From 4da534c0b97b74f50ef742079b674f0929a07b46 Mon Sep 17 00:00:00 2001 From: Michal Privoznik Date: Mar 06 2017 07:54:28 +0000 Subject: qemu: Enforce qemuSecurity wrappers Now that we have some qemuSecurity wrappers over virSecurityManager APIs, lets make sure everybody sticks with them. We have them for a reason and calling virSecurityManager API directly instead of wrapper may lead into accidentally labelling a file on the host instead of namespace. Signed-off-by: Michal Privoznik --- diff --git a/cfg.mk b/cfg.mk index aaba61f..bfaea4a 100644 --- a/cfg.mk +++ b/cfg.mk @@ -983,6 +983,11 @@ sc_prohibit_sysconf_pagesize: halt='use virGetSystemPageSize[KB] instead of sysconf(_SC_PAGESIZE)' \ $(_sc_search_regexp) +sc_prohibit_virSecurity: + @grep -Pn 'virSecurityManager(?!Ptr)' $$($(VC_LIST_EXCEPT) | grep '^src/qemu/' | \ + grep -v '^src/qemu/qemu_security') && \ + { echo '$(ME): prefer qemuSecurity wrappers' 1>&2; exit 1; } || : + sc_prohibit_pthread_create: @prohibit='\bpthread_create\b' \ exclude='sc_prohibit_pthread_create' \ diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index f217e2b..d51bab8 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -28,6 +28,7 @@ #include "qemu_capabilities.h" #include "qemu_interface.h" #include "qemu_alias.h" +#include "qemu_security.h" #include "cpu/cpu.h" #include "dirname.h" #include "viralloc.h" @@ -8210,8 +8211,8 @@ qemuBuildInterfaceCommandLine(virQEMUDriverPtr driver, } for (i = 0; i < tapfdSize; i++) { - if (virSecurityManagerSetTapFDLabel(driver->securityManager, - def, tapfd[i]) < 0) + if (qemuSecuritySetTapFDLabel(driver->securityManager, + def, tapfd[i]) < 0) goto cleanup; virCommandPassFD(cmd, tapfd[i], VIR_COMMAND_PASS_FD_CLOSE_PARENT); @@ -8292,7 +8293,7 @@ qemuBuildInterfaceCommandLine(virQEMUDriverPtr driver, /* NOTE: Not using const virDomainDef here since eventually a call is made - * into virSecurityManagerSetTapFDLabel which calls it's driver + * into qemuSecuritySetTapFDLabel which calls it's driver * API domainSetSecurityTapFDLabel that doesn't use the const format. */ static int diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index b5b0645..0a338d7 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -38,6 +38,7 @@ #include "qemu_conf.h" #include "qemu_capabilities.h" #include "qemu_domain.h" +#include "qemu_security.h" #include "viruuid.h" #include "virbuffer.h" #include "virconf.h" @@ -916,7 +917,7 @@ virCapsPtr virQEMUDriverCreateCapabilities(virQEMUDriverPtr driver) } /* access sec drivers and create a sec model for each one */ - if (!(sec_managers = virSecurityManagerGetNested(driver->securityManager))) + if (!(sec_managers = qemuSecurityGetNested(driver->securityManager))) goto error; /* calculate length */ @@ -929,14 +930,14 @@ virCapsPtr virQEMUDriverCreateCapabilities(virQEMUDriverPtr driver) for (i = 0; sec_managers[i]; i++) { virCapsHostSecModelPtr sm = &caps->host.secModels[i]; - doi = virSecurityManagerGetDOI(sec_managers[i]); - model = virSecurityManagerGetModel(sec_managers[i]); + doi = qemuSecurityGetDOI(sec_managers[i]); + model = qemuSecurityGetModel(sec_managers[i]); if (VIR_STRDUP(sm->model, model) < 0 || VIR_STRDUP(sm->doi, doi) < 0) goto error; for (j = 0; j < ARRAY_CARDINALITY(virtTypes); j++) { - lbl = virSecurityManagerGetBaseLabel(sec_managers[i], virtTypes[j]); + lbl = qemuSecurityGetBaseLabel(sec_managers[i], virtTypes[j]); type = virDomainVirtTypeToString(virtTypes[j]); if (lbl && virCapabilitiesHostSecModelAddBaseLabel(sm, type, lbl) < 0) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index c187214..eb60297 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -589,8 +589,8 @@ qemuDomainWriteMasterKeyFile(virQEMUDriverPtr driver, goto cleanup; } - if (virSecurityManagerDomainSetPathLabel(driver->securityManager, - vm->def, path) < 0) + if (qemuSecurityDomainSetPathLabel(driver->securityManager, + vm->def, path) < 0) goto cleanup; ret = 0; @@ -2689,7 +2689,7 @@ qemuDomainDefPostParse(virDomainDefPtr def, if (qemuDomainRecheckInternalPaths(def, cfg, parseFlags) < 0) goto cleanup; - if (virSecurityManagerVerify(driver->securityManager, def) < 0) + if (qemuSecurityVerify(driver->securityManager, def) < 0) goto cleanup; if (qemuDomainDefVcpusPostParse(def) < 0) @@ -7341,8 +7341,7 @@ qemuDomainSetupDev(virQEMUDriverConfigPtr cfg, VIR_DEBUG("Setting up /dev/ for domain %s", vm->def->name); - mount_options = virSecurityManagerGetMountOptions(mgr, - vm->def); + mount_options = qemuSecurityGetMountOptions(mgr, vm->def); if (!mount_options && VIR_STRDUP(mount_options, "") < 0) @@ -7816,7 +7815,7 @@ qemuDomainAttachDeviceMknodHelper(pid_t pid ATTRIBUTE_UNUSED, bool delDevice = false; bool isLink = S_ISLNK(data->sb.st_mode); - virSecurityManagerPostFork(data->driver->securityManager); + qemuSecurityPostFork(data->driver->securityManager); if (virFileMakeParentPath(data->file) < 0) { virReportSystemError(errno, @@ -7978,16 +7977,16 @@ qemuDomainAttachDeviceMknodRecursive(virQEMUDriverPtr driver, #endif if (STRPREFIX(file, DEVPREFIX)) { - if (virSecurityManagerPreFork(driver->securityManager) < 0) + if (qemuSecurityPreFork(driver->securityManager) < 0) goto cleanup; if (virProcessRunInMountNamespace(vm->pid, qemuDomainAttachDeviceMknodHelper, &data) < 0) { - virSecurityManagerPostFork(driver->securityManager); + qemuSecurityPostFork(driver->securityManager); goto cleanup; } - virSecurityManagerPostFork(driver->securityManager); + qemuSecurityPostFork(driver->securityManager); } if (isLink && diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 77d8175..d4807ba 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -405,26 +405,26 @@ qemuSecurityInit(virQEMUDriverPtr driver) cfg->securityDriverNames[0]) { names = cfg->securityDriverNames; while (names && *names) { - if (!(mgr = virSecurityManagerNew(*names, - QEMU_DRIVER_NAME, - flags))) + if (!(mgr = qemuSecurityNew(*names, + QEMU_DRIVER_NAME, + flags))) goto error; if (!stack) { - if (!(stack = virSecurityManagerNewStack(mgr))) + if (!(stack = qemuSecurityNewStack(mgr))) goto error; } else { - if (virSecurityManagerStackAddNested(stack, mgr) < 0) + if (qemuSecurityStackAddNested(stack, mgr) < 0) goto error; } mgr = NULL; names++; } } else { - if (!(mgr = virSecurityManagerNew(NULL, - QEMU_DRIVER_NAME, - flags))) + if (!(mgr = qemuSecurityNew(NULL, + QEMU_DRIVER_NAME, + flags))) goto error; - if (!(stack = virSecurityManagerNewStack(mgr))) + if (!(stack = qemuSecurityNewStack(mgr))) goto error; mgr = NULL; } @@ -432,17 +432,17 @@ qemuSecurityInit(virQEMUDriverPtr driver) if (virQEMUDriverIsPrivileged(driver)) { if (cfg->dynamicOwnership) flags |= VIR_SECURITY_MANAGER_DYNAMIC_OWNERSHIP; - if (!(mgr = virSecurityManagerNewDAC(QEMU_DRIVER_NAME, - cfg->user, - cfg->group, - flags, - qemuSecurityChownCallback))) + if (!(mgr = qemuSecurityNewDAC(QEMU_DRIVER_NAME, + cfg->user, + cfg->group, + flags, + qemuSecurityChownCallback))) goto error; if (!stack) { - if (!(stack = virSecurityManagerNewStack(mgr))) + if (!(stack = qemuSecurityNewStack(mgr))) goto error; } else { - if (virSecurityManagerStackAddNested(stack, mgr) < 0) + if (qemuSecurityStackAddNested(stack, mgr) < 0) goto error; } mgr = NULL; @@ -3088,7 +3088,7 @@ qemuDomainSaveMemory(virQEMUDriverPtr driver, if (fd < 0) goto cleanup; - if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def, fd) < 0) + if (qemuSecuritySetImageFDLabel(driver->securityManager, vm->def, fd) < 0) goto cleanup; if (!(wrapperFd = virFileWrapperFdNew(&fd, path, wrapperFlags))) @@ -3553,8 +3553,7 @@ static int qemuDumpToFd(virQEMUDriverPtr driver, virDomainObjPtr vm, return -1; } - if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def, - fd) < 0) + if (qemuSecuritySetImageFDLabel(driver->securityManager, vm->def, fd) < 0) return -1; VIR_FREE(priv->job.current); @@ -3846,7 +3845,7 @@ qemuDomainScreenshot(virDomainPtr dom, } unlink_tmp = true; - virSecurityManagerSetSavedStateLabel(driver->securityManager, vm->def, tmp); + qemuSecuritySetSavedStateLabel(driver->securityManager, vm->def, tmp); qemuDomainObjEnterMonitor(driver, vm); if (qemuMonitorScreendump(priv->mon, tmp) < 0) { @@ -5948,8 +5947,8 @@ static int qemuDomainGetSecurityLabel(virDomainPtr dom, virSecurityLabelPtr secl * QEMU monitor hasn't seen SIGHUP/ERR on poll(). */ if (virDomainObjIsActive(vm)) { - if (virSecurityManagerGetProcessLabel(driver->securityManager, - vm->def, vm->pid, seclabel) < 0) { + if (qemuSecurityGetProcessLabel(driver->securityManager, + vm->def, vm->pid, seclabel) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Failed to get security label")); goto cleanup; @@ -5993,8 +5992,7 @@ static int qemuDomainGetSecurityLabelList(virDomainPtr dom, ret = 0; } else { int len = 0; - virSecurityManagerPtr* mgrs = virSecurityManagerGetNested( - driver->securityManager); + virSecurityManagerPtr* mgrs = qemuSecurityGetNested(driver->securityManager); if (!mgrs) goto cleanup; @@ -6010,8 +6008,8 @@ static int qemuDomainGetSecurityLabelList(virDomainPtr dom, /* Fill the array */ for (i = 0; i < len; i++) { - if (virSecurityManagerGetProcessLabel(mgrs[i], vm->def, vm->pid, - &(*seclabels)[i]) < 0) { + if (qemuSecurityGetProcessLabel(mgrs[i], vm->def, vm->pid, + &(*seclabels)[i]) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Failed to get security label")); VIR_FREE(mgrs); @@ -6389,8 +6387,8 @@ qemuDomainSaveImageStartVM(virConnectPtr conn, cleanup: virCommandFree(cmd); VIR_FREE(errbuf); - if (virSecurityManagerRestoreSavedStateLabel(driver->securityManager, - vm->def, path) < 0) + if (qemuSecurityRestoreSavedStateLabel(driver->securityManager, + vm->def, path) < 0) VIR_WARN("failed to restore save state label on %s", path); virObjectUnref(cfg); return ret; @@ -11216,7 +11214,7 @@ qemuDomainMemoryPeek(virDomainPtr dom, goto endjob; } - virSecurityManagerSetSavedStateLabel(driver->securityManager, vm->def, tmp); + qemuSecuritySetSavedStateLabel(driver->securityManager, vm->def, tmp); priv = vm->privateData; qemuDomainObjEnterMonitor(driver, vm); @@ -17087,8 +17085,7 @@ qemuDomainOpenGraphics(virDomainPtr dom, goto endjob; } - if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def, - fd) < 0) + if (qemuSecuritySetImageFDLabel(driver->securityManager, vm->def, fd) < 0) goto endjob; qemuDomainObjEnterMonitor(driver, vm); @@ -17152,13 +17149,13 @@ qemuDomainOpenGraphicsFD(virDomainPtr dom, goto cleanup; } - if (virSecurityManagerSetSocketLabel(driver->securityManager, vm->def) < 0) + if (qemuSecuritySetSocketLabel(driver->securityManager, vm->def) < 0) goto cleanup; if (socketpair(PF_UNIX, SOCK_STREAM, 0, pair) < 0) goto cleanup; - if (virSecurityManagerClearSocketLabel(driver->securityManager, vm->def) < 0) + if (qemuSecurityClearSocketLabel(driver->securityManager, vm->def) < 0) goto cleanup; if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 0c08856..5ce3c11 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -1137,8 +1137,8 @@ qemuDomainAttachNetDevice(virQEMUDriverPtr driver, } for (i = 0; i < tapfdSize; i++) { - if (virSecurityManagerSetTapFDLabel(driver->securityManager, - vm->def, tapfd[i]) < 0) + if (qemuSecuritySetTapFDLabel(driver->securityManager, + vm->def, tapfd[i]) < 0) goto cleanup; } diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index 0db1616..f5711bc 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -40,6 +40,7 @@ #include "qemu_cgroup.h" #include "qemu_hotplug.h" #include "qemu_blockjob.h" +#include "qemu_security.h" #include "domain_audit.h" #include "virlog.h" @@ -4597,7 +4598,7 @@ qemuMigrationConnect(virQEMUDriverPtr driver, spec->destType = MIGRATION_DEST_FD; spec->dest.fd.qemu = -1; - if (virSecurityManagerSetSocketLabel(driver->securityManager, vm->def) < 0) + if (qemuSecuritySetSocketLabel(driver->securityManager, vm->def) < 0) goto cleanup; if (virNetSocketNewConnectTCP(host, port, AF_UNSPEC, @@ -4605,7 +4606,7 @@ qemuMigrationConnect(virQEMUDriverPtr driver, spec->dest.fd.qemu = virNetSocketDupFD(sock, true); virObjectUnref(sock); } - if (virSecurityManagerClearSocketLabel(driver->securityManager, vm->def) < 0 || + if (qemuSecurityClearSocketLabel(driver->securityManager, vm->def) < 0 || spec->dest.fd.qemu == -1) goto cleanup; @@ -5076,8 +5077,8 @@ static int doTunnelMigrate(virQEMUDriverPtr driver, spec.dest.fd.local = fds[0]; } if (spec.dest.fd.qemu == -1 || - virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def, - spec.dest.fd.qemu) < 0) { + qemuSecuritySetImageFDLabel(driver->securityManager, vm->def, + spec.dest.fd.qemu) < 0) { virReportSystemError(errno, "%s", _("cannot create pipe for tunnelled migration")); goto cleanup; @@ -6463,8 +6464,8 @@ qemuMigrationToFile(virQEMUDriverPtr driver, virDomainObjPtr vm, * doesn't have to open() the file, so while we still have to * grant SELinux access, we can do it on fd and avoid cleanup * later, as well as skip futzing with cgroup. */ - if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def, - compressor ? pipeFD[1] : fd) < 0) + if (qemuSecuritySetImageFDLabel(driver->securityManager, vm->def, + compressor ? pipeFD[1] : fd) < 0) goto cleanup; if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 68378c9..78d1009 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -221,8 +221,7 @@ qemuConnectAgent(virQEMUDriverPtr driver, virDomainObjPtr vm) return 0; } - if (virSecurityManagerSetDaemonSocketLabel(driver->securityManager, - vm->def) < 0) { + if (qemuSecuritySetDaemonSocketLabel(driver->securityManager, vm->def) < 0) { VIR_ERROR(_("Failed to set security context for agent for %s"), vm->def->name); goto cleanup; @@ -250,8 +249,7 @@ qemuConnectAgent(virQEMUDriverPtr driver, virDomainObjPtr vm) return -1; } - if (virSecurityManagerClearSocketLabel(driver->securityManager, - vm->def) < 0) { + if (qemuSecurityClearSocketLabel(driver->securityManager, vm->def) < 0) { VIR_ERROR(_("Failed to clear security context for agent for %s"), vm->def->name); qemuAgentClose(agent); @@ -1657,8 +1655,7 @@ qemuConnectMonitor(virQEMUDriverPtr driver, virDomainObjPtr vm, int asyncJob, int ret = -1; qemuMonitorPtr mon = NULL; - if (virSecurityManagerSetDaemonSocketLabel(driver->securityManager, - vm->def) < 0) { + if (qemuSecuritySetDaemonSocketLabel(driver->securityManager, vm->def) < 0) { VIR_ERROR(_("Failed to set security context for monitor for %s"), vm->def->name); return -1; @@ -1695,7 +1692,7 @@ qemuConnectMonitor(virQEMUDriverPtr driver, virDomainObjPtr vm, int asyncJob, } priv->mon = mon; - if (virSecurityManagerClearSocketLabel(driver->securityManager, vm->def) < 0) { + if (qemuSecurityClearSocketLabel(driver->securityManager, vm->def) < 0) { VIR_ERROR(_("Failed to clear security context for monitor for %s"), vm->def->name); return -1; @@ -2611,7 +2608,7 @@ static int qemuProcessHook(void *data) * protected across fork() */ - virSecurityManagerPostFork(h->driver->securityManager); + qemuSecurityPostFork(h->driver->securityManager); /* Some later calls want pid present */ h->vm->pid = getpid(); @@ -2624,7 +2621,7 @@ static int qemuProcessHook(void *data) * sockets the lock driver opens that we don't want * labelled. So far we're ok though. */ - if (virSecurityManagerSetSocketLabel(h->driver->securityManager, h->vm->def) < 0) + if (qemuSecuritySetSocketLabel(h->driver->securityManager, h->vm->def) < 0) goto cleanup; if (virDomainLockProcessStart(h->driver->lockManager, h->cfg->uri, @@ -2633,7 +2630,7 @@ static int qemuProcessHook(void *data) true, &fd) < 0) goto cleanup; - if (virSecurityManagerClearSocketLabel(h->driver->securityManager, h->vm->def) < 0) + if (qemuSecurityClearSocketLabel(h->driver->securityManager, h->vm->def) < 0) goto cleanup; if (qemuDomainBuildNamespace(h->cfg, h->driver->securityManager, h->vm) < 0) @@ -3233,8 +3230,8 @@ qemuProcessBuildDestroyHugepagesPath(virQEMUDriverPtr driver, goto cleanup; } - if (virSecurityManagerDomainSetPathLabel(driver->securityManager, - vm->def, hugepagePath) < 0) { + if (qemuSecurityDomainSetPathLabel(driver->securityManager, + vm->def, hugepagePath) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Unable to set huge path in security driver")); goto cleanup; @@ -3410,13 +3407,13 @@ qemuProcessReconnect(void *opaque) /* if domain requests security driver we haven't loaded, report error, but * do not kill the domain */ - ignore_value(virSecurityManagerCheckAllLabel(driver->securityManager, - obj->def)); + ignore_value(qemuSecurityCheckAllLabel(driver->securityManager, + obj->def)); if (qemuDomainRefreshVcpuInfo(driver, obj, QEMU_ASYNC_JOB_NONE, true) < 0) goto error; - if (virSecurityManagerReserveLabel(driver->securityManager, obj->def, obj->pid) < 0) + if (qemuSecurityReserveLabel(driver->securityManager, obj->def, obj->pid) < 0) goto error; if (qemuProcessNotifyNets(obj->def) < 0) @@ -4423,8 +4420,8 @@ qemuProcessMakeDir(virQEMUDriverPtr driver, goto cleanup; } - if (virSecurityManagerDomainSetPathLabel(driver->securityManager, - vm->def, path) < 0) + if (qemuSecurityDomainSetPathLabel(driver->securityManager, + vm->def, path) < 0) goto cleanup; ret = 0; @@ -4670,7 +4667,7 @@ qemuProcessStartValidate(virQEMUDriverPtr driver, } VIR_DEBUG("Checking domain and device security labels"); - if (virSecurityManagerCheckAllLabel(driver->securityManager, vm->def) < 0) + if (qemuSecurityCheckAllLabel(driver->securityManager, vm->def) < 0) return -1; } @@ -5237,7 +5234,7 @@ qemuProcessPrepareDomain(virConnectPtr conn, /* If you are using a SecurityDriver with dynamic labelling, then generate a security label for isolation */ VIR_DEBUG("Generating domain security label (if required)"); - if (virSecurityManagerGenLabel(driver->securityManager, vm->def) < 0) { + if (qemuSecurityGenLabel(driver->securityManager, vm->def) < 0) { virDomainAuditSecurityLabel(vm, false); goto cleanup; } @@ -5548,8 +5545,8 @@ qemuProcessLaunch(virConnectPtr conn, virCommandSetUmask(cmd, 0x002); VIR_DEBUG("Setting up security labelling"); - if (virSecurityManagerSetChildProcessLabel(driver->securityManager, - vm->def, cmd) < 0) + if (qemuSecuritySetChildProcessLabel(driver->securityManager, + vm->def, cmd) < 0) goto cleanup; virCommandSetOutputFD(cmd, &logfile); @@ -5559,10 +5556,10 @@ qemuProcessLaunch(virConnectPtr conn, virCommandDaemonize(cmd); virCommandRequireHandshake(cmd); - if (virSecurityManagerPreFork(driver->securityManager) < 0) + if (qemuSecurityPreFork(driver->securityManager) < 0) goto cleanup; rv = virCommandRun(cmd, NULL); - virSecurityManagerPostFork(driver->securityManager); + qemuSecurityPostFork(driver->securityManager); /* wait for qemu process to show up */ if (rv == 0) { @@ -5639,8 +5636,8 @@ qemuProcessLaunch(virConnectPtr conn, goto cleanup; } if (S_ISFIFO(stdin_sb.st_mode) && - virSecurityManagerSetImageFDLabel(driver->securityManager, - vm->def, incoming->fd) < 0) + qemuSecuritySetImageFDLabel(driver->securityManager, + vm->def, incoming->fd) < 0) goto cleanup; } @@ -6157,7 +6154,7 @@ void qemuProcessStop(virQEMUDriverPtr driver, qemuSecurityRestoreAllLabel(driver, vm, !!(flags & VIR_QEMU_PROCESS_STOP_MIGRATED)); - virSecurityManagerReleaseLabel(driver->securityManager, vm->def); + qemuSecurityReleaseLabel(driver->securityManager, vm->def); for (i = 0; i < vm->def->ndisks; i++) { virDomainDeviceDef dev; @@ -6401,13 +6398,13 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED, vm->pid = pid; VIR_DEBUG("Detect security driver config"); - sec_managers = virSecurityManagerGetNested(driver->securityManager); + sec_managers = qemuSecurityGetNested(driver->securityManager); if (sec_managers == NULL) goto error; for (i = 0; sec_managers[i]; i++) { seclabelgen = false; - model = virSecurityManagerGetModel(sec_managers[i]); + model = qemuSecurityGetModel(sec_managers[i]); seclabeldef = virDomainDefGetSecurityLabelDef(vm->def, model); if (seclabeldef == NULL) { if (!(seclabeldef = virSecurityLabelDefNew(model))) @@ -6417,8 +6414,8 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED, seclabeldef->type = VIR_DOMAIN_SECLABEL_STATIC; if (VIR_ALLOC(seclabel) < 0) goto error; - if (virSecurityManagerGetProcessLabel(sec_managers[i], - vm->def, vm->pid, seclabel) < 0) + if (qemuSecurityGetProcessLabel(sec_managers[i], vm->def, + vm->pid, seclabel) < 0) goto error; if (VIR_STRDUP(seclabeldef->model, model) < 0) @@ -6435,9 +6432,9 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED, } } - if (virSecurityManagerCheckAllLabel(driver->securityManager, vm->def) < 0) + if (qemuSecurityCheckAllLabel(driver->securityManager, vm->def) < 0) goto error; - if (virSecurityManagerGenLabel(driver->securityManager, vm->def) < 0) + if (qemuSecurityGenLabel(driver->securityManager, vm->def) < 0) goto error; if (qemuDomainPerfRestart(vm) < 0) diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h index 5463890..d86db3f 100644 --- a/src/qemu/qemu_security.h +++ b/src/qemu/qemu_security.h @@ -28,6 +28,7 @@ # include "qemu_conf.h" # include "domain_conf.h" +# include "security/security_manager.h" int qemuSecuritySetAllLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, @@ -60,4 +61,35 @@ int qemuSecuritySetHostdevLabel(virQEMUDriverPtr driver, int qemuSecurityRestoreHostdevLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, virDomainHostdevDefPtr hostdev); + +/* Please note that for these APIs there is no wrapper yet. Do NOT blindly add + * new APIs here. If an API can touch a /dev file add a proper wrapper instead. + */ +# define qemuSecurityCheckAllLabel virSecurityManagerCheckAllLabel +# define qemuSecurityClearSocketLabel virSecurityManagerClearSocketLabel +# define qemuSecurityDomainSetPathLabel virSecurityManagerDomainSetPathLabel +# define qemuSecurityGenLabel virSecurityManagerGenLabel +# define qemuSecurityGetBaseLabel virSecurityManagerGetBaseLabel +# define qemuSecurityGetDOI virSecurityManagerGetDOI +# define qemuSecurityGetModel virSecurityManagerGetModel +# define qemuSecurityGetMountOptions virSecurityManagerGetMountOptions +# define qemuSecurityGetNested virSecurityManagerGetNested +# define qemuSecurityGetProcessLabel virSecurityManagerGetProcessLabel +# define qemuSecurityNew virSecurityManagerNew +# define qemuSecurityNewDAC virSecurityManagerNewDAC +# define qemuSecurityNewStack virSecurityManagerNewStack +# define qemuSecurityPostFork virSecurityManagerPostFork +# define qemuSecurityPreFork virSecurityManagerPreFork +# define qemuSecurityReleaseLabel virSecurityManagerReleaseLabel +# define qemuSecurityReserveLabel virSecurityManagerReserveLabel +# define qemuSecurityRestoreSavedStateLabel virSecurityManagerRestoreSavedStateLabel +# define qemuSecuritySetChildProcessLabel virSecurityManagerSetChildProcessLabel +# define qemuSecuritySetDaemonSocketLabel virSecurityManagerSetDaemonSocketLabel +# define qemuSecuritySetImageFDLabel virSecurityManagerSetImageFDLabel +# define qemuSecuritySetSavedStateLabel virSecurityManagerSetSavedStateLabel +# define qemuSecuritySetSocketLabel virSecurityManagerSetSocketLabel +# define qemuSecuritySetTapFDLabel virSecurityManagerSetTapFDLabel +# define qemuSecurityStackAddNested virSecurityManagerStackAddNested +# define qemuSecurityVerify virSecurityManagerVerify + #endif /* __QEMU_SECURITY_H__ */