Re: [libvirt] [PATCH 1/4] conf: introduce seclabels in shmem device element
On 07/30/2015 06:28 PM, Daniel P. Berrange wrote: On Thu, Jul 23, 2015 at 06:13:46PM +0800, Luyao Huang wrote: Introduce a new element in shmem device element, this could help users to change the shm label to a specified label. Signed-off-by: Luyao Huang lhu...@redhat.com --- docs/formatdomain.html.in | 7 ++ docs/schemas/domaincommon.rng | 3 +++ src/conf/domain_conf.c| 55 ++- src/conf/domain_conf.h| 5 4 files changed, 59 insertions(+), 11 deletions(-) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index d0c1741..e02c67c 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -6098,6 +6098,13 @@ qemu-kvm -net nic,model=? /dev/null vectors. The codeioeventd/code attribute enables/disables (values on/off, respectively) ioeventfd. /dd +dtcodeseclabel/code/dt +dd + The optional codeseclabel/code to override the way that labelling + is done on the shm object path or shm server path. If this + element is not present, the a href=#seclabelsecurity label is inherited + from the per-domain setting/a. +/dd /dl h4a name=elementsMemoryMemory devices/a/h4 diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 1120003..f58e8de 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -3323,6 +3323,9 @@ /optional /element /optional +zeroOrMore + ref name='devSeclabel'/ +/zeroOrMore optional ref name=address/ /optional So in the disk XML we have an explicit element to indicate whether the device is intended to be shared across multiple guests. shareable/ I think we need to have the same flag added to the shm device too, so that we sanity check whether a particular shm was intended to be shared or whether it is a mistake when multiple guests use it. This will also allow us to integrate with the virtlockd to acquire exclusive locks against the shm device to actively prevent admin mistakes starting 2 guests with the same shm. It will also let us automatically choose the right default SELinux label ie svirt_image_t:s0:c214,c3242 for exclusive access vs svirt_image_t:s0 for shared access Good idea! i will introduce this new element in next version. Thanks a lot for your advise. Regards, Daniel Luyao -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/4] conf: introduce seclabels in shmem device element
Hi Marc-André On 07/27/2015 11:42 PM, Marc-André Lureau wrote: Hi On Thu, Jul 23, 2015 at 12:13 PM, Luyao Huang lhu...@redhat.com wrote: Introduce a new element in shmem device element, this could help users to change the shm label to a specified label. Signed-off-by: Luyao Huang lhu...@redhat.com --- docs/formatdomain.html.in | 7 ++ docs/schemas/domaincommon.rng | 3 +++ src/conf/domain_conf.c| 55 ++- src/conf/domain_conf.h| 5 4 files changed, 59 insertions(+), 11 deletions(-) It would be better with a small test, checking parsing and format. Oh, right, i forgot that, thanks for pointing out that, i will add them in next version. diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index d0c1741..e02c67c 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -6098,6 +6098,13 @@ qemu-kvm -net nic,model=? /dev/null vectors. The codeioeventd/code attribute enables/disables (values on/off, respectively) ioeventfd. /dd +dtcodeseclabel/code/dt +dd + The optional codeseclabel/code to override the way that labelling The element may contain an optional code... Okay + is done on the shm object path or shm server path. If this + element is not present, the a href=#seclabelsecurity label is inherited + from the per-domain setting/a. +/dd /dl h4a name=elementsMemoryMemory devices/a/h4 diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 1120003..f58e8de 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -3323,6 +3323,9 @@ /optional /element /optional +zeroOrMore + ref name='devSeclabel'/ +/zeroOrMore optional ref name=address/ /optional diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 73ac537..cb3d72a 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -11261,6 +11261,8 @@ virDomainNVRAMDefParseXML(xmlNodePtr node, static virDomainShmemDefPtr virDomainShmemDefParseXML(xmlNodePtr node, xmlXPathContextPtr ctxt, + virSecurityLabelDefPtr* vmSeclabels, + int nvmSeclabels, unsigned int flags) { char *tmp = NULL; @@ -11332,6 +11334,10 @@ virDomainShmemDefParseXML(xmlNodePtr node, if (virDomainDeviceInfoParseXML(node, NULL, def-info, flags) 0) goto cleanup; +if (virSecurityDeviceLabelDefParseXML(def-seclabels, def-nseclabels, + vmSeclabels, nvmSeclabels, + ctxt, flags) 0) +goto cleanup; ret = def; def = NULL; @@ -12457,7 +12463,11 @@ virDomainDeviceDefParse(const char *xmlStr, goto error; break; case VIR_DOMAIN_DEVICE_SHMEM: -if (!(dev-data.shmem = virDomainShmemDefParseXML(node, ctxt, flags))) +if (!(dev-data.shmem = virDomainShmemDefParseXML(node, + ctxt, + def-seclabels, + def-nseclabels, + flags))) goto error; break; case VIR_DOMAIN_DEVICE_TPM: @@ -16136,7 +16146,8 @@ virDomainDefParseXML(xmlDocPtr xml, for (i = 0; i n; i++) { virDomainShmemDefPtr shmem; ctxt-node = nodes[i]; -shmem = virDomainShmemDefParseXML(nodes[i], ctxt, flags); +shmem = virDomainShmemDefParseXML(nodes[i], ctxt, def-seclabels, + def-nseclabels, flags); if (!shmem) goto error; @@ -20308,6 +20319,8 @@ virDomainShmemDefFormat(virBufferPtr buf, virDomainShmemDefPtr def, unsigned int flags) { +size_t n; + virBufferEscapeString(buf, shmem name='%s', def-name); if (!def-size @@ -20341,6 +20354,9 @@ virDomainShmemDefFormat(virBufferPtr buf, virBufferAddLit(buf, /\n); } +for (n = 0; n def-nseclabels; n++) +virSecurityDeviceLabelDefFormat(buf, def-seclabels[n], flags); + if (virDomainDeviceInfoFormat(buf, def-info, flags) 0) return -1; @@ -23851,11 +23867,25 @@ virDomainObjListExport(virDomainObjListPtr domlist, } +static virSecurityDeviceLabelDefPtr +virDomainGetDeviceSecurityLabelDef(virSecurityDeviceLabelDefPtr *seclabels, + size_t nseclabels, + const char *model) +{ +size_t i; + +for (i = 0; i nseclabels; i++) { +if (STREQ_NULLABLE(seclabels[i]-model, model)) +return seclabels[i]; +} +return NULL; +} + +
Re: [libvirt] [PATCH 1/4] conf: introduce seclabels in shmem device element
On 07/30/2015 05:48 PM, Daniel P. Berrange wrote: On Thu, Jul 23, 2015 at 06:13:46PM +0800, Luyao Huang wrote: Introduce a new element in shmem device element, this could help users to change the shm label to a specified label. Signed-off-by: Luyao Huang lhu...@redhat.com --- docs/formatdomain.html.in | 7 ++ docs/schemas/domaincommon.rng | 3 +++ src/conf/domain_conf.c| 55 ++- src/conf/domain_conf.h| 5 4 files changed, 59 insertions(+), 11 deletions(-) As already mentioned, this must include additions to the qemu tests suite for XML to XML conversion. I must forgot this during wrote this patch, thanks for pointing out that, i will add a tests for the new XML element in next version. Thanks a lot for your review. Regards, Daniel Luyao -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/4] conf: introduce seclabels in shmem device element
On Thu, Jul 23, 2015 at 06:13:46PM +0800, Luyao Huang wrote: Introduce a new element in shmem device element, this could help users to change the shm label to a specified label. Signed-off-by: Luyao Huang lhu...@redhat.com --- docs/formatdomain.html.in | 7 ++ docs/schemas/domaincommon.rng | 3 +++ src/conf/domain_conf.c| 55 ++- src/conf/domain_conf.h| 5 4 files changed, 59 insertions(+), 11 deletions(-) As already mentioned, this must include additions to the qemu tests suite for XML to XML conversion. Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/4] conf: introduce seclabels in shmem device element
On Thu, Jul 23, 2015 at 06:13:46PM +0800, Luyao Huang wrote: Introduce a new element in shmem device element, this could help users to change the shm label to a specified label. Signed-off-by: Luyao Huang lhu...@redhat.com --- docs/formatdomain.html.in | 7 ++ docs/schemas/domaincommon.rng | 3 +++ src/conf/domain_conf.c| 55 ++- src/conf/domain_conf.h| 5 4 files changed, 59 insertions(+), 11 deletions(-) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index d0c1741..e02c67c 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -6098,6 +6098,13 @@ qemu-kvm -net nic,model=? /dev/null vectors. The codeioeventd/code attribute enables/disables (values on/off, respectively) ioeventfd. /dd +dtcodeseclabel/code/dt +dd + The optional codeseclabel/code to override the way that labelling + is done on the shm object path or shm server path. If this + element is not present, the a href=#seclabelsecurity label is inherited + from the per-domain setting/a. +/dd /dl h4a name=elementsMemoryMemory devices/a/h4 diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 1120003..f58e8de 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -3323,6 +3323,9 @@ /optional /element /optional +zeroOrMore + ref name='devSeclabel'/ +/zeroOrMore optional ref name=address/ /optional So in the disk XML we have an explicit element to indicate whether the device is intended to be shared across multiple guests. shareable/ I think we need to have the same flag added to the shm device too, so that we sanity check whether a particular shm was intended to be shared or whether it is a mistake when multiple guests use it. This will also allow us to integrate with the virtlockd to acquire exclusive locks against the shm device to actively prevent admin mistakes starting 2 guests with the same shm. It will also let us automatically choose the right default SELinux label ie svirt_image_t:s0:c214,c3242 for exclusive access vs svirt_image_t:s0 for shared access Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/4] conf: introduce seclabels in shmem device element
Hi On Thu, Jul 23, 2015 at 12:13 PM, Luyao Huang lhu...@redhat.com wrote: Introduce a new element in shmem device element, this could help users to change the shm label to a specified label. Signed-off-by: Luyao Huang lhu...@redhat.com --- docs/formatdomain.html.in | 7 ++ docs/schemas/domaincommon.rng | 3 +++ src/conf/domain_conf.c| 55 ++- src/conf/domain_conf.h| 5 4 files changed, 59 insertions(+), 11 deletions(-) It would be better with a small test, checking parsing and format. diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index d0c1741..e02c67c 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -6098,6 +6098,13 @@ qemu-kvm -net nic,model=? /dev/null vectors. The codeioeventd/code attribute enables/disables (values on/off, respectively) ioeventfd. /dd +dtcodeseclabel/code/dt +dd + The optional codeseclabel/code to override the way that labelling The element may contain an optional code... + is done on the shm object path or shm server path. If this + element is not present, the a href=#seclabelsecurity label is inherited + from the per-domain setting/a. +/dd /dl h4a name=elementsMemoryMemory devices/a/h4 diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 1120003..f58e8de 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -3323,6 +3323,9 @@ /optional /element /optional +zeroOrMore + ref name='devSeclabel'/ +/zeroOrMore optional ref name=address/ /optional diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 73ac537..cb3d72a 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -11261,6 +11261,8 @@ virDomainNVRAMDefParseXML(xmlNodePtr node, static virDomainShmemDefPtr virDomainShmemDefParseXML(xmlNodePtr node, xmlXPathContextPtr ctxt, + virSecurityLabelDefPtr* vmSeclabels, + int nvmSeclabels, unsigned int flags) { char *tmp = NULL; @@ -11332,6 +11334,10 @@ virDomainShmemDefParseXML(xmlNodePtr node, if (virDomainDeviceInfoParseXML(node, NULL, def-info, flags) 0) goto cleanup; +if (virSecurityDeviceLabelDefParseXML(def-seclabels, def-nseclabels, + vmSeclabels, nvmSeclabels, + ctxt, flags) 0) +goto cleanup; ret = def; def = NULL; @@ -12457,7 +12463,11 @@ virDomainDeviceDefParse(const char *xmlStr, goto error; break; case VIR_DOMAIN_DEVICE_SHMEM: -if (!(dev-data.shmem = virDomainShmemDefParseXML(node, ctxt, flags))) +if (!(dev-data.shmem = virDomainShmemDefParseXML(node, + ctxt, + def-seclabels, + def-nseclabels, + flags))) goto error; break; case VIR_DOMAIN_DEVICE_TPM: @@ -16136,7 +16146,8 @@ virDomainDefParseXML(xmlDocPtr xml, for (i = 0; i n; i++) { virDomainShmemDefPtr shmem; ctxt-node = nodes[i]; -shmem = virDomainShmemDefParseXML(nodes[i], ctxt, flags); +shmem = virDomainShmemDefParseXML(nodes[i], ctxt, def-seclabels, + def-nseclabels, flags); if (!shmem) goto error; @@ -20308,6 +20319,8 @@ virDomainShmemDefFormat(virBufferPtr buf, virDomainShmemDefPtr def, unsigned int flags) { +size_t n; + virBufferEscapeString(buf, shmem name='%s', def-name); if (!def-size @@ -20341,6 +20354,9 @@ virDomainShmemDefFormat(virBufferPtr buf, virBufferAddLit(buf, /\n); } +for (n = 0; n def-nseclabels; n++) +virSecurityDeviceLabelDefFormat(buf, def-seclabels[n], flags); + if (virDomainDeviceInfoFormat(buf, def-info, flags) 0) return -1; @@ -23851,11 +23867,25 @@ virDomainObjListExport(virDomainObjListPtr domlist, } +static virSecurityDeviceLabelDefPtr +virDomainGetDeviceSecurityLabelDef(virSecurityDeviceLabelDefPtr *seclabels, + size_t nseclabels, + const char *model) +{ +size_t i; + +for (i = 0; i nseclabels; i++) { +if (STREQ_NULLABLE(seclabels[i]-model, model)) +return seclabels[i]; +} +return NULL; +} + + virSecurityLabelDefPtr virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char
[libvirt] [PATCH 1/4] conf: introduce seclabels in shmem device element
Introduce a new element in shmem device element, this could help users to change the shm label to a specified label. Signed-off-by: Luyao Huang lhu...@redhat.com --- docs/formatdomain.html.in | 7 ++ docs/schemas/domaincommon.rng | 3 +++ src/conf/domain_conf.c| 55 ++- src/conf/domain_conf.h| 5 4 files changed, 59 insertions(+), 11 deletions(-) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index d0c1741..e02c67c 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -6098,6 +6098,13 @@ qemu-kvm -net nic,model=? /dev/null vectors. The codeioeventd/code attribute enables/disables (values on/off, respectively) ioeventfd. /dd +dtcodeseclabel/code/dt +dd + The optional codeseclabel/code to override the way that labelling + is done on the shm object path or shm server path. If this + element is not present, the a href=#seclabelsecurity label is inherited + from the per-domain setting/a. +/dd /dl h4a name=elementsMemoryMemory devices/a/h4 diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 1120003..f58e8de 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -3323,6 +3323,9 @@ /optional /element /optional +zeroOrMore + ref name='devSeclabel'/ +/zeroOrMore optional ref name=address/ /optional diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 73ac537..cb3d72a 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -11261,6 +11261,8 @@ virDomainNVRAMDefParseXML(xmlNodePtr node, static virDomainShmemDefPtr virDomainShmemDefParseXML(xmlNodePtr node, xmlXPathContextPtr ctxt, + virSecurityLabelDefPtr* vmSeclabels, + int nvmSeclabels, unsigned int flags) { char *tmp = NULL; @@ -11332,6 +11334,10 @@ virDomainShmemDefParseXML(xmlNodePtr node, if (virDomainDeviceInfoParseXML(node, NULL, def-info, flags) 0) goto cleanup; +if (virSecurityDeviceLabelDefParseXML(def-seclabels, def-nseclabels, + vmSeclabels, nvmSeclabels, + ctxt, flags) 0) +goto cleanup; ret = def; def = NULL; @@ -12457,7 +12463,11 @@ virDomainDeviceDefParse(const char *xmlStr, goto error; break; case VIR_DOMAIN_DEVICE_SHMEM: -if (!(dev-data.shmem = virDomainShmemDefParseXML(node, ctxt, flags))) +if (!(dev-data.shmem = virDomainShmemDefParseXML(node, + ctxt, + def-seclabels, + def-nseclabels, + flags))) goto error; break; case VIR_DOMAIN_DEVICE_TPM: @@ -16136,7 +16146,8 @@ virDomainDefParseXML(xmlDocPtr xml, for (i = 0; i n; i++) { virDomainShmemDefPtr shmem; ctxt-node = nodes[i]; -shmem = virDomainShmemDefParseXML(nodes[i], ctxt, flags); +shmem = virDomainShmemDefParseXML(nodes[i], ctxt, def-seclabels, + def-nseclabels, flags); if (!shmem) goto error; @@ -20308,6 +20319,8 @@ virDomainShmemDefFormat(virBufferPtr buf, virDomainShmemDefPtr def, unsigned int flags) { +size_t n; + virBufferEscapeString(buf, shmem name='%s', def-name); if (!def-size @@ -20341,6 +20354,9 @@ virDomainShmemDefFormat(virBufferPtr buf, virBufferAddLit(buf, /\n); } +for (n = 0; n def-nseclabels; n++) +virSecurityDeviceLabelDefFormat(buf, def-seclabels[n], flags); + if (virDomainDeviceInfoFormat(buf, def-info, flags) 0) return -1; @@ -23851,11 +23867,25 @@ virDomainObjListExport(virDomainObjListPtr domlist, } +static virSecurityDeviceLabelDefPtr +virDomainGetDeviceSecurityLabelDef(virSecurityDeviceLabelDefPtr *seclabels, + size_t nseclabels, + const char *model) +{ +size_t i; + +for (i = 0; i nseclabels; i++) { +if (STREQ_NULLABLE(seclabels[i]-model, model)) +return seclabels[i]; +} +return NULL; +} + + virSecurityLabelDefPtr virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model) { size_t i; -virSecurityLabelDefPtr seclabel = NULL; if (def == NULL || model == NULL) return NULL; @@ -23866,24 +23896,27 @@ virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model) if (STREQ(def-seclabels[i]-model, model)) return