1
commit 73580c60d1003c7d93125a0f62b673818a5da9c9
2
Author: Daniel Walsh <dwalsh@redhat.com>
3
Date: Thu May 10 17:49:29 2012 +0100
5
Pass the virt driver name into security drivers
7
To allow the security drivers to apply different configuration
8
information per hypervisor, pass the virtualization driver name
9
into the security manager constructor.
11
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
13
Index: libvirt-0.9.12/src/lxc/lxc_conf.h
14
===================================================================
15
--- libvirt-0.9.12.orig/src/lxc/lxc_conf.h 2012-06-29 18:16:00.000000000 -0500
16
+++ libvirt-0.9.12/src/lxc/lxc_conf.h 2012-06-29 18:16:10.988256316 -0500
18
# include "security/security_manager.h"
19
# include "configmake.h"
21
+# define LXC_DRIVER_NAME "LXC"
23
# define LXC_CONFIG_DIR SYSCONFDIR "/libvirt/lxc"
24
# define LXC_STATE_DIR LOCALSTATEDIR "/run/libvirt/lxc"
25
# define LXC_LOG_DIR LOCALSTATEDIR "/log/libvirt/lxc"
26
Index: libvirt-0.9.12/src/lxc/lxc_controller.c
27
===================================================================
28
--- libvirt-0.9.12.orig/src/lxc/lxc_controller.c 2012-06-29 18:16:00.000000000 -0500
29
+++ libvirt-0.9.12/src/lxc/lxc_controller.c 2012-06-29 18:16:10.992256316 -0500
34
- if (!(securityDriver = virSecurityManagerNew(optarg, false, false, false))) {
35
+ if (!(securityDriver = virSecurityManagerNew(optarg,
37
+ false, false, false))) {
38
fprintf(stderr, "Cannot create security manager '%s'",
44
if (securityDriver == NULL) {
45
- if (!(securityDriver = virSecurityManagerNew("none", false, false, false))) {
46
+ if (!(securityDriver = virSecurityManagerNew("none",
48
+ false, false, false))) {
49
fprintf(stderr, "%s: cannot initialize nop security manager", argv[0]);
52
Index: libvirt-0.9.12/src/lxc/lxc_driver.c
53
===================================================================
54
--- libvirt-0.9.12.orig/src/lxc/lxc_driver.c 2012-06-29 18:16:00.000000000 -0500
55
+++ libvirt-0.9.12/src/lxc/lxc_driver.c 2012-06-29 18:16:10.992256316 -0500
58
lxcSecurityInit(lxc_driver_t *driver)
60
+ VIR_INFO("lxcSecurityInit %s", driver->securityDriverName);
61
virSecurityManagerPtr mgr = virSecurityManagerNew(driver->securityDriverName,
64
driver->securityDefaultConfined,
65
driver->securityRequireConfined);
68
static virDriver lxcDriver = {
71
+ .name = LXC_DRIVER_NAME,
72
.open = lxcOpen, /* 0.4.2 */
73
.close = lxcClose, /* 0.4.2 */
74
.version = lxcVersion, /* 0.4.6 */
78
static virStateDriver lxcStateDriver = {
80
+ .name = LXC_DRIVER_NAME,
81
.initialize = lxcStartup,
82
.cleanup = lxcShutdown,
84
Index: libvirt-0.9.12/src/qemu/qemu_driver.c
85
===================================================================
86
--- libvirt-0.9.12.orig/src/qemu/qemu_driver.c 2012-06-29 18:16:10.964256316 -0500
87
+++ libvirt-0.9.12/src/qemu/qemu_driver.c 2012-06-29 18:16:11.000256316 -0500
90
#define VIR_FROM_THIS VIR_FROM_QEMU
92
+#define QEMU_DRIVER_NAME "QEMU"
94
#define QEMU_NB_MEM_PARAM 3
96
#define QEMU_NB_BLOCK_IO_TUNE_PARAM 6
98
qemuSecurityInit(struct qemud_driver *driver)
100
virSecurityManagerPtr mgr = virSecurityManagerNew(driver->securityDriverName,
102
driver->allowDiskFormatProbing,
103
driver->securityDefaultConfined,
104
driver->securityRequireConfined);
108
if (driver->privileged) {
109
- virSecurityManagerPtr dac = virSecurityManagerNewDAC(driver->user,
110
+ virSecurityManagerPtr dac = virSecurityManagerNewDAC(QEMU_DRIVER_NAME,
113
driver->allowDiskFormatProbing,
114
driver->securityDefaultConfined,
115
@@ -12836,7 +12840,7 @@
117
static virDriver qemuDriver = {
120
+ .name = QEMU_DRIVER_NAME,
121
.open = qemudOpen, /* 0.2.0 */
122
.close = qemudClose, /* 0.2.0 */
123
.supports_feature = qemudSupportsFeature, /* 0.5.0 */
124
@@ -13027,7 +13031,7 @@
127
static virNWFilterCallbackDriver qemuCallbackDriver = {
129
+ .name = QEMU_DRIVER_NAME,
130
.vmFilterRebuild = qemuVMFilterRebuild,
131
.vmDriverLock = qemuVMDriverLock,
132
.vmDriverUnlock = qemuVMDriverUnlock,
133
Index: libvirt-0.9.12/src/security/security_apparmor.c
134
===================================================================
135
--- libvirt-0.9.12.orig/src/security/security_apparmor.c 2012-06-29 18:16:00.000000000 -0500
136
+++ libvirt-0.9.12/src/security/security_apparmor.c 2012-06-29 18:16:12.892256359 -0500
139
/* Called on libvirtd startup to see if AppArmor is available */
141
-AppArmorSecurityManagerProbe(void)
142
+AppArmorSecurityManagerProbe(const char *virtDriver ATTRIBUTE_UNUSED)
144
char *template = NULL;
145
int rc = SECURITY_DRIVER_DISABLE;
146
Index: libvirt-0.9.12/src/security/security_dac.c
147
===================================================================
148
--- libvirt-0.9.12.orig/src/security/security_dac.c 2012-06-29 18:16:00.000000000 -0500
149
+++ libvirt-0.9.12/src/security/security_dac.c 2012-06-29 18:16:11.000256316 -0500
153
static virSecurityDriverStatus
154
-virSecurityDACProbe(void)
155
+virSecurityDACProbe(const char *virtDriver ATTRIBUTE_UNUSED)
157
return SECURITY_DRIVER_ENABLE;
159
Index: libvirt-0.9.12/src/security/security_driver.c
160
===================================================================
161
--- libvirt-0.9.12.orig/src/security/security_driver.c 2012-06-29 18:16:00.000000000 -0500
162
+++ libvirt-0.9.12/src/security/security_driver.c 2012-06-29 18:16:11.000256316 -0500
164
&virSecurityDriverNop, /* Must always be last, since it will always probe */
167
-virSecurityDriverPtr virSecurityDriverLookup(const char *name)
168
+virSecurityDriverPtr virSecurityDriverLookup(const char *name,
169
+ const char *virtDriver)
171
virSecurityDriverPtr drv = NULL;
174
STRNEQ(tmp->name, name))
177
- switch (tmp->probe()) {
178
+ switch (tmp->probe(virtDriver)) {
179
case SECURITY_DRIVER_ENABLE:
180
VIR_DEBUG("Probed name=%s", tmp->name);
182
Index: libvirt-0.9.12/src/security/security_driver.h
183
===================================================================
184
--- libvirt-0.9.12.orig/src/security/security_driver.h 2012-06-29 18:16:00.000000000 -0500
185
+++ libvirt-0.9.12/src/security/security_driver.h 2012-06-29 18:16:11.000256316 -0500
187
typedef struct _virSecurityDriver virSecurityDriver;
188
typedef virSecurityDriver *virSecurityDriverPtr;
190
-typedef virSecurityDriverStatus (*virSecurityDriverProbe) (void);
191
+typedef virSecurityDriverStatus (*virSecurityDriverProbe) (const char *virtDriver);
192
typedef int (*virSecurityDriverOpen) (virSecurityManagerPtr mgr);
193
typedef int (*virSecurityDriverClose) (virSecurityManagerPtr mgr);
196
virSecurityDomainSetImageFDLabel domainSetSecurityImageFDLabel;
199
-virSecurityDriverPtr virSecurityDriverLookup(const char *name);
200
+virSecurityDriverPtr virSecurityDriverLookup(const char *name,
201
+ const char *virtDriver);
203
#endif /* __VIR_SECURITY_H__ */
204
Index: libvirt-0.9.12/src/security/security_manager.c
205
===================================================================
206
--- libvirt-0.9.12.orig/src/security/security_manager.c 2012-06-29 18:16:00.000000000 -0500
207
+++ libvirt-0.9.12/src/security/security_manager.c 2012-06-29 18:16:11.000256316 -0500
209
bool allowDiskFormatProbing;
210
bool defaultConfined;
211
bool requireConfined;
212
+ const char *virtDriver;
215
static virSecurityManagerPtr virSecurityManagerNewDriver(virSecurityDriverPtr drv,
216
+ const char *virtDriver,
217
bool allowDiskFormatProbing,
218
bool defaultConfined,
219
bool requireConfined)
221
mgr->allowDiskFormatProbing = allowDiskFormatProbing;
222
mgr->defaultConfined = defaultConfined;
223
mgr->requireConfined = requireConfined;
224
+ mgr->virtDriver = virtDriver;
226
if (drv->open(mgr) < 0) {
227
virSecurityManagerFree(mgr);
230
virSecurityManagerPtr mgr =
231
virSecurityManagerNewDriver(&virSecurityDriverStack,
232
+ virSecurityManagerGetDriver(primary),
233
virSecurityManagerGetAllowDiskFormatProbing(primary),
234
virSecurityManagerGetDefaultConfined(primary),
235
virSecurityManagerGetRequireConfined(primary));
240
-virSecurityManagerPtr virSecurityManagerNewDAC(uid_t user,
241
+virSecurityManagerPtr virSecurityManagerNewDAC(const char *virtDriver,
244
bool allowDiskFormatProbing,
245
bool defaultConfined,
248
virSecurityManagerPtr mgr =
249
virSecurityManagerNewDriver(&virSecurityDriverDAC,
251
allowDiskFormatProbing,
254
@@ -107,11 +113,12 @@
257
virSecurityManagerPtr virSecurityManagerNew(const char *name,
258
+ const char *virtDriver,
259
bool allowDiskFormatProbing,
260
bool defaultConfined,
261
bool requireConfined)
263
- virSecurityDriverPtr drv = virSecurityDriverLookup(name);
264
+ virSecurityDriverPtr drv = virSecurityDriverLookup(name, virtDriver);
271
return virSecurityManagerNewDriver(drv,
273
allowDiskFormatProbing,
280
+virSecurityManagerGetDriver(virSecurityManagerPtr mgr)
282
+ return mgr->virtDriver;
286
virSecurityManagerGetDOI(virSecurityManagerPtr mgr)
288
if (mgr->drv->getDOI)
289
Index: libvirt-0.9.12/src/security/security_manager.h
290
===================================================================
291
--- libvirt-0.9.12.orig/src/security/security_manager.h 2012-06-29 18:16:00.000000000 -0500
292
+++ libvirt-0.9.12/src/security/security_manager.h 2012-06-29 18:16:11.004256316 -0500
294
typedef virSecurityManager *virSecurityManagerPtr;
296
virSecurityManagerPtr virSecurityManagerNew(const char *name,
297
+ const char *virtDriver,
298
bool allowDiskFormatProbing,
299
bool defaultConfined,
300
bool requireConfined);
302
virSecurityManagerPtr virSecurityManagerNewStack(virSecurityManagerPtr primary,
303
virSecurityManagerPtr secondary);
305
-virSecurityManagerPtr virSecurityManagerNewDAC(uid_t user,
306
+virSecurityManagerPtr virSecurityManagerNewDAC(const char *virtDriver,
309
bool allowDiskFormatProbing,
310
bool defaultConfined,
313
void virSecurityManagerFree(virSecurityManagerPtr mgr);
315
+const char *virSecurityManagerGetDriver(virSecurityManagerPtr mgr);
316
const char *virSecurityManagerGetDOI(virSecurityManagerPtr mgr);
317
const char *virSecurityManagerGetModel(virSecurityManagerPtr mgr);
318
bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr);
319
Index: libvirt-0.9.12/src/security/security_nop.c
320
===================================================================
321
--- libvirt-0.9.12.orig/src/security/security_nop.c 2012-06-29 18:16:00.000000000 -0500
322
+++ libvirt-0.9.12/src/security/security_nop.c 2012-06-29 18:16:11.004256316 -0500
325
#include "security_nop.h"
327
-static virSecurityDriverStatus virSecurityDriverProbeNop(void)
328
+static virSecurityDriverStatus virSecurityDriverProbeNop(const char *virtDriver ATTRIBUTE_UNUSED)
330
return SECURITY_DRIVER_ENABLE;
332
Index: libvirt-0.9.12/src/security/security_selinux.c
333
===================================================================
334
--- libvirt-0.9.12.orig/src/security/security_selinux.c 2012-06-29 18:16:00.000000000 -0500
335
+++ libvirt-0.9.12/src/security/security_selinux.c 2012-06-29 18:16:11.004256316 -0500
340
-SELinuxSecurityDriverProbe(void)
341
+SELinuxSecurityDriverProbe(const char *virtDriver ATTRIBUTE_UNUSED)
343
return is_selinux_enabled() ? SECURITY_DRIVER_ENABLE : SECURITY_DRIVER_DISABLE;
345
Index: libvirt-0.9.12/src/security/security_stack.c
346
===================================================================
347
--- libvirt-0.9.12.orig/src/security/security_stack.c 2012-06-29 18:16:00.000000000 -0500
348
+++ libvirt-0.9.12/src/security/security_stack.c 2012-06-29 18:16:11.004256316 -0500
352
static virSecurityDriverStatus
353
-virSecurityStackProbe(void)
354
+virSecurityStackProbe(const char *virtDriver ATTRIBUTE_UNUSED)
356
return SECURITY_DRIVER_ENABLE;
358
Index: libvirt-0.9.12/tests/seclabeltest.c
359
===================================================================
360
--- libvirt-0.9.12.orig/tests/seclabeltest.c 2012-06-29 18:16:00.000000000 -0500
361
+++ libvirt-0.9.12/tests/seclabeltest.c 2012-06-29 18:16:11.004256316 -0500
363
virSecurityManagerPtr mgr;
364
const char *doi, *model;
366
- mgr = virSecurityManagerNew(NULL, false, true, false);
367
+ mgr = virSecurityManagerNew(NULL, "QEMU", false, true, false);
369
fprintf (stderr, "Failed to start security driver");