External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-02 01:45:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

security: full path option for DomainSetPathLabel

Browse Source 
virSecurityManagerDomainSetPathLabel is used to make a path known
to the security modules, but today is used interchangably for
 - paths to files/dirs to be accessed directly
 - paths to a dir, but the access will actually be to files therein

Depending on the security module it is important to know which of
these types it will be.

The argument allowSubtree augments the call to the implementations of
DomainSetPathLabel that can - per security module - decide if extra
actions shall be taken.

For now dac/selinux handle this as before, but apparmor will make
use of it to add a wildcard to the path that was passed.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
Christian Ehrhardt 2018-01-09 16:04:03 +01:00 committed by Michal Privoznik
parent f436a78239
commit a5486e57f5
9 changed files with 46 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/qemu/qemu_domain.c
View File

@ -692,7 +692,7 @@ qemuDomainWriteMasterKeyFile(virQEMUDriverPtr driver,
}
if (qemuSecurityDomainSetPathLabel(driver->securityManager,
vm->def, path) < 0)
vm->def, path, false) < 0)
goto cleanup;
ret = 0;

4
src/qemu/qemu_process.c
View File

@ -3401,7 +3401,7 @@ qemuProcessBuildDestroyMemoryPathsImpl(virQEMUDriverPtr driver,
}
if (qemuSecurityDomainSetPathLabel(driver->securityManager,
def, path) < 0) {
def, path, true) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("Unable to label %s"), path);
return -1;
@ -4514,7 +4514,7 @@ qemuProcessMakeDir(virQEMUDriverPtr driver,
}
if (qemuSecurityDomainSetPathLabel(driver->securityManager,
vm->def, path) < 0)
vm->def, path, true) < 0)
goto cleanup;
ret = 0;

17
src/security/security_apparmor.c
View File

@ -956,9 +956,22 @@ AppArmorSetSavedStateLabel(virSecurityManagerPtr mgr,
static int
AppArmorSetPathLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
const char *path)
const char *path,
bool allowSubtree)
{
return reload_profile(mgr, def, path, true);
int rc = -1;
char *full_path = NULL;
if (allowSubtree) {
if (virAsprintf(&full_path, "%s/{,**}", path) < 0)
return -1;
rc = reload_profile(mgr, def, full_path, true);
VIR_FREE(full_path);
} else {
rc = reload_profile(mgr, def, path, true);
}
return rc;
}
static int

3
src/security/security_dac.c
View File

@ -2081,7 +2081,8 @@ virSecurityDACGetBaseLabel(virSecurityManagerPtr mgr,
static int
virSecurityDACDomainSetPathLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
const char *path)
const char *path,
bool allowSubtree ATTRIBUTE_UNUSED)
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
virSecurityLabelDefPtr seclabel;

3
src/security/security_driver.h
View File

@ -139,7 +139,8 @@ typedef int (*virSecurityDomainRestoreInputLabel) (virSecurityManagerPtr mgr,
virDomainInputDefPtr input);
typedef int (*virSecurityDomainSetPathLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
const char *path);
const char *path,
bool allowSubtree);
typedef int (*virSecurityDomainSetChardevLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
virDomainChrSourceDefPtr dev_source,

19
src/security/security_manager.c
View File

@ -1045,15 +1045,30 @@ virSecurityManagerGetNested(virSecurityManagerPtr mgr)
}
/**
* virSecurityManagerDomainSetPathLabel:
* @mgr: security manager object
* @vm: domain definition object
* @path: path to label
* @allowSubtree: whether to allow just @path or its subtree too
*
* This function relabels given @path so that @vm can access it.
* If @allowSubtree is set to true the manager will grant access
* to @path and its subdirectories at any level (currently
* implemented only by AppArmor).
*
* Returns: 0 on success, -1 on error.
*/
int
virSecurityManagerDomainSetPathLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
const char *path)
const char *path,
bool allowSubtree)
{
if (mgr->drv->domainSetPathLabel) {
int ret;
virObjectLock(mgr);
ret = mgr->drv->domainSetPathLabel(mgr, vm, path);
ret = mgr->drv->domainSetPathLabel(mgr, vm, path, allowSubtree);
virObjectUnlock(mgr);
return ret;
}

4
src/security/security_manager.h
View File

@ -179,10 +179,10 @@ int virSecurityManagerRestoreInputLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
virDomainInputDefPtr input);
int virSecurityManagerDomainSetPathLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
const char *path);
const char *path,
bool allowSubtree);
int virSecurityManagerSetChardevLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,

3
src/security/security_selinux.c
View File

@ -3028,7 +3028,8 @@ virSecuritySELinuxGetSecurityMountOptions(virSecurityManagerPtr mgr,
static int
virSecuritySELinuxDomainSetPathLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
const char *path)
const char *path,
bool allowSubtree ATTRIBUTE_UNUSED)
{
virSecurityLabelDefPtr seclabel;

5
src/security/security_stack.c
View File

@ -704,7 +704,8 @@ virSecurityStackRestoreInputLabel(virSecurityManagerPtr mgr,
static int
virSecurityStackDomainSetPathLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
const char *path)
const char *path,
bool allowSubtree)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
virSecurityStackItemPtr item = priv->itemsHead;
@ -712,7 +713,7 @@ virSecurityStackDomainSetPathLabel(virSecurityManagerPtr mgr,
for (; item; item = item->next) {
if (virSecurityManagerDomainSetPathLabel(item->securityManager,
vm, path) < 0)
vm, path, allowSubtree) < 0)
rc = -1;
}