } + return 0; error: @@ -8170,7 +8189,7 @@ static virDomainDefPtr virDomainDefParseXML(virCapsPtr caps, /* analysis of security label, done early even though we format it * late, so devices can refer to this for defaults */ - if (virSecurityLabelDefsParseXML(def, ctxt, flags) == -1) + if (virSecurityLabelDefsParseXML(def, ctxt, caps, flags) == -1) goto error; /* Extract domain memory */ -- 1.7.12

Daniel Veillard

8:18 a.m.

New subject: [libvirt] [PATCH 1/2] conf: Fix parsing of seclabels without model

On Fri, Aug 31, 2012 at 01:40:40PM +0200, Jiri Denemark wrote:

...

From: Marcelo Cerri <mhcerri@linux.vnet.ibm.com>

With this patch libvirt tries to assign a model to a single seclabel when model is missing. Libvirt will look up at host's capabilities and assign the first model to seclabel.

This patch fixes:

1. The problem with existing guests that have a seclabel defined in its XML. 2. A XML parse error when a guest is restored.

Signed-off-by: Marcelo Cerri <mhcerri@linux.vnet.ibm.com> --- src/conf/domain_conf.c | 63 ++++++++++++++++++++++++++++++++------------------ 1 file changed, 41 insertions(+), 22 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 554298d..5d2de72 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -3106,22 +3106,10 @@ virSecurityLabelDefParseXML(xmlXPathContextPtr ctxt, def->baselabel = p; }

- /* Only parse model, if static labelling, or a base - * label is set, or doing active XML - */ - if (def->type == VIR_DOMAIN_SECLABEL_STATIC || - def->baselabel || - (!(flags & VIR_DOMAIN_XML_INACTIVE) && - def->type != VIR_DOMAIN_SECLABEL_NONE)) { - - p = virXPathStringLimit("string(./@model)", - VIR_SECURITY_MODEL_BUFLEN-1, ctxt); - if (p == NULL && def->type != VIR_DOMAIN_SECLABEL_NONE) { - virReportError(VIR_ERR_XML_ERROR, - "%s", _("missing security model")); - } - def->model = p; - } + /* Always parse model */ + p = virXPathStringLimit("string(./@model)", + VIR_SECURITY_MODEL_BUFLEN-1, ctxt); + def->model = p;

return def;

@@ -3133,10 +3121,12 @@ error: static int virSecurityLabelDefsParseXML(virDomainDefPtr def, xmlXPathContextPtr ctxt, + virCapsPtr caps, unsigned int flags) { int i = 0, n; xmlNodePtr *list = NULL, saved_node; + virCapsHostPtr host = &caps->host;

/* Check args and save context */ if (def == NULL || ctxt == NULL) @@ -3163,18 +3153,47 @@ virSecurityLabelDefsParseXML(virDomainDefPtr def, ctxt->node = saved_node; VIR_FREE(list);

- /* Checking missing model information - * when there is more than one seclabel */ - if (n > 1) { + /* libvirt versions prior to 0.10.0 support just a single seclabel element + * in guest's XML and model attribute can be suppressed if type is none or + * type is dynamic, baselabel is not defined and INACTIVE flag is set. + * + * To avoid compatibility issues, for this specific case the first model + * defined in host's capabilities is used as model for the seclabel. + */ + if (def->nseclabels == 1 && + !def->seclabels[0]->model && + host->nsecModels > 0) { + if (def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_NONE || + (def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DYNAMIC && + !def->seclabels[0]->baselabel && + (flags & VIR_DOMAIN_XML_INACTIVE))) { + /* Copy model from host. */ + VIR_DEBUG("Found seclabel without a model, using '%s'", + host->secModels[0].model); + def->seclabels[0]->model = strdup(host->secModels[0].model); + if (!def->seclabels[0]->model) { + virReportOOMError(); + goto error; + } + } else { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing security model in domain seclabel")); + goto error; + } + } + + /* Checking missing model information */ + if (def->nseclabels > 1) { for(; n; n--) { if (def->seclabels[n - 1]->model == NULL) { virReportError(VIR_ERR_XML_ERROR, "%s", - _("missing security model " - "when using multiple labels")); + _("missing security model " + "when using multiple labels")); goto error; } } } + return 0;

error: @@ -8170,7 +8189,7 @@ static virDomainDefPtr virDomainDefParseXML(virCapsPtr caps,

/* analysis of security label, done early even though we format it * late, so devices can refer to this for defaults */ - if (virSecurityLabelDefsParseXML(def, ctxt, flags) == -1) + if (virSecurityLabelDefsParseXML(def, ctxt, caps, flags) == -1) goto error;

/* Extract domain memory */

Okay, ACK, thanks ! Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/

Jiri Denemark

7:40 a.m.

New subject: [libvirt] [PATCH 2/2] conf: Avoid formatting auto-generated DAC labels

From: Marcelo Cerri <mhcerri@linux.vnet.ibm.com> To avoid backward compatibility issues, this patch suppresses auto-generated DAC labels from XML. This change affects commands such as dumpxml and save. Signed-off-by: Marcelo Cerri <mhcerri@linux.vnet.ibm.com> --- src/conf/domain_conf.c | 15 +++++++++++++-- src/conf/domain_conf.h | 1 + 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 5d2de72..49327df 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -11244,10 +11244,16 @@ virSecurityLabelDefFormat(virBufferPtr buf, virSecurityLabelDefPtr def) if (def->type == VIR_DOMAIN_SECLABEL_DEFAULT) return; + /* To avoid backward compatibility issues, suppress DAC labels that are + * automatically generated. + */ + if (STREQ_NULLABLE(def->model, "dac") && def->implicit) + return; + virBufferAsprintf(buf, "<seclabel type='%s'", sectype); - if (def->model) + if (def->model && STRNEQ(def->model, "none")) virBufferEscapeString(buf, " model='%s'", def->model); if (def->type == VIR_DOMAIN_SECLABEL_NONE) { @@ -14995,6 +15001,7 @@ virSecurityLabelDefPtr virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model) { int i; + virSecurityLabelDefPtr seclabel = NULL; if (def == NULL || model == NULL) return NULL; @@ -15006,7 +15013,11 @@ virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model) return def->seclabels[i]; } - return virDomainDefAddSecurityLabelDef(def, model); + seclabel = virDomainDefAddSecurityLabelDef(def, model); + if (seclabel) + seclabel->implicit = true; + + return seclabel; } virSecurityDeviceLabelDefPtr diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index dfdae49..034bebf 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -295,6 +295,7 @@ struct _virSecurityLabelDef { char *baselabel; /* base name of label string */ int type; /* virDomainSeclabelType */ bool norelabel; + bool implicit; /* true if seclabel is auto-added */ }; -- 1.7.12

Daniel Veillard

8:17 a.m.

New subject: [libvirt] [PATCH 2/2] conf: Avoid formatting auto-generated DAC labels

On Fri, Aug 31, 2012 at 01:40:41PM +0200, Jiri Denemark wrote:

...

From: Marcelo Cerri <mhcerri@linux.vnet.ibm.com>

To avoid backward compatibility issues, this patch suppresses auto-generated DAC labels from XML. This change affects commands such as dumpxml and save.

Signed-off-by: Marcelo Cerri <mhcerri@linux.vnet.ibm.com> --- src/conf/domain_conf.c | 15 +++++++++++++-- src/conf/domain_conf.h | 1 + 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 5d2de72..49327df 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -11244,10 +11244,16 @@ virSecurityLabelDefFormat(virBufferPtr buf, virSecurityLabelDefPtr def) if (def->type == VIR_DOMAIN_SECLABEL_DEFAULT) return;

+ /* To avoid backward compatibility issues, suppress DAC labels that are + * automatically generated. + */ + if (STREQ_NULLABLE(def->model, "dac") && def->implicit) + return; + virBufferAsprintf(buf, "<seclabel type='%s'", sectype);

- if (def->model) + if (def->model && STRNEQ(def->model, "none")) virBufferEscapeString(buf, " model='%s'", def->model);

if (def->type == VIR_DOMAIN_SECLABEL_NONE) { @@ -14995,6 +15001,7 @@ virSecurityLabelDefPtr virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model) { int i; + virSecurityLabelDefPtr seclabel = NULL;

if (def == NULL || model == NULL) return NULL; @@ -15006,7 +15013,11 @@ virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model) return def->seclabels[i]; }

- return virDomainDefAddSecurityLabelDef(def, model); + seclabel = virDomainDefAddSecurityLabelDef(def, model); + if (seclabel) + seclabel->implicit = true; + + return seclabel; }

virSecurityDeviceLabelDefPtr diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index dfdae49..034bebf 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -295,6 +295,7 @@ struct _virSecurityLabelDef { char *baselabel; /* base name of label string */ int type; /* virDomainSeclabelType */ bool norelabel; + bool implicit; /* true if seclabel is auto-added */ };

Okay, ACK, the WIP version we both tested, I'm pushing it Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/

4755

Age (days ago)

4755

Last active (days ago)

List overview

Download

4 comments

2 participants

participants (2)

Daniel Veillard
Jiri Denemark