From nobody Sat Apr 27 12:06:11 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.37 as permitted sender) client-ip=209.132.183.37; envelope-from=libvir-list-bounces@redhat.com; helo=mx5-phx2.redhat.com; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.37 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; Return-Path: Received: from mx5-phx2.redhat.com (mx5-phx2.redhat.com [209.132.183.37]) by mx.zohomail.com with SMTPS id 1487082899720673.0490320084707; Tue, 14 Feb 2017 06:34:59 -0800 (PST) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by mx5-phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1EEUq7r063399; Tue, 14 Feb 2017 09:30:53 -0500 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v1EEUoxm019039 for ; Tue, 14 Feb 2017 09:30:50 -0500 Received: from moe.brq.redhat.com (dhcp129-131.brq.redhat.com [10.34.129.131]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1EEUnTF020480 for ; Tue, 14 Feb 2017 09:30:49 -0500 From: Michal Privoznik To: libvir-list@redhat.com Date: Tue, 14 Feb 2017 15:30:44 +0100 Message-Id: <8b1c82e32b677246e330a5918c42a6eb4c361ab8.1487082308.git.mprivozn@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH] qemu: Enforce qemuSecurity wrappers X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Now that we have some qemuSecurity wrappers over virSecurityManager APIs, lets make sure everybody sticks with them. We have them for a reason and calling virSecurityManager API directly instead of wrapper may lead into accidentally labelling a file on the host instead of namespace. Signed-off-by: Michal Privoznik --- This is an alternative approach to: https://www.redhat.com/archives/libvir-list/2017-February/msg00271.html cfg.mk | 5 ++++ src/qemu/qemu_command.c | 7 +++--- src/qemu/qemu_conf.c | 9 ++++--- src/qemu/qemu_domain.c | 17 ++++++------- src/qemu/qemu_driver.c | 63 ++++++++++++++++++++++---------------------= ---- src/qemu/qemu_hotplug.c | 4 +-- src/qemu/qemu_migration.c | 13 +++++----- src/qemu/qemu_process.c | 61 ++++++++++++++++++++++---------------------= -- src/qemu/qemu_security.h | 32 ++++++++++++++++++++++++ 9 files changed, 122 insertions(+), 89 deletions(-) diff --git a/cfg.mk b/cfg.mk index 69e3f3a1a..489fda8ea 100644 --- a/cfg.mk +++ b/cfg.mk @@ -983,6 +983,11 @@ sc_prohibit_sysconf_pagesize: halt=3D'use virGetSystemPageSize[KB] instead of sysconf(_SC_PAGESIZE)' \ $(_sc_search_regexp) =20 +sc_prohibit_virSecurity: + @grep -P 'virSecurityManager(?!Ptr)' $$($(VC_LIST_EXCEPT) | grep '^src/qe= mu/' | \ + grep -v '^src/qemu/qemu_security') && \ + { echo '$(ME): prefer qemuSecurity wrappers' 1>&2; exit 1; } || : + sc_prohibit_pthread_create: @prohibit=3D'\bpthread_create\b' \ exclude=3D'sc_prohibit_pthread_create' \ diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index c00a47a91..110540ba7 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -28,6 +28,7 @@ #include "qemu_capabilities.h" #include "qemu_interface.h" #include "qemu_alias.h" +#include "qemu_security.h" #include "cpu/cpu.h" #include "dirname.h" #include "viralloc.h" @@ -8321,8 +8322,8 @@ qemuBuildInterfaceCommandLine(virQEMUDriverPtr driver, } =20 for (i =3D 0; i < tapfdSize; i++) { - if (virSecurityManagerSetTapFDLabel(driver->securityManager, - def, tapfd[i]) < 0) + if (qemuSecuritySetTapFDLabel(driver->securityManager, + def, tapfd[i]) < 0) goto cleanup; virCommandPassFD(cmd, tapfd[i], VIR_COMMAND_PASS_FD_CLOSE_PARENT); @@ -8403,7 +8404,7 @@ qemuBuildInterfaceCommandLine(virQEMUDriverPtr driver, =20 =20 /* NOTE: Not using const virDomainDef here since eventually a call is made - * into virSecurityManagerSetTapFDLabel which calls it's driver + * into qemuSecuritySetTapFDLabel which calls it's driver * API domainSetSecurityTapFDLabel that doesn't use the const format. */ static int diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index 0223a95d2..4fc0dee39 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -38,6 +38,7 @@ #include "qemu_conf.h" #include "qemu_capabilities.h" #include "qemu_domain.h" +#include "qemu_security.h" #include "viruuid.h" #include "virbuffer.h" #include "virconf.h" @@ -904,7 +905,7 @@ virCapsPtr virQEMUDriverCreateCapabilities(virQEMUDrive= rPtr driver) } =20 /* access sec drivers and create a sec model for each one */ - if (!(sec_managers =3D virSecurityManagerGetNested(driver->securityMan= ager))) + if (!(sec_managers =3D qemuSecurityGetNested(driver->securityManager))) goto error; =20 /* calculate length */ @@ -917,14 +918,14 @@ virCapsPtr virQEMUDriverCreateCapabilities(virQEMUDri= verPtr driver) =20 for (i =3D 0; sec_managers[i]; i++) { virCapsHostSecModelPtr sm =3D &caps->host.secModels[i]; - doi =3D virSecurityManagerGetDOI(sec_managers[i]); - model =3D virSecurityManagerGetModel(sec_managers[i]); + doi =3D qemuSecurityGetDOI(sec_managers[i]); + model =3D qemuSecurityGetModel(sec_managers[i]); if (VIR_STRDUP(sm->model, model) < 0 || VIR_STRDUP(sm->doi, doi) < 0) goto error; =20 for (j =3D 0; j < ARRAY_CARDINALITY(virtTypes); j++) { - lbl =3D virSecurityManagerGetBaseLabel(sec_managers[i], virtTy= pes[j]); + lbl =3D qemuSecurityGetBaseLabel(sec_managers[i], virtTypes[j]= ); type =3D virDomainVirtTypeToString(virtTypes[j]); if (lbl && virCapabilitiesHostSecModelAddBaseLabel(sm, type, lbl) < 0) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index f62bf8f1d..2c827ea2c 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -588,8 +588,8 @@ qemuDomainWriteMasterKeyFile(virQEMUDriverPtr driver, goto cleanup; } =20 - if (virSecurityManagerDomainSetPathLabel(driver->securityManager, - vm->def, path) < 0) + if (qemuSecurityDomainSetPathLabel(driver->securityManager, + vm->def, path) < 0) goto cleanup; =20 ret =3D 0; @@ -2688,7 +2688,7 @@ qemuDomainDefPostParse(virDomainDefPtr def, if (qemuDomainRecheckInternalPaths(def, cfg, parseFlags) < 0) goto cleanup; =20 - if (virSecurityManagerVerify(driver->securityManager, def) < 0) + if (qemuSecurityVerify(driver->securityManager, def) < 0) goto cleanup; =20 if (qemuDomainDefVcpusPostParse(def) < 0) @@ -7257,8 +7257,7 @@ qemuDomainSetupDev(virQEMUDriverPtr driver, =20 VIR_DEBUG("Setting up /dev/ for domain %s", vm->def->name); =20 - mount_options =3D virSecurityManagerGetMountOptions(driver->securityMa= nager, - vm->def); + mount_options =3D qemuSecurityGetMountOptions(driver->securityManager,= vm->def); =20 if (!mount_options && VIR_STRDUP(mount_options, "") < 0) @@ -7679,7 +7678,7 @@ qemuDomainAttachDeviceMknodHelper(pid_t pid ATTRIBUTE= _UNUSED, bool delDevice =3D false; bool isLink =3D S_ISLNK(data->sb.st_mode); =20 - virSecurityManagerPostFork(data->driver->securityManager); + qemuSecurityPostFork(data->driver->securityManager); =20 if (virFileMakeParentPath(data->file) < 0) { virReportSystemError(errno, @@ -7841,16 +7840,16 @@ qemuDomainAttachDeviceMknodRecursive(virQEMUDriverP= tr driver, #endif =20 if (STRPREFIX(file, DEVPREFIX)) { - if (virSecurityManagerPreFork(driver->securityManager) < 0) + if (qemuSecurityPreFork(driver->securityManager) < 0) goto cleanup; =20 if (virProcessRunInMountNamespace(vm->pid, qemuDomainAttachDeviceMknodHelpe= r, &data) < 0) { - virSecurityManagerPostFork(driver->securityManager); + qemuSecurityPostFork(driver->securityManager); goto cleanup; } - virSecurityManagerPostFork(driver->securityManager); + qemuSecurityPostFork(driver->securityManager); } =20 if (isLink && diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 89bc833de..096fe36fe 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -405,26 +405,26 @@ qemuSecurityInit(virQEMUDriverPtr driver) cfg->securityDriverNames[0]) { names =3D cfg->securityDriverNames; while (names && *names) { - if (!(mgr =3D virSecurityManagerNew(*names, - QEMU_DRIVER_NAME, - flags))) + if (!(mgr =3D qemuSecurityNew(*names, + QEMU_DRIVER_NAME, + flags))) goto error; if (!stack) { - if (!(stack =3D virSecurityManagerNewStack(mgr))) + if (!(stack =3D qemuSecurityNewStack(mgr))) goto error; } else { - if (virSecurityManagerStackAddNested(stack, mgr) < 0) + if (qemuSecurityStackAddNested(stack, mgr) < 0) goto error; } mgr =3D NULL; names++; } } else { - if (!(mgr =3D virSecurityManagerNew(NULL, - QEMU_DRIVER_NAME, - flags))) + if (!(mgr =3D qemuSecurityNew(NULL, + QEMU_DRIVER_NAME, + flags))) goto error; - if (!(stack =3D virSecurityManagerNewStack(mgr))) + if (!(stack =3D qemuSecurityNewStack(mgr))) goto error; mgr =3D NULL; } @@ -432,17 +432,17 @@ qemuSecurityInit(virQEMUDriverPtr driver) if (virQEMUDriverIsPrivileged(driver)) { if (cfg->dynamicOwnership) flags |=3D VIR_SECURITY_MANAGER_DYNAMIC_OWNERSHIP; - if (!(mgr =3D virSecurityManagerNewDAC(QEMU_DRIVER_NAME, - cfg->user, - cfg->group, - flags, - qemuSecurityChownCallback))) + if (!(mgr =3D qemuSecurityNewDAC(QEMU_DRIVER_NAME, + cfg->user, + cfg->group, + flags, + qemuSecurityChownCallback))) goto error; if (!stack) { - if (!(stack =3D virSecurityManagerNewStack(mgr))) + if (!(stack =3D qemuSecurityNewStack(mgr))) goto error; } else { - if (virSecurityManagerStackAddNested(stack, mgr) < 0) + if (qemuSecurityStackAddNested(stack, mgr) < 0) goto error; } mgr =3D NULL; @@ -3088,7 +3088,7 @@ qemuDomainSaveMemory(virQEMUDriverPtr driver, if (fd < 0) goto cleanup; =20 - if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def= , fd) < 0) + if (qemuSecuritySetImageFDLabel(driver->securityManager, vm->def, fd) = < 0) goto cleanup; =20 if (!(wrapperFd =3D virFileWrapperFdNew(&fd, path, wrapperFlags))) @@ -3553,8 +3553,7 @@ static int qemuDumpToFd(virQEMUDriverPtr driver, virD= omainObjPtr vm, return -1; } =20 - if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def, - fd) < 0) + if (qemuSecuritySetImageFDLabel(driver->securityManager, vm->def, fd) = < 0) return -1; =20 VIR_FREE(priv->job.current); @@ -3846,7 +3845,7 @@ qemuDomainScreenshot(virDomainPtr dom, } unlink_tmp =3D true; =20 - virSecurityManagerSetSavedStateLabel(driver->securityManager, vm->def,= tmp); + qemuSecuritySetSavedStateLabel(driver->securityManager, vm->def, tmp); =20 qemuDomainObjEnterMonitor(driver, vm); if (qemuMonitorScreendump(priv->mon, tmp) < 0) { @@ -5928,8 +5927,8 @@ static int qemuDomainGetSecurityLabel(virDomainPtr do= m, virSecurityLabelPtr secl * QEMU monitor hasn't seen SIGHUP/ERR on poll(). */ if (virDomainObjIsActive(vm)) { - if (virSecurityManagerGetProcessLabel(driver->securityManager, - vm->def, vm->pid, seclabel) = < 0) { + if (qemuSecurityGetProcessLabel(driver->securityManager, + vm->def, vm->pid, seclabel) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Failed to get security label")); goto cleanup; @@ -5973,8 +5972,7 @@ static int qemuDomainGetSecurityLabelList(virDomainPt= r dom, ret =3D 0; } else { int len =3D 0; - virSecurityManagerPtr* mgrs =3D virSecurityManagerGetNested( - driver->securityManager); + virSecurityManagerPtr* mgrs =3D qemuSecurityGetNested(driver->secu= rityManager); if (!mgrs) goto cleanup; =20 @@ -5990,8 +5988,8 @@ static int qemuDomainGetSecurityLabelList(virDomainPt= r dom, =20 /* Fill the array */ for (i =3D 0; i < len; i++) { - if (virSecurityManagerGetProcessLabel(mgrs[i], vm->def, vm->pi= d, - &(*seclabels)[i]) < 0) { + if (qemuSecurityGetProcessLabel(mgrs[i], vm->def, vm->pid, + &(*seclabels)[i]) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Failed to get security label")); VIR_FREE(mgrs); @@ -6369,8 +6367,8 @@ qemuDomainSaveImageStartVM(virConnectPtr conn, cleanup: virCommandFree(cmd); VIR_FREE(errbuf); - if (virSecurityManagerRestoreSavedStateLabel(driver->securityManager, - vm->def, path) < 0) + if (qemuSecurityRestoreSavedStateLabel(driver->securityManager, + vm->def, path) < 0) VIR_WARN("failed to restore save state label on %s", path); virObjectUnref(cfg); return ret; @@ -11196,7 +11194,7 @@ qemuDomainMemoryPeek(virDomainPtr dom, goto endjob; } =20 - virSecurityManagerSetSavedStateLabel(driver->securityManager, vm->def,= tmp); + qemuSecuritySetSavedStateLabel(driver->securityManager, vm->def, tmp); =20 priv =3D vm->privateData; qemuDomainObjEnterMonitor(driver, vm); @@ -17064,8 +17062,7 @@ qemuDomainOpenGraphics(virDomainPtr dom, goto endjob; } =20 - if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def, - fd) < 0) + if (qemuSecuritySetImageFDLabel(driver->securityManager, vm->def, fd) = < 0) goto endjob; =20 qemuDomainObjEnterMonitor(driver, vm); @@ -17129,13 +17126,13 @@ qemuDomainOpenGraphicsFD(virDomainPtr dom, goto cleanup; } =20 - if (virSecurityManagerSetSocketLabel(driver->securityManager, vm->def)= < 0) + if (qemuSecuritySetSocketLabel(driver->securityManager, vm->def) < 0) goto cleanup; =20 if (socketpair(PF_UNIX, SOCK_STREAM, 0, pair) < 0) goto cleanup; =20 - if (virSecurityManagerClearSocketLabel(driver->securityManager, vm->de= f) < 0) + if (qemuSecurityClearSocketLabel(driver->securityManager, vm->def) < 0) goto cleanup; =20 if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 2f209f12b..b99b0e9fb 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -1134,8 +1134,8 @@ qemuDomainAttachNetDevice(virQEMUDriverPtr driver, } =20 for (i =3D 0; i < tapfdSize; i++) { - if (virSecurityManagerSetTapFDLabel(driver->securityManager, - vm->def, tapfd[i]) < 0) + if (qemuSecuritySetTapFDLabel(driver->securityManager, + vm->def, tapfd[i]) < 0) goto cleanup; } =20 diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index 0f4a6cf21..c40cb1391 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -40,6 +40,7 @@ #include "qemu_cgroup.h" #include "qemu_hotplug.h" #include "qemu_blockjob.h" +#include "qemu_security.h" =20 #include "domain_audit.h" #include "virlog.h" @@ -4597,7 +4598,7 @@ qemuMigrationConnect(virQEMUDriverPtr driver, spec->destType =3D MIGRATION_DEST_FD; spec->dest.fd.qemu =3D -1; =20 - if (virSecurityManagerSetSocketLabel(driver->securityManager, vm->def)= < 0) + if (qemuSecuritySetSocketLabel(driver->securityManager, vm->def) < 0) goto cleanup; if (virNetSocketNewConnectTCP(host, port, AF_UNSPEC, @@ -4605,7 +4606,7 @@ qemuMigrationConnect(virQEMUDriverPtr driver, spec->dest.fd.qemu =3D virNetSocketDupFD(sock, true); virObjectUnref(sock); } - if (virSecurityManagerClearSocketLabel(driver->securityManager, vm->de= f) < 0 || + if (qemuSecurityClearSocketLabel(driver->securityManager, vm->def) < 0= || spec->dest.fd.qemu =3D=3D -1) goto cleanup; =20 @@ -5076,8 +5077,8 @@ static int doTunnelMigrate(virQEMUDriverPtr driver, spec.dest.fd.local =3D fds[0]; } if (spec.dest.fd.qemu =3D=3D -1 || - virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def, - spec.dest.fd.qemu) < 0) { + qemuSecuritySetImageFDLabel(driver->securityManager, vm->def, + spec.dest.fd.qemu) < 0) { virReportSystemError(errno, "%s", _("cannot create pipe for tunnelled migration= ")); goto cleanup; @@ -6463,8 +6464,8 @@ qemuMigrationToFile(virQEMUDriverPtr driver, virDomai= nObjPtr vm, * doesn't have to open() the file, so while we still have to * grant SELinux access, we can do it on fd and avoid cleanup * later, as well as skip futzing with cgroup. */ - if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def, - compressor ? pipeFD[1] : fd) < 0) + if (qemuSecuritySetImageFDLabel(driver->securityManager, vm->def, + compressor ? pipeFD[1] : fd) < 0) goto cleanup; =20 if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 92fa69b3c..5c44e565b 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -221,8 +221,7 @@ qemuConnectAgent(virQEMUDriverPtr driver, virDomainObjP= tr vm) return 0; } =20 - if (virSecurityManagerSetDaemonSocketLabel(driver->securityManager, - vm->def) < 0) { + if (qemuSecuritySetDaemonSocketLabel(driver->securityManager, vm->def)= < 0) { VIR_ERROR(_("Failed to set security context for agent for %s"), vm->def->name); goto cleanup; @@ -250,8 +249,7 @@ qemuConnectAgent(virQEMUDriverPtr driver, virDomainObjP= tr vm) return -1; } =20 - if (virSecurityManagerClearSocketLabel(driver->securityManager, - vm->def) < 0) { + if (qemuSecurityClearSocketLabel(driver->securityManager, vm->def) < 0= ) { VIR_ERROR(_("Failed to clear security context for agent for %s"), vm->def->name); qemuAgentClose(agent); @@ -1657,8 +1655,7 @@ qemuConnectMonitor(virQEMUDriverPtr driver, virDomain= ObjPtr vm, int asyncJob, int ret =3D -1; qemuMonitorPtr mon =3D NULL; =20 - if (virSecurityManagerSetDaemonSocketLabel(driver->securityManager, - vm->def) < 0) { + if (qemuSecuritySetDaemonSocketLabel(driver->securityManager, vm->def)= < 0) { VIR_ERROR(_("Failed to set security context for monitor for %s"), vm->def->name); return -1; @@ -1695,7 +1692,7 @@ qemuConnectMonitor(virQEMUDriverPtr driver, virDomain= ObjPtr vm, int asyncJob, } priv->mon =3D mon; =20 - if (virSecurityManagerClearSocketLabel(driver->securityManager, vm->de= f) < 0) { + if (qemuSecurityClearSocketLabel(driver->securityManager, vm->def) < 0= ) { VIR_ERROR(_("Failed to clear security context for monitor for %s"), vm->def->name); return -1; @@ -2638,7 +2635,7 @@ static int qemuProcessHook(void *data) * protected across fork() */ =20 - virSecurityManagerPostFork(h->driver->securityManager); + qemuSecurityPostFork(h->driver->securityManager); =20 /* Some later calls want pid present */ h->vm->pid =3D getpid(); @@ -2651,7 +2648,7 @@ static int qemuProcessHook(void *data) * sockets the lock driver opens that we don't want * labelled. So far we're ok though. */ - if (virSecurityManagerSetSocketLabel(h->driver->securityManager, h->vm= ->def) < 0) + if (qemuSecuritySetSocketLabel(h->driver->securityManager, h->vm->def)= < 0) goto cleanup; if (virDomainLockProcessStart(h->driver->lockManager, h->cfg->uri, @@ -2660,7 +2657,7 @@ static int qemuProcessHook(void *data) true, &fd) < 0) goto cleanup; - if (virSecurityManagerClearSocketLabel(h->driver->securityManager, h->= vm->def) < 0) + if (qemuSecurityClearSocketLabel(h->driver->securityManager, h->vm->de= f) < 0) goto cleanup; =20 if (qemuDomainBuildNamespace(h->driver, h->vm) < 0) @@ -3260,8 +3257,8 @@ qemuProcessBuildDestroyHugepagesPath(virQEMUDriverPtr= driver, goto cleanup; } =20 - if (virSecurityManagerDomainSetPathLabel(driver->securityM= anager, - vm->def, hugepage= Path) < 0) { + if (qemuSecurityDomainSetPathLabel(driver->securityManager, + vm->def, hugepagePath) = < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Unable to set huge path in sec= urity driver")); goto cleanup; @@ -3437,13 +3434,13 @@ qemuProcessReconnect(void *opaque) /* if domain requests security driver we haven't loaded, report error,= but * do not kill the domain */ - ignore_value(virSecurityManagerCheckAllLabel(driver->securityManager, - obj->def)); + ignore_value(qemuSecurityCheckAllLabel(driver->securityManager, + obj->def)); =20 if (qemuDomainRefreshVcpuInfo(driver, obj, QEMU_ASYNC_JOB_NONE, true) = < 0) goto error; =20 - if (virSecurityManagerReserveLabel(driver->securityManager, obj->def, = obj->pid) < 0) + if (qemuSecurityReserveLabel(driver->securityManager, obj->def, obj->p= id) < 0) goto error; =20 if (qemuProcessNotifyNets(obj->def) < 0) @@ -4451,8 +4448,8 @@ qemuProcessMakeDir(virQEMUDriverPtr driver, goto cleanup; } =20 - if (virSecurityManagerDomainSetPathLabel(driver->securityManager, - vm->def, path) < 0) + if (qemuSecurityDomainSetPathLabel(driver->securityManager, + vm->def, path) < 0) goto cleanup; =20 ret =3D 0; @@ -4647,7 +4644,7 @@ qemuProcessStartValidate(virQEMUDriverPtr driver, } =20 VIR_DEBUG("Checking domain and device security labels"); - if (virSecurityManagerCheckAllLabel(driver->securityManager, vm->d= ef) < 0) + if (qemuSecurityCheckAllLabel(driver->securityManager, vm->def) < = 0) return -1; =20 } @@ -5202,7 +5199,7 @@ qemuProcessPrepareDomain(virConnectPtr conn, /* If you are using a SecurityDriver with dynamic labelling, then generate a security label for isolation */ VIR_DEBUG("Generating domain security label (if required)"); - if (virSecurityManagerGenLabel(driver->securityManager, vm->def) <= 0) { + if (qemuSecurityGenLabel(driver->securityManager, vm->def) < 0) { virDomainAuditSecurityLabel(vm, false); goto cleanup; } @@ -5513,8 +5510,8 @@ qemuProcessLaunch(virConnectPtr conn, virCommandSetUmask(cmd, 0x002); =20 VIR_DEBUG("Setting up security labelling"); - if (virSecurityManagerSetChildProcessLabel(driver->securityManager, - vm->def, cmd) < 0) + if (qemuSecuritySetChildProcessLabel(driver->securityManager, + vm->def, cmd) < 0) goto cleanup; =20 virCommandSetOutputFD(cmd, &logfile); @@ -5524,10 +5521,10 @@ qemuProcessLaunch(virConnectPtr conn, virCommandDaemonize(cmd); virCommandRequireHandshake(cmd); =20 - if (virSecurityManagerPreFork(driver->securityManager) < 0) + if (qemuSecurityPreFork(driver->securityManager) < 0) goto cleanup; rv =3D virCommandRun(cmd, NULL); - virSecurityManagerPostFork(driver->securityManager); + qemuSecurityPostFork(driver->securityManager); =20 /* wait for qemu process to show up */ if (rv =3D=3D 0) { @@ -5604,8 +5601,8 @@ qemuProcessLaunch(virConnectPtr conn, goto cleanup; } if (S_ISFIFO(stdin_sb.st_mode) && - virSecurityManagerSetImageFDLabel(driver->securityManager, - vm->def, incoming->fd) < 0) + qemuSecuritySetImageFDLabel(driver->securityManager, + vm->def, incoming->fd) < 0) goto cleanup; } =20 @@ -6122,7 +6119,7 @@ void qemuProcessStop(virQEMUDriverPtr driver, qemuSecurityRestoreAllLabel(driver, vm, !!(flags & VIR_QEMU_PROCESS_STOP_MIGRA= TED)); =20 - virSecurityManagerReleaseLabel(driver->securityManager, vm->def); + qemuSecurityReleaseLabel(driver->securityManager, vm->def); =20 for (i =3D 0; i < vm->def->ndisks; i++) { virDomainDeviceDef dev; @@ -6366,13 +6363,13 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_= UNUSED, vm->pid =3D pid; =20 VIR_DEBUG("Detect security driver config"); - sec_managers =3D virSecurityManagerGetNested(driver->securityManager); + sec_managers =3D qemuSecurityGetNested(driver->securityManager); if (sec_managers =3D=3D NULL) goto error; =20 for (i =3D 0; sec_managers[i]; i++) { seclabelgen =3D false; - model =3D virSecurityManagerGetModel(sec_managers[i]); + model =3D qemuSecurityGetModel(sec_managers[i]); seclabeldef =3D virDomainDefGetSecurityLabelDef(vm->def, model); if (seclabeldef =3D=3D NULL) { if (!(seclabeldef =3D virSecurityLabelDefNew(model))) @@ -6382,8 +6379,8 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UN= USED, seclabeldef->type =3D VIR_DOMAIN_SECLABEL_STATIC; if (VIR_ALLOC(seclabel) < 0) goto error; - if (virSecurityManagerGetProcessLabel(sec_managers[i], - vm->def, vm->pid, seclabel) = < 0) + if (qemuSecurityGetProcessLabel(sec_managers[i], vm->def, + vm->pid, seclabel) < 0) goto error; =20 if (VIR_STRDUP(seclabeldef->model, model) < 0) @@ -6400,9 +6397,9 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UN= USED, } } =20 - if (virSecurityManagerCheckAllLabel(driver->securityManager, vm->def) = < 0) + if (qemuSecurityCheckAllLabel(driver->securityManager, vm->def) < 0) goto error; - if (virSecurityManagerGenLabel(driver->securityManager, vm->def) < 0) + if (qemuSecurityGenLabel(driver->securityManager, vm->def) < 0) goto error; =20 if (qemuDomainPerfRestart(vm) < 0) diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h index 54638908d..d86db3f6b 100644 --- a/src/qemu/qemu_security.h +++ b/src/qemu/qemu_security.h @@ -28,6 +28,7 @@ =20 # include "qemu_conf.h" # include "domain_conf.h" +# include "security/security_manager.h" =20 int qemuSecuritySetAllLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, @@ -60,4 +61,35 @@ int qemuSecuritySetHostdevLabel(virQEMUDriverPtr driver, int qemuSecurityRestoreHostdevLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, virDomainHostdevDefPtr hostdev); + +/* Please note that for these APIs there is no wrapper yet. Do NOT blindly= add + * new APIs here. If an API can touch a /dev file add a proper wrapper ins= tead. + */ +# define qemuSecurityCheckAllLabel virSecurityManagerCheckAllLabel +# define qemuSecurityClearSocketLabel virSecurityManagerClearSocketLabel +# define qemuSecurityDomainSetPathLabel virSecurityManagerDomainSetPathLab= el +# define qemuSecurityGenLabel virSecurityManagerGenLabel +# define qemuSecurityGetBaseLabel virSecurityManagerGetBaseLabel +# define qemuSecurityGetDOI virSecurityManagerGetDOI +# define qemuSecurityGetModel virSecurityManagerGetModel +# define qemuSecurityGetMountOptions virSecurityManagerGetMountOptions +# define qemuSecurityGetNested virSecurityManagerGetNested +# define qemuSecurityGetProcessLabel virSecurityManagerGetProcessLabel +# define qemuSecurityNew virSecurityManagerNew +# define qemuSecurityNewDAC virSecurityManagerNewDAC +# define qemuSecurityNewStack virSecurityManagerNewStack +# define qemuSecurityPostFork virSecurityManagerPostFork +# define qemuSecurityPreFork virSecurityManagerPreFork +# define qemuSecurityReleaseLabel virSecurityManagerReleaseLabel +# define qemuSecurityReserveLabel virSecurityManagerReserveLabel +# define qemuSecurityRestoreSavedStateLabel virSecurityManagerRestoreSaved= StateLabel +# define qemuSecuritySetChildProcessLabel virSecurityManagerSetChildProces= sLabel +# define qemuSecuritySetDaemonSocketLabel virSecurityManagerSetDaemonSocke= tLabel +# define qemuSecuritySetImageFDLabel virSecurityManagerSetImageFDLabel +# define qemuSecuritySetSavedStateLabel virSecurityManagerSetSavedStateLab= el +# define qemuSecuritySetSocketLabel virSecurityManagerSetSocketLabel +# define qemuSecuritySetTapFDLabel virSecurityManagerSetTapFDLabel +# define qemuSecurityStackAddNested virSecurityManagerStackAddNested +# define qemuSecurityVerify virSecurityManagerVerify + #endif /* __QEMU_SECURITY_H__ */ --=20 2.11.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list