qemusecuritytest: Skip on non supported platforms

For seclabel remembering we need to have XATTRs and a special
namespace that is accessibly to CAP_SYS_ADMIN only (we don't want
regular users to trick us into restoring to a different label).
And what qemusecuritytest does is it checks whether we have not
left any path behind with XATTRs or not restored to original
seclabel after setAll + restoreAll round trip. But it can hardly
do so if ran on a platform where there's no XATTR namespace we
can use.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 9029ea4fa242e99a7bacb4cec5eab9ec3c12d51e..cca95a9deb2a5a7efef46caf6b18745583287346 100644 (file)
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1609,6 +1609,10 @@ virSecurityManagerTransactionStart;
 virSecurityManagerVerify;
 
 
+# security/security_util.h
+virSecurityXATTRNamespaceDefined;
+
+
 # util/glibcompat.h
 vir_g_canonicalize_filename;
 vir_g_fsync;

diff --git a/src/security/security_util.c b/src/security/security_util.c
index 622bd901ee52d9e3f16e9e19e1284ee6688d71c8..26a7861e29354e0b96dc594e9b2e71ed42924f6a 100644 (file)
--- a/src/security/security_util.c
+++ b/src/security/security_util.c
@@ -107,6 +107,17 @@ virSecurityGetTimestampAttrName(const char *name G_GNUC_UNUSED)
 #endif /* !XATTR_NAMESPACE */
 
 
+bool
+virSecurityXATTRNamespaceDefined(void)
+{
+#ifdef XATTR_NAMESPACE
+    return true;
+#else
+    return false;
+#endif
+}
+
+
 static char *
 virSecurityGetTimestamp(void)
 {

diff --git a/src/security/security_util.h b/src/security/security_util.h
index 91de704e629647a1ccd68372289ac725e0b5b42d..7af6f009e2cad175454f20ef0e22f5ffe31a2044 100644 (file)
--- a/src/security/security_util.h
+++ b/src/security/security_util.h
@@ -32,3 +32,6 @@ int
 virSecurityMoveRememberedLabel(const char *name,
                                const char *src,
                                const char *dst);
+
+bool
+virSecurityXATTRNamespaceDefined(void);

diff --git a/tests/qemusecuritytest.c b/tests/qemusecuritytest.c
index 7ee1ccd1b6a38897c66166498386924034a76d4b..dc3deb37d2ac1a08bd4147f8ba62cb597569d48e 100644 (file)
--- a/tests/qemusecuritytest.c
+++ b/tests/qemusecuritytest.c
@@ -22,6 +22,7 @@
 #include "testutils.h"
 #include "testutilsqemu.h"
 #include "security/security_manager.h"
+#include "security/security_util.h"
 #include "conf/domain_conf.h"
 #include "qemu/qemu_domain.h"
 #include "qemu/qemu_security.h"
@@ -148,6 +149,11 @@ mymain(void)
         qemuTestDriverInit(&driver) < 0)
         return -1;
 
+    if (!virSecurityXATTRNamespaceDefined()) {
+        ret = EXIT_AM_SKIP;
+        goto cleanup;
+    }
+
     /* Now fix the secdriver */
     virObjectUnref(driver.securityManager);