Commit Graph

15 Commits

Author SHA1 Message Date
Michal Privoznik
a1ffedc682 securityselinuxhelper: Adapt to virmock.h
Instead of introducing our own wrapper for dlsym()
we can use the one provided by virmock.h.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-14 09:22:12 +02:00
Eric Blake
5ea3a690a2 build: accomodate selinux 2.5 header API change
Yet again, selinux has been adding const-correctness; this change
is ABI-compatible, but breaks API, which affects us when we try to
override things in our testsuite:

../../tests/securityselinuxhelper.c:307:24: error: conflicting types for 'selabel_open'
 struct selabel_handle *selabel_open(unsigned int backend,
                        ^~~~~~~~~~~~
In file included from ../../tests/securityselinuxhelper.c:32:0:
/usr/include/selinux/label.h:73:24: note: previous declaration of 'selabel_open' was here

The problem is a new 'const' prior to the second parameter.

Fix it the same way we did in commit 292d3f2d: check for the new
const at configure time.

Signed-off-by: Eric Blake <eblake@redhat.com>
2016-02-24 15:14:30 -07:00
Jim Fehlig
b109c09765 maint: cleanup detection of const'ness of selinux ctx
Commit 292d3f2d fixed the build with libselinux 2.3, but missed
some suggestions by eblake

https://www.redhat.com/archives/libvir-list/2014-May/msg00977.html

This patch changes the macro introduced in 292d3f2d to either be
empty in the case of newer libselinux, or contain 'const' in the
case of older libselinux.  The macro is then used directly in
tests/securityselinuxhelper.c.
2014-05-28 16:52:48 -06:00
Cédric Bosdonnat
292d3f2d38 build: fix build with libselinux 2.3
Several function signatures changed in libselinux 2.3, now taking
a 'const char *' instead of 'security_context_t'.  The latter is
defined in selinux/selinux.h as

  typedef char *security_context_t;

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-05-28 12:17:04 -06:00
Jiri Denemark
8922c3d07a tests: Fix SELinux tests in VPATH build 2014-03-10 10:20:30 +01:00
Michael Chapman
4d4f977ab5 tests: Flesh out securityselinuxhelper
Add fake implementations of:

- is_selinux_enabled
- security_disable
- selinux_virtual_domain_context_path
- selinux_virtual_image_context_path
- selinux_lxc_contexts_path
- selabel_open
- selabel_close
- selabel_lookup_raw

The selabel_* functions back onto the real implementations if SELinux is
enabled on the test system, otherwise we just implement a fake selabel
handle which errors out on all labelling lookups.

With these changes in place, securityselinuxtest and
securityselinuxlabeltest don't need to skip all tests if SELinux isn't
available; they can exercise much of the security manager code.

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
2014-03-07 14:02:10 +01:00
Giuseppe Scrivano
ba1a91cd1f tests: avoid compile failure on linux kernels older than 2.6.19
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2013-10-07 08:40:30 -06:00
Eric Blake
95577af442 selinux: enhance test to cover nfs label failure
Daniel Berrange (correctly) pointed out that we should do a better
job of testing selinux labeling fallbacks on NFS disks that lack
labeling support.

* tests/securityselinuxhelper.c (includes): Makefile already
guaranteed xattr support.  Add additional headers.
(init_syms): New function, borrowing from vircgroupmock.c.
(setfilecon_raw, getfilecon_raw): Fake NFS failure.
(statfs): Fake an NFS mount point.
(security_getenforce, security_get_boolean_active): Don't let host
environment affect test.
* tests/securityselinuxlabeldata/nfs.data: New file.
* tests/securityselinuxlabeldata/nfs.xml: New file.
* tests/securityselinuxlabeltest.c (testSELinuxCreateDisks)
(testSELinuxDeleteDisks): Setup and cleanup for fake NFS mount.
(testSELinuxCheckLabels): Test handling of SELinux NFS denial.
Fix memory leak.
(testSELinuxLabeling): Avoid infinite loop on dirty tree.
(mymain): Add new test.
2013-08-20 10:46:58 -06:00
Michal Privoznik
e60b9783e1 Adapt to VIR_STRDUP and VIR_STRNDUP in tests/* 2013-05-10 11:54:29 +02:00
John Ferlan
7ae3f2d53d securityselinuxhelper.c: Don't try to include xattr.h if not available
Commit 907a39e7 missed adding the WITH_ATTR around #include <attr/xattr.h>
resulting in a build failure:

  CC     libsecurityselinuxhelper_la-securityselinuxhelper.lo
  securityselinuxhelper.c:27:24: fatal error: attr/xattr.h: No such file or directory
  compilation terminated.
  make[2]: *** [libsecurityselinuxhelper_la-securityselinuxhelper.lo] Error 1
  make[2]: Leaving directory `/home/jferlan/libvirt.work/tests'
  make[1]: *** [all-recursive] Error 1
  make[1]: Leaving directory `/home/jferlan/libvirt.work'
  make: *** [all] Error 2
2013-01-14 21:00:51 +01:00
Daniel P. Berrange
7184af1364 Add missing stubs to securityselinuxhelper.c
Make sure we override both the raw and non-raw stubs in
securityselinuxhelper.c. Also add diagnostics if
securityselinuxlabeltest fails a test item
2013-01-14 18:34:49 +00:00
Daniel P. Berrange
907a39e735 Add a test suite for validating SELinux labelling
There are many aspects of the guest XML which result in the
SELinux driver applying file labelling. With the increasing
configuration options it is desirable to test this behaviour.
It is not possible to assume that the test suite has the
ability to set SELinux labels. Most filesystems though will
support extended attributes. Thus for the purpose of testing,
it is possible to extend the existing LD_PRELOAD hack to
override setfilecon() and getfilecon() to simply use the
'user.libvirt.selinux' attribute for the sake of testing.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:40:04 +00:00
Martin Kletzander
9674f2c637 selinux: Use raw contexts
We are currently able to work only with non-translated SELinux
contexts, but we are using functions that work with translated
contexts throughout the code.  This patch swaps all SELinux context
translation relative calls with their raw sisters to avoid parsing
problems.

The problems can be experienced with mcstrans for example.  The
difference is that if you have translations enabled (yum install
mcstrans; service mcstrans start), fgetfilecon_raw() will get you
something like 'system_u:object_r:virt_image_t:s0', whereas
fgetfilecon() will return 'system_u:object_r:virt_image_t:SystemLow'
that we cannot parse.

I was trying to confirm that the _raw variants were here since the dawn of
time, but the only thing I see now is that it was imported together in
the upstream repo [1] from svn, so before 2008.

Thanks Laurent Bigonville for finding this out.

[1] http://oss.tresys.com/git/selinux.git
2012-10-12 17:54:09 +02:00
Eric Blake
4ecb723b9e maint: fix up copyright notice inconsistencies
https://www.gnu.org/licenses/gpl-howto.html recommends that
the 'If not, see <url>.' phrase be a separate sentence.

* tests/securityselinuxhelper.c: Remove doubled line.
* tests/securityselinuxtest.c: Likewise.
* globally: s/;  If/.  If/
2012-09-20 16:30:55 -06:00
Daniel P. Berrange
9136032a66 Add test case for SELinux label generation
This test case validates the correct generation of SELinux labels
for VMs, wrt the current process label. Since we can't actually
change the label of the test program process, we create a shared
library libsecurityselinuxhelper.so which overrides the getcon()
and setcon() libselinux.so functions. When started the test case
will check to see if LD_PRELOAD is set, and if not, it will
re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-21 11:37:57 +01:00