mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-11-02 19:31:18 +00:00
68719c4bdd
Disk format probing is now disabled by default. A new config option in /etc/qemu/qemu.conf will re-enable it for existing deployments where this causes trouble
140 lines
3.3 KiB
C
140 lines
3.3 KiB
C
/*
|
|
* Copyright (C) 2008 Red Hat, Inc.
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* Authors:
|
|
* James Morris <jmorris@namei.org>
|
|
*
|
|
*/
|
|
#include <config.h>
|
|
#include <string.h>
|
|
|
|
#include "virterror_internal.h"
|
|
|
|
#include "security_driver.h"
|
|
#ifdef WITH_SECDRIVER_SELINUX
|
|
# include "security_selinux.h"
|
|
#endif
|
|
|
|
#ifdef WITH_SECDRIVER_APPARMOR
|
|
# include "security_apparmor.h"
|
|
#endif
|
|
|
|
static virSecurityDriverPtr security_drivers[] = {
|
|
#ifdef WITH_SECDRIVER_SELINUX
|
|
&virSELinuxSecurityDriver,
|
|
#endif
|
|
#ifdef WITH_SECDRIVER_APPARMOR
|
|
&virAppArmorSecurityDriver,
|
|
#endif
|
|
NULL
|
|
};
|
|
|
|
int
|
|
virSecurityDriverVerify(virDomainDefPtr def)
|
|
{
|
|
unsigned int i;
|
|
const virSecurityLabelDefPtr secdef = &def->seclabel;
|
|
|
|
if (!secdef->model ||
|
|
STREQ(secdef->model, "none"))
|
|
return 0;
|
|
|
|
for (i = 0; security_drivers[i] != NULL ; i++) {
|
|
if (STREQ(security_drivers[i]->name, secdef->model)) {
|
|
return security_drivers[i]->domainSecurityVerify(def);
|
|
}
|
|
}
|
|
virSecurityReportError(VIR_ERR_XML_ERROR,
|
|
_("invalid security model '%s'"), secdef->model);
|
|
return -1;
|
|
}
|
|
|
|
int
|
|
virSecurityDriverStartup(virSecurityDriverPtr *drv,
|
|
const char *name,
|
|
bool allowDiskFormatProbing)
|
|
{
|
|
unsigned int i;
|
|
|
|
if (name && STREQ(name, "none"))
|
|
return -2;
|
|
|
|
for (i = 0; security_drivers[i] != NULL ; i++) {
|
|
virSecurityDriverPtr tmp = security_drivers[i];
|
|
|
|
if (name && STRNEQ(tmp->name, name))
|
|
continue;
|
|
|
|
switch (tmp->probe()) {
|
|
case SECURITY_DRIVER_ENABLE:
|
|
virSecurityDriverInit(tmp);
|
|
if (tmp->open(tmp, allowDiskFormatProbing) == -1) {
|
|
return -1;
|
|
} else {
|
|
*drv = tmp;
|
|
return 0;
|
|
}
|
|
break;
|
|
|
|
case SECURITY_DRIVER_DISABLE:
|
|
break;
|
|
|
|
default:
|
|
return -1;
|
|
}
|
|
}
|
|
return -2;
|
|
}
|
|
|
|
/*
|
|
* Helpers
|
|
*/
|
|
void
|
|
virSecurityDriverInit(virSecurityDriverPtr drv)
|
|
{
|
|
memset(&drv->_private, 0, sizeof drv->_private);
|
|
}
|
|
|
|
int
|
|
virSecurityDriverSetDOI(virSecurityDriverPtr drv,
|
|
const char *doi)
|
|
{
|
|
if (strlen(doi) >= VIR_SECURITY_DOI_BUFLEN) {
|
|
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
|
|
_("%s: DOI \'%s\' is "
|
|
"longer than the maximum allowed length of %d"),
|
|
__func__, doi, VIR_SECURITY_DOI_BUFLEN - 1);
|
|
return -1;
|
|
}
|
|
strcpy(drv->_private.doi, doi);
|
|
return 0;
|
|
}
|
|
|
|
const char *
|
|
virSecurityDriverGetDOI(virSecurityDriverPtr drv)
|
|
{
|
|
return drv->_private.doi;
|
|
}
|
|
|
|
const char *
|
|
virSecurityDriverGetModel(virSecurityDriverPtr drv)
|
|
{
|
|
return drv->name;
|
|
}
|
|
|
|
void virSecurityDriverSetAllowDiskFormatProbing(virSecurityDriverPtr drv,
|
|
bool allowDiskFormatProbing)
|
|
{
|
|
drv->_private.allowDiskFormatProbing = allowDiskFormatProbing;
|
|
}
|
|
|
|
bool virSecurityDriverGetAllowDiskFormatProbing(virSecurityDriverPtr drv)
|
|
{
|
|
return drv->_private.allowDiskFormatProbing;
|
|
}
|