2
* Copyright (C) 2010-2011 Red Hat, Inc.
4
* This library is free software; you can redistribute it and/or
5
* modify it under the terms of the GNU Lesser General Public
6
* License as published by the Free Software Foundation; either
7
* version 2.1 of the License, or (at your option) any later version.
9
* This library is distributed in the hope that it will be useful,
10
* but WITHOUT ANY WARRANTY; without even the implied warranty of
11
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12
* Lesser General Public License for more details.
14
* You should have received a copy of the GNU Lesser General Public
15
* License along with this library; if not, write to the Free Software
16
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18
* Stacked security driver
23
#include "security_stack.h"
25
#include "virterror_internal.h"
27
#define VIR_FROM_THIS VIR_FROM_SECURITY
29
typedef struct _virSecurityStackData virSecurityStackData;
30
typedef virSecurityStackData *virSecurityStackDataPtr;
32
struct _virSecurityStackData {
33
virSecurityManagerPtr primary;
34
virSecurityManagerPtr secondary;
37
void virSecurityStackSetPrimary(virSecurityManagerPtr mgr,
38
virSecurityManagerPtr primary)
40
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
41
priv->primary = primary;
44
void virSecurityStackSetSecondary(virSecurityManagerPtr mgr,
45
virSecurityManagerPtr secondary)
47
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
48
priv->secondary = secondary;
51
static virSecurityDriverStatus
52
virSecurityStackProbe(void)
54
return SECURITY_DRIVER_ENABLE;
58
virSecurityStackOpen(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
64
virSecurityStackClose(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
70
virSecurityStackGetModel(virSecurityManagerPtr mgr)
72
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
74
return virSecurityManagerGetModel(priv->primary);
78
virSecurityStackGetDOI(virSecurityManagerPtr mgr)
80
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
82
return virSecurityManagerGetDOI(priv->primary);
86
virSecurityStackVerify(virSecurityManagerPtr mgr,
89
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
92
if (virSecurityManagerVerify(priv->primary, def) < 0)
95
if (virSecurityManagerVerify(priv->secondary, def) < 0)
103
virSecurityStackGenLabel(virSecurityManagerPtr mgr,
106
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
109
if (virSecurityManagerGenLabel(priv->primary, vm) < 0)
113
/* We don't allow secondary drivers to generate labels.
114
* This may have to change in the future, but requires
115
* changes elsewhere in domain_conf.c and capabilities.c
116
* XML formats first, to allow recording of multiple
119
if (virSecurityManagerGenLabel(priv->secondary, vm) < 0)
128
virSecurityStackReleaseLabel(virSecurityManagerPtr mgr,
131
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
134
if (virSecurityManagerReleaseLabel(priv->primary, vm) < 0)
137
/* XXX See note in GenLabel */
138
if (virSecurityManagerReleaseLabel(priv->secondary, vm) < 0)
147
virSecurityStackReserveLabel(virSecurityManagerPtr mgr,
150
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
153
if (virSecurityManagerReserveLabel(priv->primary, vm) < 0)
156
/* XXX See note in GenLabel */
157
if (virSecurityManagerReserveLabel(priv->secondary, vm) < 0)
166
virSecurityStackSetSecurityImageLabel(virSecurityManagerPtr mgr,
168
virDomainDiskDefPtr disk)
170
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
173
if (virSecurityManagerSetImageLabel(priv->secondary, vm, disk) < 0)
175
if (virSecurityManagerSetImageLabel(priv->primary, vm, disk) < 0)
183
virSecurityStackRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
185
virDomainDiskDefPtr disk)
187
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
190
if (virSecurityManagerRestoreImageLabel(priv->secondary, vm, disk) < 0)
192
if (virSecurityManagerRestoreImageLabel(priv->primary, vm, disk) < 0)
200
virSecurityStackSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
202
virDomainHostdevDefPtr dev)
205
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
208
if (virSecurityManagerSetHostdevLabel(priv->secondary, vm, dev) < 0)
210
if (virSecurityManagerSetHostdevLabel(priv->primary, vm, dev) < 0)
218
virSecurityStackRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
220
virDomainHostdevDefPtr dev)
222
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
225
if (virSecurityManagerRestoreHostdevLabel(priv->secondary, vm, dev) < 0)
227
if (virSecurityManagerRestoreHostdevLabel(priv->primary, vm, dev) < 0)
235
virSecurityStackSetSecurityAllLabel(virSecurityManagerPtr mgr,
237
const char *stdin_path)
239
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
242
if (virSecurityManagerSetAllLabel(priv->secondary, vm, stdin_path) < 0)
244
if (virSecurityManagerSetAllLabel(priv->primary, vm, stdin_path) < 0)
252
virSecurityStackRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
256
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
259
if (virSecurityManagerRestoreAllLabel(priv->secondary, vm, migrated) < 0)
261
if (virSecurityManagerRestoreAllLabel(priv->primary, vm, migrated) < 0)
269
virSecurityStackSetSavedStateLabel(virSecurityManagerPtr mgr,
271
const char *savefile)
273
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
276
if (virSecurityManagerSetSavedStateLabel(priv->secondary, vm, savefile) < 0)
278
if (virSecurityManagerSetSavedStateLabel(priv->primary, vm, savefile) < 0)
286
virSecurityStackRestoreSavedStateLabel(virSecurityManagerPtr mgr,
288
const char *savefile)
290
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
293
if (virSecurityManagerRestoreSavedStateLabel(priv->secondary, vm, savefile) < 0)
295
if (virSecurityManagerRestoreSavedStateLabel(priv->primary, vm, savefile) < 0)
303
virSecurityStackSetProcessLabel(virSecurityManagerPtr mgr,
306
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
309
if (virSecurityManagerSetProcessLabel(priv->secondary, vm) < 0)
311
if (virSecurityManagerSetProcessLabel(priv->primary, vm) < 0)
318
virSecurityStackGetProcessLabel(virSecurityManagerPtr mgr,
320
virSecurityLabelPtr seclabel)
322
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
326
if (virSecurityManagerGetProcessLabel(priv->secondary, vm, seclabel) < 0)
329
if (virSecurityManagerGetProcessLabel(priv->primary, vm, seclabel) < 0)
337
virSecurityStackSetSocketLabel(virSecurityManagerPtr mgr,
340
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
343
if (virSecurityManagerSetSocketLabel(priv->secondary, vm) < 0)
345
if (virSecurityManagerSetSocketLabel(priv->primary, vm) < 0)
353
virSecurityStackClearSocketLabel(virSecurityManagerPtr mgr,
356
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
359
if (virSecurityManagerClearSocketLabel(priv->secondary, vm) < 0)
361
if (virSecurityManagerClearSocketLabel(priv->primary, vm) < 0)
368
virSecurityStackSetFDLabel(virSecurityManagerPtr mgr,
372
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
375
if (virSecurityManagerSetFDLabel(priv->secondary, vm, fd) < 0)
377
if (virSecurityManagerSetFDLabel(priv->primary, vm, fd) < 0)
384
virSecurityDriver virSecurityDriverStack = {
385
sizeof(virSecurityStackData),
387
virSecurityStackProbe,
388
virSecurityStackOpen,
389
virSecurityStackClose,
391
virSecurityStackGetModel,
392
virSecurityStackGetDOI,
394
virSecurityStackVerify,
396
virSecurityStackSetSecurityImageLabel,
397
virSecurityStackRestoreSecurityImageLabel,
399
virSecurityStackSetSocketLabel,
400
virSecurityStackClearSocketLabel,
402
virSecurityStackGenLabel,
403
virSecurityStackReserveLabel,
404
virSecurityStackReleaseLabel,
406
virSecurityStackGetProcessLabel,
407
virSecurityStackSetProcessLabel,
409
virSecurityStackSetSecurityAllLabel,
410
virSecurityStackRestoreSecurityAllLabel,
412
virSecurityStackSetSecurityHostdevLabel,
413
virSecurityStackRestoreSecurityHostdevLabel,
415
virSecurityStackSetSavedStateLabel,
416
virSecurityStackRestoreSavedStateLabel,
418
virSecurityStackSetFDLabel,