security_dac.c 30.4 KB
Newer Older
1
/*
2
 * Copyright (C) 2010-2012 Red Hat, Inc.
3 4 5 6 7 8 9 10 11 12 13 14
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
15
 * License along with this library.  If not, see
O
Osier Yang 已提交
16
 * <http://www.gnu.org/licenses/>.
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
 *
 * POSIX DAC security driver
 */

#include <config.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>

#include "security_dac.h"
#include "virterror_internal.h"
#include "util.h"
#include "memory.h"
#include "logging.h"
#include "pci.h"
32
#include "virusb.h"
33 34 35
#include "storage_file.h"

#define VIR_FROM_THIS VIR_FROM_SECURITY
36
#define SECURITY_DAC_NAME "dac"
37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67

typedef struct _virSecurityDACData virSecurityDACData;
typedef virSecurityDACData *virSecurityDACDataPtr;

struct _virSecurityDACData {
    uid_t user;
    gid_t group;
    bool dynamicOwnership;
};

void virSecurityDACSetUser(virSecurityManagerPtr mgr,
                           uid_t user)
{
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    priv->user = user;
}

void virSecurityDACSetGroup(virSecurityManagerPtr mgr,
                            gid_t group)
{
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    priv->group = group;
}

void virSecurityDACSetDynamicOwnership(virSecurityManagerPtr mgr,
                                       bool dynamicOwnership)
{
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    priv->dynamicOwnership = dynamicOwnership;
}

68 69 70
static
int parseIds(const char *label, uid_t *uidPtr, gid_t *gidPtr)
{
71
    int rc = -1;
72 73
    uid_t theuid;
    gid_t thegid;
74 75 76 77 78 79 80 81 82 83
    char *tmp_label = NULL;
    char *sep = NULL;
    char *owner = NULL;
    char *group = NULL;

    tmp_label = strdup(label);
    if (tmp_label == NULL) {
        virReportOOMError();
        goto cleanup;
    }
84

85 86 87 88 89 90 91 92 93 94 95 96
    /* Split label */
    sep = strchr(tmp_label, ':');
    if (sep == NULL) {
        virReportError(VIR_ERR_INVALID_ARG,
                       _("Missing separator ':' in DAC label \"%s\""),
                       label);
        goto cleanup;
    }
    *sep = '\0';
    owner = tmp_label;
    group = sep + 1;

97 98 99 100 101 102
    /* Parse owner and group, error message is defined by
     * virGetUserID or virGetGroupID.
     */
    if (virGetUserID(owner, &theuid) < 0 ||
        virGetGroupID(group, &thegid) < 0)
        goto cleanup;
103 104

    if (uidPtr)
105
        *uidPtr = theuid;
106
    if (gidPtr)
107
        *gidPtr = thegid;
108 109 110 111 112 113 114

    rc = 0;

cleanup:
    VIR_FREE(tmp_label);

    return rc;
115 116
}

117
/* returns 1 if label isn't found, 0 on success, -1 on error */
118 119 120 121 122 123 124 125
static
int virSecurityDACParseIds(virDomainDefPtr def, uid_t *uidPtr, gid_t *gidPtr)
{
    uid_t uid;
    gid_t gid;
    virSecurityLabelDefPtr seclabel;

    if (def == NULL)
126
        return 1;
127 128

    seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
129
    if (seclabel == NULL || seclabel->label == NULL) {
130 131
        VIR_DEBUG("DAC seclabel for domain '%s' wasn't found", def->name);
        return 1;
132 133
    }

134
    if (parseIds(seclabel->label, &uid, &gid) < 0)
135 136 137 138 139 140 141 142 143 144 145 146 147 148
        return -1;

    if (uidPtr)
        *uidPtr = uid;
    if (gidPtr)
        *gidPtr = gid;

    return 0;
}

static
int virSecurityDACGetIds(virDomainDefPtr def, virSecurityDACDataPtr priv,
                         uid_t *uidPtr, gid_t *gidPtr)
{
149 150 151 152 153 154 155
    int ret;

    if (!def && !priv) {
        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
                       _("Failed to determine default DAC seclabel "
                         "for an unknown object"));
        return -1;
156
    }
157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173

    if ((ret = virSecurityDACParseIds(def, uidPtr, gidPtr)) <= 0)
        return ret;

    if (!priv) {
        virReportError(VIR_ERR_INTERNAL_ERROR,
                       _("DAC seclabel couldn't be determined "
                         "for domain '%s'"), def->name);
        return -1;
    }

    if (uidPtr)
        *uidPtr = priv->user;
    if (gidPtr)
        *gidPtr = priv->group;

    return 0;
174 175
}

176 177

/* returns 1 if label isn't found, 0 on success, -1 on error */
178 179 180 181 182 183 184 185 186
static
int virSecurityDACParseImageIds(virDomainDefPtr def,
                                uid_t *uidPtr, gid_t *gidPtr)
{
    uid_t uid;
    gid_t gid;
    virSecurityLabelDefPtr seclabel;

    if (def == NULL)
187
        return 1;
188 189

    seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
190
    if (seclabel == NULL || seclabel->imagelabel == NULL) {
191 192
        VIR_DEBUG("DAC imagelabel for domain '%s' wasn't found", def->name);
        return 1;
193 194
    }

195
    if (parseIds(seclabel->imagelabel, &uid, &gid) < 0)
196 197 198 199 200 201 202 203 204 205 206 207 208 209
        return -1;

    if (uidPtr)
        *uidPtr = uid;
    if (gidPtr)
        *gidPtr = gid;

    return 0;
}

static
int virSecurityDACGetImageIds(virDomainDefPtr def, virSecurityDACDataPtr priv,
                         uid_t *uidPtr, gid_t *gidPtr)
{
210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226
    int ret;

    if (!def && !priv) {
        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
                       _("Failed to determine default DAC imagelabel "
                         "for an unknown object"));
        return -1;
    }

    if ((ret = virSecurityDACParseImageIds(def, uidPtr, gidPtr)) <= 0)
        return ret;

    if (!priv) {
        virReportError(VIR_ERR_INTERNAL_ERROR,
                       _("DAC imagelabel couldn't be determined "
                         "for domain '%s'"), def->name);
        return -1;
227
    }
228 229 230 231 232 233 234

    if (uidPtr)
        *uidPtr = priv->user;
    if (gidPtr)
        *gidPtr = priv->group;

    return 0;
235 236 237
}


238
static virSecurityDriverStatus
239
virSecurityDACProbe(const char *virtDriver ATTRIBUTE_UNUSED)
240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258
{
    return SECURITY_DRIVER_ENABLE;
}

static int
virSecurityDACOpen(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
{
    return 0;
}

static int
virSecurityDACClose(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
{
    return 0;
}


static const char * virSecurityDACGetModel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
{
259
    return SECURITY_DAC_NAME;
260 261 262 263 264 265 266 267
}

static const char * virSecurityDACGetDOI(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
{
    return "0";
}

static int
268
virSecurityDACSetOwnership(const char *path, uid_t uid, gid_t gid)
269
{
270 271
    VIR_INFO("Setting DAC user and group on '%s' to '%ld:%ld'",
             path, (long) uid, (long) gid);
272 273 274 275 276 277 278 279 280 281 282 283 284

    if (chown(path, uid, gid) < 0) {
        struct stat sb;
        int chown_errno = errno;

        if (stat(path, &sb) >= 0) {
            if (sb.st_uid == uid &&
                sb.st_gid == gid) {
                /* It's alright, there's nothing to change anyway. */
                return 0;
            }
        }

285
        if (chown_errno == EOPNOTSUPP || chown_errno == EINVAL) {
286 287 288
            VIR_INFO("Setting user and group to '%ld:%ld' on '%s' not "
                     "supported by filesystem",
                     (long) uid, (long) gid, path);
289
        } else if (chown_errno == EPERM) {
290 291 292
            VIR_INFO("Setting user and group to '%ld:%ld' on '%s' not "
                     "permitted",
                     (long) uid, (long) gid, path);
293
        } else if (chown_errno == EROFS) {
294 295 296
            VIR_INFO("Setting user and group to '%ld:%ld' on '%s' not "
                     "possible on readonly filesystem",
                     (long) uid, (long) gid, path);
297 298
        } else {
            virReportSystemError(chown_errno,
299 300 301
                                 _("unable to set user and group to '%ld:%ld' "
                                   "on '%s'"),
                                 (long) uid, (long) gid, path);
302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340
            return -1;
        }
    }
    return 0;
}

static int
virSecurityDACRestoreSecurityFileLabel(const char *path)
{
    struct stat buf;
    int rc = -1;
    char *newpath = NULL;

    VIR_INFO("Restoring DAC user and group on '%s'", path);

    if (virFileResolveLink(path, &newpath) < 0) {
        virReportSystemError(errno,
                             _("cannot resolve symlink %s"), path);
        goto err;
    }

    if (stat(newpath, &buf) != 0)
        goto err;

    /* XXX record previous ownership */
    rc = virSecurityDACSetOwnership(newpath, 0, 0);

err:
    VIR_FREE(newpath);
    return rc;
}


static int
virSecurityDACSetSecurityFileLabel(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
                                   const char *path,
                                   size_t depth ATTRIBUTE_UNUSED,
                                   void *opaque)
{
341 342 343
    void **params = opaque;
    virSecurityManagerPtr mgr = params[0];
    virDomainDefPtr def = params[1];
344
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
345 346 347 348 349
    uid_t user;
    gid_t group;

    if (virSecurityDACGetImageIds(def, priv, &user, &group))
        return -1;
350

351
    return virSecurityDACSetOwnership(path, user, group);
352 353 354 355 356
}


static int
virSecurityDACSetSecurityImageLabel(virSecurityManagerPtr mgr,
357
                                    virDomainDefPtr def ATTRIBUTE_UNUSED,
358 359 360
                                    virDomainDiskDefPtr disk)

{
361
    void *params[2];
362 363 364 365 366
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);

    if (!priv->dynamicOwnership)
        return 0;

367 368 369
    if (disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
        return 0;

370 371
    params[0] = mgr;
    params[1] = def;
372 373 374
    return virDomainDiskDefForeachPath(disk,
                                       false,
                                       virSecurityDACSetSecurityFileLabel,
375
                                       params);
376 377 378 379 380
}


static int
virSecurityDACRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr,
381
                                           virDomainDefPtr def ATTRIBUTE_UNUSED,
382 383 384 385 386 387 388 389
                                           virDomainDiskDefPtr disk,
                                           int migrated)
{
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);

    if (!priv->dynamicOwnership)
        return 0;

390 391 392
    if (disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK)
        return 0;

393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428
    /* Don't restore labels on readoly/shared disks, because
     * other VMs may still be accessing these
     * Alternatively we could iterate over all running
     * domains and try to figure out if it is in use, but
     * this would not work for clustered filesystems, since
     * we can't see running VMs using the file on other nodes
     * Safest bet is thus to skip the restore step.
     */
    if (disk->readonly || disk->shared)
        return 0;

    if (!disk->src)
        return 0;

    /* If we have a shared FS & doing migrated, we must not
     * change ownership, because that kills access on the
     * destination host which is sub-optimal for the guest
     * VM's I/O attempts :-)
     */
    if (migrated) {
        int rc = virStorageFileIsSharedFS(disk->src);
        if (rc < 0)
            return -1;
        if (rc == 1) {
            VIR_DEBUG("Skipping image label restore on %s because FS is shared",
                      disk->src);
            return 0;
        }
    }

    return virSecurityDACRestoreSecurityFileLabel(disk->src);
}


static int
virSecurityDACRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
429
                                        virDomainDefPtr def,
430 431
                                        virDomainDiskDefPtr disk)
{
432
    return virSecurityDACRestoreSecurityImageLabelInt(mgr, def, disk, 0);
433 434 435 436 437 438 439 440
}


static int
virSecurityDACSetSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED,
                                  const char *file,
                                  void *opaque)
{
441 442 443
    void **params = opaque;
    virSecurityManagerPtr mgr = params[0];
    virDomainDefPtr def = params[1];
444
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
445 446
    uid_t user;
    gid_t group;
447

448 449 450 451
    if (virSecurityDACGetIds(def, priv, &user, &group))
        return -1;

    return virSecurityDACSetOwnership(file, user, group);
452 453 454 455 456 457 458 459
}


static int
virSecurityDACSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
                                  const char *file,
                                  void *opaque)
{
460 461 462
    void **params = opaque;
    virSecurityManagerPtr mgr = params[0];
    virDomainDefPtr def = params[1];
463
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
464 465
    uid_t user;
    gid_t group;
466

467 468 469 470
    if (virSecurityDACGetIds(def, priv, &user, &group))
        return -1;

    return virSecurityDACSetOwnership(file, user, group);
471 472 473 474 475
}


static int
virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
476
                                      virDomainDefPtr def,
477 478
                                      virDomainHostdevDefPtr dev,
                                      const char *vroot)
479
{
480
    void *params[] = {mgr, def};
481 482 483 484 485 486 487 488 489 490 491
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    int ret = -1;

    if (!priv->dynamicOwnership)
        return 0;

    if (dev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
        return 0;

    switch (dev->source.subsys.type) {
    case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: {
492
        usbDevice *usb;
493

494 495 496 497
        if (dev->missing)
            return 0;

        usb = usbGetDevice(dev->source.subsys.u.usb.bus,
498 499
                           dev->source.subsys.u.usb.device,
                           vroot);
500 501 502
        if (!usb)
            goto done;

503 504
        ret = usbDeviceFileIterate(usb, virSecurityDACSetSecurityUSBLabel,
                                   params);
505 506 507 508 509 510 511 512 513 514 515 516 517
        usbFreeDevice(usb);
        break;
    }

    case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI: {
        pciDevice *pci = pciGetDevice(dev->source.subsys.u.pci.domain,
                                      dev->source.subsys.u.pci.bus,
                                      dev->source.subsys.u.pci.slot,
                                      dev->source.subsys.u.pci.function);

        if (!pci)
            goto done;

518 519
        ret = pciDeviceFileIterate(pci, virSecurityDACSetSecurityPCILabel,
                                   params);
520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554
        pciFreeDevice(pci);

        break;
    }

    default:
        ret = 0;
        break;
    }

done:
    return ret;
}


static int
virSecurityDACRestoreSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED,
                                      const char *file,
                                      void *opaque ATTRIBUTE_UNUSED)
{
    return virSecurityDACRestoreSecurityFileLabel(file);
}


static int
virSecurityDACRestoreSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
                                       const char *file,
                                       void *opaque ATTRIBUTE_UNUSED)
{
    return virSecurityDACRestoreSecurityFileLabel(file);
}


static int
virSecurityDACRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
555 556 557
                                          virDomainDefPtr def ATTRIBUTE_UNUSED,
                                          virDomainHostdevDefPtr dev,
                                          const char *vroot)
558 559 560 561 562 563 564 565 566 567 568 569 570

{
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    int ret = -1;

    if (!priv->dynamicOwnership)
        return 0;

    if (dev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
        return 0;

    switch (dev->source.subsys.type) {
    case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: {
571 572 573 574
        usbDevice *usb;

        if (dev->missing)
            return 0;
575

576
        usb = usbGetDevice(dev->source.subsys.u.usb.bus,
577 578
                           dev->source.subsys.u.usb.device,
                           vroot);
579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614
        if (!usb)
            goto done;

        ret = usbDeviceFileIterate(usb, virSecurityDACRestoreSecurityUSBLabel, mgr);
        usbFreeDevice(usb);

        break;
    }

    case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI: {
        pciDevice *pci = pciGetDevice(dev->source.subsys.u.pci.domain,
                                      dev->source.subsys.u.pci.bus,
                                      dev->source.subsys.u.pci.slot,
                                      dev->source.subsys.u.pci.function);

        if (!pci)
            goto done;

        ret = pciDeviceFileIterate(pci, virSecurityDACRestoreSecurityPCILabel, mgr);
        pciFreeDevice(pci);

        break;
    }

    default:
        ret = 0;
        break;
    }

done:
    return ret;
}


static int
virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
615
                              virDomainDefPtr def,
616
                              virDomainChrSourceDefPtr dev)
617 618 619 620 621

{
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    char *in = NULL, *out = NULL;
    int ret = -1;
622 623 624 625 626
    uid_t user;
    gid_t group;

    if (virSecurityDACGetIds(def, priv, &user, &group))
        return -1;
627 628 629 630

    switch (dev->type) {
    case VIR_DOMAIN_CHR_TYPE_DEV:
    case VIR_DOMAIN_CHR_TYPE_FILE:
631
        ret = virSecurityDACSetOwnership(dev->data.file.path, user, group);
632 633 634
        break;

    case VIR_DOMAIN_CHR_TYPE_PIPE:
635 636 637 638 639 640
        if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
            (virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) {
            virReportOOMError();
            goto done;
        }
        if (virFileExists(in) && virFileExists(out)) {
641 642
            if ((virSecurityDACSetOwnership(in, user, group) < 0) ||
                (virSecurityDACSetOwnership(out, user, group) < 0)) {
643
                goto done;
644 645
            }
        } else if (virSecurityDACSetOwnership(dev->data.file.path,
646
                                              user, group) < 0) {
647
            goto done;
648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664
        }
        ret = 0;
        break;

    default:
        ret = 0;
        break;
    }

done:
    VIR_FREE(in);
    VIR_FREE(out);
    return ret;
}

static int
virSecurityDACRestoreChardevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
665
                                  virDomainChrSourceDefPtr dev)
666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681
{
    char *in = NULL, *out = NULL;
    int ret = -1;

    switch (dev->type) {
    case VIR_DOMAIN_CHR_TYPE_DEV:
    case VIR_DOMAIN_CHR_TYPE_FILE:
        ret = virSecurityDACRestoreSecurityFileLabel(dev->data.file.path);
        break;

    case VIR_DOMAIN_CHR_TYPE_PIPE:
        if ((virAsprintf(&out, "%s.out", dev->data.file.path) < 0) ||
            (virAsprintf(&in, "%s.in", dev->data.file.path) < 0)) {
            virReportOOMError();
            goto done;
        }
682 683 684
        if (virFileExists(in) && virFileExists(out)) {
            if ((virSecurityDACRestoreSecurityFileLabel(out) < 0) ||
                (virSecurityDACRestoreSecurityFileLabel(in) < 0)) {
685
            goto done;
686 687 688 689
            }
        } else if (virSecurityDACRestoreSecurityFileLabel(dev->data.file.path) < 0) {
            goto done;
        }
690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711
        ret = 0;
        break;

    default:
        ret = 0;
        break;
    }

done:
    VIR_FREE(in);
    VIR_FREE(out);
    return ret;
}


static int
virSecurityDACRestoreChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
                                     virDomainChrDefPtr dev,
                                     void *opaque)
{
    virSecurityManagerPtr mgr = opaque;

712
    return virSecurityDACRestoreChardevLabel(mgr, &dev->source);
713 714 715 716 717
}


static int
virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
718
                                      virDomainDefPtr def,
719 720 721 722 723 724 725 726 727 728 729
                                      int migrated)
{
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    int i;
    int rc = 0;

    if (!priv->dynamicOwnership)
        return 0;


    VIR_DEBUG("Restoring security label on %s migrated=%d",
730
              def->name, migrated);
731

732
    for (i = 0 ; i < def->nhostdevs ; i++) {
733
        if (virSecurityDACRestoreSecurityHostdevLabel(mgr,
734
                                                      def,
735 736
                                                      def->hostdevs[i],
                                                      NULL) < 0)
737 738
            rc = -1;
    }
739
    for (i = 0 ; i < def->ndisks ; i++) {
740
        if (virSecurityDACRestoreSecurityImageLabelInt(mgr,
741 742
                                                       def,
                                                       def->disks[i],
743 744 745 746
                                                       migrated) < 0)
            rc = -1;
    }

747
    if (virDomainChrDefForeach(def,
748 749
                               false,
                               virSecurityDACRestoreChardevCallback,
750
                               mgr) < 0)
751 752
        rc = -1;

753 754
    if (def->os.kernel &&
        virSecurityDACRestoreSecurityFileLabel(def->os.kernel) < 0)
755 756
        rc = -1;

757 758
    if (def->os.initrd &&
        virSecurityDACRestoreSecurityFileLabel(def->os.initrd) < 0)
759 760 761 762 763 764 765 766 767 768 769 770 771
        rc = -1;

    return rc;
}


static int
virSecurityDACSetChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
                                 virDomainChrDefPtr dev,
                                 void *opaque)
{
    virSecurityManagerPtr mgr = opaque;

772
    return virSecurityDACSetChardevLabel(mgr, def, &dev->source);
773 774 775 776 777
}


static int
virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr,
778
                                  virDomainDefPtr def,
779 780 781 782
                                  const char *stdin_path ATTRIBUTE_UNUSED)
{
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    int i;
783 784
    uid_t user;
    gid_t group;
785 786 787 788

    if (!priv->dynamicOwnership)
        return 0;

789
    for (i = 0 ; i < def->ndisks ; i++) {
790
        /* XXX fixme - we need to recursively label the entire tree :-( */
791
        if (def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_DIR)
792 793
            continue;
        if (virSecurityDACSetSecurityImageLabel(mgr,
794 795
                                                def,
                                                def->disks[i]) < 0)
796 797
            return -1;
    }
798
    for (i = 0 ; i < def->nhostdevs ; i++) {
799
        if (virSecurityDACSetSecurityHostdevLabel(mgr,
800
                                                  def,
801 802
                                                  def->hostdevs[i],
                                                  NULL) < 0)
803 804 805
            return -1;
    }

806
    if (virDomainChrDefForeach(def,
807 808
                               true,
                               virSecurityDACSetChardevCallback,
809
                               mgr) < 0)
810 811
        return -1;

812 813 814
    if (virSecurityDACGetImageIds(def, priv, &user, &group))
        return -1;

815
    if (def->os.kernel &&
816
        virSecurityDACSetOwnership(def->os.kernel, user, group) < 0)
817 818
        return -1;

819
    if (def->os.initrd &&
820
        virSecurityDACSetOwnership(def->os.initrd, user, group) < 0)
821 822 823 824 825 826 827 828
        return -1;

    return 0;
}


static int
virSecurityDACSetSavedStateLabel(virSecurityManagerPtr mgr,
829
                                 virDomainDefPtr def,
830 831
                                 const char *savefile)
{
832 833
    uid_t user;
    gid_t group;
834 835
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);

836 837 838 839
    if (virSecurityDACGetImageIds(def, priv, &user, &group))
        return -1;

    return virSecurityDACSetOwnership(savefile, user, group);
840 841 842 843 844
}


static int
virSecurityDACRestoreSavedStateLabel(virSecurityManagerPtr mgr,
845
                                     virDomainDefPtr def ATTRIBUTE_UNUSED,
846 847 848 849 850 851 852 853 854 855 856 857 858
                                     const char *savefile)
{
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);

    if (!priv->dynamicOwnership)
        return 0;

    return virSecurityDACRestoreSecurityFileLabel(savefile);
}


static int
virSecurityDACSetProcessLabel(virSecurityManagerPtr mgr,
859
                              virDomainDefPtr def ATTRIBUTE_UNUSED)
860
{
861 862
    uid_t user;
    gid_t group;
863 864
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);

865 866 867
    if (virSecurityDACGetIds(def, priv, &user, &group))
        return -1;

868 869
    VIR_DEBUG("Dropping privileges of DEF to %u:%u",
              (unsigned int) user, (unsigned int) group);
870

871
    if (virSetUIDGID(user, group) < 0)
872 873 874 875 876 877 878 879 880 881 882 883 884 885
        return -1;

    return 0;
}


static int
virSecurityDACVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
                     virDomainDefPtr def ATTRIBUTE_UNUSED)
{
    return 0;
}

static int
886 887
virSecurityDACGenLabel(virSecurityManagerPtr mgr,
                       virDomainDefPtr def)
888
{
889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919
    int rc = -1;
    virSecurityLabelDefPtr seclabel;
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);

    if (mgr == NULL) {
        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
                       _("invalid security driver"));
        return rc;
    }

    seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
    if (seclabel == NULL) {
        return rc;
    }

    if (seclabel->imagelabel) {
        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
                       _("security image label already "
                         "defined for VM"));
        return rc;
    }

    if (seclabel->model
        && STRNEQ(seclabel->model, SECURITY_DAC_NAME)) {
        virReportError(VIR_ERR_INTERNAL_ERROR,
                       _("security label model %s is not supported "
                         "with selinux"),
                       seclabel->model);
            return rc;
    }

920
    switch (seclabel->type) {
921 922 923 924 925 926 927 928 929
    case VIR_DOMAIN_SECLABEL_STATIC:
        if (seclabel->label == NULL) {
            virReportError(VIR_ERR_INTERNAL_ERROR,
                           _("missing label for static security "
                             "driver in domain %s"), def->name);
            return rc;
        }
        break;
    case VIR_DOMAIN_SECLABEL_DYNAMIC:
E
Eric Blake 已提交
930
        if (virAsprintf(&seclabel->label, "%u:%u",
931 932
                        (unsigned int) priv->user,
                        (unsigned int) priv->group) < 0) {
933 934 935 936 937 938 939 940 941 942 943 944
            virReportOOMError();
            return rc;
        }
        if (seclabel->label == NULL) {
            virReportError(VIR_ERR_INTERNAL_ERROR,
                           _("cannot generate dac user and group id "
                             "for domain %s"), def->name);
            return rc;
        }
        break;
    case VIR_DOMAIN_SECLABEL_NONE:
        /* no op */
945
        return 0;
946 947 948 949 950 951 952 953
    default:
        virReportError(VIR_ERR_INTERNAL_ERROR,
                       _("unexpected security label type '%s'"),
                       virDomainSeclabelTypeToString(seclabel->type));
        return rc;
    }

    if (!seclabel->norelabel) {
954
        if (seclabel->imagelabel == NULL && seclabel->label != NULL) {
955 956 957 958 959 960 961 962 963 964 965 966
            seclabel->imagelabel = strdup(seclabel->label);
            if (seclabel->imagelabel == NULL) {
                virReportError(VIR_ERR_INTERNAL_ERROR,
                               _("cannot generate dac user and group id "
                                 "for domain %s"), def->name);
                VIR_FREE(seclabel->label);
                seclabel->label = NULL;
                return rc;
            }
        }
    }

967 968 969 970 971
    return 0;
}

static int
virSecurityDACReleaseLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
972
                           virDomainDefPtr def ATTRIBUTE_UNUSED)
973 974 975 976 977 978
{
    return 0;
}

static int
virSecurityDACReserveLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
979 980
                           virDomainDefPtr def ATTRIBUTE_UNUSED,
                           pid_t pid ATTRIBUTE_UNUSED)
981 982 983 984 985 986
{
    return 0;
}

static int
virSecurityDACGetProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
987 988
                              virDomainDefPtr def ATTRIBUTE_UNUSED,
                              pid_t pid ATTRIBUTE_UNUSED,
989 990
                              virSecurityLabelPtr seclabel ATTRIBUTE_UNUSED)
{
991 992 993 994 995 996 997 998 999
    virSecurityLabelDefPtr secdef =
        virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);

    if (!secdef || !seclabel)
        return -1;

    if (secdef->label)
        strcpy(seclabel->label, secdef->label);

1000 1001 1002 1003
    return 0;
}

static int
1004
virSecurityDACSetDaemonSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
1005
                                   virDomainDefPtr vm ATTRIBUTE_UNUSED)
1006 1007 1008 1009 1010
{
    return 0;
}


1011 1012
static int
virSecurityDACSetSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
1013
                             virDomainDefPtr def ATTRIBUTE_UNUSED)
1014 1015 1016 1017 1018
{
    return 0;
}


1019 1020
static int
virSecurityDACClearSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
1021
                               virDomainDefPtr def ATTRIBUTE_UNUSED)
1022 1023 1024 1025
{
    return 0;
}

1026
static int
1027
virSecurityDACSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
1028
                              virDomainDefPtr def ATTRIBUTE_UNUSED,
1029
                              int fd ATTRIBUTE_UNUSED)
1030 1031 1032 1033
{
    return 0;
}

1034 1035 1036 1037 1038 1039 1040 1041
static int
virSecurityDACSetTapFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
                            virDomainDefPtr def ATTRIBUTE_UNUSED,
                            int fd ATTRIBUTE_UNUSED)
{
    return 0;
}

1042 1043 1044 1045 1046
static char *virSecurityDACGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
                                           virDomainDefPtr vm ATTRIBUTE_UNUSED) {
    return NULL;
}

1047
virSecurityDriver virSecurityDriverDAC = {
1048
    .privateDataLen                     = sizeof(virSecurityDACData),
1049
    .name                               = SECURITY_DAC_NAME,
1050 1051 1052
    .probe                              = virSecurityDACProbe,
    .open                               = virSecurityDACOpen,
    .close                              = virSecurityDACClose,
1053

1054 1055
    .getModel                           = virSecurityDACGetModel,
    .getDOI                             = virSecurityDACGetDOI,
1056

1057
    .domainSecurityVerify               = virSecurityDACVerify,
1058

1059 1060
    .domainSetSecurityImageLabel        = virSecurityDACSetSecurityImageLabel,
    .domainRestoreSecurityImageLabel    = virSecurityDACRestoreSecurityImageLabel,
1061

1062 1063 1064
    .domainSetSecurityDaemonSocketLabel = virSecurityDACSetDaemonSocketLabel,
    .domainSetSecuritySocketLabel       = virSecurityDACSetSocketLabel,
    .domainClearSecuritySocketLabel     = virSecurityDACClearSocketLabel,
1065

1066 1067 1068
    .domainGenSecurityLabel             = virSecurityDACGenLabel,
    .domainReserveSecurityLabel         = virSecurityDACReserveLabel,
    .domainReleaseSecurityLabel         = virSecurityDACReleaseLabel,
1069

1070 1071
    .domainGetSecurityProcessLabel      = virSecurityDACGetProcessLabel,
    .domainSetSecurityProcessLabel      = virSecurityDACSetProcessLabel,
1072

1073 1074
    .domainSetSecurityAllLabel          = virSecurityDACSetSecurityAllLabel,
    .domainRestoreSecurityAllLabel      = virSecurityDACRestoreSecurityAllLabel,
1075

1076 1077
    .domainSetSecurityHostdevLabel      = virSecurityDACSetSecurityHostdevLabel,
    .domainRestoreSecurityHostdevLabel  = virSecurityDACRestoreSecurityHostdevLabel,
1078

1079 1080
    .domainSetSavedStateLabel           = virSecurityDACSetSavedStateLabel,
    .domainRestoreSavedStateLabel       = virSecurityDACRestoreSavedStateLabel,
1081

1082
    .domainSetSecurityImageFDLabel      = virSecurityDACSetImageFDLabel,
1083
    .domainSetSecurityTapFDLabel        = virSecurityDACSetTapFDLabel,
1084

1085
    .domainGetSecurityMountOptions      = virSecurityDACGetMountOptions,
1086
};