mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-11-03 20:01:16 +00:00
95577af442
Daniel Berrange (correctly) pointed out that we should do a better job of testing selinux labeling fallbacks on NFS disks that lack labeling support. * tests/securityselinuxhelper.c (includes): Makefile already guaranteed xattr support. Add additional headers. (init_syms): New function, borrowing from vircgroupmock.c. (setfilecon_raw, getfilecon_raw): Fake NFS failure. (statfs): Fake an NFS mount point. (security_getenforce, security_get_boolean_active): Don't let host environment affect test. * tests/securityselinuxlabeldata/nfs.data: New file. * tests/securityselinuxlabeldata/nfs.xml: New file. * tests/securityselinuxlabeltest.c (testSELinuxCreateDisks) (testSELinuxDeleteDisks): Setup and cleanup for fake NFS mount. (testSELinuxCheckLabels): Test handling of SELinux NFS denial. Fix memory leak. (testSELinuxLabeling): Avoid infinite loop on dirty tree. (mymain): Add new test.
25 lines
788 B
XML
25 lines
788 B
XML
<domain type='kvm'>
|
|
<name>vm1</name>
|
|
<uuid>c7b3edbd-edaf-9455-926a-d65c16db1800</uuid>
|
|
<memory unit='KiB'>219200</memory>
|
|
<os>
|
|
<type arch='i686' machine='pc-1.0'>hvm</type>
|
|
<boot dev='cdrom'/>
|
|
</os>
|
|
<devices>
|
|
<disk type='file' device='disk'>
|
|
<driver name='qemu' type='raw'/>
|
|
<source file='/nfs/plain.raw'/>
|
|
<target dev='vda' bus='virtio'/>
|
|
</disk>
|
|
<input type='mouse' bus='ps2'/>
|
|
<graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0'>
|
|
<listen type='address' address='0.0.0.0'/>
|
|
</graphics>
|
|
</devices>
|
|
<seclabel model="selinux" type="dynamic" relabel="yes">
|
|
<label>system_u:system_r:svirt_t:s0:c41,c264</label>
|
|
<imagelabel>system_u:object_r:svirt_image_t:s0:c41,c264</imagelabel>
|
|
</seclabel>
|
|
</domain>
|