capabilities: add baselabel per sec driver/virt type to secmodel

Expand the "secmodel" XML fragment of "host" with a sequence of baselabel's which describe the default security context used by libvirt with a specific security model and virtualization type: <secmodel> <model>selinux</model> <doi>0</doi> <baselabel type='kvm'>system_u:system_r:svirt_t:s0</baselabel> <baselabel type='qemu'>system_u:system_r:svirt_tcg_t:s0</baselabel> </secmodel> <secmodel> <model>dac</model> <doi>0</doi> <baselabel type='kvm'>107:107</baselabel> <baselabel type='qemu'>107:107</baselabel> </secmodel> "baselabel" is driver-specific information, e.g. in the DAC security model, it indicates USER_ID:GROUP_ID. Signed-off-by: N Giuseppe Scrivano <gscrivan@redhat.com> Signed-off-by: N Eric Blake <eblake@redhat.com>

capabilities: add baselabel per sec driver/virt type to secmodel
Expand the "secmodel" XML fragment of "host" with a sequence of baselabel's which describe the default security context used by libvirt with a specific security model and virtualization type: <secmodel> <model>selinux</model> <doi>0</doi> <baselabel type='kvm'>system_u:system_r:svirt_t:s0</baselabel> <baselabel type='qemu'>system_u:system_r:svirt_tcg_t:s0</baselabel> </secmodel> <secmodel> <model>dac</model> <doi>0</doi> <baselabel type='kvm'>107:107</baselabel> <baselabel type='qemu'>107:107</baselabel> </secmodel> "baselabel" is driver-specific information, e.g. in the DAC security model, it indicates USER_ID:GROUP_ID. Signed-off-by: N Giuseppe Scrivano <gscrivan@redhat.com> Signed-off-by: N Eric Blake <eblake@redhat.com>
b51038a4 · Giuseppe Scrivano · Eric Blake · 64a68a4a · b51038a4 · b51038a4
8 changed file
--- a/docs/schemas/capability.rng
+++ b/docs/schemas/capability.rng
@@ -60,6 +60,14 @@
          <element name='doi'>
            <text/>
          </element>
+          <zeroOrMore>
+            <element name='baselabel'>
+              <attribute name='type'>
+                <text/>
+              </attribute>
+              <text/>
+            </element>
+          </zeroOrMore>
       </interleave>
    </element>
  </define>

--- a/src/conf/capabilities.c
+++ b/src/conf/capabilities.c
@@ -183,6 +183,20 @@ virCapabilitiesFreeNUMAInfo(virCapsPtr caps)
    caps->host.nnumaCell = 0;
 }

+static void
+virCapabilitiesClearSecModel(virCapsHostSecModelPtr secmodel)
+{
+    size_t i;
+    for (i = 0; i < secmodel->nlabels; i++) {
+        VIR_FREE(secmodel->labels[i].type);
+        VIR_FREE(secmodel->labels[i].label);
+    }
+
+    VIR_FREE(secmodel->labels);
+    VIR_FREE(secmodel->model);
+    VIR_FREE(secmodel->doi);
+}
+
 static void
 virCapabilitiesDispose(void *object)
 {
@@ -204,8 +218,7 @@ virCapabilitiesDispose(void *object)
    VIR_FREE(caps->host.migrateTrans);

    for (i = 0; i < caps->host.nsecModels; i++) {
-        VIR_FREE(caps->host.secModels[i].model);
-        VIR_FREE(caps->host.secModels[i].doi);
+        virCapabilitiesClearSecModel(&caps->host.secModels[i]);
    }
    VIR_FREE(caps->host.secModels);

@@ -506,6 +519,44 @@ virCapabilitiesAddGuestFeature(virCapsGuestPtr guest,
    return NULL;
 }

+/**
+ * virCapabilitiesHostSecModelAddBaseLabel
+ * @secmodel: Security model to add a base label for
+ * @type: virtualization type
+ * @label: base label
+ *
+ * Returns non-zero on error.
+ */
+extern int
+virCapabilitiesHostSecModelAddBaseLabel(virCapsHostSecModelPtr secmodel,
+                                        const char *type,
+                                        const char *label)
+{
+    char *t = NULL, *l = NULL;
+
+    if (type == NULL || label == NULL)
+        return -1;
+
+    if (VIR_STRDUP(t, type) < 0)
+        goto no_memory;
+
+    if (VIR_STRDUP(l, label) < 0)
+        goto no_memory;
+
+    if (VIR_EXPAND_N(secmodel->labels, secmodel->nlabels, 1) < 0)
+        goto no_memory;
+
+    secmodel->labels[secmodel->nlabels - 1].type = t;
+    secmodel->labels[secmodel->nlabels - 1].label = l;
+
+    return 0;
+
+no_memory:
+    VIR_FREE(l);
+    VIR_FREE(t);
+    return -1;
+}
+
 /**
 * virCapabilitiesSupportsGuestArch:
 * @caps: capabilities to query
@@ -826,6 +877,11 @@ virCapabilitiesFormatXML(virCapsPtr caps)
                          caps->host.secModels[i].model);
        virBufferAsprintf(&xml, "      <doi>%s</doi>\n",
                          caps->host.secModels[i].doi);
+        for (j = 0; j < caps->host.secModels[i].nlabels; j++) {
+            virBufferAsprintf(&xml, "      <baselabel type='%s'>%s</baselabel>\n",
+                              caps->host.secModels[i].labels[j].type,
+                              caps->host.secModels[i].labels[j].label);
+        }
        virBufferAddLit(&xml, "    </secmodel>\n");
    }


--- a/src/conf/capabilities.h
+++ b/src/conf/capabilities.h
@@ -104,11 +104,20 @@ struct _virCapsHostNUMACell {
    virCapsHostNUMACellCPUPtr cpus;
 };

+typedef struct _virCapsHostSecModelLabel virCapsHostSecModelLabel;
+typedef virCapsHostSecModelLabel *virCapsHostSecModelLabelPtr;
+struct _virCapsHostSecModelLabel {
+    char *type;
+    char *label;
+};
+
 typedef struct _virCapsHostSecModel virCapsHostSecModel;
 typedef virCapsHostSecModel *virCapsHostSecModelPtr;
 struct _virCapsHostSecModel {
    char *model;
    char *doi;
+    size_t nlabels;
+    virCapsHostSecModelLabelPtr labels;
 };

 typedef struct _virCapsHost virCapsHost;
@@ -224,6 +233,11 @@ virCapabilitiesAddGuestFeature(virCapsGuestPtr guest,
                               int defaultOn,
                               int toggle);

+extern int
+virCapabilitiesHostSecModelAddBaseLabel(virCapsHostSecModelPtr secmodel,
+                                        const char *type,
+                                        const char *label);
+
 extern int
 virCapabilitiesSupportsGuestArch(virCapsPtr caps,
                                 virArch arch);

--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -58,6 +58,7 @@ virCapabilitiesFormatXML;
 virCapabilitiesFreeMachines;
 virCapabilitiesFreeNUMAInfo;
 virCapabilitiesGetCpusForNodemask;
+virCapabilitiesHostSecModelAddBaseLabel;
 virCapabilitiesNew;
 virCapabilitiesSetHostCPU;


--- a/src/lxc/lxc_conf.c
+++ b/src/lxc/lxc_conf.c
@@ -126,10 +126,13 @@ virCapsPtr virLXCDriverCapsInit(virLXCDriverPtr driver)

    if (driver) {
        /* Security driver data */
-        const char *doi, *model;
+        const char *doi, *model, *label, *type;

        doi = virSecurityManagerGetDOI(driver->securityManager);
        model = virSecurityManagerGetModel(driver->securityManager);
+        label = virSecurityManagerGetBaseLabel(driver->securityManager,
+                                               VIR_DOMAIN_VIRT_LXC);
+        type = virDomainVirtTypeToString(VIR_DOMAIN_VIRT_LXC);
        /* Allocate the primary security driver for LXC. */
        if (VIR_ALLOC(caps->host.secModels) < 0)
            goto error;
@@ -138,6 +141,11 @@ virCapsPtr virLXCDriverCapsInit(virLXCDriverPtr driver)
            goto error;
        if (VIR_STRDUP(caps->host.secModels[0].doi, doi) < 0)
            goto error;
+        if (label &&
+            virCapabilitiesHostSecModelAddBaseLabel(&caps->host.secModels[0],
+                                                    type,
+                                                    label) < 0)
+            goto error;

        VIR_DEBUG("Initialized caps for security driver \"%s\" with "
                  "DOI \"%s\"", model, doi);

--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -605,12 +605,14 @@ virQEMUDriverCreateXMLConf(virQEMUDriverPtr driver)

 virCapsPtr virQEMUDriverCreateCapabilities(virQEMUDriverPtr driver)
 {
-    size_t i;
+    size_t i, j;
    virCapsPtr caps;
    virSecurityManagerPtr *sec_managers = NULL;
    /* Security driver data */
-    const char *doi, *model;
+    const char *doi, *model, *lbl, *type;
    virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
+    const int virtTypes[] = {VIR_DOMAIN_VIRT_KVM,
+                             VIR_DOMAIN_VIRT_QEMU,};

    /* Basic host arch / guest machine capabilities */
    if (!(caps = virQEMUCapsInit(driver->qemuCapsCache)))
@@ -635,11 +637,21 @@ virCapsPtr virQEMUDriverCreateCapabilities(virQEMUDriverPtr driver)
        goto error;

    for (i = 0; sec_managers[i]; i++) {
+        virCapsHostSecModelPtr sm = &caps->host.secModels[i];
        doi = virSecurityManagerGetDOI(sec_managers[i]);
        model = virSecurityManagerGetModel(sec_managers[i]);
-        if (VIR_STRDUP(caps->host.secModels[i].model, model) < 0 ||
-            VIR_STRDUP(caps->host.secModels[i].doi, doi) < 0)
+        if (VIR_STRDUP(sm->model, model) < 0 ||
+            VIR_STRDUP(sm->doi, doi) < 0)
            goto error;
+
+        for (j = 0; j < ARRAY_CARDINALITY(virtTypes); j++) {
+            lbl = virSecurityManagerGetBaseLabel(sec_managers[i], virtTypes[j]);
+            type = virDomainVirtTypeToString(virtTypes[j]);
+            if (lbl &&
+                virCapabilitiesHostSecModelAddBaseLabel(sm, type, lbl) < 0)
+                goto error;
+        }
+
        VIR_DEBUG("Initialized caps for security driver \"%s\" with "
                  "DOI \"%s\"", model, doi);
    }

--- a/tests/capabilityschemadata/caps-qemu-kvm.xml
+++ b/tests/capabilityschemadata/caps-qemu-kvm.xml
@@ -25,6 +25,8 @@
    <secmodel>
      <model>selinux</model>
      <doi>0</doi>
+      <baselabel type='kvm'>system_u:system_r:svirt_t:s0</baselabel>
+      <baselabel type='qemu'>system_u:system_r:svirt_tcg_t:s0</baselabel>
    </secmodel>
  </host>


--- a/tests/capabilityschemadata/caps-test3.xml
+++ b/tests/capabilityschemadata/caps-test3.xml
@@ -82,6 +82,8 @@
    <secmodel>
      <model>dac</model>
      <doi>0</doi>
+      <baselabel type='kvm'>107:107</baselabel>
+      <baselabel type='qemu'>107:107</baselabel>
    </secmodel>
  </host>