From 99be754ada24689d00d5b471c009ed747ff9a1f0 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Thu, 14 Jul 2011 14:32:06 +0100 Subject: [PATCH] Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr When sVirt is integrated with the LXC driver, it will be neccessary to invoke the security driver APIs using only a virDomainDefPtr since the lxc_container.c code has no virDomainObjPtr available. Aside from two functions which want obj->pid, every bit of the security driver code only touches obj->def. So we don't need to pass a virDomainObjPtr into the security drivers, a virDomainDefPtr is sufficient. Two functions also gain a 'pid_t pid' argument. * src/qemu/qemu_driver.c, src/qemu/qemu_hotplug.c, src/qemu/qemu_migration.c, src/qemu/qemu_process.c, src/security/security_apparmor.c, src/security/security_dac.c, src/security/security_driver.h, src/security/security_manager.c, src/security/security_manager.h, src/security/security_nop.c, src/security/security_selinux.c, src/security/security_stack.c: Change all security APIs to use a virDomainDefPtr instead of virDomainObjPtr --- src/qemu/qemu_driver.c | 10 +- src/qemu/qemu_hotplug.c | 28 ++-- src/qemu/qemu_migration.c | 12 +- src/qemu/qemu_process.c | 24 +-- src/security/security_apparmor.c | 138 ++++++++-------- src/security/security_dac.c | 91 +++++------ src/security/security_driver.h | 36 +++-- src/security/security_manager.c | 40 ++--- src/security/security_manager.h | 36 +++-- src/security/security_nop.c | 36 +++-- src/security/security_selinux.c | 260 +++++++++++++++---------------- src/security/security_stack.c | 44 +++--- 12 files changed, 382 insertions(+), 373 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index c535ebf86f..712f1fc457 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -3087,7 +3087,7 @@ qemuDomainScreenshot(virDomainPtr dom, } unlink_tmp = true; - virSecurityManagerSetSavedStateLabel(qemu_driver->securityManager, vm, tmp); + virSecurityManagerSetSavedStateLabel(qemu_driver->securityManager, vm->def, tmp); qemuDomainObjEnterMonitor(driver, vm); if (qemuMonitorScreendump(priv->mon, tmp) < 0) { @@ -3766,7 +3766,7 @@ static int qemudDomainGetSecurityLabel(virDomainPtr dom, virSecurityLabelPtr sec */ if (virDomainObjIsActive(vm)) { if (virSecurityManagerGetProcessLabel(driver->securityManager, - vm, seclabel) < 0) { + vm->def, vm->pid, seclabel) < 0) { qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Failed to get security label")); goto cleanup; @@ -4074,7 +4074,7 @@ qemuDomainSaveImageStartVM(virConnectPtr conn, out: virCommandFree(cmd); if (virSecurityManagerRestoreSavedStateLabel(driver->securityManager, - vm, path) < 0) + vm->def, path) < 0) VIR_WARN("failed to restore save state label on %s", path); return ret; @@ -8352,7 +8352,7 @@ qemudDomainMemoryPeek (virDomainPtr dom, goto endjob; } - virSecurityManagerSetSavedStateLabel(qemu_driver->securityManager, vm, tmp); + virSecurityManagerSetSavedStateLabel(qemu_driver->securityManager, vm->def, tmp); priv = vm->privateData; qemuDomainObjEnterMonitor(driver, vm); @@ -9834,7 +9834,7 @@ qemuDomainSnapshotCreateSingleDiskActive(struct qemud_driver *driver, if (virDomainLockDiskAttach(driver->lockManager, vm, disk) < 0) goto cleanup; - if (virSecurityManagerSetImageLabel(driver->securityManager, vm, + if (virSecurityManagerSetImageLabel(driver->securityManager, vm->def, disk) < 0) { if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0) VIR_WARN("Unable to release lock on %s", source); diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 0b5e1d23a7..dc40d2f3f4 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -88,7 +88,7 @@ int qemuDomainChangeEjectableMedia(struct qemud_driver *driver, return -1; if (virSecurityManagerSetImageLabel(driver->securityManager, - vm, disk) < 0) { + vm->def, disk) < 0) { if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0) VIR_WARN("Unable to release lock on %s", disk->src); return -1; @@ -120,7 +120,7 @@ int qemuDomainChangeEjectableMedia(struct qemud_driver *driver, goto error; if (virSecurityManagerRestoreImageLabel(driver->securityManager, - vm, origdisk) < 0) + vm->def, origdisk) < 0) VIR_WARN("Unable to restore security label on ejected image %s", origdisk->src); if (virDomainLockDiskDetach(driver->lockManager, vm, origdisk) < 0) @@ -141,7 +141,7 @@ error: VIR_FREE(driveAlias); if (virSecurityManagerRestoreImageLabel(driver->securityManager, - vm, disk) < 0) + vm->def, disk) < 0) VIR_WARN("Unable to restore security label on new media %s", disk->src); if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0) @@ -211,7 +211,7 @@ int qemuDomainAttachPciDiskDevice(virConnectPtr conn, return -1; if (virSecurityManagerSetImageLabel(driver->securityManager, - vm, disk) < 0) { + vm->def, disk) < 0) { if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0) VIR_WARN("Unable to release lock on %s", disk->src); return -1; @@ -285,7 +285,7 @@ error: VIR_WARN("Unable to release PCI address on %s", disk->src); if (virSecurityManagerRestoreImageLabel(driver->securityManager, - vm, disk) < 0) + vm->def, disk) < 0) VIR_WARN("Unable to restore security label on %s", disk->src); if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0) @@ -441,7 +441,7 @@ int qemuDomainAttachSCSIDisk(virConnectPtr conn, return -1; if (virSecurityManagerSetImageLabel(driver->securityManager, - vm, disk) < 0) { + vm->def, disk) < 0) { if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0) VIR_WARN("Unable to release lock on %s", disk->src); return -1; @@ -532,7 +532,7 @@ error: VIR_FREE(drivestr); if (virSecurityManagerRestoreImageLabel(driver->securityManager, - vm, disk) < 0) + vm->def, disk) < 0) VIR_WARN("Unable to restore security label on %s", disk->src); if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0) @@ -564,7 +564,7 @@ int qemuDomainAttachUsbMassstorageDevice(virConnectPtr conn, return -1; if (virSecurityManagerSetImageLabel(driver->securityManager, - vm, disk) < 0) { + vm->def, disk) < 0) { if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0) VIR_WARN("Unable to release lock on %s", disk->src); return -1; @@ -625,7 +625,7 @@ error: VIR_FREE(drivestr); if (virSecurityManagerRestoreImageLabel(driver->securityManager, - vm, disk) < 0) + vm->def, disk) < 0) VIR_WARN("Unable to restore security label on %s", disk->src); if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0) @@ -1117,7 +1117,7 @@ int qemuDomainAttachHostDevice(struct qemud_driver *driver, if (virSecurityManagerSetHostdevLabel(driver->securityManager, - vm, hostdev) < 0) + vm->def, hostdev) < 0) return -1; switch (hostdev->source.subsys.type) { @@ -1144,7 +1144,7 @@ int qemuDomainAttachHostDevice(struct qemud_driver *driver, error: if (virSecurityManagerRestoreHostdevLabel(driver->securityManager, - vm, hostdev) < 0) + vm->def, hostdev) < 0) VIR_WARN("Unable to restore host device labelling on hotplug fail"); return -1; @@ -1577,7 +1577,7 @@ int qemuDomainDetachPciDiskDevice(struct qemud_driver *driver, virDomainDiskDefFree(detach); if (virSecurityManagerRestoreImageLabel(driver->securityManager, - vm, dev->data.disk) < 0) + vm->def, dev->data.disk) < 0) VIR_WARN("Unable to restore security label on %s", dev->data.disk->src); if (cgroup != NULL) { @@ -1659,7 +1659,7 @@ int qemuDomainDetachDiskDevice(struct qemud_driver *driver, virDomainDiskDefFree(detach); if (virSecurityManagerRestoreImageLabel(driver->securityManager, - vm, dev->data.disk) < 0) + vm->def, dev->data.disk) < 0) VIR_WARN("Unable to restore security label on %s", dev->data.disk->src); if (cgroup != NULL) { @@ -2192,7 +2192,7 @@ int qemuDomainDetachHostDevice(struct qemud_driver *driver, if (ret == 0 && virSecurityManagerRestoreHostdevLabel(driver->securityManager, - vm, detach) < 0) + vm->def, detach) < 0) VIR_WARN("Failed to restore host device labelling"); virDomainHostdevDefFree(detach); diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index 7e4135b1e4..92d60081c5 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -1750,13 +1750,13 @@ static int doNativeMigrate(struct qemud_driver *driver, virReportOOMError(); goto cleanup; } - if (virSecurityManagerSetSocketLabel(driver->securityManager, vm) < 0) + if (virSecurityManagerSetSocketLabel(driver->securityManager, vm->def) < 0) goto cleanup; if (virNetSocketNewConnectTCP(uribits->server, tmp, &sock) == 0) { spec.dest.fd.qemu = virNetSocketDupFD(sock, true); virNetSocketFree(sock); } - if (virSecurityManagerClearSocketLabel(driver->securityManager, vm) < 0 || + if (virSecurityManagerClearSocketLabel(driver->securityManager, vm->def) < 0 || spec.dest.fd.qemu == -1) goto cleanup; } else { @@ -1823,7 +1823,7 @@ static int doTunnelMigrate(struct qemud_driver *driver, spec.dest.fd.local = fds[0]; } if (spec.dest.fd.qemu == -1 || - virSecurityManagerSetImageFDLabel(driver->securityManager, vm, + virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def, spec.dest.fd.qemu) < 0) { virReportSystemError(errno, "%s", _("cannot create pipe for tunnelled migration")); @@ -2843,7 +2843,7 @@ qemuMigrationToFile(struct qemud_driver *driver, virDomainObjPtr vm, * doesn't have to open() the file, so while we still have to * grant SELinux access, we can do it on fd and avoid cleanup * later, as well as skip futzing with cgroup. */ - if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm, + if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def, compressor ? pipeFD[1] : fd) < 0) goto cleanup; bypassSecurityDriver = true; @@ -2877,7 +2877,7 @@ qemuMigrationToFile(struct qemud_driver *driver, virDomainObjPtr vm, } if ((!bypassSecurityDriver) && virSecurityManagerSetSavedStateLabel(driver->securityManager, - vm, path) < 0) + vm->def, path) < 0) goto cleanup; restoreLabel = true; } @@ -2952,7 +2952,7 @@ cleanup: virCommandFree(cmd); if (restoreLabel && (!bypassSecurityDriver) && virSecurityManagerRestoreSavedStateLabel(driver->securityManager, - vm, path) < 0) + vm->def, path) < 0) VIR_WARN("failed to restore save state label on %s", path); if (cgroup != NULL) { diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index e0fd0732c9..e16ca07d4d 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -881,7 +881,7 @@ qemuConnectMonitor(struct qemud_driver *driver, virDomainObjPtr vm) qemuMonitorPtr mon = NULL; if (virSecurityManagerSetDaemonSocketLabel(driver->securityManager, - vm) < 0) { + vm->def) < 0) { VIR_ERROR(_("Failed to set security context for monitor for %s"), vm->def->name); goto error; @@ -914,7 +914,7 @@ qemuConnectMonitor(struct qemud_driver *driver, virDomainObjPtr vm) } priv->mon = mon; - if (virSecurityManagerClearSocketLabel(driver->securityManager, vm) < 0) { + if (virSecurityManagerClearSocketLabel(driver->securityManager, vm->def) < 0) { VIR_ERROR(_("Failed to clear security context for monitor for %s"), vm->def->name); goto error; @@ -2217,7 +2217,7 @@ static int qemuProcessHook(void *data) * sockets the lock driver opens that we don't want * labelled. So far we're ok though. */ - if (virSecurityManagerSetSocketLabel(h->driver->securityManager, h->vm) < 0) + if (virSecurityManagerSetSocketLabel(h->driver->securityManager, h->vm->def) < 0) goto cleanup; if (virDomainLockProcessStart(h->driver->lockManager, h->vm, @@ -2225,7 +2225,7 @@ static int qemuProcessHook(void *data) true, &fd) < 0) goto cleanup; - if (virSecurityManagerClearSocketLabel(h->driver->securityManager, h->vm) < 0) + if (virSecurityManagerClearSocketLabel(h->driver->securityManager, h->vm->def) < 0) goto cleanup; if (qemuProcessLimits(h->driver) < 0) @@ -2248,7 +2248,7 @@ static int qemuProcessHook(void *data) return -1; VIR_DEBUG("Setting up security labelling"); - if (virSecurityManagerSetProcessLabel(h->driver->securityManager, h->vm) < 0) + if (virSecurityManagerSetProcessLabel(h->driver->securityManager, h->vm->def) < 0) goto cleanup; ret = 0; @@ -2735,7 +2735,7 @@ qemuProcessReconnect(void *opaque) goto error; } - if (virSecurityManagerReserveLabel(driver->securityManager, obj) < 0) + if (virSecurityManagerReserveLabel(driver->securityManager, obj->def, obj->pid) < 0) goto error; if (qemuProcessNotifyNets(obj->def) < 0) @@ -2973,7 +2973,7 @@ int qemuProcessStart(virConnectPtr conn, /* If you are using a SecurityDriver with dynamic labelling, then generate a security label for isolation */ VIR_DEBUG("Generating domain security label (if required)"); - if (virSecurityManagerGenLabel(driver->securityManager, vm) < 0) { + if (virSecurityManagerGenLabel(driver->securityManager, vm->def) < 0) { virDomainAuditSecurityLabel(vm, false); goto cleanup; } @@ -3218,7 +3218,7 @@ int qemuProcessStart(virConnectPtr conn, VIR_DEBUG("Setting domain security labels"); if (virSecurityManagerSetAllLabel(driver->securityManager, - vm, stdin_path) < 0) + vm->def, stdin_path) < 0) goto cleanup; if (stdin_fd != -1) { @@ -3235,7 +3235,7 @@ int qemuProcessStart(virConnectPtr conn, goto cleanup; } if (S_ISFIFO(stdin_sb.st_mode) && - virSecurityManagerSetImageFDLabel(driver->securityManager, vm, stdin_fd) < 0) + virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def, stdin_fd) < 0) goto cleanup; } @@ -3488,8 +3488,8 @@ void qemuProcessStop(struct qemud_driver *driver, /* Reset Security Labels */ virSecurityManagerRestoreAllLabel(driver->securityManager, - vm, migrated); - virSecurityManagerReleaseLabel(driver->securityManager, vm); + vm->def, migrated); + virSecurityManagerReleaseLabel(driver->securityManager, vm->def); /* Clear out dynamically assigned labels */ if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) { @@ -3638,7 +3638,7 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED, if (VIR_ALLOC(seclabel) < 0) goto no_memory; if (virSecurityManagerGetProcessLabel(driver->securityManager, - vm, seclabel) < 0) + vm->def, vm->pid, seclabel) < 0) goto cleanup; if (driver->caps->host.secModel.model && !(vm->def->seclabel.model = strdup(driver->caps->host.secModel.model))) diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c index 3a01a213f1..d2104f3b5f 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -48,7 +48,7 @@ /* Data structure to pass to *FileIterate so we have everything we need */ struct SDPDOP { virSecurityManagerPtr mgr; - virDomainObjPtr vm; + virDomainDefPtr def; }; /* @@ -160,7 +160,7 @@ profile_status_file(const char *str) static int load_profile(virSecurityManagerPtr mgr, const char *profile, - virDomainObjPtr vm, + virDomainDefPtr def, const char *fn, bool append) { @@ -171,7 +171,7 @@ load_profile(virSecurityManagerPtr mgr, const char *probe = virSecurityManagerGetAllowDiskFormatProbing(mgr) ? "1" : "0"; - xml = virDomainDefFormat(vm->def, VIR_DOMAIN_XML_SECURE); + xml = virDomainDefFormat(def, VIR_DOMAIN_XML_SECURE); if (!xml) goto clean; @@ -213,12 +213,12 @@ remove_profile(const char *profile) } static char * -get_profile_name(virDomainObjPtr vm) +get_profile_name(virDomainDefPtr def) { char uuidstr[VIR_UUID_STRING_BUFLEN]; char *name = NULL; - virUUIDFormat(vm->def->uuid, uuidstr); + virUUIDFormat(def->uuid, uuidstr); if (virAsprintf(&name, "%s%s", AA_PREFIX, uuidstr) < 0) { virReportOOMError(); return NULL; @@ -258,23 +258,23 @@ cleanup: */ static int reload_profile(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, const char *fn, bool append) { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + const virSecurityLabelDefPtr secdef = &def->seclabel; int rc = -1; char *profile_name = NULL; if (secdef->norelabel) return 0; - if ((profile_name = get_profile_name(vm)) == NULL) + if ((profile_name = get_profile_name(def)) == NULL) return rc; /* Update the profile only if it is loaded */ if (profile_loaded(secdef->imagelabel) >= 0) { - if (load_profile(mgr, secdef->imagelabel, vm, fn, append) < 0) { + if (load_profile(mgr, secdef->imagelabel, def, fn, append) < 0) { virSecurityReportError(VIR_ERR_INTERNAL_ERROR, _("cannot update AppArmor profile " "\'%s\'"), @@ -295,10 +295,10 @@ AppArmorSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED, const char *file, void *opaque) { struct SDPDOP *ptr = opaque; - virDomainObjPtr vm = ptr->vm; + virDomainDefPtr def = ptr->def; - if (reload_profile(ptr->mgr, vm, file, true) < 0) { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + if (reload_profile(ptr->mgr, def, file, true) < 0) { + const virSecurityLabelDefPtr secdef = &def->seclabel; virSecurityReportError(VIR_ERR_INTERNAL_ERROR, _("cannot update AppArmor profile " "\'%s\'"), @@ -313,10 +313,10 @@ AppArmorSetSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED, const char *file, void *opaque) { struct SDPDOP *ptr = opaque; - virDomainObjPtr vm = ptr->vm; + virDomainDefPtr def = ptr->def; - if (reload_profile(ptr->mgr, vm, file, true) < 0) { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + if (reload_profile(ptr->mgr, def, file, true) < 0) { + const virSecurityLabelDefPtr secdef = &def->seclabel; virSecurityReportError(VIR_ERR_INTERNAL_ERROR, _("cannot update AppArmor profile " "\'%s\'"), @@ -391,56 +391,56 @@ AppArmorSecurityManagerGetDOI(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED) */ static int AppArmorGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm) + virDomainDefPtr def) { int rc = -1; char *profile_name = NULL; - if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC) + if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC) return 0; - if (vm->def->seclabel.baselabel) { + if (def->seclabel.baselabel) { virSecurityReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Cannot set a base label with AppArmour")); return rc; } - if ((vm->def->seclabel.label) || - (vm->def->seclabel.model) || (vm->def->seclabel.imagelabel)) { + if ((def->seclabel.label) || + (def->seclabel.model) || (def->seclabel.imagelabel)) { virSecurityReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("security label already defined for VM")); return rc; } - if ((profile_name = get_profile_name(vm)) == NULL) + if ((profile_name = get_profile_name(def)) == NULL) return rc; - vm->def->seclabel.label = strndup(profile_name, strlen(profile_name)); - if (!vm->def->seclabel.label) { + def->seclabel.label = strndup(profile_name, strlen(profile_name)); + if (!def->seclabel.label) { virReportOOMError(); goto clean; } /* set imagelabel the same as label (but we won't use it) */ - vm->def->seclabel.imagelabel = strndup(profile_name, + def->seclabel.imagelabel = strndup(profile_name, strlen(profile_name)); - if (!vm->def->seclabel.imagelabel) { + if (!def->seclabel.imagelabel) { virReportOOMError(); goto err; } - vm->def->seclabel.model = strdup(SECURITY_APPARMOR_NAME); - if (!vm->def->seclabel.model) { + def->seclabel.model = strdup(SECURITY_APPARMOR_NAME); + if (!def->seclabel.model) { virReportOOMError(); goto err; } /* Now that we have a label, load the profile into the kernel. */ - if (load_profile(mgr, vm->def->seclabel.label, vm, NULL, false) < 0) { + if (load_profile(mgr, def->seclabel.label, def, NULL, false) < 0) { virSecurityReportError(VIR_ERR_INTERNAL_ERROR, _("cannot load AppArmor profile " - "\'%s\'"), vm->def->seclabel.label); + "\'%s\'"), def->seclabel.label); goto err; } @@ -448,9 +448,9 @@ AppArmorGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, goto clean; err: - VIR_FREE(vm->def->seclabel.label); - VIR_FREE(vm->def->seclabel.imagelabel); - VIR_FREE(vm->def->seclabel.model); + VIR_FREE(def->seclabel.label); + VIR_FREE(def->seclabel.imagelabel); + VIR_FREE(def->seclabel.model); clean: VIR_FREE(profile_name); @@ -460,15 +460,15 @@ AppArmorGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, static int AppArmorSetSecurityAllLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, const char *stdin_path) + virDomainDefPtr def, const char *stdin_path) { - if (vm->def->seclabel.norelabel) + if (def->seclabel.norelabel) return 0; /* Reload the profile if stdin_path is specified. Note that GenSecurityLabel() will have already been run. */ if (stdin_path) - return reload_profile(mgr, vm, stdin_path, true); + return reload_profile(mgr, def, stdin_path, true); return 0; } @@ -478,13 +478,14 @@ AppArmorSetSecurityAllLabel(virSecurityManagerPtr mgr, */ static int AppArmorGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm, + virDomainDefPtr def, + pid_t pid, virSecurityLabelPtr sec) { int rc = -1; char *profile_name = NULL; - if ((profile_name = get_profile_name(vm)) == NULL) + if ((profile_name = get_profile_name(def)) == NULL) return rc; if (virStrcpy(sec->label, profile_name, @@ -512,9 +513,9 @@ AppArmorGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, */ static int AppArmorReleaseSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm) + virDomainDefPtr def) { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + const virSecurityLabelDefPtr secdef = &def->seclabel; VIR_FREE(secdef->model); VIR_FREE(secdef->label); @@ -526,10 +527,10 @@ AppArmorReleaseSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, static int AppArmorRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm, + virDomainDefPtr def, int migrated ATTRIBUTE_UNUSED) { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + const virSecurityLabelDefPtr secdef = &def->seclabel; int rc = 0; if (secdef->type == VIR_DOMAIN_SECLABEL_DYNAMIC) { @@ -546,13 +547,13 @@ AppArmorRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, * LOCALSTATEDIR/log/libvirt/qemu/.log */ static int -AppArmorSetSecurityProcessLabel(virSecurityManagerPtr mgr, virDomainObjPtr vm) +AppArmorSetSecurityProcessLabel(virSecurityManagerPtr mgr, virDomainDefPtr def) { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + const virSecurityLabelDefPtr secdef = &def->seclabel; int rc = -1; char *profile_name = NULL; - if ((profile_name = get_profile_name(vm)) == NULL) + if ((profile_name = get_profile_name(def)) == NULL) return rc; if (STRNEQ(virSecurityManagerGetModel(mgr), secdef->model)) { @@ -580,21 +581,21 @@ AppArmorSetSecurityProcessLabel(virSecurityManagerPtr mgr, virDomainObjPtr vm) static int AppArmorSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED) + virDomainDefPtr vm ATTRIBUTE_UNUSED) { return 0; } static int AppArmorSetSecuritySocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED) + virDomainDefPtr def ATTRIBUTE_UNUSED) { return 0; } static int AppArmorClearSecuritySocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED) + virDomainDefPtr def ATTRIBUTE_UNUSED) { return 0; } @@ -603,21 +604,21 @@ AppArmorClearSecuritySocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, /* Called when hotplugging */ static int AppArmorRestoreSecurityImageLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, - virDomainDiskDefPtr disk ATTRIBUTE_UNUSED) + virDomainDefPtr def, + virDomainDiskDefPtr disk) { if (disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK) return 0; - return reload_profile(mgr, vm, NULL, false); + return reload_profile(mgr, def, NULL, false); } /* Called when hotplugging */ static int AppArmorSetSecurityImageLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, virDomainDiskDefPtr disk) + virDomainDefPtr def, virDomainDiskDefPtr disk) { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + const virSecurityLabelDefPtr secdef = &def->seclabel; int rc = -1; char *profile_name; @@ -635,12 +636,12 @@ AppArmorSetSecurityImageLabel(virSecurityManagerPtr mgr, return rc; } - if ((profile_name = get_profile_name(vm)) == NULL) + if ((profile_name = get_profile_name(def)) == NULL) return rc; /* update the profile only if it is loaded */ if (profile_loaded(secdef->imagelabel) >= 0) { - if (load_profile(mgr, secdef->imagelabel, vm, disk->src, + if (load_profile(mgr, secdef->imagelabel, def, disk->src, false) < 0) { virSecurityReportError(VIR_ERR_INTERNAL_ERROR, _("cannot update AppArmor profile " @@ -677,7 +678,8 @@ AppArmorSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, static int AppArmorReserveSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED) + virDomainDefPtr def ATTRIBUTE_UNUSED, + pid_t pid ATTRIBUTE_UNUSED) { /* NOOP. Nothing to reserve with AppArmor */ return 0; @@ -685,11 +687,11 @@ AppArmorReserveSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, static int AppArmorSetSecurityHostdevLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, virDomainHostdevDefPtr dev) { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + const virSecurityLabelDefPtr secdef = &def->seclabel; struct SDPDOP *ptr; int ret = -1; @@ -705,7 +707,7 @@ AppArmorSetSecurityHostdevLabel(virSecurityManagerPtr mgr, if (VIR_ALLOC(ptr) < 0) return -1; ptr->mgr = mgr; - ptr->vm = vm; + ptr->def = def; switch (dev->source.subsys.type) { case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: { @@ -747,44 +749,44 @@ done: static int AppArmorRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED) { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + const virSecurityLabelDefPtr secdef = &def->seclabel; if (secdef->norelabel) return 0; - return reload_profile(mgr, vm, NULL, false); + return reload_profile(mgr, def, NULL, false); } static int AppArmorSetSavedStateLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, const char *savefile) { - return reload_profile(mgr, vm, savefile, true); + return reload_profile(mgr, def, savefile, true); } static int AppArmorRestoreSavedStateLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, const char *savefile ATTRIBUTE_UNUSED) { - return reload_profile(mgr, vm, NULL, false); + return reload_profile(mgr, def, NULL, false); } static int AppArmorSetImageFDLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, int fd) { int rc = -1; char *proc = NULL; char *fd_path = NULL; - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + const virSecurityLabelDefPtr secdef = &def->seclabel; if (secdef->imagelabel == NULL) return 0; @@ -800,7 +802,7 @@ AppArmorSetImageFDLabel(virSecurityManagerPtr mgr, return 0; } - return reload_profile(mgr, vm, fd_path, true); + return reload_profile(mgr, def, fd_path, true); } virSecurityDriver virAppArmorSecurityDriver = { diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 9f8a32056d..2fb4a147f7 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -171,7 +171,7 @@ virSecurityDACSetSecurityFileLabel(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED, static int virSecurityDACSetSecurityImageLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm ATTRIBUTE_UNUSED, + virDomainDefPtr def ATTRIBUTE_UNUSED, virDomainDiskDefPtr disk) { @@ -193,7 +193,7 @@ virSecurityDACSetSecurityImageLabel(virSecurityManagerPtr mgr, static int virSecurityDACRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr, - virDomainObjPtr vm ATTRIBUTE_UNUSED, + virDomainDefPtr def ATTRIBUTE_UNUSED, virDomainDiskDefPtr disk, int migrated) { @@ -241,10 +241,10 @@ virSecurityDACRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr, static int virSecurityDACRestoreSecurityImageLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, virDomainDiskDefPtr disk) { - return virSecurityDACRestoreSecurityImageLabelInt(mgr, vm, disk, 0); + return virSecurityDACRestoreSecurityImageLabelInt(mgr, def, disk, 0); } @@ -274,7 +274,7 @@ virSecurityDACSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED, static int virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm ATTRIBUTE_UNUSED, + virDomainDefPtr def ATTRIBUTE_UNUSED, virDomainHostdevDefPtr dev) { virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr); @@ -344,7 +344,7 @@ virSecurityDACRestoreSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED, static int virSecurityDACRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm ATTRIBUTE_UNUSED, + virDomainDefPtr def ATTRIBUTE_UNUSED, virDomainHostdevDefPtr dev) { @@ -495,7 +495,7 @@ virSecurityDACRestoreChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED, static int virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, int migrated) { virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr); @@ -507,34 +507,34 @@ virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr, VIR_DEBUG("Restoring security label on %s migrated=%d", - vm->def->name, migrated); + def->name, migrated); - for (i = 0 ; i < vm->def->nhostdevs ; i++) { + for (i = 0 ; i < def->nhostdevs ; i++) { if (virSecurityDACRestoreSecurityHostdevLabel(mgr, - vm, - vm->def->hostdevs[i]) < 0) + def, + def->hostdevs[i]) < 0) rc = -1; } - for (i = 0 ; i < vm->def->ndisks ; i++) { + for (i = 0 ; i < def->ndisks ; i++) { if (virSecurityDACRestoreSecurityImageLabelInt(mgr, - vm, - vm->def->disks[i], + def, + def->disks[i], migrated) < 0) rc = -1; } - if (virDomainChrDefForeach(vm->def, + if (virDomainChrDefForeach(def, false, virSecurityDACRestoreChardevCallback, mgr) < 0) rc = -1; - if (vm->def->os.kernel && - virSecurityDACRestoreSecurityFileLabel(vm->def->os.kernel) < 0) + if (def->os.kernel && + virSecurityDACRestoreSecurityFileLabel(def->os.kernel) < 0) rc = -1; - if (vm->def->os.initrd && - virSecurityDACRestoreSecurityFileLabel(vm->def->os.initrd) < 0) + if (def->os.initrd && + virSecurityDACRestoreSecurityFileLabel(def->os.initrd) < 0) rc = -1; return rc; @@ -554,7 +554,7 @@ virSecurityDACSetChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED, static int virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, const char *stdin_path ATTRIBUTE_UNUSED) { virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr); @@ -563,36 +563,36 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr, if (!priv->dynamicOwnership) return 0; - for (i = 0 ; i < vm->def->ndisks ; i++) { + for (i = 0 ; i < def->ndisks ; i++) { /* XXX fixme - we need to recursively label the entire tree :-( */ - if (vm->def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_DIR) + if (def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_DIR) continue; if (virSecurityDACSetSecurityImageLabel(mgr, - vm, - vm->def->disks[i]) < 0) + def, + def->disks[i]) < 0) return -1; } - for (i = 0 ; i < vm->def->nhostdevs ; i++) { + for (i = 0 ; i < def->nhostdevs ; i++) { if (virSecurityDACSetSecurityHostdevLabel(mgr, - vm, - vm->def->hostdevs[i]) < 0) + def, + def->hostdevs[i]) < 0) return -1; } - if (virDomainChrDefForeach(vm->def, + if (virDomainChrDefForeach(def, true, virSecurityDACSetChardevCallback, mgr) < 0) return -1; - if (vm->def->os.kernel && - virSecurityDACSetOwnership(vm->def->os.kernel, + if (def->os.kernel && + virSecurityDACSetOwnership(def->os.kernel, priv->user, priv->group) < 0) return -1; - if (vm->def->os.initrd && - virSecurityDACSetOwnership(vm->def->os.initrd, + if (def->os.initrd && + virSecurityDACSetOwnership(def->os.initrd, priv->user, priv->group) < 0) return -1; @@ -603,7 +603,7 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr, static int virSecurityDACSetSavedStateLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm ATTRIBUTE_UNUSED, + virDomainDefPtr def ATTRIBUTE_UNUSED, const char *savefile) { virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr); @@ -614,7 +614,7 @@ virSecurityDACSetSavedStateLabel(virSecurityManagerPtr mgr, static int virSecurityDACRestoreSavedStateLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm ATTRIBUTE_UNUSED, + virDomainDefPtr def ATTRIBUTE_UNUSED, const char *savefile) { virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr); @@ -628,11 +628,11 @@ virSecurityDACRestoreSavedStateLabel(virSecurityManagerPtr mgr, static int virSecurityDACSetProcessLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm ATTRIBUTE_UNUSED) + virDomainDefPtr def ATTRIBUTE_UNUSED) { virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr); - VIR_DEBUG("Dropping privileges of VM to %u:%u", + VIR_DEBUG("Dropping privileges of DEF to %u:%u", (unsigned int) priv->user, (unsigned int) priv->group); if (virSetUIDGID(priv->user, priv->group) < 0) @@ -651,28 +651,30 @@ virSecurityDACVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, static int virSecurityDACGenLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED) + virDomainDefPtr def ATTRIBUTE_UNUSED) { return 0; } static int virSecurityDACReleaseLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED) + virDomainDefPtr def ATTRIBUTE_UNUSED) { return 0; } static int virSecurityDACReserveLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED) + virDomainDefPtr def ATTRIBUTE_UNUSED, + pid_t pid ATTRIBUTE_UNUSED) { return 0; } static int virSecurityDACGetProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED, + virDomainDefPtr def ATTRIBUTE_UNUSED, + pid_t pid ATTRIBUTE_UNUSED, virSecurityLabelPtr seclabel ATTRIBUTE_UNUSED) { return 0; @@ -680,7 +682,7 @@ virSecurityDACGetProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, static int virSecurityDACSetDaemonSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED) + virDomainDefPtr vm ATTRIBUTE_UNUSED) { return 0; } @@ -688,7 +690,7 @@ virSecurityDACSetDaemonSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, static int virSecurityDACSetSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED) + virDomainDefPtr def ATTRIBUTE_UNUSED) { return 0; } @@ -696,20 +698,19 @@ virSecurityDACSetSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, static int virSecurityDACClearSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED) + virDomainDefPtr def ATTRIBUTE_UNUSED) { return 0; } static int virSecurityDACSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED, + virDomainDefPtr def ATTRIBUTE_UNUSED, int fd ATTRIBUTE_UNUSED) { return 0; } - virSecurityDriver virSecurityDriverDAC = { sizeof(virSecurityDACData), "virDAC", diff --git a/src/security/security_driver.h b/src/security/security_driver.h index aea90b024e..f0ace1c78d 100644 --- a/src/security/security_driver.h +++ b/src/security/security_driver.h @@ -39,50 +39,52 @@ typedef const char *(*virSecurityDriverGetModel) (virSecurityManagerPtr mgr); typedef const char *(*virSecurityDriverGetDOI) (virSecurityManagerPtr mgr); typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, virDomainDiskDefPtr disk); typedef int (*virSecurityDomainSetDaemonSocketLabel)(virSecurityManagerPtr mgr, - virDomainObjPtr vm); + virDomainDefPtr vm); typedef int (*virSecurityDomainSetSocketLabel) (virSecurityManagerPtr mgr, - virDomainObjPtr vm); + virDomainDefPtr def); typedef int (*virSecurityDomainClearSocketLabel)(virSecurityManagerPtr mgr, - virDomainObjPtr vm); + virDomainDefPtr def); typedef int (*virSecurityDomainSetImageLabel) (virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, virDomainDiskDefPtr disk); typedef int (*virSecurityDomainRestoreHostdevLabel) (virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, virDomainHostdevDefPtr dev); typedef int (*virSecurityDomainSetHostdevLabel) (virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, virDomainHostdevDefPtr dev); typedef int (*virSecurityDomainSetSavedStateLabel) (virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, const char *savefile); typedef int (*virSecurityDomainRestoreSavedStateLabel) (virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, const char *savefile); typedef int (*virSecurityDomainGenLabel) (virSecurityManagerPtr mgr, - virDomainObjPtr sec); + virDomainDefPtr sec); typedef int (*virSecurityDomainReserveLabel) (virSecurityManagerPtr mgr, - virDomainObjPtr sec); + virDomainDefPtr sec, + pid_t pid); typedef int (*virSecurityDomainReleaseLabel) (virSecurityManagerPtr mgr, - virDomainObjPtr sec); + virDomainDefPtr sec); typedef int (*virSecurityDomainSetAllLabel) (virSecurityManagerPtr mgr, - virDomainObjPtr sec, + virDomainDefPtr sec, const char *stdin_path); typedef int (*virSecurityDomainRestoreAllLabel) (virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, int migrated); typedef int (*virSecurityDomainGetProcessLabel) (virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, + pid_t pid, virSecurityLabelPtr sec); typedef int (*virSecurityDomainSetProcessLabel) (virSecurityManagerPtr mgr, - virDomainObjPtr vm); + virDomainDefPtr def); typedef int (*virSecurityDomainSecurityVerify) (virSecurityManagerPtr mgr, virDomainDefPtr def); typedef int (*virSecurityDomainSetImageFDLabel) (virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, int fd); struct _virSecurityDriver { diff --git a/src/security/security_manager.c b/src/security/security_manager.c index cae9b838c1..2e4956a0ee 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -150,7 +150,7 @@ bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr) } int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr vm, virDomainDiskDefPtr disk) { if (mgr->drv->domainRestoreSecurityImageLabel) @@ -161,7 +161,7 @@ int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr, } int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm) + virDomainDefPtr vm) { if (mgr->drv->domainSetSecurityDaemonSocketLabel) return mgr->drv->domainSetSecurityDaemonSocketLabel(mgr, vm); @@ -171,7 +171,7 @@ int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr, } int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm) + virDomainDefPtr vm) { if (mgr->drv->domainSetSecuritySocketLabel) return mgr->drv->domainSetSecuritySocketLabel(mgr, vm); @@ -181,7 +181,7 @@ int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr, } int virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm) + virDomainDefPtr vm) { if (mgr->drv->domainClearSecuritySocketLabel) return mgr->drv->domainClearSecuritySocketLabel(mgr, vm); @@ -191,7 +191,7 @@ int virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr, } int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr vm, virDomainDiskDefPtr disk) { if (mgr->drv->domainSetSecurityImageLabel) @@ -202,7 +202,7 @@ int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr, } int virSecurityManagerRestoreHostdevLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr vm, virDomainHostdevDefPtr dev) { if (mgr->drv->domainRestoreSecurityHostdevLabel) @@ -213,7 +213,7 @@ int virSecurityManagerRestoreHostdevLabel(virSecurityManagerPtr mgr, } int virSecurityManagerSetHostdevLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr vm, virDomainHostdevDefPtr dev) { if (mgr->drv->domainSetSecurityHostdevLabel) @@ -224,7 +224,7 @@ int virSecurityManagerSetHostdevLabel(virSecurityManagerPtr mgr, } int virSecurityManagerSetSavedStateLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr vm, const char *savefile) { if (mgr->drv->domainSetSavedStateLabel) @@ -235,7 +235,7 @@ int virSecurityManagerSetSavedStateLabel(virSecurityManagerPtr mgr, } int virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr vm, const char *savefile) { if (mgr->drv->domainRestoreSavedStateLabel) @@ -246,7 +246,7 @@ int virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr, } int virSecurityManagerGenLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm) + virDomainDefPtr vm) { if (mgr->drv->domainGenSecurityLabel) return mgr->drv->domainGenSecurityLabel(mgr, vm); @@ -256,17 +256,18 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr, } int virSecurityManagerReserveLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm) + virDomainDefPtr vm, + pid_t pid) { if (mgr->drv->domainReserveSecurityLabel) - return mgr->drv->domainReserveSecurityLabel(mgr, vm); + return mgr->drv->domainReserveSecurityLabel(mgr, vm, pid); virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); return -1; } int virSecurityManagerReleaseLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm) + virDomainDefPtr vm) { if (mgr->drv->domainReleaseSecurityLabel) return mgr->drv->domainReleaseSecurityLabel(mgr, vm); @@ -276,7 +277,7 @@ int virSecurityManagerReleaseLabel(virSecurityManagerPtr mgr, } int virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr vm, const char *stdin_path) { if (mgr->drv->domainSetSecurityAllLabel) @@ -287,7 +288,7 @@ int virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr, } int virSecurityManagerRestoreAllLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr vm, int migrated) { if (mgr->drv->domainRestoreSecurityAllLabel) @@ -298,18 +299,19 @@ int virSecurityManagerRestoreAllLabel(virSecurityManagerPtr mgr, } int virSecurityManagerGetProcessLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr vm, + pid_t pid, virSecurityLabelPtr sec) { if (mgr->drv->domainGetSecurityProcessLabel) - return mgr->drv->domainGetSecurityProcessLabel(mgr, vm, sec); + return mgr->drv->domainGetSecurityProcessLabel(mgr, vm, pid, sec); virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); return -1; } int virSecurityManagerSetProcessLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm) + virDomainDefPtr vm) { if (mgr->drv->domainSetSecurityProcessLabel) return mgr->drv->domainSetSecurityProcessLabel(mgr, vm); @@ -337,7 +339,7 @@ int virSecurityManagerVerify(virSecurityManagerPtr mgr, } int virSecurityManagerSetImageFDLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr vm, int fd) { if (mgr->drv->domainSetSecurityImageFDLabel) diff --git a/src/security/security_manager.h b/src/security/security_manager.h index 12cd49833e..6731d59690 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -51,50 +51,52 @@ const char *virSecurityManagerGetModel(virSecurityManagerPtr mgr); bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr); int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, virDomainDiskDefPtr disk); int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm); + virDomainDefPtr vm); int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm); + virDomainDefPtr def); int virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm); + virDomainDefPtr def); int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, virDomainDiskDefPtr disk); int virSecurityManagerRestoreHostdevLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, virDomainHostdevDefPtr dev); int virSecurityManagerSetHostdevLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, virDomainHostdevDefPtr dev); int virSecurityManagerSetSavedStateLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, const char *savefile); int virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, const char *savefile); int virSecurityManagerGenLabel(virSecurityManagerPtr mgr, - virDomainObjPtr sec); + virDomainDefPtr sec); int virSecurityManagerReserveLabel(virSecurityManagerPtr mgr, - virDomainObjPtr sec); + virDomainDefPtr sec, + pid_t pid); int virSecurityManagerReleaseLabel(virSecurityManagerPtr mgr, - virDomainObjPtr sec); + virDomainDefPtr sec); int virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr, - virDomainObjPtr sec, + virDomainDefPtr sec, const char *stdin_path); int virSecurityManagerRestoreAllLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, int migrated); int virSecurityManagerGetProcessLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, + pid_t pid, virSecurityLabelPtr sec); int virSecurityManagerSetProcessLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm); + virDomainDefPtr def); int virSecurityManagerVerify(virSecurityManagerPtr mgr, virDomainDefPtr def); int virSecurityManagerSetImageFDLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, int fd); #endif /* VIR_SECURITY_MANAGER_H__ */ diff --git a/src/security/security_nop.c b/src/security/security_nop.c index a68a6c0eea..c3bd426d18 100644 --- a/src/security/security_nop.c +++ b/src/security/security_nop.c @@ -47,104 +47,106 @@ static const char * virSecurityDriverGetDOINop(virSecurityManagerPtr mgr ATTRIBU } static int virSecurityDomainRestoreImageLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED, + virDomainDefPtr vm ATTRIBUTE_UNUSED, virDomainDiskDefPtr disk ATTRIBUTE_UNUSED) { return 0; } static int virSecurityDomainSetDaemonSocketLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED) + virDomainDefPtr vm ATTRIBUTE_UNUSED) { return 0; } static int virSecurityDomainSetSocketLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED) + virDomainDefPtr vm ATTRIBUTE_UNUSED) { return 0; } static int virSecurityDomainClearSocketLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED) + virDomainDefPtr vm ATTRIBUTE_UNUSED) { return 0; } static int virSecurityDomainSetImageLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED, + virDomainDefPtr vm ATTRIBUTE_UNUSED, virDomainDiskDefPtr disk ATTRIBUTE_UNUSED) { return 0; } static int virSecurityDomainRestoreHostdevLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED, + virDomainDefPtr vm ATTRIBUTE_UNUSED, virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED) { return 0; } static int virSecurityDomainSetHostdevLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED, + virDomainDefPtr vm ATTRIBUTE_UNUSED, virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED) { return 0; } static int virSecurityDomainSetSavedStateLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED, + virDomainDefPtr vm ATTRIBUTE_UNUSED, const char *savefile ATTRIBUTE_UNUSED) { return 0; } static int virSecurityDomainRestoreSavedStateLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED, + virDomainDefPtr vm ATTRIBUTE_UNUSED, const char *savefile ATTRIBUTE_UNUSED) { return 0; } static int virSecurityDomainGenLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr sec ATTRIBUTE_UNUSED) + virDomainDefPtr sec ATTRIBUTE_UNUSED) { return 0; } static int virSecurityDomainReserveLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr sec ATTRIBUTE_UNUSED) + virDomainDefPtr sec ATTRIBUTE_UNUSED, + pid_t pid ATTRIBUTE_UNUSED) { return 0; } static int virSecurityDomainReleaseLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr sec ATTRIBUTE_UNUSED) + virDomainDefPtr sec ATTRIBUTE_UNUSED) { return 0; } static int virSecurityDomainSetAllLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr sec ATTRIBUTE_UNUSED, + virDomainDefPtr sec ATTRIBUTE_UNUSED, const char *stdin_path ATTRIBUTE_UNUSED) { return 0; } static int virSecurityDomainRestoreAllLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED, + virDomainDefPtr vm ATTRIBUTE_UNUSED, int migrated ATTRIBUTE_UNUSED) { return 0; } static int virSecurityDomainGetProcessLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED, + virDomainDefPtr vm ATTRIBUTE_UNUSED, + pid_t pid ATTRIBUTE_UNUSED, virSecurityLabelPtr sec ATTRIBUTE_UNUSED) { return 0; } static int virSecurityDomainSetProcessLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED) + virDomainDefPtr vm ATTRIBUTE_UNUSED) { return 0; } @@ -156,7 +158,7 @@ static int virSecurityDomainVerifyNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED } static int virSecurityDomainSetFDLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr sec ATTRIBUTE_UNUSED, + virDomainDefPtr sec ATTRIBUTE_UNUSED, int fd ATTRIBUTE_UNUSED) { return 0; diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index cdc28adb80..c2dcecabe1 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -162,7 +162,7 @@ SELinuxInitialize(void) static int SELinuxGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm) + virDomainDefPtr def) { int rc = -1; char *mcs = NULL; @@ -171,40 +171,40 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, int c2 = 0; context_t ctx = NULL; - if ((vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) && - !vm->def->seclabel.baselabel && - vm->def->seclabel.model) { + if ((def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) && + !def->seclabel.baselabel && + def->seclabel.model) { virSecurityReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("security model already defined for VM")); return rc; } - if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC && - vm->def->seclabel.label) { + if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC && + def->seclabel.label) { virSecurityReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("security label already defined for VM")); return rc; } - if (vm->def->seclabel.imagelabel) { + if (def->seclabel.imagelabel) { virSecurityReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("security image label already defined for VM")); return rc; } - if (vm->def->seclabel.model && - STRNEQ(vm->def->seclabel.model, SECURITY_SELINUX_NAME)) { + if (def->seclabel.model && + STRNEQ(def->seclabel.model, SECURITY_SELINUX_NAME)) { virSecurityReportError(VIR_ERR_INTERNAL_ERROR, _("security label model %s is not supported with selinux"), - vm->def->seclabel.model); + def->seclabel.model); return rc; } - if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC) { - if (!(ctx = context_new(vm->def->seclabel.label)) ) { + if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC) { + if (!(ctx = context_new(def->seclabel.label)) ) { virReportSystemError(errno, _("unable to allocate socket security context '%s'"), - vm->def->seclabel.label); + def->seclabel.label); return rc; } @@ -237,25 +237,25 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, } } while (mcsAdd(mcs) == -1); - vm->def->seclabel.label = - SELinuxGenNewContext(vm->def->seclabel.baselabel ? - vm->def->seclabel.baselabel : + def->seclabel.label = + SELinuxGenNewContext(def->seclabel.baselabel ? + def->seclabel.baselabel : default_domain_context, mcs); - if (! vm->def->seclabel.label) { + if (! def->seclabel.label) { virSecurityReportError(VIR_ERR_INTERNAL_ERROR, _("cannot generate selinux context for %s"), mcs); goto cleanup; } } - vm->def->seclabel.imagelabel = SELinuxGenNewContext(default_image_context, mcs); - if (!vm->def->seclabel.imagelabel) { + def->seclabel.imagelabel = SELinuxGenNewContext(default_image_context, mcs); + if (!def->seclabel.imagelabel) { virSecurityReportError(VIR_ERR_INTERNAL_ERROR, _("cannot generate selinux context for %s"), mcs); goto cleanup; } - if (!vm->def->seclabel.model && - !(vm->def->seclabel.model = strdup(SECURITY_SELINUX_NAME))) { + if (!def->seclabel.model && + !(def->seclabel.model = strdup(SECURITY_SELINUX_NAME))) { virReportOOMError(); goto cleanup; } @@ -264,12 +264,12 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, cleanup: if (rc != 0) { - if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) - VIR_FREE(vm->def->seclabel.label); - VIR_FREE(vm->def->seclabel.imagelabel); - if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC && - !vm->def->seclabel.baselabel) - VIR_FREE(vm->def->seclabel.model); + if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) + VIR_FREE(def->seclabel.label); + VIR_FREE(def->seclabel.imagelabel); + if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC && + !def->seclabel.baselabel) + VIR_FREE(def->seclabel.model); } if (ctx) @@ -278,28 +278,29 @@ cleanup: VIR_FREE(mcs); VIR_DEBUG("model=%s label=%s imagelabel=%s baselabel=%s", - NULLSTR(vm->def->seclabel.model), - NULLSTR(vm->def->seclabel.label), - NULLSTR(vm->def->seclabel.imagelabel), - NULLSTR(vm->def->seclabel.baselabel)); + NULLSTR(def->seclabel.model), + NULLSTR(def->seclabel.label), + NULLSTR(def->seclabel.imagelabel), + NULLSTR(def->seclabel.baselabel)); return rc; } static int SELinuxReserveSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm) + virDomainDefPtr def, + pid_t pid) { security_context_t pctx; context_t ctx = NULL; const char *mcs; - if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC) + if (def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC) return 0; - if (getpidcon(vm->pid, &pctx) == -1) { + if (getpidcon(pid, &pctx) == -1) { virReportSystemError(errno, - _("unable to get PID %d security context"), vm->pid); + _("unable to get PID %d security context"), pid); return -1; } @@ -360,15 +361,16 @@ static const char *SELinuxSecurityGetDOI(virSecurityManagerPtr mgr ATTRIBUTE_UNU static int SELinuxGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm, + virDomainDefPtr def ATTRIBUTE_UNUSED, + pid_t pid, virSecurityLabelPtr sec) { security_context_t ctx; - if (getpidcon(vm->pid, &ctx) == -1) { + if (getpidcon(pid, &ctx) == -1) { virReportSystemError(errno, _("unable to get PID %d security context"), - vm->pid); + pid); return -1; } @@ -560,11 +562,11 @@ err: static int SELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm, + virDomainDefPtr def, virDomainDiskDefPtr disk, int migrated) { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + const virSecurityLabelDefPtr secdef = &def->seclabel; if (secdef->norelabel || (disk->seclabel && disk->seclabel->norelabel)) return 0; @@ -605,10 +607,10 @@ SELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, static int SELinuxRestoreSecurityImageLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, virDomainDiskDefPtr disk) { - return SELinuxRestoreSecurityImageLabelInt(mgr, vm, disk, 0); + return SELinuxRestoreSecurityImageLabelInt(mgr, def, disk, 0); } @@ -655,11 +657,11 @@ SELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk, static int SELinuxSetSecurityImageLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, virDomainDiskDefPtr disk) { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + const virSecurityLabelDefPtr secdef = &def->seclabel; bool allowDiskFormatProbing = virSecurityManagerGetAllowDiskFormatProbing(mgr); if (secdef->norelabel) @@ -680,8 +682,8 @@ static int SELinuxSetSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED, const char *file, void *opaque) { - virDomainObjPtr vm = opaque; - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + virDomainDefPtr def = opaque; + const virSecurityLabelDefPtr secdef = &def->seclabel; return SELinuxSetFilecon(file, secdef->imagelabel); } @@ -690,19 +692,19 @@ static int SELinuxSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED, const char *file, void *opaque) { - virDomainObjPtr vm = opaque; - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + virDomainDefPtr def = opaque; + const virSecurityLabelDefPtr secdef = &def->seclabel; return SELinuxSetFilecon(file, secdef->imagelabel); } static int SELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm, + virDomainDefPtr def, virDomainHostdevDefPtr dev) { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + const virSecurityLabelDefPtr secdef = &def->seclabel; int ret = -1; if (secdef->norelabel) @@ -719,7 +721,7 @@ SELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, if (!usb) goto done; - ret = usbDeviceFileIterate(usb, SELinuxSetSecurityUSBLabel, vm); + ret = usbDeviceFileIterate(usb, SELinuxSetSecurityUSBLabel, def); usbFreeDevice(usb); break; } @@ -733,7 +735,7 @@ SELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, if (!pci) goto done; - ret = pciDeviceFileIterate(pci, SELinuxSetSecurityPCILabel, vm); + ret = pciDeviceFileIterate(pci, SELinuxSetSecurityPCILabel, def); pciFreeDevice(pci); break; @@ -767,11 +769,11 @@ SELinuxRestoreSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED, static int SELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm, + virDomainDefPtr def, virDomainHostdevDefPtr dev) { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + const virSecurityLabelDefPtr secdef = &def->seclabel; int ret = -1; if (secdef->norelabel) @@ -820,11 +822,11 @@ done: static int -SELinuxSetSecurityChardevLabel(virDomainObjPtr vm, +SELinuxSetSecurityChardevLabel(virDomainDefPtr def, virDomainChrSourceDefPtr dev) { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + const virSecurityLabelDefPtr secdef = &def->seclabel; char *in = NULL, *out = NULL; int ret = -1; @@ -866,11 +868,11 @@ done: } static int -SELinuxRestoreSecurityChardevLabel(virDomainObjPtr vm, +SELinuxRestoreSecurityChardevLabel(virDomainDefPtr def, virDomainChrSourceDefPtr dev) { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + const virSecurityLabelDefPtr secdef = &def->seclabel; char *in = NULL, *out = NULL; int ret = -1; @@ -914,27 +916,24 @@ done: static int -SELinuxRestoreSecurityChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED, +SELinuxRestoreSecurityChardevCallback(virDomainDefPtr def, virDomainChrDefPtr dev, - void *opaque) + void *opaque ATTRIBUTE_UNUSED) { - virDomainObjPtr vm = opaque; - /* This is taken care of by processing of def->serials */ if (dev->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CONSOLE && dev->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL) return 0; - return SELinuxRestoreSecurityChardevLabel(vm, &dev->source); + return SELinuxRestoreSecurityChardevLabel(def, &dev->source); } static int -SELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def ATTRIBUTE_UNUSED, +SELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def, virDomainSmartcardDefPtr dev, - void *opaque) + void *opaque ATTRIBUTE_UNUSED) { - virDomainObjPtr vm = opaque; const char *database; switch (dev->type) { @@ -948,7 +947,7 @@ SELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def ATTRIBUTE_UNUSED, return SELinuxRestoreSecurityFileLabel(database); case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH: - return SELinuxRestoreSecurityChardevLabel(vm, &dev->data.passthru); + return SELinuxRestoreSecurityChardevLabel(def, &dev->data.passthru); default: virSecurityReportError(VIR_ERR_INTERNAL_ERROR, @@ -963,50 +962,50 @@ SELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def ATTRIBUTE_UNUSED, static int SELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm, + virDomainDefPtr def, int migrated ATTRIBUTE_UNUSED) { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + const virSecurityLabelDefPtr secdef = &def->seclabel; int i; int rc = 0; - VIR_DEBUG("Restoring security label on %s", vm->def->name); + VIR_DEBUG("Restoring security label on %s", def->name); if (secdef->norelabel) return 0; - for (i = 0 ; i < vm->def->nhostdevs ; i++) { + for (i = 0 ; i < def->nhostdevs ; i++) { if (SELinuxRestoreSecurityHostdevLabel(mgr, - vm, - vm->def->hostdevs[i]) < 0) + def, + def->hostdevs[i]) < 0) rc = -1; } - for (i = 0 ; i < vm->def->ndisks ; i++) { + for (i = 0 ; i < def->ndisks ; i++) { if (SELinuxRestoreSecurityImageLabelInt(mgr, - vm, - vm->def->disks[i], + def, + def->disks[i], migrated) < 0) rc = -1; } - if (virDomainChrDefForeach(vm->def, + if (virDomainChrDefForeach(def, false, SELinuxRestoreSecurityChardevCallback, - vm) < 0) + NULL) < 0) rc = -1; - if (virDomainSmartcardDefForeach(vm->def, + if (virDomainSmartcardDefForeach(def, false, SELinuxRestoreSecuritySmartcardCallback, - vm) < 0) + NULL) < 0) rc = -1; - if (vm->def->os.kernel && - SELinuxRestoreSecurityFileLabel(vm->def->os.kernel) < 0) + if (def->os.kernel && + SELinuxRestoreSecurityFileLabel(def->os.kernel) < 0) rc = -1; - if (vm->def->os.initrd && - SELinuxRestoreSecurityFileLabel(vm->def->os.initrd) < 0) + if (def->os.initrd && + SELinuxRestoreSecurityFileLabel(def->os.initrd) < 0) rc = -1; return rc; @@ -1014,9 +1013,9 @@ SELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, static int SELinuxReleaseSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm) + virDomainDefPtr def) { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + const virSecurityLabelDefPtr secdef = &def->seclabel; if (secdef->type == VIR_DOMAIN_SECLABEL_DYNAMIC) { if (secdef->label != NULL) { @@ -1038,10 +1037,10 @@ SELinuxReleaseSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, static int SELinuxSetSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm, + virDomainDefPtr def, const char *savefile) { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + const virSecurityLabelDefPtr secdef = &def->seclabel; if (secdef->norelabel) return 0; @@ -1052,10 +1051,10 @@ SELinuxSetSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, static int SELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm, + virDomainDefPtr def, const char *savefile) { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + const virSecurityLabelDefPtr secdef = &def->seclabel; if (secdef->norelabel) return 0; @@ -1090,12 +1089,12 @@ SELinuxSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, static int SELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm) + virDomainDefPtr def) { /* TODO: verify DOI */ - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + const virSecurityLabelDefPtr secdef = &def->seclabel; - if (vm->def->seclabel.label == NULL) + if (def->seclabel.label == NULL) return 0; if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) { @@ -1121,16 +1120,16 @@ SELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr, static int SELinuxSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm) + virDomainDefPtr def) { /* TODO: verify DOI */ - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + const virSecurityLabelDefPtr secdef = &def->seclabel; context_t execcon = NULL; context_t proccon = NULL; security_context_t scon = NULL; int rc = -1; - if (vm->def->seclabel.label == NULL) + if (def->seclabel.label == NULL) return 0; if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) { @@ -1171,7 +1170,7 @@ SELinuxSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr, } VIR_DEBUG("Setting VM %s socket context %s", - vm->def->name, context_str(proccon)); + def->name, context_str(proccon)); if (setsockcreatecon(context_str(proccon)) == -1) { virReportSystemError(errno, _("unable to set socket security context '%s'"), @@ -1192,9 +1191,9 @@ done: static int SELinuxSetSecuritySocketLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm) + virDomainDefPtr vm) { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + const virSecurityLabelDefPtr secdef = &vm->seclabel; int rc = -1; if (secdef->label == NULL) @@ -1210,7 +1209,7 @@ SELinuxSetSecuritySocketLabel(virSecurityManagerPtr mgr, } VIR_DEBUG("Setting VM %s socket context %s", - vm->def->name, secdef->label); + vm->name, secdef->label); if (setsockcreatecon(secdef->label) == -1) { virReportSystemError(errno, _("unable to set socket security context '%s'"), @@ -1229,12 +1228,12 @@ done: static int SELinuxClearSecuritySocketLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm) + virDomainDefPtr def) { /* TODO: verify DOI */ - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + const virSecurityLabelDefPtr secdef = &def->seclabel; - if (vm->def->seclabel.label == NULL) + if (def->seclabel.label == NULL) return 0; if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) { @@ -1259,27 +1258,24 @@ SELinuxClearSecuritySocketLabel(virSecurityManagerPtr mgr, static int -SELinuxSetSecurityChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED, +SELinuxSetSecurityChardevCallback(virDomainDefPtr def, virDomainChrDefPtr dev, - void *opaque) + void *opaque ATTRIBUTE_UNUSED) { - virDomainObjPtr vm = opaque; - /* This is taken care of by processing of def->serials */ if (dev->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CONSOLE && dev->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL) return 0; - return SELinuxSetSecurityChardevLabel(vm, &dev->source); + return SELinuxSetSecurityChardevLabel(def, &dev->source); } static int -SELinuxSetSecuritySmartcardCallback(virDomainDefPtr def ATTRIBUTE_UNUSED, +SELinuxSetSecuritySmartcardCallback(virDomainDefPtr def, virDomainSmartcardDefPtr dev, - void *opaque) + void *opaque ATTRIBUTE_UNUSED) { - virDomainObjPtr vm = opaque; const char *database; switch (dev->type) { @@ -1293,7 +1289,7 @@ SELinuxSetSecuritySmartcardCallback(virDomainDefPtr def ATTRIBUTE_UNUSED, return SELinuxSetFilecon(database, default_content_context); case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH: - return SELinuxSetSecurityChardevLabel(vm, &dev->data.passthru); + return SELinuxSetSecurityChardevLabel(def, &dev->data.passthru); default: virSecurityReportError(VIR_ERR_INTERNAL_ERROR, @@ -1308,53 +1304,53 @@ SELinuxSetSecuritySmartcardCallback(virDomainDefPtr def ATTRIBUTE_UNUSED, static int SELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr def, const char *stdin_path) { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + const virSecurityLabelDefPtr secdef = &def->seclabel; int i; if (secdef->norelabel) return 0; - for (i = 0 ; i < vm->def->ndisks ; i++) { + for (i = 0 ; i < def->ndisks ; i++) { /* XXX fixme - we need to recursively label the entire tree :-( */ - if (vm->def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_DIR) { + if (def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_DIR) { VIR_WARN("Unable to relabel directory tree %s for disk %s", - vm->def->disks[i]->src, vm->def->disks[i]->dst); + def->disks[i]->src, def->disks[i]->dst); continue; } if (SELinuxSetSecurityImageLabel(mgr, - vm, vm->def->disks[i]) < 0) + def, def->disks[i]) < 0) return -1; } - /* XXX fixme process vm->def->fss if relabel == true */ + /* XXX fixme process def->fss if relabel == true */ - for (i = 0 ; i < vm->def->nhostdevs ; i++) { + for (i = 0 ; i < def->nhostdevs ; i++) { if (SELinuxSetSecurityHostdevLabel(mgr, - vm, - vm->def->hostdevs[i]) < 0) + def, + def->hostdevs[i]) < 0) return -1; } - if (virDomainChrDefForeach(vm->def, + if (virDomainChrDefForeach(def, true, SELinuxSetSecurityChardevCallback, - vm) < 0) + NULL) < 0) return -1; - if (virDomainSmartcardDefForeach(vm->def, + if (virDomainSmartcardDefForeach(def, true, SELinuxSetSecuritySmartcardCallback, - vm) < 0) + NULL) < 0) return -1; - if (vm->def->os.kernel && - SELinuxSetFilecon(vm->def->os.kernel, default_content_context) < 0) + if (def->os.kernel && + SELinuxSetFilecon(def->os.kernel, default_content_context) < 0) return -1; - if (vm->def->os.initrd && - SELinuxSetFilecon(vm->def->os.initrd, default_content_context) < 0) + if (def->os.initrd && + SELinuxSetFilecon(def->os.initrd, default_content_context) < 0) return -1; if (stdin_path) { @@ -1369,10 +1365,10 @@ SELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr, static int SELinuxSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm, + virDomainDefPtr def, int fd) { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; + const virSecurityLabelDefPtr secdef = &def->seclabel; if (secdef->imagelabel == NULL) return 0; diff --git a/src/security/security_stack.c b/src/security/security_stack.c index 3f601c140f..c82865facf 100644 --- a/src/security/security_stack.c +++ b/src/security/security_stack.c @@ -106,7 +106,7 @@ virSecurityStackVerify(virSecurityManagerPtr mgr, static int virSecurityStackGenLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm) + virDomainDefPtr vm) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); int rc = 0; @@ -131,7 +131,7 @@ virSecurityStackGenLabel(virSecurityManagerPtr mgr, static int virSecurityStackReleaseLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm) + virDomainDefPtr vm) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); int rc = 0; @@ -150,16 +150,17 @@ virSecurityStackReleaseLabel(virSecurityManagerPtr mgr, static int virSecurityStackReserveLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm) + virDomainDefPtr vm, + pid_t pid) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); int rc = 0; - if (virSecurityManagerReserveLabel(priv->primary, vm) < 0) + if (virSecurityManagerReserveLabel(priv->primary, vm, pid) < 0) rc = -1; #if 0 /* XXX See note in GenLabel */ - if (virSecurityManagerReserveLabel(priv->secondary, vm) < 0) + if (virSecurityManagerReserveLabel(priv->secondary, vm, pid) < 0) rc = -1; #endif @@ -169,7 +170,7 @@ virSecurityStackReserveLabel(virSecurityManagerPtr mgr, static int virSecurityStackSetSecurityImageLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr vm, virDomainDiskDefPtr disk) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); @@ -186,7 +187,7 @@ virSecurityStackSetSecurityImageLabel(virSecurityManagerPtr mgr, static int virSecurityStackRestoreSecurityImageLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr vm, virDomainDiskDefPtr disk) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); @@ -203,7 +204,7 @@ virSecurityStackRestoreSecurityImageLabel(virSecurityManagerPtr mgr, static int virSecurityStackSetSecurityHostdevLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr vm, virDomainHostdevDefPtr dev) { @@ -221,7 +222,7 @@ virSecurityStackSetSecurityHostdevLabel(virSecurityManagerPtr mgr, static int virSecurityStackRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr vm, virDomainHostdevDefPtr dev) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); @@ -238,7 +239,7 @@ virSecurityStackRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr, static int virSecurityStackSetSecurityAllLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr vm, const char *stdin_path) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); @@ -255,7 +256,7 @@ virSecurityStackSetSecurityAllLabel(virSecurityManagerPtr mgr, static int virSecurityStackRestoreSecurityAllLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr vm, int migrated) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); @@ -272,7 +273,7 @@ virSecurityStackRestoreSecurityAllLabel(virSecurityManagerPtr mgr, static int virSecurityStackSetSavedStateLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr vm, const char *savefile) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); @@ -289,7 +290,7 @@ virSecurityStackSetSavedStateLabel(virSecurityManagerPtr mgr, static int virSecurityStackRestoreSavedStateLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr vm, const char *savefile) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); @@ -306,7 +307,7 @@ virSecurityStackRestoreSavedStateLabel(virSecurityManagerPtr mgr, static int virSecurityStackSetProcessLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm) + virDomainDefPtr vm) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); int rc = 0; @@ -321,17 +322,18 @@ virSecurityStackSetProcessLabel(virSecurityManagerPtr mgr, static int virSecurityStackGetProcessLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr vm, + pid_t pid, virSecurityLabelPtr seclabel) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); int rc = 0; #if 0 - if (virSecurityManagerGetProcessLabel(priv->secondary, vm, seclabel) < 0) + if (virSecurityManagerGetProcessLabel(priv->secondary, vm, pid, seclabel) < 0) rc = -1; #endif - if (virSecurityManagerGetProcessLabel(priv->primary, vm, seclabel) < 0) + if (virSecurityManagerGetProcessLabel(priv->primary, vm, pid, seclabel) < 0) rc = -1; return rc; @@ -340,7 +342,7 @@ virSecurityStackGetProcessLabel(virSecurityManagerPtr mgr, static int virSecurityStackSetDaemonSocketLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm) + virDomainDefPtr vm) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); int rc = 0; @@ -356,7 +358,7 @@ virSecurityStackSetDaemonSocketLabel(virSecurityManagerPtr mgr, static int virSecurityStackSetSocketLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm) + virDomainDefPtr vm) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); int rc = 0; @@ -372,7 +374,7 @@ virSecurityStackSetSocketLabel(virSecurityManagerPtr mgr, static int virSecurityStackClearSocketLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm) + virDomainDefPtr vm) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); int rc = 0; @@ -387,7 +389,7 @@ virSecurityStackClearSocketLabel(virSecurityManagerPtr mgr, static int virSecurityStackSetImageFDLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, + virDomainDefPtr vm, int fd) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);