halt='use virGetSystemPageSize[KB] instead of sysconf(_SC_PAGESIZE)' \
$(_sc_search_regexp)
+sc_prohibit_virSecurity:
+ @grep -Pn 'virSecurityManager(?!Ptr)' $$($(VC_LIST_EXCEPT) | grep '^src/qemu/' | \
+ grep -v '^src/qemu/qemu_security') && \
+ { echo '$(ME): prefer qemuSecurity wrappers' 1>&2; exit 1; } || :
+
sc_prohibit_pthread_create:
@prohibit='\bpthread_create\b' \
exclude='sc_prohibit_pthread_create' \
#include "qemu_capabilities.h"
#include "qemu_interface.h"
#include "qemu_alias.h"
+#include "qemu_security.h"
#include "cpu/cpu.h"
#include "dirname.h"
#include "viralloc.h"
}
for (i = 0; i < tapfdSize; i++) {
- if (virSecurityManagerSetTapFDLabel(driver->securityManager,
- def, tapfd[i]) < 0)
+ if (qemuSecuritySetTapFDLabel(driver->securityManager,
+ def, tapfd[i]) < 0)
goto cleanup;
virCommandPassFD(cmd, tapfd[i],
VIR_COMMAND_PASS_FD_CLOSE_PARENT);
/* NOTE: Not using const virDomainDef here since eventually a call is made
- * into virSecurityManagerSetTapFDLabel which calls it's driver
+ * into qemuSecuritySetTapFDLabel which calls it's driver
* API domainSetSecurityTapFDLabel that doesn't use the const format.
*/
static int
#include "qemu_conf.h"
#include "qemu_capabilities.h"
#include "qemu_domain.h"
+#include "qemu_security.h"
#include "viruuid.h"
#include "virbuffer.h"
#include "virconf.h"
}
/* access sec drivers and create a sec model for each one */
- if (!(sec_managers = virSecurityManagerGetNested(driver->securityManager)))
+ if (!(sec_managers = qemuSecurityGetNested(driver->securityManager)))
goto error;
/* calculate length */
for (i = 0; sec_managers[i]; i++) {
virCapsHostSecModelPtr sm = &caps->host.secModels[i];
- doi = virSecurityManagerGetDOI(sec_managers[i]);
- model = virSecurityManagerGetModel(sec_managers[i]);
+ doi = qemuSecurityGetDOI(sec_managers[i]);
+ model = qemuSecurityGetModel(sec_managers[i]);
if (VIR_STRDUP(sm->model, model) < 0 ||
VIR_STRDUP(sm->doi, doi) < 0)
goto error;
for (j = 0; j < ARRAY_CARDINALITY(virtTypes); j++) {
- lbl = virSecurityManagerGetBaseLabel(sec_managers[i], virtTypes[j]);
+ lbl = qemuSecurityGetBaseLabel(sec_managers[i], virtTypes[j]);
type = virDomainVirtTypeToString(virtTypes[j]);
if (lbl &&
virCapabilitiesHostSecModelAddBaseLabel(sm, type, lbl) < 0)
goto cleanup;
}
- if (virSecurityManagerDomainSetPathLabel(driver->securityManager,
- vm->def, path) < 0)
+ if (qemuSecurityDomainSetPathLabel(driver->securityManager,
+ vm->def, path) < 0)
goto cleanup;
ret = 0;
if (qemuDomainRecheckInternalPaths(def, cfg, parseFlags) < 0)
goto cleanup;
- if (virSecurityManagerVerify(driver->securityManager, def) < 0)
+ if (qemuSecurityVerify(driver->securityManager, def) < 0)
goto cleanup;
if (qemuDomainDefVcpusPostParse(def) < 0)
VIR_DEBUG("Setting up /dev/ for domain %s", vm->def->name);
- mount_options = virSecurityManagerGetMountOptions(mgr,
- vm->def);
+ mount_options = qemuSecurityGetMountOptions(mgr, vm->def);
if (!mount_options &&
VIR_STRDUP(mount_options, "") < 0)
bool delDevice = false;
bool isLink = S_ISLNK(data->sb.st_mode);
- virSecurityManagerPostFork(data->driver->securityManager);
+ qemuSecurityPostFork(data->driver->securityManager);
if (virFileMakeParentPath(data->file) < 0) {
virReportSystemError(errno,
#endif
if (STRPREFIX(file, DEVPREFIX)) {
- if (virSecurityManagerPreFork(driver->securityManager) < 0)
+ if (qemuSecurityPreFork(driver->securityManager) < 0)
goto cleanup;
if (virProcessRunInMountNamespace(vm->pid,
qemuDomainAttachDeviceMknodHelper,
&data) < 0) {
- virSecurityManagerPostFork(driver->securityManager);
+ qemuSecurityPostFork(driver->securityManager);
goto cleanup;
}
- virSecurityManagerPostFork(driver->securityManager);
+ qemuSecurityPostFork(driver->securityManager);
}
if (isLink &&
cfg->securityDriverNames[0]) {
names = cfg->securityDriverNames;
while (names && *names) {
- if (!(mgr = virSecurityManagerNew(*names,
- QEMU_DRIVER_NAME,
- flags)))
+ if (!(mgr = qemuSecurityNew(*names,
+ QEMU_DRIVER_NAME,
+ flags)))
goto error;
if (!stack) {
- if (!(stack = virSecurityManagerNewStack(mgr)))
+ if (!(stack = qemuSecurityNewStack(mgr)))
goto error;
} else {
- if (virSecurityManagerStackAddNested(stack, mgr) < 0)
+ if (qemuSecurityStackAddNested(stack, mgr) < 0)
goto error;
}
mgr = NULL;
names++;
}
} else {
- if (!(mgr = virSecurityManagerNew(NULL,
- QEMU_DRIVER_NAME,
- flags)))
+ if (!(mgr = qemuSecurityNew(NULL,
+ QEMU_DRIVER_NAME,
+ flags)))
goto error;
- if (!(stack = virSecurityManagerNewStack(mgr)))
+ if (!(stack = qemuSecurityNewStack(mgr)))
goto error;
mgr = NULL;
}
if (virQEMUDriverIsPrivileged(driver)) {
if (cfg->dynamicOwnership)
flags |= VIR_SECURITY_MANAGER_DYNAMIC_OWNERSHIP;
- if (!(mgr = virSecurityManagerNewDAC(QEMU_DRIVER_NAME,
- cfg->user,
- cfg->group,
- flags,
- qemuSecurityChownCallback)))
+ if (!(mgr = qemuSecurityNewDAC(QEMU_DRIVER_NAME,
+ cfg->user,
+ cfg->group,
+ flags,
+ qemuSecurityChownCallback)))
goto error;
if (!stack) {
- if (!(stack = virSecurityManagerNewStack(mgr)))
+ if (!(stack = qemuSecurityNewStack(mgr)))
goto error;
} else {
- if (virSecurityManagerStackAddNested(stack, mgr) < 0)
+ if (qemuSecurityStackAddNested(stack, mgr) < 0)
goto error;
}
mgr = NULL;
if (fd < 0)
goto cleanup;
- if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def, fd) < 0)
+ if (qemuSecuritySetImageFDLabel(driver->securityManager, vm->def, fd) < 0)
goto cleanup;
if (!(wrapperFd = virFileWrapperFdNew(&fd, path, wrapperFlags)))
return -1;
}
- if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def,
- fd) < 0)
+ if (qemuSecuritySetImageFDLabel(driver->securityManager, vm->def, fd) < 0)
return -1;
VIR_FREE(priv->job.current);
}
unlink_tmp = true;
- virSecurityManagerSetSavedStateLabel(driver->securityManager, vm->def, tmp);
+ qemuSecuritySetSavedStateLabel(driver->securityManager, vm->def, tmp);
qemuDomainObjEnterMonitor(driver, vm);
if (qemuMonitorScreendump(priv->mon, tmp) < 0) {
* QEMU monitor hasn't seen SIGHUP/ERR on poll().
*/
if (virDomainObjIsActive(vm)) {
- if (virSecurityManagerGetProcessLabel(driver->securityManager,
- vm->def, vm->pid, seclabel) < 0) {
+ if (qemuSecurityGetProcessLabel(driver->securityManager,
+ vm->def, vm->pid, seclabel) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("Failed to get security label"));
goto cleanup;
ret = 0;
} else {
int len = 0;
- virSecurityManagerPtr* mgrs = virSecurityManagerGetNested(
- driver->securityManager);
+ virSecurityManagerPtr* mgrs = qemuSecurityGetNested(driver->securityManager);
if (!mgrs)
goto cleanup;
/* Fill the array */
for (i = 0; i < len; i++) {
- if (virSecurityManagerGetProcessLabel(mgrs[i], vm->def, vm->pid,
- &(*seclabels)[i]) < 0) {
+ if (qemuSecurityGetProcessLabel(mgrs[i], vm->def, vm->pid,
+ &(*seclabels)[i]) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("Failed to get security label"));
VIR_FREE(mgrs);
cleanup:
virCommandFree(cmd);
VIR_FREE(errbuf);
- if (virSecurityManagerRestoreSavedStateLabel(driver->securityManager,
- vm->def, path) < 0)
+ if (qemuSecurityRestoreSavedStateLabel(driver->securityManager,
+ vm->def, path) < 0)
VIR_WARN("failed to restore save state label on %s", path);
virObjectUnref(cfg);
return ret;
goto endjob;
}
- virSecurityManagerSetSavedStateLabel(driver->securityManager, vm->def, tmp);
+ qemuSecuritySetSavedStateLabel(driver->securityManager, vm->def, tmp);
priv = vm->privateData;
qemuDomainObjEnterMonitor(driver, vm);
goto endjob;
}
- if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def,
- fd) < 0)
+ if (qemuSecuritySetImageFDLabel(driver->securityManager, vm->def, fd) < 0)
goto endjob;
qemuDomainObjEnterMonitor(driver, vm);
goto cleanup;
}
- if (virSecurityManagerSetSocketLabel(driver->securityManager, vm->def) < 0)
+ if (qemuSecuritySetSocketLabel(driver->securityManager, vm->def) < 0)
goto cleanup;
if (socketpair(PF_UNIX, SOCK_STREAM, 0, pair) < 0)
goto cleanup;
- if (virSecurityManagerClearSocketLabel(driver->securityManager, vm->def) < 0)
+ if (qemuSecurityClearSocketLabel(driver->securityManager, vm->def) < 0)
goto cleanup;
if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
}
for (i = 0; i < tapfdSize; i++) {
- if (virSecurityManagerSetTapFDLabel(driver->securityManager,
- vm->def, tapfd[i]) < 0)
+ if (qemuSecuritySetTapFDLabel(driver->securityManager,
+ vm->def, tapfd[i]) < 0)
goto cleanup;
}
#include "qemu_cgroup.h"
#include "qemu_hotplug.h"
#include "qemu_blockjob.h"
+#include "qemu_security.h"
#include "domain_audit.h"
#include "virlog.h"
spec->destType = MIGRATION_DEST_FD;
spec->dest.fd.qemu = -1;
- if (virSecurityManagerSetSocketLabel(driver->securityManager, vm->def) < 0)
+ if (qemuSecuritySetSocketLabel(driver->securityManager, vm->def) < 0)
goto cleanup;
if (virNetSocketNewConnectTCP(host, port,
AF_UNSPEC,
spec->dest.fd.qemu = virNetSocketDupFD(sock, true);
virObjectUnref(sock);
}
- if (virSecurityManagerClearSocketLabel(driver->securityManager, vm->def) < 0 ||
+ if (qemuSecurityClearSocketLabel(driver->securityManager, vm->def) < 0 ||
spec->dest.fd.qemu == -1)
goto cleanup;
spec.dest.fd.local = fds[0];
}
if (spec.dest.fd.qemu == -1 ||
- virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def,
- spec.dest.fd.qemu) < 0) {
+ qemuSecuritySetImageFDLabel(driver->securityManager, vm->def,
+ spec.dest.fd.qemu) < 0) {
virReportSystemError(errno, "%s",
_("cannot create pipe for tunnelled migration"));
goto cleanup;
* doesn't have to open() the file, so while we still have to
* grant SELinux access, we can do it on fd and avoid cleanup
* later, as well as skip futzing with cgroup. */
- if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm->def,
- compressor ? pipeFD[1] : fd) < 0)
+ if (qemuSecuritySetImageFDLabel(driver->securityManager, vm->def,
+ compressor ? pipeFD[1] : fd) < 0)
goto cleanup;
if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0)
return 0;
}
- if (virSecurityManagerSetDaemonSocketLabel(driver->securityManager,
- vm->def) < 0) {
+ if (qemuSecuritySetDaemonSocketLabel(driver->securityManager, vm->def) < 0) {
VIR_ERROR(_("Failed to set security context for agent for %s"),
vm->def->name);
goto cleanup;
return -1;
}
- if (virSecurityManagerClearSocketLabel(driver->securityManager,
- vm->def) < 0) {
+ if (qemuSecurityClearSocketLabel(driver->securityManager, vm->def) < 0) {
VIR_ERROR(_("Failed to clear security context for agent for %s"),
vm->def->name);
qemuAgentClose(agent);
int ret = -1;
qemuMonitorPtr mon = NULL;
- if (virSecurityManagerSetDaemonSocketLabel(driver->securityManager,
- vm->def) < 0) {
+ if (qemuSecuritySetDaemonSocketLabel(driver->securityManager, vm->def) < 0) {
VIR_ERROR(_("Failed to set security context for monitor for %s"),
vm->def->name);
return -1;
}
priv->mon = mon;
- if (virSecurityManagerClearSocketLabel(driver->securityManager, vm->def) < 0) {
+ if (qemuSecurityClearSocketLabel(driver->securityManager, vm->def) < 0) {
VIR_ERROR(_("Failed to clear security context for monitor for %s"),
vm->def->name);
return -1;
* protected across fork()
*/
- virSecurityManagerPostFork(h->driver->securityManager);
+ qemuSecurityPostFork(h->driver->securityManager);
/* Some later calls want pid present */
h->vm->pid = getpid();
* sockets the lock driver opens that we don't want
* labelled. So far we're ok though.
*/
- if (virSecurityManagerSetSocketLabel(h->driver->securityManager, h->vm->def) < 0)
+ if (qemuSecuritySetSocketLabel(h->driver->securityManager, h->vm->def) < 0)
goto cleanup;
if (virDomainLockProcessStart(h->driver->lockManager,
h->cfg->uri,
true,
&fd) < 0)
goto cleanup;
- if (virSecurityManagerClearSocketLabel(h->driver->securityManager, h->vm->def) < 0)
+ if (qemuSecurityClearSocketLabel(h->driver->securityManager, h->vm->def) < 0)
goto cleanup;
if (qemuDomainBuildNamespace(h->cfg, h->driver->securityManager, h->vm) < 0)
goto cleanup;
}
- if (virSecurityManagerDomainSetPathLabel(driver->securityManager,
- vm->def, hugepagePath) < 0) {
+ if (qemuSecurityDomainSetPathLabel(driver->securityManager,
+ vm->def, hugepagePath) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("Unable to set huge path in security driver"));
goto cleanup;
/* if domain requests security driver we haven't loaded, report error, but
* do not kill the domain
*/
- ignore_value(virSecurityManagerCheckAllLabel(driver->securityManager,
- obj->def));
+ ignore_value(qemuSecurityCheckAllLabel(driver->securityManager,
+ obj->def));
if (qemuDomainRefreshVcpuInfo(driver, obj, QEMU_ASYNC_JOB_NONE, true) < 0)
goto error;
- if (virSecurityManagerReserveLabel(driver->securityManager, obj->def, obj->pid) < 0)
+ if (qemuSecurityReserveLabel(driver->securityManager, obj->def, obj->pid) < 0)
goto error;
if (qemuProcessNotifyNets(obj->def) < 0)
goto cleanup;
}
- if (virSecurityManagerDomainSetPathLabel(driver->securityManager,
- vm->def, path) < 0)
+ if (qemuSecurityDomainSetPathLabel(driver->securityManager,
+ vm->def, path) < 0)
goto cleanup;
ret = 0;
}
VIR_DEBUG("Checking domain and device security labels");
- if (virSecurityManagerCheckAllLabel(driver->securityManager, vm->def) < 0)
+ if (qemuSecurityCheckAllLabel(driver->securityManager, vm->def) < 0)
return -1;
}
/* If you are using a SecurityDriver with dynamic labelling,
then generate a security label for isolation */
VIR_DEBUG("Generating domain security label (if required)");
- if (virSecurityManagerGenLabel(driver->securityManager, vm->def) < 0) {
+ if (qemuSecurityGenLabel(driver->securityManager, vm->def) < 0) {
virDomainAuditSecurityLabel(vm, false);
goto cleanup;
}
virCommandSetUmask(cmd, 0x002);
VIR_DEBUG("Setting up security labelling");
- if (virSecurityManagerSetChildProcessLabel(driver->securityManager,
- vm->def, cmd) < 0)
+ if (qemuSecuritySetChildProcessLabel(driver->securityManager,
+ vm->def, cmd) < 0)
goto cleanup;
virCommandSetOutputFD(cmd, &logfile);
virCommandDaemonize(cmd);
virCommandRequireHandshake(cmd);
- if (virSecurityManagerPreFork(driver->securityManager) < 0)
+ if (qemuSecurityPreFork(driver->securityManager) < 0)
goto cleanup;
rv = virCommandRun(cmd, NULL);
- virSecurityManagerPostFork(driver->securityManager);
+ qemuSecurityPostFork(driver->securityManager);
/* wait for qemu process to show up */
if (rv == 0) {
goto cleanup;
}
if (S_ISFIFO(stdin_sb.st_mode) &&
- virSecurityManagerSetImageFDLabel(driver->securityManager,
- vm->def, incoming->fd) < 0)
+ qemuSecuritySetImageFDLabel(driver->securityManager,
+ vm->def, incoming->fd) < 0)
goto cleanup;
}
qemuSecurityRestoreAllLabel(driver, vm,
!!(flags & VIR_QEMU_PROCESS_STOP_MIGRATED));
- virSecurityManagerReleaseLabel(driver->securityManager, vm->def);
+ qemuSecurityReleaseLabel(driver->securityManager, vm->def);
for (i = 0; i < vm->def->ndisks; i++) {
virDomainDeviceDef dev;
vm->pid = pid;
VIR_DEBUG("Detect security driver config");
- sec_managers = virSecurityManagerGetNested(driver->securityManager);
+ sec_managers = qemuSecurityGetNested(driver->securityManager);
if (sec_managers == NULL)
goto error;
for (i = 0; sec_managers[i]; i++) {
seclabelgen = false;
- model = virSecurityManagerGetModel(sec_managers[i]);
+ model = qemuSecurityGetModel(sec_managers[i]);
seclabeldef = virDomainDefGetSecurityLabelDef(vm->def, model);
if (seclabeldef == NULL) {
if (!(seclabeldef = virSecurityLabelDefNew(model)))
seclabeldef->type = VIR_DOMAIN_SECLABEL_STATIC;
if (VIR_ALLOC(seclabel) < 0)
goto error;
- if (virSecurityManagerGetProcessLabel(sec_managers[i],
- vm->def, vm->pid, seclabel) < 0)
+ if (qemuSecurityGetProcessLabel(sec_managers[i], vm->def,
+ vm->pid, seclabel) < 0)
goto error;
if (VIR_STRDUP(seclabeldef->model, model) < 0)
}
}
- if (virSecurityManagerCheckAllLabel(driver->securityManager, vm->def) < 0)
+ if (qemuSecurityCheckAllLabel(driver->securityManager, vm->def) < 0)
goto error;
- if (virSecurityManagerGenLabel(driver->securityManager, vm->def) < 0)
+ if (qemuSecurityGenLabel(driver->securityManager, vm->def) < 0)
goto error;
if (qemuDomainPerfRestart(vm) < 0)
# include "qemu_conf.h"
# include "domain_conf.h"
+# include "security/security_manager.h"
int qemuSecuritySetAllLabel(virQEMUDriverPtr driver,
virDomainObjPtr vm,
int qemuSecurityRestoreHostdevLabel(virQEMUDriverPtr driver,
virDomainObjPtr vm,
virDomainHostdevDefPtr hostdev);
+
+/* Please note that for these APIs there is no wrapper yet. Do NOT blindly add
+ * new APIs here. If an API can touch a /dev file add a proper wrapper instead.
+ */
+# define qemuSecurityCheckAllLabel virSecurityManagerCheckAllLabel
+# define qemuSecurityClearSocketLabel virSecurityManagerClearSocketLabel
+# define qemuSecurityDomainSetPathLabel virSecurityManagerDomainSetPathLabel
+# define qemuSecurityGenLabel virSecurityManagerGenLabel
+# define qemuSecurityGetBaseLabel virSecurityManagerGetBaseLabel
+# define qemuSecurityGetDOI virSecurityManagerGetDOI
+# define qemuSecurityGetModel virSecurityManagerGetModel
+# define qemuSecurityGetMountOptions virSecurityManagerGetMountOptions
+# define qemuSecurityGetNested virSecurityManagerGetNested
+# define qemuSecurityGetProcessLabel virSecurityManagerGetProcessLabel
+# define qemuSecurityNew virSecurityManagerNew
+# define qemuSecurityNewDAC virSecurityManagerNewDAC
+# define qemuSecurityNewStack virSecurityManagerNewStack
+# define qemuSecurityPostFork virSecurityManagerPostFork
+# define qemuSecurityPreFork virSecurityManagerPreFork
+# define qemuSecurityReleaseLabel virSecurityManagerReleaseLabel
+# define qemuSecurityReserveLabel virSecurityManagerReserveLabel
+# define qemuSecurityRestoreSavedStateLabel virSecurityManagerRestoreSavedStateLabel
+# define qemuSecuritySetChildProcessLabel virSecurityManagerSetChildProcessLabel
+# define qemuSecuritySetDaemonSocketLabel virSecurityManagerSetDaemonSocketLabel
+# define qemuSecuritySetImageFDLabel virSecurityManagerSetImageFDLabel
+# define qemuSecuritySetSavedStateLabel virSecurityManagerSetSavedStateLabel
+# define qemuSecuritySetSocketLabel virSecurityManagerSetSocketLabel
+# define qemuSecuritySetTapFDLabel virSecurityManagerSetTapFDLabel
+# define qemuSecurityStackAddNested virSecurityManagerStackAddNested
+# define qemuSecurityVerify virSecurityManagerVerify
+
#endif /* __QEMU_SECURITY_H__ */
projects / thirdparty / libvirt.git / commitdiff
