9:36 a.m.
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Currently the dynamic label generation code will create labels
with a sensitivity of s0, and a category pair in the range
0-1023. This is fine when running a standard MCS policy because
libvirtd will run with a label
system_u:system_r:virtd_t:s0-s0:c0.c1023
With custom policies though, it is possible for libvirtd to have
a different sensitivity, or category range. For example
system_u:system_r:virtd_t:s2-s3:c512.c1023
In this case we must assign the VM a sensitivity matching the
current lower sensitivity value, and categories in the range
512-1023
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
src/security/security_selinux.c | 106 ++++++++++++++++++++++++++++++++++++++--
1 file changed, 102 insertions(+), 4 deletions(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 48fd78b..bc24dca 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -106,13 +106,108 @@ virSecuritySELinuxMCSFind(virSecurityManagerPtr mgr)
int c1 = 0;
int c2 = 0;
char *mcs = NULL;
+ security_context_t ourSecContext = NULL;
+ context_t ourContext = NULL;
+ char *sens, *cat, *tmp;
+ int catMin, catMax, catRange;
+
+ if (getcon(&ourSecContext) < 0) {
+ virReportSystemError(errno, "%s",
+ _("Unable to get current process SELinux
context"));
+ goto cleanup;
+ }
+ if (!(ourContext = context_new(ourSecContext))) {
+ virReportSystemError(errno,
+ _("Unable to parse current SELinux context
'%s'"),
+ ourSecContext);
+ goto cleanup;
+ }
+
+ if (!(sens = strdup(context_range_get(ourContext)))) {
+ virReportOOMError();
+ goto cleanup;
+ }
+
+ /* Find and blank out the category part */
+ if (!(tmp = strchr(sens, ':'))) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Cannot parse sensitivity level in %s"),
+ sens);
+ goto cleanup;
+ }
+ *tmp = '\0';
+ cat = tmp + 1;
+ /* Find and blank out the sensitivity upper bound */
+ if ((tmp = strchr(sens, '-')))
+ *tmp = '\0';
+ /* sens now just contains the sensitivity lower bound */
+
+ /* Find & extract category min */
+ tmp = cat;
+ if (tmp[0] != 'c') {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Cannot parse category in %s"),
+ cat);
+ goto cleanup;
+ }
+ tmp++;
+ if (virStrToLong_i(tmp, &tmp, 10, &catMin) < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Cannot parse category in %s"),
+ cat);
+ goto cleanup;
+ }
+
+ /* We *must* have a pair of categories otherwise
+ * there's no range to allocate VM categories from */
+ if (!tmp[0]) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("No category range available"));
+ goto cleanup;
+ }
+
+ /* Find & extract category max (if any) */
+ if (tmp[0] != '.') {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Cannot parse category in %s"),
+ cat);
+ goto cleanup;
+ }
+ tmp++;
+ if (tmp[0] != 'c') {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Cannot parse category in %s"),
+ cat);
+ goto cleanup;
+ }
+ tmp++;
+ if (virStrToLong_i(tmp, &tmp, 10, &catMax) < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Cannot parse category in %s"),
+ cat);
+ goto cleanup;
+ }
+
+ /* +1 since virRandomInt range is exclusive of the upper bound */
+ catRange = (catMax - catMin) + 1;
+
+ if (catRange < 8) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Category range c%d-c%d too small"),
+ catMin, catMax);
+ goto cleanup;
+ }
+
+ VIR_DEBUG("Using sensitivity level '%s' cat min %d max %d range
%d",
+ sens, catMin, catMax, catRange);
for (;;) {
- c1 = virRandomBits(10);
- c2 = virRandomBits(10);
+ c1 = virRandomInt(catRange);
+ c2 = virRandomInt(catRange);
+ VIR_DEBUG("Try cat %s:c%d,c%d", sens, c1+catMin, c2+catMin);
if (c1 == c2) {
- if (virAsprintf(&mcs, "s0:c%d", c1) < 0) {
+ if (virAsprintf(&mcs, "%s:c%d", sens, catMin + c1) < 0) {
virReportOOMError();
return NULL;
}
@@ -122,7 +217,7 @@ virSecuritySELinuxMCSFind(virSecurityManagerPtr mgr)
c1 = c2;
c2 = t;
}
- if (virAsprintf(&mcs, "s0:c%d,c%d", c1, c2) < 0) {
+ if (virAsprintf(&mcs, "%s:c%d,c%d", sens, catMin + c1, catMin +
c2) < 0) {
virReportOOMError();
return NULL;
}
@@ -136,6 +231,9 @@ virSecuritySELinuxMCSFind(virSecurityManagerPtr mgr)
cleanup:
VIR_DEBUG("Found context '%s'", NULLSTR(mcs));
+ VIR_FREE(sens);
+ freecon(ourSecContext);
+ context_free(ourContext);
return mcs;
}
--
1.7.11.2
9:36 a.m.
New subject: [libvirt] [PATCH v2 2/2] Add test case for SELinux label generation
From: "Daniel P. Berrange" <berrange(a)redhat.com>
This test case validates the correct generation of SELinux labels
for VMs, wrt the current process label. Since we can't actually
change the label of the test program process, we create a shared
library libsecurityselinuxhelper.so which overrides the getcon()
and setcon() libselinux.so functions. When started the test case
will check to see if LD_PRELOAD is set, and if not, it will
re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
.gitignore | 1 +
tests/Makefile.am | 26 ++++
tests/securityselinuxhelper.c | 67 +++++++++
tests/securityselinuxtest.c | 313 ++++++++++++++++++++++++++++++++++++++++++
tests/testutils.h | 16 +++
5 files changed, 423 insertions(+)
create mode 100644 tests/securityselinuxhelper.c
create mode 100644 tests/securityselinuxtest.c
diff --git a/.gitignore b/.gitignore
index 17dcae4..5041ddf 100644
--- a/.gitignore
+++ b/.gitignore
@@ -146,6 +146,7 @@
/tests/reconnect
/tests/secaatest
/tests/seclabeltest
+/tests/securityselinuxtest
/tests/sexpr2xmltest
/tests/shunloadtest
/tests/sockettest
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 60d322d..e97a487 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -94,6 +94,10 @@ test_programs = virshtest sockettest \
virtimetest viruritest virkeyfiletest \
virauthconfigtest
+if WITH_SECDRIVER_SELINUX
+test_programs += securityselinuxtest
+endif
+
if WITH_DRIVER_MODULES
test_programs += virdrivermoduletest
endif
@@ -523,6 +527,28 @@ seclabeltest_SOURCES = \
seclabeltest.c
seclabeltest_LDADD = $(LDADDS)
+if WITH_SECDRIVER_SELINUX
+if WITH_TESTS
+noinst_LTLIBRARIES += libsecurityselinuxhelper.la
+else
+check_LTLIBRARIES += libsecurityselinuxhelper.la
+endif
+
+libsecurityselinuxhelper_la_SOURCES = \
+ securityselinuxhelper.c
+libsecurityselinuxhelper_la_CFLAGS = $(AM_CFLAGS)
+libsecurityselinuxhelper_la_LDFLAGS = -module -avoid-version \
+ -rpath /evil/libtool/hack/to/force/shared/lib/creation
+
+securityselinuxtest_SOURCES = \
+ securityselinuxtest.c testutils.h testutils.c
+securityselinuxtest_CFLAGS = -Dabs_builddir="\"$(abs_builddir)\""
$(AM_CFLAGS)
+securityselinuxtest_LDADD = $(LDADDS)
+securityselinuxtest_DEPENDENCIES = libsecurityselinuxhelper.la
+else
+EXTRA_DIST += securityselinuxtest.c securityselinuxhelper.c
+endif
+
virbuftest_SOURCES = \
virbuftest.c testutils.h testutils.c
virbuftest_LDADD = $(LDADDS)
diff --git a/tests/securityselinuxhelper.c b/tests/securityselinuxhelper.c
new file mode 100644
index 0000000..98472a6
--- /dev/null
+++ b/tests/securityselinuxhelper.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2011-2012 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * License along with this library; If not, see
+ * <http://www.gnu.org/licenses/>;.
+ *
+ */
+
+#include <config.h>
+
+#include <selinux/selinux.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+/*
+ * The kernel policy will not allow us to arbitrarily change
+ * test process context. This helper is used as an LD_PRELOAD
+ * so that the libvirt code /thinks/ it is changing/reading
+ * the process context, where as in fact we're faking it all
+ */
+
+int getcon(security_context_t *context)
+{
+ if (getenv("FAKE_CONTEXT") == NULL) {
+ *context = NULL;
+ errno = EINVAL;
+ return -1;
+ }
+ if (!(*context = strdup(getenv("FAKE_CONTEXT"))))
+ return -1;
+ return 0;
+}
+
+int getpidcon(pid_t pid, security_context_t *context)
+{
+ if (pid != getpid()) {
+ *context = NULL;
+ errno = ESRCH;
+ return -1;
+ }
+ if (getenv("FAKE_CONTEXT") == NULL) {
+ *context = NULL;
+ errno = EINVAL;
+ return -1;
+ }
+ if (!(*context = strdup(getenv("FAKE_CONTEXT"))))
+ return -1;
+ return 0;
+}
+
+int setcon(security_context_t context)
+{
+ return setenv("FAKE_CONTEXT", context, 1);
+}
diff --git a/tests/securityselinuxtest.c b/tests/securityselinuxtest.c
new file mode 100644
index 0000000..a2f3d9c
--- /dev/null
+++ b/tests/securityselinuxtest.c
@@ -0,0 +1,313 @@
+/*
+ * Copyright (C) 2011-2012 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * License along with this library; If not, see
+ * <http://www.gnu.org/licenses/>;.
+ *
+ */
+
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+
+#include <selinux/selinux.h>
+#include <selinux/context.h>
+
+#include "internal.h"
+#include "testutils.h"
+#include "memory.h"
+#include "util.h"
+#include "logging.h"
+#include "virterror_internal.h"
+#include "security/security_manager.h"
+
+
+#define VIR_FROM_THIS VIR_FROM_NONE
+
+struct testSELinuxGenLabelData {
+ virSecurityManagerPtr mgr;
+
+ const char *pidcon;
+
+ bool dynamic;
+ const char *label;
+ const char *baselabel;
+
+ const char *user;
+ const char *role;
+ const char *type;
+ const char *imagetype;
+
+ int sensMin;
+ int sensMax;
+ int catMin;
+ int catMax;
+};
+
+static virDomainDefPtr
+testBuildDomainDef(bool dynamic,
+ const char *label,
+ const char *baselabel)
+{
+ virDomainDefPtr def;
+
+ if (VIR_ALLOC(def) < 0)
+ goto no_memory;
+
+ def->seclabel.type = dynamic ? VIR_DOMAIN_SECLABEL_DYNAMIC :
VIR_DOMAIN_SECLABEL_STATIC;
+
+ if (label &&
+ !(def->seclabel.label = strdup(label)))
+ goto no_memory;
+
+ if (baselabel &&
+ !(def->seclabel.baselabel = strdup(baselabel)))
+ goto no_memory;
+
+ return def;
+
+no_memory:
+ virReportOOMError();
+ virDomainDefFree(def);
+ return NULL;
+}
+
+
+static bool
+testSELinuxCheckCon(context_t con,
+ const char *user,
+ const char *role,
+ const char *type,
+ int sensMin,
+ int sensMax ATTRIBUTE_UNUSED,
+ int catMin,
+ int catMax)
+{
+ const char *range;
+ char *tmp;
+ int gotSens;
+ int gotCatOne;
+ int gotCatTwo;
+
+ if (STRNEQ(context_user_get(con), user)) {
+ fprintf(stderr, "Expect user %s got %s\n",
+ user, context_user_get(con));
+ return false;
+ }
+ if (STRNEQ(context_role_get(con), role)) {
+ fprintf(stderr, "Expect role %s got %s\n",
+ role, context_role_get(con));
+ return false;
+ }
+ if (STRNEQ(context_type_get(con), type)) {
+ fprintf(stderr, "Expect type %s got %s\n",
+ type, context_type_get(con));
+ return false;
+ }
+
+ range = context_range_get(con);
+ if (range[0] != 's') {
+ fprintf(stderr, "Malformed range %s, cannot find sensitivity\n",
+ range);
+ return false;
+ }
+ if (virStrToLong_i(range + 1, &tmp, 10, &gotSens) < 0 ||
+ !tmp) {
+ fprintf(stderr, "Malformed range %s, cannot parse sensitivity\n",
+ range + 1);
+ return false;
+ }
+ if (*tmp != ':') {
+ fprintf(stderr, "Malformed range %s, too many sensitivity values\n",
+ tmp);
+ return false;
+ }
+ tmp++;
+ if (*tmp != 'c') {
+ fprintf(stderr, "Malformed range %s, cannot find first category\n",
+ tmp);
+ return false;
+ }
+ tmp++;
+ if (virStrToLong_i(tmp, &tmp, 10, &gotCatOne) < 0) {
+ fprintf(stderr, "Malformed range %s, cannot parse category one\n",
+ tmp);
+ return false;
+ }
+ if (tmp && *tmp == ',')
+ tmp++;
+ if (tmp && *tmp == 'c') {
+ tmp++;
+ if (virStrToLong_i(tmp, &tmp, 10, &gotCatTwo) < 0) {
+ fprintf(stderr, "Malformed range %s, cannot parse category two\n",
+ tmp);
+ return false;
+ }
+ if (*tmp != '\0') {
+ fprintf(stderr, "Malformed range %s, junk after second
category\n",
+ tmp);
+ return false;
+ }
+ if (gotCatOne == gotCatTwo) {
+ fprintf(stderr, "Saw category pair %d,%d where cats were equal\n",
+ gotCatOne, gotCatTwo);
+ return false;
+ }
+ } else {
+ gotCatTwo = gotCatOne;
+ }
+
+ if (gotSens != sensMin) {
+ fprintf(stderr, "Sensitivity %d is not equal to min %d\n",
+ gotSens, sensMin);
+ return false;
+ }
+ if (gotCatOne < catMin ||
+ gotCatOne > catMax) {
+ fprintf(stderr, "Category one %d is out of range %d-%d\n",
+ gotCatTwo, catMin, catMax);
+ return false;
+ }
+ if (gotCatTwo < catMin ||
+ gotCatTwo > catMax) {
+ fprintf(stderr, "Category two %d is out of range %d-%d\n",
+ gotCatTwo, catMin, catMax);
+ return false;
+ }
+
+ if (gotCatOne > gotCatTwo) {
+ fprintf(stderr, "Category one %d is greater than category two %d\n",
+ gotCatOne, gotCatTwo);
+ return false;
+ }
+
+ return true;
+}
+
+static int
+testSELinuxGenLabel(const void *opaque)
+{
+ const struct testSELinuxGenLabelData *data = opaque;
+ int ret = -1;
+ virDomainDefPtr def;
+ context_t con = NULL;
+ context_t imgcon = NULL;
+
+ if (setcon((security_context_t)data->pidcon) < 0) {
+ perror("Cannot set process security context");
+ return -1;
+ }
+
+ if (!(def = testBuildDomainDef(data->dynamic,
+ data->label,
+ data->baselabel)))
+ goto cleanup;
+
+ if (virSecurityManagerGenLabel(data->mgr, def) < 0) {
+ virErrorPtr err = virGetLastError();
+ fprintf(stderr, "Cannot generated label %s\n", err->message);
+ goto cleanup;
+ }
+
+ VIR_DEBUG("label=%s imagelabel=%s",
+ def->seclabel.label, def->seclabel.imagelabel);
+
+ if (!(con = context_new(def->seclabel.label)))
+ goto cleanup;
+ if (!(imgcon = context_new(def->seclabel.imagelabel)))
+ goto cleanup;
+
+ if (!testSELinuxCheckCon(con,
+ data->user, data->role, data->type,
+ data->sensMin, data->sensMax,
+ data->catMin, data->catMax))
+ goto cleanup;
+
+ if (!testSELinuxCheckCon(imgcon,
+ data->user, data->role, data->imagetype,
+ data->sensMin, data->sensMax,
+ data->catMin, data->catMax))
+ goto cleanup;
+
+ ret = 0;
+
+cleanup:
+ context_free(con);
+ context_free(imgcon);
+ virDomainDefFree(def);
+ return ret;
+}
+
+
+
+static int
+mymain(void)
+{
+ int ret = 0;
+ virSecurityManagerPtr mgr;
+
+ if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true,
false))) {
+ virErrorPtr err = virGetLastError();
+ if (err->code == VIR_ERR_CONFIG_UNSUPPORTED)
+ exit(EXIT_AM_SKIP);
+
+ fprintf(stderr, "Unable to initialize security driver: %s\n",
+ err->message);
+ exit(EXIT_FAILURE);
+ }
+
+#define DO_TEST_GEN_LABEL(desc, pidcon, \
+ dynamic, label, baselabel, \
+ user, role, type, imageType, \
+ sensMin, sensMax, catMin, catMax) \
+ do { \
+ struct testSELinuxGenLabelData data = { \
+ mgr, pidcon, dynamic, label, baselabel, \
+ user, role, type, imageType, \
+ sensMin, sensMax, catMin, catMax \
+ }; \
+ if (virtTestRun("GenLabel " # desc, 1, testSELinuxGenLabel, &data)
< 0) \
+ ret = -1; \
+ } while (0)
+
+ DO_TEST_GEN_LABEL("dynamic unconfined, s0, c0.c1023",
+ "unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023",
+ true, NULL, NULL,
+ "unconfined_u", "unconfined_r",
"svirt_t", "svirt_image_t",
+ 0, 0, 0, 1023);
+ DO_TEST_GEN_LABEL("dynamic virtd, s0, c0.c1023",
+ "system_u:system_r:virtd_t:s0-s0:c0.c1023",
+ true, NULL, NULL,
+ "system_u", "system_r", "svirt_t",
"svirt_image_t",
+ 0, 0, 0, 1023);
+ DO_TEST_GEN_LABEL("dynamic virtd, s0, c0.c10",
+ "system_u:system_r:virtd_t:s0-s0:c0.c10",
+ true, NULL, NULL,
+ "system_u", "system_r", "svirt_t",
"svirt_image_t",
+ 0, 0, 0, 10);
+ DO_TEST_GEN_LABEL("dynamic virtd, s2-s3, c0.c1023",
+ "system_u:system_r:virtd_t:s2-s3:c0.c1023",
+ true, NULL, NULL,
+ "system_u", "system_r", "svirt_t",
"svirt_image_t",
+ 2, 3, 0, 1023);
+
+ return (ret == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
+}
+
+VIRT_TEST_MAIN_PRELOAD(mymain, abs_builddir
"/.libs/libsecurityselinuxhelper.so")
diff --git a/tests/testutils.h b/tests/testutils.h
index f372c23..51aed9a 100644
--- a/tests/testutils.h
+++ b/tests/testutils.h
@@ -70,4 +70,20 @@ int virtTestMain(int argc,
return virtTestMain(argc, argv, func); \
}
+# define VIRT_TEST_MAIN_PRELOAD(func, lib) \
+ int main(int argc, char **argv) { \
+ const char *preload = getenv("LD_PRELOAD"); \
+ if (preload == NULL || strstr(preload, lib) == NULL) { \
+ char *newenv; \
+ if (virAsprintf(&newenv, "%s%s%s", preload ? preload :
"", \
+ preload ? ":" : "", lib) < 0) {
\
+ perror("virAsprintf"); \
+ exit(EXIT_FAILURE); \
+ } \
+ setenv("LD_PRELOAD", newenv, 1); \
+ execv(argv[0], argv); \
+ } \
+ return virtTestMain(argc, argv, func); \
+ }
+
#endif /* __VIT_TEST_UTILS_H__ */
--
1.7.11.2
12:31 p.m.
New subject: [libvirt] [PATCH v2 2/2] Add test case for SELinux label generation
On 08/14/2012 08:36 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange(a)redhat.com>
This test case validates the correct generation of SELinux labels
for VMs, wrt the current process label. Since we can't actually
change the label of the test program process, we create a shared
library libsecurityselinuxhelper.so which overrides the getcon()
and setcon() libselinux.so functions. When started the test case
will check to see if LD_PRELOAD is set, and if not, it will
re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
+++ b/tests/securityselinuxhelper.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2011-2012 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * License along with this library; If not, see
Eep. What's with the duplicate line? Oh, bad copy-n-paste from
viratomictest.c. I'll fix that momentarily.
+++ b/tests/securityselinuxtest.c
@@ -0,0 +1,313 @@
+/*
+ * Copyright (C) 2011-2012 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * License along with this library; If not, see
and again.
+ if (tmp && *tmp == ',')
+ tmp++;
+ if (tmp && *tmp == 'c') {
+ tmp++;
+ if (virStrToLong_i(tmp, &tmp, 10, &gotCatTwo) < 0) {
+ fprintf(stderr, "Malformed range %s, cannot parse category
two\n",
+ tmp);
+ return false;
+ }
+ if (*tmp != '\0') {
+ fprintf(stderr, "Malformed range %s, junk after second
category\n",
+ tmp);
+ return false;
I'd move this hunk...
+ }
+ if (gotCatOne == gotCatTwo) {
+ fprintf(stderr, "Saw category pair %d,%d where cats were
equal\n",
+ gotCatOne, gotCatTwo);
+ return false;
+ }
+ } else {
+ gotCatTwo = gotCatOne;
+ }
...down here, to make sure that parsing didn't stop because of something
like a 'c0.c255' instead of the expected 'c0,c15'.
+# define VIRT_TEST_MAIN_PRELOAD(func, lib) \
+ int main(int argc, char **argv) { \
+ const char *preload = getenv("LD_PRELOAD"); \
+ if (preload == NULL || strstr(preload, lib) == NULL) { \
+ char *newenv; \
+ if (virAsprintf(&newenv, "%s%s%s", preload ? preload :
"", \
+ preload ? ":" : "", lib) < 0) {
\
+ perror("virAsprintf"); \
+ exit(EXIT_FAILURE); \
+ } \
+ setenv("LD_PRELOAD", newenv, 1); \
+ execv(argv[0], argv); \
execv failure is silently ignored...
+ }
\
+ return virtTestMain(argc, argv, func); \
but falls through to the test, which will probably fail in that case, so
I'm not too worried.
ACK with the two copy-and-paste's cleaned up, and with the tighter check
for junk at the end of the resulting category.
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
12:16 p.m.
On 08/14/2012 08:36 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Currently the dynamic label generation code will create labels
with a sensitivity of s0, and a category pair in the range
0-1023. This is fine when running a standard MCS policy because
libvirtd will run with a label
system_u:system_r:virtd_t:s0-s0:c0.c1023
With custom policies though, it is possible for libvirtd to have
a different sensitivity, or category range. For example
system_u:system_r:virtd_t:s2-s3:c512.c1023
In this case we must assign the VM a sensitivity matching the
current lower sensitivity value, and categories in the range
512-1023
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
src/security/security_selinux.c | 106 ++++++++++++++++++++++++++++++++++++++--
1 file changed, 102 insertions(+), 4 deletions(-)
Addressed my v1 findings, and I didn't spot anything else.
ACK.
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
4483
days inactive
4483
days old
3 comments
2 participants
participants (2)
-
Daniel P. Berrange -
Eric Blake