mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-11-10 15:30:12 +00:00
df8ff46a16
The qemusecuritytest checks for random domain XMLs from qemuxml2argvdata/ whether set+restore seclabels leaves something behind. It can be an XATTR that we forgot to remove or a file that the owner was not restored on. But so far only DAC driver is checked. Implement missing pieces and enable SELinux testing too. This is done by mocking some libselinux APIs and following the same logic used for DAC - everything is implemented in memory, there is new hash table introduced that holds SELinux labels for paths that were setfilecon_raw()-ed and in the end the hash table is checked for entries that don't have the default SELinux label (i.e. were not restored). Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
3 lines
62 B
Plaintext
3 lines
62 B
Plaintext
system_u:system_r:svirt_t:s0
|
|
system_u:system_r:svirt_tcg_t:s0
|