External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-11-03 20:01:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
d0819b9f02
libvirt/tests/securityselinuxtest.c

341 lines
10 KiB
C
Raw Normal View History

Add test case for SELinux label generation This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-10 13:31:14 +00:00
/*
tests: uniformly report test failures testutils.c likes to print summaries after a test completes, including if it failed. But if the test outright exit()s, this summary is skipped. Enforce that we return instead of exit. * cfg.mk (sc_prohibit_exit_in_tests): New syntax check. * tests/commandhelper.c (main): Fix offenders. * tests/qemumonitorjsontest.c (mymain): Likewise. * tests/seclabeltest.c (main): Likewise. * tests/securityselinuxlabeltest.c (mymain): Likewise. * tests/securityselinuxtest.c (mymain): Likewise. * tests/testutils.h (VIRT_TEST_MAIN_PRELOAD): Likewise. * tests/testutils.c (virtTestMain): Likewise. (virtTestCaptureProgramOutput): Use symbolic name.
2013-02-22 22:42:39 +00:00
* Copyright (C) 2011-2013 Red Hat, Inc.
Add test case for SELinux label generation This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-10 13:31:14 +00:00
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
maint: fix up copyright notice inconsistencies https://www.gnu.org/licenses/gpl-howto.html recommends that the 'If not, see <url>.' phrase be a separate sentence. * tests/securityselinuxhelper.c: Remove doubled line. * tests/securityselinuxtest.c: Likewise. * globally: s/; If/. If/
2012-09-20 22:30:55 +00:00
* License along with this library. If not, see
Add test case for SELinux label generation This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-10 13:31:14 +00:00
* <http://www.gnu.org/licenses/>.
*
*/
#include <config.h>
#include <time.h>
#include <selinux/selinux.h>
#include <selinux/context.h>
#include "internal.h"
#include "testutils.h"
Rename memory.{c,h} to viralloc.{c,h}
2012-12-12 18:06:53 +00:00
#include "viralloc.h"
Rename logging.{c,h} to virlog.{c,h}
2012-12-12 17:59:27 +00:00
#include "virlog.h"
Rename virterror.c virterror_internal.h to virerror.{c,h}
2012-12-13 18:21:53 +00:00
#include "virerror.h"
util: move virFile* functions from virutil.c to virfile.c These all existed before virfile.c was created, and for some reason weren't moved. This is mostly straightfoward, although the syntax rule prohibiting write() had to be changed to have an exception for virfile.c instead of virutil.c. This movement pointed out that there is a function called virBuildPath(), and another almost identical function called virFileBuildPath(). They really should be a single function, which I'll take care of as soon as I figure out what the arglist should look like.
2013-05-09 18:59:04 +00:00
#include "virfile.h"
Add test case for SELinux label generation This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-10 13:31:14 +00:00
#include "security/security_manager.h"
virutil: Move string related functions to virstring.c The source code base needs to be adapted as well. Some files include virutil.h just for the string related functions (here, the include is substituted to match the new file), some include virutil.h without any need (here, the include is removed), and some require both.
2013-04-03 10:36:23 +00:00
#include "virstring.h"
Add test case for SELinux label generation This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-10 13:31:14 +00:00
#define VIR_FROM_THIS VIR_FROM_NONE
Add virLogSource variables to all source files Any source file which calls the logging APIs now needs to have a VIR_LOG_INIT("source.name") declaration at the start of the file. This provides a static variable of the virLogSource type. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-28 12:16:17 +00:00
VIR_LOG_INIT("tests.securityselinuxtest");
Add test case for SELinux label generation This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-10 13:31:14 +00:00
struct testSELinuxGenLabelData {
virSecurityManagerPtr mgr;
const char *pidcon;
bool dynamic;
const char *label;
const char *baselabel;
const char *user;
const char *role;
const char *imagerole;
const char *type;
const char *imagetype;
int sensMin;
int sensMax;
int catMin;
int catMax;
};
static virDomainDefPtr
testBuildDomainDef(bool dynamic,
const char *label,
const char *baselabel)
{
virDomainDefPtr def;
tests: Fix leak in securityselinuxtest If we jump to the error: label and @secbuf is allocated, then it's not free'd at all. Found by Coverity
2017-08-23 16:32:23 +00:00
virSecurityLabelDefPtr secdef = NULL;
Add test case for SELinux label generation This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-10 13:31:14 +00:00
conf: Allocate domain definition with the new helper Use the virDomainDefNew() helper to allocate the definition instead of doing it via VIR_ALLOC.
2015-02-16 15:30:11 +00:00
if (!(def = virDomainDefNew()))
Adapt to VIR_ALLOC and virAsprintf in tests/*
2013-07-04 10:20:21 +00:00
goto error;
Add test case for SELinux label generation This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-10 13:31:14 +00:00
Fix building domain def in securityselinuxtest The virDomainDef created by testBuildDomainDef in securityselinuxtest adds a seclabel but does not increment nseclabels. Also, it should populate seclabel->model with 'selinux'. While at it, use the secdef itself to populate values instead of the indirection through def->seclabels[0].
2017-08-16 21:45:54 +00:00
def->virtType = VIR_DOMAIN_VIRT_KVM;
tests: use g_new0 instead of VIR_ALLOC_N Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-09-22 23:04:17 +00:00
def->seclabels = g_new0(virSecurityLabelDefPtr, 1);
Add test case for SELinux label generation This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-10 13:31:14 +00:00
tests: use g_new0 instead of VIR_ALLOC Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-09-22 22:42:45 +00:00
secdef = g_new0(virSecurityLabelDef, 1);
Add test case for SELinux label generation This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-10 13:31:14 +00:00
tests: use g_strdup instead of VIR_STRDUP Replace all occurrences of if (VIR_STRDUP(a, b) < 0) /* effectively dead code */ with: a = g_strdup(b); Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-20 11:49:46 +00:00
secdef->model = g_strdup("selinux");
Add test case for SELinux label generation This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-10 13:31:14 +00:00
Fix building domain def in securityselinuxtest The virDomainDef created by testBuildDomainDef in securityselinuxtest adds a seclabel but does not increment nseclabels. Also, it should populate seclabel->model with 'selinux'. While at it, use the secdef itself to populate values instead of the indirection through def->seclabels[0].
2017-08-16 21:45:54 +00:00
secdef->type = dynamic ? VIR_DOMAIN_SECLABEL_DYNAMIC : VIR_DOMAIN_SECLABEL_STATIC;
tests: use g_strdup instead of VIR_STRDUP Replace all occurrences of if (VIR_STRDUP(a, b) < 0) /* effectively dead code */ with: a = g_strdup(b); Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-20 11:49:46 +00:00
if (label)
secdef->label = g_strdup(label);
Add test case for SELinux label generation This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-10 13:31:14 +00:00
tests: use g_strdup instead of VIR_STRDUP Replace all occurrences of if (VIR_STRDUP(a, b) < 0) /* effectively dead code */ with: a = g_strdup(b); Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-20 11:49:46 +00:00
if (baselabel)
secdef->baselabel = g_strdup(baselabel);
Add test case for SELinux label generation This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-10 13:31:14 +00:00
Fix building domain def in securityselinuxtest The virDomainDef created by testBuildDomainDef in securityselinuxtest adds a seclabel but does not increment nseclabels. Also, it should populate seclabel->model with 'selinux'. While at it, use the secdef itself to populate values instead of the indirection through def->seclabels[0].
2017-08-16 21:45:54 +00:00
def->seclabels[0] = secdef;
def->nseclabels++;
Add test case for SELinux label generation This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-10 13:31:14 +00:00
return def;
Indent top-level labels by one space in tests/
2014-03-25 06:53:44 +00:00
error:
Add test case for SELinux label generation This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-10 13:31:14 +00:00
virDomainDefFree(def);
tests: Fix leak in securityselinuxtest If we jump to the error: label and @secbuf is allocated, then it's not free'd at all. Found by Coverity
2017-08-23 16:32:23 +00:00
virSecurityLabelDefFree(secdef);
Add test case for SELinux label generation This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-10 13:31:14 +00:00
return NULL;
}
static bool
testSELinuxCheckCon(context_t con,
const char *user,
const char *role,
const char *type,
int sensMin,
tests: use G_GNUC_UNUSED Use G_GNUC_UNUSED from GLib instead of ATTRIBUTE_UNUSED. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-10-14 12:45:03 +00:00
int sensMax G_GNUC_UNUSED,
Add test case for SELinux label generation This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-10 13:31:14 +00:00
int catMin,
int catMax)
{
const char *range;
char *tmp;
int gotSens;
int gotCatOne;
int gotCatTwo;
if (STRNEQ(context_user_get(con), user)) {
fprintf(stderr, "Expect user %s got %s\n",
user, context_user_get(con));
return false;
}
if (STRNEQ(context_role_get(con), role)) {
fprintf(stderr, "Expect role %s got %s\n",
role, context_role_get(con));
return false;
}
if (STRNEQ(context_type_get(con), type)) {
fprintf(stderr, "Expect type %s got %s\n",
type, context_type_get(con));
return false;
}
range = context_range_get(con);
if (range[0] != 's') {
fprintf(stderr, "Malformed range %s, cannot find sensitivity\n",
range);
return false;
}
if (virStrToLong_i(range + 1, &tmp, 10, &gotSens) < 0 ||
!tmp) {
fprintf(stderr, "Malformed range %s, cannot parse sensitivity\n",
range + 1);
return false;
}
if (*tmp != ':') {
fprintf(stderr, "Malformed range %s, too many sensitivity values\n",
tmp);
return false;
}
tmp++;
if (*tmp != 'c') {
fprintf(stderr, "Malformed range %s, cannot find first category\n",
tmp);
return false;
}
tmp++;
if (virStrToLong_i(tmp, &tmp, 10, &gotCatOne) < 0) {
fprintf(stderr, "Malformed range %s, cannot parse category one\n",
tmp);
return false;
}
if (tmp && *tmp == ',')
tmp++;
if (tmp && *tmp == 'c') {
tmp++;
if (virStrToLong_i(tmp, &tmp, 10, &gotCatTwo) < 0) {
fprintf(stderr, "Malformed range %s, cannot parse category two\n",
tmp);
return false;
}
if (*tmp != '\0') {
fprintf(stderr, "Malformed range %s, junk after second category\n",
tmp);
return false;
}
if (gotCatOne == gotCatTwo) {
fprintf(stderr, "Saw category pair %d,%d where cats were equal\n",
gotCatOne, gotCatTwo);
return false;
}
} else {
gotCatTwo = gotCatOne;
}
if (gotSens != sensMin) {
fprintf(stderr, "Sensitivity %d is not equal to min %d\n",
gotSens, sensMin);
return false;
}
if (gotCatOne < catMin ||
gotCatOne > catMax) {
fprintf(stderr, "Category one %d is out of range %d-%d\n",
gotCatTwo, catMin, catMax);
return false;
}
if (gotCatTwo < catMin ||
gotCatTwo > catMax) {
fprintf(stderr, "Category two %d is out of range %d-%d\n",
gotCatTwo, catMin, catMax);
return false;
}
if (gotCatOne > gotCatTwo) {
fprintf(stderr, "Category one %d is greater than category two %d\n",
gotCatOne, gotCatTwo);
return false;
}
return true;
}
static int
testSELinuxGenLabel(const void *opaque)
{
const struct testSELinuxGenLabelData *data = opaque;
int ret = -1;
virDomainDefPtr def;
context_t con = NULL;
context_t imgcon = NULL;
Substitute security_context_t with char * Historically, we've used security_context_t for variables passed to libselinux APIs. But almost 7 years ago, libselinux developers admitted in their API that in fact, it's just a 'char *' type [1]. Ever since then the APIs accept 'char *' instead, but they kept the old alias just for API stability. Well, not anymore [2]. 1: https://github.com/SELinuxProject/selinux/commit/9eb9c9327563014ad6a807814e7975424642d5b9 2: https://github.com/SELinuxProject/selinux/commit/7a124ca2758136f49cc38efc26fb1a2d385ecfd9 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-07-15 10:32:48 +00:00
if (setcon_raw(data->pidcon) < 0) {
Add test case for SELinux label generation This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-10 13:31:14 +00:00
perror("Cannot set process security context");
return -1;
}
if (!(def = testBuildDomainDef(data->dynamic,
data->label,
data->baselabel)))
goto cleanup;
if (virSecurityManagerGenLabel(data->mgr, def) < 0) {
tests: More usage of virGetLastErrorMessage() Use virGetLastErrorMessage() instead of virGetLastError() in tests
2016-05-19 19:10:18 +00:00
fprintf(stderr, "Cannot generate label: %s\n", virGetLastErrorMessage());
Add test case for SELinux label generation This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-10 13:31:14 +00:00
goto cleanup;
}
VIR_DEBUG("label=%s imagelabel=%s",
def->seclabels[0]->label, def->seclabels[0]->imagelabel);
if (!(con = context_new(def->seclabels[0]->label)))
goto cleanup;
if (!(imgcon = context_new(def->seclabels[0]->imagelabel)))
goto cleanup;
if (!testSELinuxCheckCon(con,
data->user, data->role, data->type,
data->sensMin, data->sensMax,
data->catMin, data->catMax))
goto cleanup;
if (!testSELinuxCheckCon(imgcon,
data->user, data->imagerole, data->imagetype,
data->sensMin, data->sensMax,
data->catMin, data->catMax))
goto cleanup;
ret = 0;
Indent top-level labels by one space in tests/
2014-03-25 06:53:44 +00:00
cleanup:
Add test case for SELinux label generation This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-10 13:31:14 +00:00
context_free(con);
context_free(imgcon);
virDomainDefFree(def);
return ret;
}
static int
mymain(void)
{
int ret = 0;
virSecurityManagerPtr mgr;
Revert "security_manager: Load lock plugin on init" This reverts commit 3e26b476b5f322353bf0dcd8e3f037ca672b8c62. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-10-02 13:08:28 +00:00
if (!(mgr = virSecurityManagerNew("selinux", "QEMU",
virSecurityManagerNew: Turn array of booleans into flags So imagine you want to crate new security manager: if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false, true))); Hard to parse, right? What about this: if (!(mgr = virSecurityManagerNew("selinux", "QEMU", VIR_SECURITY_MANAGER_DEFAULT_CONFINED | VIR_SECURITY_MANAGER_PRIVILEGED))); Now that's better! This is what the commit does. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-10-06 15:01:48 +00:00
VIR_SECURITY_MANAGER_DEFAULT_CONFINED |
VIR_SECURITY_MANAGER_PRIVILEGED))) {
Add test case for SELinux label generation This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-10 13:31:14 +00:00
fprintf(stderr, "Unable to initialize security driver: %s\n",
tests: More usage of virGetLastErrorMessage() Use virGetLastErrorMessage() instead of virGetLastError() in tests
2016-05-19 19:10:18 +00:00
virGetLastErrorMessage());
tests: uniformly report test failures testutils.c likes to print summaries after a test completes, including if it failed. But if the test outright exit()s, this summary is skipped. Enforce that we return instead of exit. * cfg.mk (sc_prohibit_exit_in_tests): New syntax check. * tests/commandhelper.c (main): Fix offenders. * tests/qemumonitorjsontest.c (mymain): Likewise. * tests/seclabeltest.c (main): Likewise. * tests/securityselinuxlabeltest.c (mymain): Likewise. * tests/securityselinuxtest.c (mymain): Likewise. * tests/testutils.h (VIRT_TEST_MAIN_PRELOAD): Likewise. * tests/testutils.c (virtTestMain): Likewise. (virtTestCaptureProgramOutput): Use symbolic name.
2013-02-22 22:42:39 +00:00
return EXIT_FAILURE;
Add test case for SELinux label generation This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-10 13:31:14 +00:00
}
Remove backslash alignment attempts Right-aligning backslashes when defining macros or using complex commands in Makefiles looks cute, but as soon as any changes is required to the code you end up with either distractingly broken alignment or unnecessarily big diffs where most of the changes are just pushing all backslashes a few characters to one side. Generated using $ git grep -El '[[:blank:]][[:blank:]]\\$' | \ grep -E '*\.([chx]|am|mk)$$' | \ while read f; do \ sed -Ei 's/[[:blank:]]*[[:blank:]]\\$/ \\/g' "$f"; \ done Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2017-11-03 12:09:47 +00:00
#define DO_TEST_GEN_LABEL(desc, pidcon, \
dynamic, label, baselabel, \
user, role, imageRole, \
type, imageType, \
sensMin, sensMax, catMin, catMax) \
do { \
struct testSELinuxGenLabelData data = { \
mgr, pidcon, dynamic, label, baselabel, \
user, role, imageRole, type, imageType, \
sensMin, sensMax, catMin, catMax \
}; \
tests: Rename virtTestRun to virTestRun. This function doesn't follow our convention of naming functions.
2016-05-26 15:01:50 +00:00
if (virTestRun("GenLabel " # desc, testSELinuxGenLabel, &data) < 0) \
Remove backslash alignment attempts Right-aligning backslashes when defining macros or using complex commands in Makefiles looks cute, but as soon as any changes is required to the code you end up with either distractingly broken alignment or unnecessarily big diffs where most of the changes are just pushing all backslashes a few characters to one side. Generated using $ git grep -El '[[:blank:]][[:blank:]]\\$' | \ grep -E '*\.([chx]|am|mk)$$' | \ while read f; do \ sed -Ei 's/[[:blank:]]*[[:blank:]]\\$/ \\/g' "$f"; \ done Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2017-11-03 12:09:47 +00:00
ret = -1; \
Add test case for SELinux label generation This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-10 13:31:14 +00:00
} while (0)
Fix parsing of SELinux ranges without a category Normally libvirtd should run with a SELinux label system_u:system_r:virtd_t:s0-s0:c0.c1023 If a user manually runs libvirtd though, it is sometimes possible to get into a situation where it is running system_u:system_r:init_t:s0 The SELinux security driver isn't expecting this and can't parse the security label since it lacks the ':c0.c1023' part causing it to complain internal error Cannot parse sensitivity level in s0 This updates the parser to cope with this, so if no category is present, libvirtd will hardcode the equivalent of c0.c1023. Now this won't work if SELinux is in Enforcing mode, but that's not an issue, because the user can only get into this problem if in Permissive mode. This means they can now start VMs in Permissive mode without hitting that parsing error Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-13 17:58:26 +00:00
DO_TEST_GEN_LABEL("dynamic unconfined, s0, c0.c1023",
"unconfined_u:unconfined_r:unconfined_t:s0",
true, NULL, NULL,
"unconfined_u", "unconfined_r", "object_r",
"svirt_t", "svirt_image_t",
0, 0, 0, 1023);
DO_TEST_GEN_LABEL("dynamic unconfined, s0, c0.c1023",
"unconfined_u:unconfined_r:unconfined_t:s0-s0",
true, NULL, NULL,
"unconfined_u", "unconfined_r", "object_r",
"svirt_t", "svirt_image_t",
0, 0, 0, 1023);
Add test case for SELinux label generation This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-10 13:31:14 +00:00
DO_TEST_GEN_LABEL("dynamic unconfined, s0, c0.c1023",
"unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023",
true, NULL, NULL,
"unconfined_u", "unconfined_r", "object_r",
"svirt_t", "svirt_image_t",
0, 0, 0, 1023);
DO_TEST_GEN_LABEL("dynamic virtd, s0, c0.c1023",
"system_u:system_r:virtd_t:s0-s0:c0.c1023",
true, NULL, NULL,
"system_u", "system_r", "object_r",
"svirt_t", "svirt_image_t",
0, 0, 0, 1023);
DO_TEST_GEN_LABEL("dynamic virtd, s0, c0.c10",
"system_u:system_r:virtd_t:s0-s0:c0.c10",
true, NULL, NULL,
"system_u", "system_r", "object_r",
"svirt_t", "svirt_image_t",
0, 0, 0, 10);
DO_TEST_GEN_LABEL("dynamic virtd, s2-s3, c0.c1023",
"system_u:system_r:virtd_t:s2-s3:c0.c1023",
true, NULL, NULL,
"system_u", "system_r", "object_r",
"svirt_t", "svirt_image_t",
2, 3, 0, 1023);
selinux: assume 's0' if the range is empty This fixes a crash: https://bugzilla.redhat.com/show_bug.cgi?id=969878
2013-06-10 12:37:40 +00:00
DO_TEST_GEN_LABEL("dynamic virtd, missing range",
"system_u:system_r:virtd_t",
true, NULL, NULL,
"system_u", "system_r", "object_r",
"svirt_t", "svirt_image_t",
0, 0, 0, 1023);
Add test case for SELinux label generation This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-10 13:31:14 +00:00
securityselinuxtest: Don't leak @mgr The security manager is created so that test cases can use it. However, it is never released. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-08-10 07:07:31 +00:00
virObjectUnref(mgr);
Add test case for SELinux label generation This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-10 13:31:14 +00:00
return (ret == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
}
meson: remove '.libs' from all relevant paths Meson doesn't use .libs directory, everything is placed directly into directories where meson.build file is used. In order to have working tests and running libvirt directly from GIT we need to fix all the paths pointing '.libs' directory. Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Neal Gompa <ngompa13@gmail.com>
2020-05-28 00:40:50 +00:00
VIR_TEST_MAIN_PRELOAD(mymain, abs_builddir "/libsecurityselinuxhelper.so")
Reference in New Issue Copy Permalink