mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-07-11 12:25:52 +00:00
9136032a66
This test case validates the correct generation of SELinux labels for VMs, wrt the current process label. Since we can't actually change the label of the test program process, we create a shared library libsecurityselinuxhelper.so which overrides the getcon() and setcon() libselinux.so functions. When started the test case will check to see if LD_PRELOAD is set, and if not, it will re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
68 lines
1.8 KiB
C
68 lines
1.8 KiB
C
/*
|
|
* Copyright (C) 2011-2012 Red Hat, Inc.
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, write to the Free Software
|
|
* License along with this library; If not, see
|
|
* <http://www.gnu.org/licenses/>.
|
|
*
|
|
*/
|
|
|
|
#include <config.h>
|
|
|
|
#include <selinux/selinux.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <unistd.h>
|
|
#include <errno.h>
|
|
/*
|
|
* The kernel policy will not allow us to arbitrarily change
|
|
* test process context. This helper is used as an LD_PRELOAD
|
|
* so that the libvirt code /thinks/ it is changing/reading
|
|
* the process context, where as in fact we're faking it all
|
|
*/
|
|
|
|
int getcon(security_context_t *context)
|
|
{
|
|
if (getenv("FAKE_CONTEXT") == NULL) {
|
|
*context = NULL;
|
|
errno = EINVAL;
|
|
return -1;
|
|
}
|
|
if (!(*context = strdup(getenv("FAKE_CONTEXT"))))
|
|
return -1;
|
|
return 0;
|
|
}
|
|
|
|
int getpidcon(pid_t pid, security_context_t *context)
|
|
{
|
|
if (pid != getpid()) {
|
|
*context = NULL;
|
|
errno = ESRCH;
|
|
return -1;
|
|
}
|
|
if (getenv("FAKE_CONTEXT") == NULL) {
|
|
*context = NULL;
|
|
errno = EINVAL;
|
|
return -1;
|
|
}
|
|
if (!(*context = strdup(getenv("FAKE_CONTEXT"))))
|
|
return -1;
|
|
return 0;
|
|
}
|
|
|
|
int setcon(security_context_t context)
|
|
{
|
|
return setenv("FAKE_CONTEXT", context, 1);
|
|
}
|