mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-09-24 08:25:45 +00:00
0c0e0d0263
The current security driver architecture has the following split of logic * domainGenSecurityLabel Allocate the unique label for the domain about to be started * domainGetSecurityLabel Retrieve the current live security label for a process * domainSetSecurityLabel Apply the previously allocated label to the current process Setup all disk image / device labelling * domainRestoreSecurityLabel Restore the original disk image / device labelling. Release the unique label for the domain The 'domainSetSecurityLabel' method is special because it runs in the context of the child process between the fork + exec. This is require in order to set the process label. It is not required in order to label disks/devices though. Having the disk labelling code run in the child process limits what it can do. In particularly libvirtd would like to remember the current disk image label, and only change shared image labels for the first VM to start. This requires use & update of global state in the libvirtd daemon, and thus cannot run in the child process context. The solution is to split domainSetSecurityLabel into two parts, one applies process label, and the other handles disk image labelling. At the same time domainRestoreSecurityLabel is similarly split, just so that it matches the style. Thus the previous 4 methods are replaced by the following 6 new methods * domainGenSecurityLabel Allocate the unique label for the domain about to be started No actual change here. * domainReleaseSecurityLabel Release the unique label for the domain * domainGetSecurityProcessLabel Retrieve the current live security label for a process Merely renamed for clarity. * domainSetSecurityProcessLabel Apply the previously allocated label to the current process * domainRestoreSecurityAllLabel Restore the original disk image / device labelling. * domainSetSecurityAllLabel Setup all disk image / device labelling The SELinux and AppArmour drivers are then updated to comply with this new spec. Notice that the AppArmour driver was actually a little different. It was creating its profile for the disk image and device labels in the 'domainGenSecurityLabel' method, where as the SELinux driver did it in 'domainSetSecurityLabel'. With the new method split, we can have consistency, with both drivers doing that in the domainSetSecurityAllLabel method. NB, the AppArmour changes here haven't been compiled so may not build.
119 lines
5.4 KiB
C
119 lines
5.4 KiB
C
/*
|
|
* Copyright (C) 2008 Red Hat, Inc.
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* Authors:
|
|
* James Morris <jmorris@namei.org>
|
|
*
|
|
*/
|
|
#ifndef __VIR_SECURITY_H__
|
|
#define __VIR_SECURITY_H__
|
|
|
|
#include "internal.h"
|
|
#include "domain_conf.h"
|
|
|
|
/*
|
|
* Return values for security driver probing: the driver will determine
|
|
* whether it should be enabled or disabled.
|
|
*/
|
|
typedef enum {
|
|
SECURITY_DRIVER_ENABLE = 0,
|
|
SECURITY_DRIVER_ERROR = -1,
|
|
SECURITY_DRIVER_DISABLE = -2,
|
|
} virSecurityDriverStatus;
|
|
|
|
typedef struct _virSecurityDriver virSecurityDriver;
|
|
typedef virSecurityDriver *virSecurityDriverPtr;
|
|
typedef virSecurityDriverStatus (*virSecurityDriverProbe) (void);
|
|
typedef int (*virSecurityDriverOpen) (virConnectPtr conn,
|
|
virSecurityDriverPtr drv);
|
|
typedef int (*virSecurityDomainRestoreImageLabel) (virConnectPtr conn,
|
|
virDomainObjPtr vm,
|
|
virDomainDiskDefPtr disk);
|
|
typedef int (*virSecurityDomainSetImageLabel) (virConnectPtr conn,
|
|
virDomainObjPtr vm,
|
|
virDomainDiskDefPtr disk);
|
|
typedef int (*virSecurityDomainRestoreHostdevLabel) (virConnectPtr conn,
|
|
virDomainObjPtr vm,
|
|
virDomainHostdevDefPtr dev);
|
|
typedef int (*virSecurityDomainSetHostdevLabel) (virConnectPtr conn,
|
|
virDomainObjPtr vm,
|
|
virDomainHostdevDefPtr dev);
|
|
typedef int (*virSecurityDomainSetSavedStateLabel) (virConnectPtr conn,
|
|
virDomainObjPtr vm,
|
|
const char *savefile);
|
|
typedef int (*virSecurityDomainRestoreSavedStateLabel) (virConnectPtr conn,
|
|
virDomainObjPtr vm,
|
|
const char *savefile);
|
|
typedef int (*virSecurityDomainGenLabel) (virConnectPtr conn,
|
|
virDomainObjPtr sec);
|
|
typedef int (*virSecurityDomainReserveLabel) (virConnectPtr conn,
|
|
virDomainObjPtr sec);
|
|
typedef int (*virSecurityDomainReleaseLabel) (virConnectPtr conn,
|
|
virDomainObjPtr sec);
|
|
typedef int (*virSecurityDomainSetAllLabel) (virConnectPtr conn,
|
|
virDomainObjPtr sec);
|
|
typedef int (*virSecurityDomainRestoreAllLabel) (virConnectPtr conn,
|
|
virDomainObjPtr vm);
|
|
typedef int (*virSecurityDomainGetProcessLabel) (virConnectPtr conn,
|
|
virDomainObjPtr vm,
|
|
virSecurityLabelPtr sec);
|
|
typedef int (*virSecurityDomainSetProcessLabel) (virConnectPtr conn,
|
|
virSecurityDriverPtr drv,
|
|
virDomainObjPtr vm);
|
|
typedef int (*virSecurityDomainSecurityVerify) (virConnectPtr conn,
|
|
virDomainDefPtr def);
|
|
|
|
struct _virSecurityDriver {
|
|
const char *name;
|
|
virSecurityDriverProbe probe;
|
|
virSecurityDriverOpen open;
|
|
virSecurityDomainSecurityVerify domainSecurityVerify;
|
|
virSecurityDomainRestoreImageLabel domainRestoreSecurityImageLabel;
|
|
virSecurityDomainSetImageLabel domainSetSecurityImageLabel;
|
|
virSecurityDomainGenLabel domainGenSecurityLabel;
|
|
virSecurityDomainReserveLabel domainReserveSecurityLabel;
|
|
virSecurityDomainReleaseLabel domainReleaseSecurityLabel;
|
|
virSecurityDomainGetProcessLabel domainGetSecurityProcessLabel;
|
|
virSecurityDomainSetProcessLabel domainSetSecurityProcessLabel;
|
|
virSecurityDomainSetAllLabel domainSetSecurityAllLabel;
|
|
virSecurityDomainRestoreAllLabel domainRestoreSecurityAllLabel;
|
|
virSecurityDomainRestoreHostdevLabel domainRestoreSecurityHostdevLabel;
|
|
virSecurityDomainSetHostdevLabel domainSetSecurityHostdevLabel;
|
|
virSecurityDomainSetSavedStateLabel domainSetSavedStateLabel;
|
|
virSecurityDomainRestoreSavedStateLabel domainRestoreSavedStateLabel;
|
|
|
|
/*
|
|
* This is internally managed driver state and should only be accessed
|
|
* via helpers below.
|
|
*/
|
|
struct {
|
|
char doi[VIR_SECURITY_DOI_BUFLEN];
|
|
} _private;
|
|
};
|
|
|
|
/* Global methods */
|
|
int virSecurityDriverStartup(virSecurityDriverPtr *drv,
|
|
const char *name);
|
|
|
|
int
|
|
virSecurityDriverVerify(virConnectPtr conn, virDomainDefPtr def);
|
|
|
|
void
|
|
virSecurityReportError(virConnectPtr conn, int code, const char *fmt, ...)
|
|
ATTRIBUTE_FMT_PRINTF(3, 4);
|
|
|
|
/* Helpers */
|
|
void virSecurityDriverInit(virSecurityDriverPtr drv);
|
|
int virSecurityDriverSetDOI(virConnectPtr conn,
|
|
virSecurityDriverPtr drv,
|
|
const char *doi);
|
|
const char *virSecurityDriverGetDOI(virSecurityDriverPtr drv);
|
|
const char *virSecurityDriverGetModel(virSecurityDriverPtr drv);
|
|
|
|
#endif /* __VIR_SECURITY_H__ */
|