|
Daniel P. Berrange |
e3a592 |
From dac2b936e77f6c76c11f162e4b175492e4803acb Mon Sep 17 00:00:00 2001
|
|
Daniel P. Berrange |
e3a592 |
From: Daniel P. Berrange <berrange@redhat.com>
|
|
Daniel P. Berrange |
e3a592 |
Date: Tue, 15 Jun 2010 17:58:58 +0100
|
|
Daniel P. Berrange |
e3a592 |
Subject: [PATCH 08/11] Disable all disk probing in QEMU driver & add config option to re-enable
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
Disk format probing is now disabled by default. A new config
|
|
Daniel P. Berrange |
e3a592 |
option in /etc/qemu/qemu.conf will re-enable it for existing
|
|
Daniel P. Berrange |
e3a592 |
deployments where this causes trouble
|
|
Daniel P. Berrange |
e3a592 |
---
|
|
Daniel P. Berrange |
e3a592 |
src/qemu/libvirtd_qemu.aug | 1 +
|
|
Daniel P. Berrange |
e3a592 |
src/qemu/qemu.conf | 12 ++++++++++++
|
|
Daniel P. Berrange |
e3a592 |
src/qemu/qemu_conf.c | 4 ++++
|
|
Daniel P. Berrange |
e3a592 |
src/qemu/qemu_conf.h | 1 +
|
|
Daniel P. Berrange |
e3a592 |
src/qemu/qemu_driver.c | 36 +++++++++++++++++++++++-------------
|
|
Daniel P. Berrange |
e3a592 |
src/qemu/qemu_security_dac.c | 2 +-
|
|
Daniel P. Berrange |
e3a592 |
src/qemu/test_libvirtd_qemu.aug | 4 ++++
|
|
Daniel P. Berrange |
e3a592 |
src/security/security_apparmor.c | 12 ++++++++----
|
|
Daniel P. Berrange |
e3a592 |
src/security/security_driver.c | 16 ++++++++++++++--
|
|
Daniel P. Berrange |
e3a592 |
src/security/security_driver.h | 10 ++++++++--
|
|
Daniel P. Berrange |
e3a592 |
src/security/security_selinux.c | 9 ++++++---
|
|
Daniel P. Berrange |
e3a592 |
src/security/virt-aa-helper.c | 10 +++++++++-
|
|
Daniel P. Berrange |
e3a592 |
tests/seclabeltest.c | 2 +-
|
|
Daniel P. Berrange |
e3a592 |
13 files changed, 92 insertions(+), 27 deletions(-)
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
|
|
Daniel P. Berrange |
e3a592 |
index 7c9f271..47d0525 100644
|
|
Daniel P. Berrange |
e3a592 |
--- a/src/qemu/libvirtd_qemu.aug
|
|
Daniel P. Berrange |
e3a592 |
+++ b/src/qemu/libvirtd_qemu.aug
|
|
Daniel P. Berrange |
e3a592 |
@@ -40,6 +40,7 @@ module Libvirtd_qemu =
|
|
Daniel P. Berrange |
e3a592 |
| bool_entry "relaxed_acs_check"
|
|
Daniel P. Berrange |
e3a592 |
| bool_entry "vnc_allow_host_audio"
|
|
Daniel P. Berrange |
e3a592 |
| bool_entry "clear_emulator_capabilities"
|
|
Daniel P. Berrange |
e3a592 |
+ | bool_entry "allow_disk_format_probing"
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
(* Each enty in the config is one of the following three ... *)
|
|
Daniel P. Berrange |
e3a592 |
let entry = vnc_entry
|
|
Daniel P. Berrange |
e3a592 |
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
|
|
Daniel P. Berrange |
e3a592 |
index 93934f3..dc8eb83 100644
|
|
Daniel P. Berrange |
e3a592 |
--- a/src/qemu/qemu.conf
|
|
Daniel P. Berrange |
e3a592 |
+++ b/src/qemu/qemu.conf
|
|
Daniel P. Berrange |
e3a592 |
@@ -187,3 +187,15 @@
|
|
Daniel P. Berrange |
e3a592 |
# exploit the privileges and possibly do damage to the host.
|
|
Daniel P. Berrange |
e3a592 |
#
|
|
Daniel P. Berrange |
e3a592 |
# clear_emulator_capabilities = 1
|
|
Daniel P. Berrange |
e3a592 |
+
|
|
Daniel P. Berrange |
e3a592 |
+
|
|
Daniel P. Berrange |
e3a592 |
+
|
|
Daniel P. Berrange |
e3a592 |
+# If allow_disk_format_probing is enabled, libvirt will probe disk
|
|
Daniel P. Berrange |
e3a592 |
+# images to attempt to identify their format, when not otherwise
|
|
Daniel P. Berrange |
e3a592 |
+# specified in the XML. This is disabled by default.
|
|
Daniel P. Berrange |
e3a592 |
+#
|
|
Daniel P. Berrange |
e3a592 |
+# WARNING: Enabling probing is a security hole in almost all
|
|
Daniel P. Berrange |
e3a592 |
+# deployments. It is strongly recommended that users update their
|
|
Daniel P. Berrange |
e3a592 |
+# guest XML <disk> elements to include <driver type='XXXX'/>
|
|
Daniel P. Berrange |
e3a592 |
+# elements instead of enabling this option.
|
|
Daniel P. Berrange |
e3a592 |
+# allow_disk_format_probing = 1
|
|
Daniel P. Berrange |
e3a592 |
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
|
|
Daniel P. Berrange |
e3a592 |
index 988220b..3ba48bf 100644
|
|
Daniel P. Berrange |
e3a592 |
--- a/src/qemu/qemu_conf.c
|
|
Daniel P. Berrange |
e3a592 |
+++ b/src/qemu/qemu_conf.c
|
|
Daniel P. Berrange |
e3a592 |
@@ -365,6 +365,10 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
|
|
Daniel P. Berrange |
e3a592 |
CHECK_TYPE ("clear_emulator_capabilities", VIR_CONF_LONG);
|
|
Daniel P. Berrange |
e3a592 |
if (p) driver->clearEmulatorCapabilities = p->l;
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
+ p = virConfGetValue (conf, "allow_disk_format_probing");
|
|
Daniel P. Berrange |
e3a592 |
+ CHECK_TYPE ("allow_disk_format_probing", VIR_CONF_LONG);
|
|
Daniel P. Berrange |
e3a592 |
+ if (p) driver->allowDiskFormatProbing = p->l;
|
|
Daniel P. Berrange |
e3a592 |
+
|
|
Daniel P. Berrange |
e3a592 |
virConfFree (conf);
|
|
Daniel P. Berrange |
e3a592 |
return 0;
|
|
Daniel P. Berrange |
e3a592 |
}
|
|
Daniel P. Berrange |
e3a592 |
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
|
|
Daniel P. Berrange |
e3a592 |
index ab5f158..30e9f20 100644
|
|
Daniel P. Berrange |
e3a592 |
--- a/src/qemu/qemu_conf.h
|
|
Daniel P. Berrange |
e3a592 |
+++ b/src/qemu/qemu_conf.h
|
|
Daniel P. Berrange |
e3a592 |
@@ -141,6 +141,7 @@ struct qemud_driver {
|
|
Daniel P. Berrange |
e3a592 |
unsigned int relaxedACS : 1;
|
|
Daniel P. Berrange |
e3a592 |
unsigned int vncAllowHostAudio : 1;
|
|
Daniel P. Berrange |
e3a592 |
unsigned int clearEmulatorCapabilities : 1;
|
|
Daniel P. Berrange |
e3a592 |
+ unsigned int allowDiskFormatProbing : 1;
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
virCapsPtr caps;
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
|
|
Daniel P. Berrange |
e3a592 |
index 616547c..3c479c5 100644
|
|
Daniel P. Berrange |
e3a592 |
--- a/src/qemu/qemu_driver.c
|
|
Daniel P. Berrange |
e3a592 |
+++ b/src/qemu/qemu_driver.c
|
|
Daniel P. Berrange |
e3a592 |
@@ -1322,7 +1322,8 @@ qemudSecurityInit(struct qemud_driver *qemud_drv)
|
|
Daniel P. Berrange |
e3a592 |
qemuSecurityDACSetDriver(qemud_drv);
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
ret = virSecurityDriverStartup(&security_drv,
|
|
Daniel P. Berrange |
e3a592 |
- qemud_drv->securityDriverName);
|
|
Daniel P. Berrange |
e3a592 |
+ qemud_drv->securityDriverName,
|
|
Daniel P. Berrange |
e3a592 |
+ qemud_drv->allowDiskFormatProbing);
|
|
Daniel P. Berrange |
e3a592 |
if (ret == -1) {
|
|
Daniel P. Berrange |
e3a592 |
VIR_ERROR0(_("Failed to start security driver"));
|
|
Daniel P. Berrange |
e3a592 |
return -1;
|
|
Daniel P. Berrange |
e3a592 |
@@ -3070,11 +3071,12 @@ static int qemuSetupDiskPathAllow(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
|
|
Daniel P. Berrange |
e3a592 |
}
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
-static int qemuSetupDiskCgroup(virCgroupPtr cgroup,
|
|
Daniel P. Berrange |
e3a592 |
+static int qemuSetupDiskCgroup(struct qemud_driver *driver,
|
|
Daniel P. Berrange |
e3a592 |
+ virCgroupPtr cgroup,
|
|
Daniel P. Berrange |
e3a592 |
virDomainDiskDefPtr disk)
|
|
Daniel P. Berrange |
e3a592 |
{
|
|
Daniel P. Berrange |
e3a592 |
return virDomainDiskDefForeachPath(disk,
|
|
Daniel P. Berrange |
e3a592 |
- true,
|
|
Daniel P. Berrange |
e3a592 |
+ driver->allowDiskFormatProbing,
|
|
Daniel P. Berrange |
e3a592 |
true,
|
|
Daniel P. Berrange |
e3a592 |
qemuSetupDiskPathAllow,
|
|
Daniel P. Berrange |
e3a592 |
cgroup);
|
|
Daniel P. Berrange |
e3a592 |
@@ -3109,11 +3111,12 @@ static int qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
|
|
Daniel P. Berrange |
e3a592 |
}
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
-static int qemuTeardownDiskCgroup(virCgroupPtr cgroup,
|
|
Daniel P. Berrange |
e3a592 |
+static int qemuTeardownDiskCgroup(struct qemud_driver *driver,
|
|
Daniel P. Berrange |
e3a592 |
+ virCgroupPtr cgroup,
|
|
Daniel P. Berrange |
e3a592 |
virDomainDiskDefPtr disk)
|
|
Daniel P. Berrange |
e3a592 |
{
|
|
Daniel P. Berrange |
e3a592 |
return virDomainDiskDefForeachPath(disk,
|
|
Daniel P. Berrange |
e3a592 |
- true,
|
|
Daniel P. Berrange |
e3a592 |
+ driver->allowDiskFormatProbing,
|
|
Daniel P. Berrange |
e3a592 |
true,
|
|
Daniel P. Berrange |
e3a592 |
qemuTeardownDiskPathDeny,
|
|
Daniel P. Berrange |
e3a592 |
cgroup);
|
|
Daniel P. Berrange |
e3a592 |
@@ -3180,7 +3183,7 @@ static int qemuSetupCgroup(struct qemud_driver *driver,
|
|
Daniel P. Berrange |
e3a592 |
}
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
for (i = 0; i < vm->def->ndisks ; i++) {
|
|
Daniel P. Berrange |
e3a592 |
- if (qemuSetupDiskCgroup(cgroup, vm->def->disks[i]) < 0)
|
|
Daniel P. Berrange |
e3a592 |
+ if (qemuSetupDiskCgroup(driver, cgroup, vm->def->disks[i]) < 0)
|
|
Daniel P. Berrange |
e3a592 |
goto cleanup;
|
|
Daniel P. Berrange |
e3a592 |
}
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
@@ -8033,7 +8036,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
|
|
Daniel P. Berrange |
e3a592 |
vm->def->name);
|
|
Daniel P. Berrange |
e3a592 |
goto endjob;
|
|
Daniel P. Berrange |
e3a592 |
}
|
|
Daniel P. Berrange |
e3a592 |
- if (qemuSetupDiskCgroup(cgroup, dev->data.disk) < 0)
|
|
Daniel P. Berrange |
e3a592 |
+ if (qemuSetupDiskCgroup(driver, cgroup, dev->data.disk) < 0)
|
|
Daniel P. Berrange |
e3a592 |
goto endjob;
|
|
Daniel P. Berrange |
e3a592 |
}
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
@@ -8078,7 +8081,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
|
|
Daniel P. Berrange |
e3a592 |
/* Fallthrough */
|
|
Daniel P. Berrange |
e3a592 |
}
|
|
Daniel P. Berrange |
e3a592 |
if (ret != 0 && cgroup) {
|
|
Daniel P. Berrange |
e3a592 |
- if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
|
|
Daniel P. Berrange |
e3a592 |
+ if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0)
|
|
Daniel P. Berrange |
e3a592 |
VIR_WARN("Failed to teardown cgroup for disk path %s",
|
|
Daniel P. Berrange |
e3a592 |
NULLSTR(dev->data.disk->src));
|
|
Daniel P. Berrange |
e3a592 |
}
|
|
Daniel P. Berrange |
e3a592 |
@@ -8278,7 +8281,7 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom,
|
|
Daniel P. Berrange |
e3a592 |
vm->def->name);
|
|
Daniel P. Berrange |
e3a592 |
goto endjob;
|
|
Daniel P. Berrange |
e3a592 |
}
|
|
Daniel P. Berrange |
e3a592 |
- if (qemuSetupDiskCgroup(cgroup, dev->data.disk) < 0)
|
|
Daniel P. Berrange |
e3a592 |
+ if (qemuSetupDiskCgroup(driver, cgroup, dev->data.disk) < 0)
|
|
Daniel P. Berrange |
e3a592 |
goto endjob;
|
|
Daniel P. Berrange |
e3a592 |
}
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
@@ -8301,7 +8304,7 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom,
|
|
Daniel P. Berrange |
e3a592 |
}
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
if (ret != 0 && cgroup) {
|
|
Daniel P. Berrange |
e3a592 |
- if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
|
|
Daniel P. Berrange |
e3a592 |
+ if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0)
|
|
Daniel P. Berrange |
e3a592 |
VIR_WARN("Failed to teardown cgroup for disk path %s",
|
|
Daniel P. Berrange |
e3a592 |
NULLSTR(dev->data.disk->src));
|
|
Daniel P. Berrange |
e3a592 |
}
|
|
Daniel P. Berrange |
e3a592 |
@@ -8429,7 +8432,7 @@ static int qemudDomainDetachPciDiskDevice(struct qemud_driver *driver,
|
|
Daniel P. Berrange |
e3a592 |
VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
if (cgroup != NULL) {
|
|
Daniel P. Berrange |
e3a592 |
- if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
|
|
Daniel P. Berrange |
e3a592 |
+ if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0)
|
|
Daniel P. Berrange |
e3a592 |
VIR_WARN("Failed to teardown cgroup for disk path %s",
|
|
Daniel P. Berrange |
e3a592 |
NULLSTR(dev->data.disk->src));
|
|
Daniel P. Berrange |
e3a592 |
}
|
|
Daniel P. Berrange |
e3a592 |
@@ -8493,7 +8496,7 @@ static int qemudDomainDetachSCSIDiskDevice(struct qemud_driver *driver,
|
|
Daniel P. Berrange |
e3a592 |
VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
if (cgroup != NULL) {
|
|
Daniel P. Berrange |
e3a592 |
- if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)
|
|
Daniel P. Berrange |
e3a592 |
+ if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0)
|
|
Daniel P. Berrange |
e3a592 |
VIR_WARN("Failed to teardown cgroup for disk path %s",
|
|
Daniel P. Berrange |
e3a592 |
NULLSTR(dev->data.disk->src));
|
|
Daniel P. Berrange |
e3a592 |
}
|
|
Daniel P. Berrange |
e3a592 |
@@ -9672,8 +9675,15 @@ static int qemuDomainGetBlockInfo(virDomainPtr dom,
|
|
Daniel P. Berrange |
e3a592 |
goto cleanup;
|
|
Daniel P. Berrange |
e3a592 |
}
|
|
Daniel P. Berrange |
e3a592 |
} else {
|
|
Daniel P. Berrange |
e3a592 |
- if ((format = virStorageFileProbeFormat(disk->src)) < 0)
|
|
Daniel P. Berrange |
e3a592 |
+ if (driver->allowDiskFormatProbing) {
|
|
Daniel P. Berrange |
e3a592 |
+ if ((format = virStorageFileProbeFormat(disk->src)) < 0)
|
|
Daniel P. Berrange |
e3a592 |
+ goto cleanup;
|
|
Daniel P. Berrange |
e3a592 |
+ } else {
|
|
Daniel P. Berrange |
e3a592 |
+ qemuReportError(VIR_ERR_INTERNAL_ERROR,
|
|
Daniel P. Berrange |
e3a592 |
+ _("no disk format for %s and probing is disabled"),
|
|
Daniel P. Berrange |
e3a592 |
+ disk->src);
|
|
Daniel P. Berrange |
e3a592 |
goto cleanup;
|
|
Daniel P. Berrange |
e3a592 |
+ }
|
|
Daniel P. Berrange |
e3a592 |
}
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
if (virStorageFileGetMetadataFromFD(path, fd,
|
|
Daniel P. Berrange |
e3a592 |
diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c
|
|
Daniel P. Berrange |
e3a592 |
index 0bbcf69..55dc0c6 100644
|
|
Daniel P. Berrange |
e3a592 |
--- a/src/qemu/qemu_security_dac.c
|
|
Daniel P. Berrange |
e3a592 |
+++ b/src/qemu/qemu_security_dac.c
|
|
Daniel P. Berrange |
e3a592 |
@@ -117,7 +117,7 @@ qemuSecurityDACSetSecurityImageLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
|
Daniel P. Berrange |
e3a592 |
return 0;
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
return virDomainDiskDefForeachPath(disk,
|
|
Daniel P. Berrange |
e3a592 |
- true,
|
|
Daniel P. Berrange |
e3a592 |
+ driver->allowDiskFormatProbing,
|
|
Daniel P. Berrange |
e3a592 |
false,
|
|
Daniel P. Berrange |
e3a592 |
qemuSecurityDACSetSecurityFileLabel,
|
|
Daniel P. Berrange |
e3a592 |
NULL);
|
|
Daniel P. Berrange |
e3a592 |
diff --git a/src/qemu/test_libvirtd_qemu.aug b/src/qemu/test_libvirtd_qemu.aug
|
|
Daniel P. Berrange |
e3a592 |
index 3326cc5..f0c4a0d 100644
|
|
Daniel P. Berrange |
e3a592 |
--- a/src/qemu/test_libvirtd_qemu.aug
|
|
Daniel P. Berrange |
e3a592 |
+++ b/src/qemu/test_libvirtd_qemu.aug
|
|
Daniel P. Berrange |
e3a592 |
@@ -101,6 +101,8 @@ relaxed_acs_check = 1
|
|
Daniel P. Berrange |
e3a592 |
vnc_allow_host_audio = 1
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
clear_emulator_capabilities = 0
|
|
Daniel P. Berrange |
e3a592 |
+
|
|
Daniel P. Berrange |
e3a592 |
+allow_disk_format_probing = 1
|
|
Daniel P. Berrange |
e3a592 |
"
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
test Libvirtd_qemu.lns get conf =
|
|
Daniel P. Berrange |
e3a592 |
@@ -212,3 +214,5 @@ clear_emulator_capabilities = 0
|
|
Daniel P. Berrange |
e3a592 |
{ "vnc_allow_host_audio" = "1" }
|
|
Daniel P. Berrange |
e3a592 |
{ "#empty" }
|
|
Daniel P. Berrange |
e3a592 |
{ "clear_emulator_capabilities" = "0" }
|
|
Daniel P. Berrange |
e3a592 |
+{ "#empty" }
|
|
Daniel P. Berrange |
e3a592 |
+{ "allow_disk_format_probing" = "1" }
|
|
Daniel P. Berrange |
e3a592 |
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
|
|
Daniel P. Berrange |
e3a592 |
index cb5c739..c5f9829 100644
|
|
Daniel P. Berrange |
e3a592 |
--- a/src/security/security_apparmor.c
|
|
Daniel P. Berrange |
e3a592 |
+++ b/src/security/security_apparmor.c
|
|
Daniel P. Berrange |
e3a592 |
@@ -157,6 +157,8 @@ load_profile(virSecurityDriverPtr drv,
|
|
Daniel P. Berrange |
e3a592 |
char *xml = NULL;
|
|
Daniel P. Berrange |
e3a592 |
int pipefd[2];
|
|
Daniel P. Berrange |
e3a592 |
pid_t child;
|
|
Daniel P. Berrange |
e3a592 |
+ const char *probe = virSecurityDriverGetAllowDiskFormatProbing(drv)
|
|
Daniel P. Berrange |
e3a592 |
+ ? "1" : "0";
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
if (pipe(pipefd) < -1) {
|
|
Daniel P. Berrange |
e3a592 |
virReportSystemError(errno, "%s", _("unable to create pipe"));
|
|
Daniel P. Berrange |
e3a592 |
@@ -172,19 +174,19 @@ load_profile(virSecurityDriverPtr drv,
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
if (create) {
|
|
Daniel P. Berrange |
e3a592 |
const char *const argv[] = {
|
|
Daniel P. Berrange |
e3a592 |
- VIRT_AA_HELPER, "-c", "-u", profile, NULL
|
|
Daniel P. Berrange |
e3a592 |
+ VIRT_AA_HELPER, "-p", probe, "-c", "-u", profile, NULL
|
|
Daniel P. Berrange |
e3a592 |
};
|
|
Daniel P. Berrange |
e3a592 |
ret = virExec(argv, NULL, NULL, &child,
|
|
Daniel P. Berrange |
e3a592 |
pipefd[0], NULL, NULL, VIR_EXEC_NONE);
|
|
Daniel P. Berrange |
e3a592 |
} else if (fn) {
|
|
Daniel P. Berrange |
e3a592 |
const char *const argv[] = {
|
|
Daniel P. Berrange |
e3a592 |
- VIRT_AA_HELPER, "-r", "-u", profile, "-f", fn, NULL
|
|
Daniel P. Berrange |
e3a592 |
+ VIRT_AA_HELPER, "-p", probe, "-r", "-u", profile, "-f", fn, NULL
|
|
Daniel P. Berrange |
e3a592 |
};
|
|
Daniel P. Berrange |
e3a592 |
ret = virExec(argv, NULL, NULL, &child,
|
|
Daniel P. Berrange |
e3a592 |
pipefd[0], NULL, NULL, VIR_EXEC_NONE);
|
|
Daniel P. Berrange |
e3a592 |
} else {
|
|
Daniel P. Berrange |
e3a592 |
const char *const argv[] = {
|
|
Daniel P. Berrange |
e3a592 |
- VIRT_AA_HELPER, "-r", "-u", profile, NULL
|
|
Daniel P. Berrange |
e3a592 |
+ VIRT_AA_HELPER, "-p", probe, "-r", "-u", profile, NULL
|
|
Daniel P. Berrange |
e3a592 |
};
|
|
Daniel P. Berrange |
e3a592 |
ret = virExec(argv, NULL, NULL, &child,
|
|
Daniel P. Berrange |
e3a592 |
pipefd[0], NULL, NULL, VIR_EXEC_NONE);
|
|
Daniel P. Berrange |
e3a592 |
@@ -347,9 +349,11 @@ AppArmorSecurityDriverProbe(void)
|
|
Daniel P. Berrange |
e3a592 |
* currently not used.
|
|
Daniel P. Berrange |
e3a592 |
*/
|
|
Daniel P. Berrange |
e3a592 |
static int
|
|
Daniel P. Berrange |
e3a592 |
-AppArmorSecurityDriverOpen(virSecurityDriverPtr drv)
|
|
Daniel P. Berrange |
e3a592 |
+AppArmorSecurityDriverOpen(virSecurityDriverPtr drv,
|
|
Daniel P. Berrange |
e3a592 |
+ bool allowDiskFormatProbing)
|
|
Daniel P. Berrange |
e3a592 |
{
|
|
Daniel P. Berrange |
e3a592 |
virSecurityDriverSetDOI(drv, SECURITY_APPARMOR_VOID_DOI);
|
|
Daniel P. Berrange |
e3a592 |
+ virSecurityDriverSetAllowDiskFormatProbing(drv, allowDiskFormatProbing);
|
|
Daniel P. Berrange |
e3a592 |
return 0;
|
|
Daniel P. Berrange |
e3a592 |
}
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
diff --git a/src/security/security_driver.c b/src/security/security_driver.c
|
|
Daniel P. Berrange |
e3a592 |
index aac9f78..9e32fa4 100644
|
|
Daniel P. Berrange |
e3a592 |
--- a/src/security/security_driver.c
|
|
Daniel P. Berrange |
e3a592 |
+++ b/src/security/security_driver.c
|
|
Daniel P. Berrange |
e3a592 |
@@ -56,7 +56,8 @@ virSecurityDriverVerify(virDomainDefPtr def)
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
int
|
|
Daniel P. Berrange |
e3a592 |
virSecurityDriverStartup(virSecurityDriverPtr *drv,
|
|
Daniel P. Berrange |
e3a592 |
- const char *name)
|
|
Daniel P. Berrange |
e3a592 |
+ const char *name,
|
|
Daniel P. Berrange |
e3a592 |
+ bool allowDiskFormatProbing)
|
|
Daniel P. Berrange |
e3a592 |
{
|
|
Daniel P. Berrange |
e3a592 |
unsigned int i;
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
@@ -72,7 +73,7 @@ virSecurityDriverStartup(virSecurityDriverPtr *drv,
|
|
Daniel P. Berrange |
e3a592 |
switch (tmp->probe()) {
|
|
Daniel P. Berrange |
e3a592 |
case SECURITY_DRIVER_ENABLE:
|
|
Daniel P. Berrange |
e3a592 |
virSecurityDriverInit(tmp);
|
|
Daniel P. Berrange |
e3a592 |
- if (tmp->open(tmp) == -1) {
|
|
Daniel P. Berrange |
e3a592 |
+ if (tmp->open(tmp, allowDiskFormatProbing) == -1) {
|
|
Daniel P. Berrange |
e3a592 |
return -1;
|
|
Daniel P. Berrange |
e3a592 |
} else {
|
|
Daniel P. Berrange |
e3a592 |
*drv = tmp;
|
|
Daniel P. Berrange |
e3a592 |
@@ -125,3 +126,14 @@ virSecurityDriverGetModel(virSecurityDriverPtr drv)
|
|
Daniel P. Berrange |
e3a592 |
{
|
|
Daniel P. Berrange |
e3a592 |
return drv->name;
|
|
Daniel P. Berrange |
e3a592 |
}
|
|
Daniel P. Berrange |
e3a592 |
+
|
|
Daniel P. Berrange |
e3a592 |
+void virSecurityDriverSetAllowDiskFormatProbing(virSecurityDriverPtr drv,
|
|
Daniel P. Berrange |
e3a592 |
+ bool allowDiskFormatProbing)
|
|
Daniel P. Berrange |
e3a592 |
+{
|
|
Daniel P. Berrange |
e3a592 |
+ drv->_private.allowDiskFormatProbing = allowDiskFormatProbing;
|
|
Daniel P. Berrange |
e3a592 |
+}
|
|
Daniel P. Berrange |
e3a592 |
+
|
|
Daniel P. Berrange |
e3a592 |
+bool virSecurityDriverGetAllowDiskFormatProbing(virSecurityDriverPtr drv)
|
|
Daniel P. Berrange |
e3a592 |
+{
|
|
Daniel P. Berrange |
e3a592 |
+ return drv->_private.allowDiskFormatProbing;
|
|
Daniel P. Berrange |
e3a592 |
+}
|
|
Daniel P. Berrange |
e3a592 |
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
|
|
Daniel P. Berrange |
e3a592 |
index 61c9eb0..d768f32 100644
|
|
Daniel P. Berrange |
e3a592 |
--- a/src/security/security_driver.h
|
|
Daniel P. Berrange |
e3a592 |
+++ b/src/security/security_driver.h
|
|
Daniel P. Berrange |
e3a592 |
@@ -33,7 +33,8 @@ typedef struct _virSecurityDriverState virSecurityDriverState;
|
|
Daniel P. Berrange |
e3a592 |
typedef virSecurityDriverState *virSecurityDriverStatePtr;
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
typedef virSecurityDriverStatus (*virSecurityDriverProbe) (void);
|
|
Daniel P. Berrange |
e3a592 |
-typedef int (*virSecurityDriverOpen) (virSecurityDriverPtr drv);
|
|
Daniel P. Berrange |
e3a592 |
+typedef int (*virSecurityDriverOpen) (virSecurityDriverPtr drv,
|
|
Daniel P. Berrange |
e3a592 |
+ bool allowDiskFormatProbing);
|
|
Daniel P. Berrange |
e3a592 |
typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityDriverPtr drv,
|
|
Daniel P. Berrange |
e3a592 |
virDomainObjPtr vm,
|
|
Daniel P. Berrange |
e3a592 |
virDomainDiskDefPtr disk);
|
|
Daniel P. Berrange |
e3a592 |
@@ -102,12 +103,14 @@ struct _virSecurityDriver {
|
|
Daniel P. Berrange |
e3a592 |
*/
|
|
Daniel P. Berrange |
e3a592 |
struct {
|
|
Daniel P. Berrange |
e3a592 |
char doi[VIR_SECURITY_DOI_BUFLEN];
|
|
Daniel P. Berrange |
e3a592 |
+ bool allowDiskFormatProbing;
|
|
Daniel P. Berrange |
e3a592 |
} _private;
|
|
Daniel P. Berrange |
e3a592 |
};
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
/* Global methods */
|
|
Daniel P. Berrange |
e3a592 |
int virSecurityDriverStartup(virSecurityDriverPtr *drv,
|
|
Daniel P. Berrange |
e3a592 |
- const char *name);
|
|
Daniel P. Berrange |
e3a592 |
+ const char *name,
|
|
Daniel P. Berrange |
e3a592 |
+ bool allowDiskFormatProbing);
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
int
|
|
Daniel P. Berrange |
e3a592 |
virSecurityDriverVerify(virDomainDefPtr def);
|
|
Daniel P. Berrange |
e3a592 |
@@ -120,7 +123,10 @@ virSecurityDriverVerify(virDomainDefPtr def);
|
|
Daniel P. Berrange |
e3a592 |
void virSecurityDriverInit(virSecurityDriverPtr drv);
|
|
Daniel P. Berrange |
e3a592 |
int virSecurityDriverSetDOI(virSecurityDriverPtr drv,
|
|
Daniel P. Berrange |
e3a592 |
const char *doi);
|
|
Daniel P. Berrange |
e3a592 |
+void virSecurityDriverSetAllowDiskFormatProbing(virSecurityDriverPtr drv,
|
|
Daniel P. Berrange |
e3a592 |
+ bool allowDiskFormatProbing);
|
|
Daniel P. Berrange |
e3a592 |
const char *virSecurityDriverGetDOI(virSecurityDriverPtr drv);
|
|
Daniel P. Berrange |
e3a592 |
const char *virSecurityDriverGetModel(virSecurityDriverPtr drv);
|
|
Daniel P. Berrange |
e3a592 |
+bool virSecurityDriverGetAllowDiskFormatProbing(virSecurityDriverPtr drv);
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
#endif /* __VIR_SECURITY_H__ */
|
|
Daniel P. Berrange |
e3a592 |
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
|
|
Daniel P. Berrange |
e3a592 |
index cc3812b..a9dd836 100644
|
|
Daniel P. Berrange |
e3a592 |
--- a/src/security/security_selinux.c
|
|
Daniel P. Berrange |
e3a592 |
+++ b/src/security/security_selinux.c
|
|
Daniel P. Berrange |
e3a592 |
@@ -266,13 +266,15 @@ SELinuxSecurityDriverProbe(void)
|
|
Daniel P. Berrange |
e3a592 |
}
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
static int
|
|
Daniel P. Berrange |
e3a592 |
-SELinuxSecurityDriverOpen(virSecurityDriverPtr drv)
|
|
Daniel P. Berrange |
e3a592 |
+SELinuxSecurityDriverOpen(virSecurityDriverPtr drv,
|
|
Daniel P. Berrange |
e3a592 |
+ bool allowDiskFormatProbing)
|
|
Daniel P. Berrange |
e3a592 |
{
|
|
Daniel P. Berrange |
e3a592 |
/*
|
|
Daniel P. Berrange |
e3a592 |
* Where will the DOI come from? SELinux configuration, or qemu
|
|
Daniel P. Berrange |
e3a592 |
* configuration? For the moment, we'll just set it to "0".
|
|
Daniel P. Berrange |
e3a592 |
*/
|
|
Daniel P. Berrange |
e3a592 |
virSecurityDriverSetDOI(drv, SECURITY_SELINUX_VOID_DOI);
|
|
Daniel P. Berrange |
e3a592 |
+ virSecurityDriverSetAllowDiskFormatProbing(drv, allowDiskFormatProbing);
|
|
Daniel P. Berrange |
e3a592 |
return SELinuxInitialize();
|
|
Daniel P. Berrange |
e3a592 |
}
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
@@ -467,18 +469,19 @@ SELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
|
|
Daniel P. Berrange |
e3a592 |
}
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
static int
|
|
Daniel P. Berrange |
e3a592 |
-SELinuxSetSecurityImageLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
|
Daniel P. Berrange |
e3a592 |
+SELinuxSetSecurityImageLabel(virSecurityDriverPtr drv,
|
|
Daniel P. Berrange |
e3a592 |
virDomainObjPtr vm,
|
|
Daniel P. Berrange |
e3a592 |
virDomainDiskDefPtr disk)
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
{
|
|
Daniel P. Berrange |
e3a592 |
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
|
|
Daniel P. Berrange |
e3a592 |
+ bool allowDiskFormatProbing = virSecurityDriverGetAllowDiskFormatProbing(drv);
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC)
|
|
Daniel P. Berrange |
e3a592 |
return 0;
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
return virDomainDiskDefForeachPath(disk,
|
|
Daniel P. Berrange |
e3a592 |
- true,
|
|
Daniel P. Berrange |
e3a592 |
+ allowDiskFormatProbing,
|
|
Daniel P. Berrange |
e3a592 |
false,
|
|
Daniel P. Berrange |
e3a592 |
SELinuxSetSecurityFileLabel,
|
|
Daniel P. Berrange |
e3a592 |
secdef);
|
|
Daniel P. Berrange |
e3a592 |
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
|
|
Daniel P. Berrange |
e3a592 |
index 9ed0cd3..521545d 100644
|
|
Daniel P. Berrange |
e3a592 |
--- a/src/security/virt-aa-helper.c
|
|
Daniel P. Berrange |
e3a592 |
+++ b/src/security/virt-aa-helper.c
|
|
Daniel P. Berrange |
e3a592 |
@@ -40,6 +40,7 @@
|
|
Daniel P. Berrange |
e3a592 |
static char *progname;
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
typedef struct {
|
|
Daniel P. Berrange |
e3a592 |
+ bool allowDiskFormatProbing;
|
|
Daniel P. Berrange |
e3a592 |
char uuid[PROFILE_NAME_SIZE]; /* UUID of vm */
|
|
Daniel P. Berrange |
e3a592 |
bool dryrun; /* dry run */
|
|
Daniel P. Berrange |
e3a592 |
char cmd; /* 'c' create
|
|
Daniel P. Berrange |
e3a592 |
@@ -844,7 +845,7 @@ get_files(vahControl * ctl)
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
for (i = 0; i < ctl->def->ndisks; i++) {
|
|
Daniel P. Berrange |
e3a592 |
int ret = virDomainDiskDefForeachPath(ctl->def->disks[i],
|
|
Daniel P. Berrange |
e3a592 |
- true,
|
|
Daniel P. Berrange |
e3a592 |
+ ctl->allowDiskFormatProbing,
|
|
Daniel P. Berrange |
e3a592 |
false,
|
|
Daniel P. Berrange |
e3a592 |
add_file_path,
|
|
Daniel P. Berrange |
e3a592 |
&buf;;
|
|
Daniel P. Berrange |
e3a592 |
@@ -943,6 +944,7 @@ vahParseArgv(vahControl * ctl, int argc, char **argv)
|
|
Daniel P. Berrange |
e3a592 |
{
|
|
Daniel P. Berrange |
e3a592 |
int arg, idx = 0;
|
|
Daniel P. Berrange |
e3a592 |
struct option opt[] = {
|
|
Daniel P. Berrange |
e3a592 |
+ {"probing", 1, 0, 'p' },
|
|
Daniel P. Berrange |
e3a592 |
{"add", 0, 0, 'a'},
|
|
Daniel P. Berrange |
e3a592 |
{"create", 0, 0, 'c'},
|
|
Daniel P. Berrange |
e3a592 |
{"dryrun", 0, 0, 'd'},
|
|
Daniel P. Berrange |
e3a592 |
@@ -991,6 +993,12 @@ vahParseArgv(vahControl * ctl, int argc, char **argv)
|
|
Daniel P. Berrange |
e3a592 |
PROFILE_NAME_SIZE) == NULL)
|
|
Daniel P. Berrange |
e3a592 |
vah_error(ctl, 1, "error copying UUID");
|
|
Daniel P. Berrange |
e3a592 |
break;
|
|
Daniel P. Berrange |
e3a592 |
+ case 'p':
|
|
Daniel P. Berrange |
e3a592 |
+ if (STREQ(optarg, "1"))
|
|
Daniel P. Berrange |
e3a592 |
+ ctl->allowDiskFormatProbing = true;
|
|
Daniel P. Berrange |
e3a592 |
+ else
|
|
Daniel P. Berrange |
e3a592 |
+ ctl->allowDiskFormatProbing = false;
|
|
Daniel P. Berrange |
e3a592 |
+ break;
|
|
Daniel P. Berrange |
e3a592 |
default:
|
|
Daniel P. Berrange |
e3a592 |
vah_error(ctl, 1, "unsupported option");
|
|
Daniel P. Berrange |
e3a592 |
break;
|
|
Daniel P. Berrange |
e3a592 |
diff --git a/tests/seclabeltest.c b/tests/seclabeltest.c
|
|
Daniel P. Berrange |
e3a592 |
index 26d1f86..ef3f026 100644
|
|
Daniel P. Berrange |
e3a592 |
--- a/tests/seclabeltest.c
|
|
Daniel P. Berrange |
e3a592 |
+++ b/tests/seclabeltest.c
|
|
Daniel P. Berrange |
e3a592 |
@@ -15,7 +15,7 @@ main (int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED)
|
|
Daniel P. Berrange |
e3a592 |
const char *doi, *model;
|
|
Daniel P. Berrange |
e3a592 |
virSecurityDriverPtr security_drv;
|
|
Daniel P. Berrange |
e3a592 |
|
|
Daniel P. Berrange |
e3a592 |
- ret = virSecurityDriverStartup (&security_drv, "selinux");
|
|
Daniel P. Berrange |
e3a592 |
+ ret = virSecurityDriverStartup (&security_drv, "selinux", false);
|
|
Daniel P. Berrange |
e3a592 |
if (ret == -1)
|
|
Daniel P. Berrange |
e3a592 |
{
|
|
Daniel P. Berrange |
e3a592 |
fprintf (stderr, "Failed to start security driver");
|
|
Daniel P. Berrange |
e3a592 |
--
|
|
Daniel P. Berrange |
e3a592 |
1.7.1.1
|
|
Daniel P. Berrange |
e3a592 |
|