security_dac.c 43.3 KB
Newer Older
1
/*
2
 * Copyright (C) 2010-2014 Red Hat, Inc.
3 4 5 6 7 8 9 10 11 12 13 14
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
15
 * License along with this library.  If not, see
O
Osier Yang 已提交
16
 * <http://www.gnu.org/licenses/>.
17 18 19 20 21 22 23 24 25
 *
 * POSIX DAC security driver
 */

#include <config.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>

26 27 28 29 30
#ifdef  __FreeBSD__
# include <sys/sysctl.h>
# include <sys/user.h>
#endif

31
#include "security_dac.h"
32
#include "virerror.h"
33
#include "virfile.h"
34
#include "viralloc.h"
35
#include "virlog.h"
36
#include "virpci.h"
37
#include "virusb.h"
38
#include "virscsi.h"
39
#include "virstoragefile.h"
40
#include "virstring.h"
M
Martin Kletzander 已提交
41
#include "virutil.h"
42 43

#define VIR_FROM_THIS VIR_FROM_SECURITY
44 45 46

VIR_LOG_INIT("security.security_dac");

47
#define SECURITY_DAC_NAME "dac"
48 49 50 51 52 53 54

typedef struct _virSecurityDACData virSecurityDACData;
typedef virSecurityDACData *virSecurityDACDataPtr;

struct _virSecurityDACData {
    uid_t user;
    gid_t group;
55 56
    gid_t *groups;
    int ngroups;
57
    bool dynamicOwnership;
58
    char *baselabel;
59
    virSecurityManagerDACChownCallback chownCallback;
60 61
};

62 63 64 65 66 67 68 69
typedef struct _virSecurityDACCallbackData virSecurityDACCallbackData;
typedef virSecurityDACCallbackData *virSecurityDACCallbackDataPtr;

struct _virSecurityDACCallbackData {
    virSecurityManagerPtr manager;
    virSecurityLabelDefPtr secdef;
};

70 71 72 73 74
/* returns -1 on error, 0 on success */
int
virSecurityDACSetUserAndGroup(virSecurityManagerPtr mgr,
                              uid_t user,
                              gid_t group)
75 76 77 78
{
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    priv->user = user;
    priv->group = group;
79

80
    if (virAsprintf(&priv->baselabel, "+%u:+%u",
81 82 83 84 85
                    (unsigned int) user,
                    (unsigned int) group) < 0)
        return -1;

    return 0;
86 87
}

O
Osier Yang 已提交
88 89 90
void
virSecurityDACSetDynamicOwnership(virSecurityManagerPtr mgr,
                                  bool dynamicOwnership)
91 92 93 94 95
{
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    priv->dynamicOwnership = dynamicOwnership;
}

96 97 98 99 100 101 102 103
void
virSecurityDACSetChownCallback(virSecurityManagerPtr mgr,
                               virSecurityManagerDACChownCallback chownCallback)
{
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    priv->chownCallback = chownCallback;
}

104
/* returns 1 if label isn't found, 0 on success, -1 on error */
O
Osier Yang 已提交
105
static int
106
ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
107 108
virSecurityDACParseIds(virSecurityLabelDefPtr seclabel,
                       uid_t *uidPtr, gid_t *gidPtr)
109
{
110
    if (!seclabel || !seclabel->label)
111
        return 1;
112

113
    if (virParseOwnershipIds(seclabel->label, uidPtr, gidPtr) < 0)
114 115 116 117 118
        return -1;

    return 0;
}

O
Osier Yang 已提交
119
static int
120
ATTRIBUTE_NONNULL(3) ATTRIBUTE_NONNULL(4)
121 122
virSecurityDACGetIds(virSecurityLabelDefPtr seclabel,
                     virSecurityDACDataPtr priv,
123 124
                     uid_t *uidPtr, gid_t *gidPtr,
                     gid_t **groups, int *ngroups)
125
{
126 127
    int ret;

128 129 130 131 132
    if (groups)
        *groups = priv ? priv->groups : NULL;
    if (ngroups)
        *ngroups = priv ? priv->ngroups : 0;

133
    if ((ret = virSecurityDACParseIds(seclabel, uidPtr, gidPtr)) <= 0)
134 135 136
        return ret;

    if (!priv) {
137 138
        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
                       _("DAC seclabel couldn't be determined"));
139 140 141
        return -1;
    }

142 143
    *uidPtr = priv->user;
    *gidPtr = priv->group;
144 145

    return 0;
146 147
}

148 149

/* returns 1 if label isn't found, 0 on success, -1 on error */
O
Osier Yang 已提交
150
static int
151
ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
152
virSecurityDACParseImageIds(virSecurityLabelDefPtr seclabel,
O
Osier Yang 已提交
153
                            uid_t *uidPtr, gid_t *gidPtr)
154
{
155
    if (!seclabel || !seclabel->imagelabel)
156
        return 1;
157

158
    if (virParseOwnershipIds(seclabel->imagelabel, uidPtr, gidPtr) < 0)
159 160 161 162 163
        return -1;

    return 0;
}

O
Osier Yang 已提交
164
static int
165
ATTRIBUTE_NONNULL(3) ATTRIBUTE_NONNULL(4)
166 167
virSecurityDACGetImageIds(virSecurityLabelDefPtr seclabel,
                          virSecurityDACDataPtr priv,
O
Osier Yang 已提交
168
                          uid_t *uidPtr, gid_t *gidPtr)
169
{
170 171
    int ret;

172
    if ((ret = virSecurityDACParseImageIds(seclabel, uidPtr, gidPtr)) <= 0)
173 174 175
        return ret;

    if (!priv) {
176 177
        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
                       _("DAC imagelabel couldn't be determined"));
178
        return -1;
179
    }
180

181 182
    *uidPtr = priv->user;
    *gidPtr = priv->group;
183 184

    return 0;
185 186 187
}


188
static virSecurityDriverStatus
189
virSecurityDACProbe(const char *virtDriver ATTRIBUTE_UNUSED)
190 191 192 193 194 195 196 197 198 199 200
{
    return SECURITY_DRIVER_ENABLE;
}

static int
virSecurityDACOpen(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
{
    return 0;
}

static int
201
virSecurityDACClose(virSecurityManagerPtr mgr)
202
{
203 204
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    VIR_FREE(priv->groups);
205
    VIR_FREE(priv->baselabel);
206 207 208 209
    return 0;
}


O
Osier Yang 已提交
210 211
static const char *
virSecurityDACGetModel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
212
{
213
    return SECURITY_DAC_NAME;
214 215
}

O
Osier Yang 已提交
216 217
static const char *
virSecurityDACGetDOI(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
218 219 220 221
{
    return "0";
}

222 223 224 225 226 227 228 229 230 231 232 233 234 235 236
static int
virSecurityDACPreFork(virSecurityManagerPtr mgr)
{
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    int ngroups;

    VIR_FREE(priv->groups);
    priv->ngroups = 0;
    if ((ngroups = virGetGroupList(priv->user, priv->group,
                                   &priv->groups)) < 0)
        return -1;
    priv->ngroups = ngroups;
    return 0;
}

237
static int
238 239 240 241 242
virSecurityDACSetOwnershipInternal(virSecurityDACDataPtr priv,
                                   virStorageSourcePtr src,
                                   const char *path,
                                   uid_t uid,
                                   gid_t gid)
243
{
244 245
    int rc;

246
    VIR_INFO("Setting DAC user and group on '%s' to '%ld:%ld'",
247 248 249 250 251 252 253 254 255 256 257
             NULLSTR(src ? src->path : path), (long) uid, (long) gid);

    if (priv && src && priv->chownCallback) {
        rc = priv->chownCallback(src, uid, gid);
        /* here path is used only for error messages */
        path = NULLSTR(src->path);

        /* on -2 returned an error was already reported */
        if (rc == -2)
            return -1;
    } else {
258 259
        struct stat sb;

260 261 262 263 264 265 266 267 268 269
        if (!path) {
            if (!src || !src->path)
                return 0;

            if (!virStorageSourceIsLocalStorage(src))
                return 0;

            path = src->path;
        }

270 271 272 273
        if (stat(path, &sb) < 0) {
            virReportSystemError(errno, _("unable to stat: %s"), path);
            return -1;
        }
274

275 276 277
        if (sb.st_uid == uid && sb.st_gid == gid) {
            /* nothing to chown */
            return 0;
278
        }
279 280

        rc = chown(path, uid, gid);
281
    }
282

283
    if (rc < 0) {
284
        if (errno == EOPNOTSUPP || errno == EINVAL) {
285 286 287
            VIR_INFO("Setting user and group to '%ld:%ld' on '%s' not "
                     "supported by filesystem",
                     (long) uid, (long) gid, path);
288
        } else if (errno == EPERM) {
289 290 291
            VIR_INFO("Setting user and group to '%ld:%ld' on '%s' not "
                     "permitted",
                     (long) uid, (long) gid, path);
292
        } else if (errno == EROFS) {
293 294 295
            VIR_INFO("Setting user and group to '%ld:%ld' on '%s' not "
                     "possible on readonly filesystem",
                     (long) uid, (long) gid, path);
296
        } else {
297
            virReportSystemError(errno,
298 299 300
                                 _("unable to set user and group to '%ld:%ld' "
                                   "on '%s'"),
                                 (long) uid, (long) gid, path);
301 302 303 304 305 306
            return -1;
        }
    }
    return 0;
}

307

308
static int
309 310
virSecurityDACSetOwnership(const char *path, uid_t uid, gid_t gid)
{
M
Michal Privoznik 已提交
311
    /* XXX record previous ownership */
312 313 314 315 316 317 318 319
    return virSecurityDACSetOwnershipInternal(NULL, NULL, path, uid, gid);
}


static int
virSecurityDACRestoreSecurityFileLabelInternal(virSecurityDACDataPtr priv,
                                               virStorageSourcePtr src,
                                               const char *path)
320
{
321 322
    VIR_INFO("Restoring DAC user and group on '%s'",
             NULLSTR(src ? src->path : path));
323

M
Michal Privoznik 已提交
324
    /* XXX recall previous ownership */
325 326 327 328 329 330 331 332
    return virSecurityDACSetOwnershipInternal(priv, src, path, 0, 0);
}


static int
virSecurityDACRestoreSecurityFileLabel(const char *path)
{
    return virSecurityDACRestoreSecurityFileLabelInternal(NULL, NULL, path);
333 334 335 336
}


static int
337 338 339
virSecurityDACSetSecurityImageLabel(virSecurityManagerPtr mgr,
                                    virDomainDefPtr def,
                                    virStorageSourcePtr src)
340
{
341
    virSecurityLabelDefPtr secdef;
342
    virSecurityDeviceLabelDefPtr disk_seclabel;
343
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
344 345 346
    uid_t user;
    gid_t group;

347 348 349 350
    if (!priv->dynamicOwnership)
        return 0;

    secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
351
    if (secdef && !secdef->relabel)
352
        return 0;
353

354 355
    disk_seclabel = virStorageSourceGetSecurityLabelDef(src,
                                                        SECURITY_DAC_NAME);
356
    if (disk_seclabel && !disk_seclabel->relabel)
357 358 359 360 361 362 363 364 365
        return 0;

    if (disk_seclabel && disk_seclabel->label) {
        if (virParseOwnershipIds(disk_seclabel->label, &user, &group) < 0)
            return -1;
    } else {
        if (virSecurityDACGetImageIds(secdef, priv, &user, &group))
            return -1;
    }
366

367
    return virSecurityDACSetOwnershipInternal(priv, src, NULL, user, group);
368 369 370 371
}


static int
372 373 374
virSecurityDACSetSecurityDiskLabel(virSecurityManagerPtr mgr,
                                   virDomainDefPtr def,
                                   virDomainDiskDefPtr disk)
375 376

{
377
    virStorageSourcePtr next;
378

379 380 381 382
    for (next = disk->src; next; next = next->backingStore) {
        if (virSecurityDACSetSecurityImageLabel(mgr, def, next) < 0)
            return -1;
    }
383

384
    return 0;
385 386 387 388 389
}


static int
virSecurityDACRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr,
390
                                           virDomainDefPtr def,
391
                                           virStorageSourcePtr src,
392
                                           bool migrated)
393 394
{
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
395 396
    virSecurityLabelDefPtr secdef;
    virSecurityDeviceLabelDefPtr disk_seclabel;
397 398 399 400

    if (!priv->dynamicOwnership)
        return 0;

401 402 403 404 405 406 407
    /* Don't restore labels on readoly/shared disks, because other VMs may
     * still be accessing these. Alternatively we could iterate over all
     * running domains and try to figure out if it is in use, but this would
     * not work for clustered filesystems, since we can't see running VMs using
     * the file on other nodes. Safest bet is thus to skip the restore step. */
    if (src->readonly || src->shared)
        return 0;
408

409
    secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
410
    if (secdef && !secdef->relabel)
411 412
        return 0;

413
    disk_seclabel = virStorageSourceGetSecurityLabelDef(src,
414
                                                        SECURITY_DAC_NAME);
415
    if (disk_seclabel && !disk_seclabel->relabel)
416 417
        return 0;

418 419 420
    /* If we have a shared FS and are doing migration, we must not change
     * ownership, because that kills access on the destination host which is
     * sub-optimal for the guest VM's I/O attempts :-) */
421
    if (migrated) {
422 423 424 425 426 427 428 429 430 431
        int rc = 1;

        if (virStorageSourceIsLocalStorage(src)) {
            if (!src->path)
                return 0;

            if ((rc = virFileIsSharedFS(src->path)) < 0)
                return -1;
        }

432 433
        if (rc == 1) {
            VIR_DEBUG("Skipping image label restore on %s because FS is shared",
434
                      src->path);
435 436 437 438
            return 0;
        }
    }

439
    return virSecurityDACRestoreSecurityFileLabelInternal(priv, src, NULL);
440 441 442 443 444 445 446 447 448
}


static int
virSecurityDACRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
                                        virDomainDefPtr def,
                                        virStorageSourcePtr src)
{
    return virSecurityDACRestoreSecurityImageLabelInt(mgr, def, src, false);
449 450 451 452
}


static int
453 454 455
virSecurityDACRestoreSecurityDiskLabel(virSecurityManagerPtr mgr,
                                       virDomainDefPtr def,
                                       virDomainDiskDefPtr disk)
456
{
457
    return virSecurityDACRestoreSecurityImageLabelInt(mgr, def, disk->src, false);
458 459 460 461
}


static int
462 463
virSecurityDACSetSecurityHostdevLabelHelper(const char *file,
                                            void *opaque)
464
{
465 466 467
    virSecurityDACCallbackDataPtr cbdata = opaque;
    virSecurityManagerPtr mgr = cbdata->manager;
    virSecurityLabelDefPtr secdef = cbdata->secdef;
468
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
469 470
    uid_t user;
    gid_t group;
471

472
    if (virSecurityDACGetIds(secdef, priv, &user, &group, NULL, NULL))
473 474 475
        return -1;

    return virSecurityDACSetOwnership(file, user, group);
476 477 478
}


479 480 481 482 483 484 485 486 487
static int
virSecurityDACSetSecurityPCILabel(virPCIDevicePtr dev ATTRIBUTE_UNUSED,
                                  const char *file,
                                  void *opaque)
{
    return virSecurityDACSetSecurityHostdevLabelHelper(file, opaque);
}


488
static int
489
virSecurityDACSetSecurityUSBLabel(virUSBDevicePtr dev ATTRIBUTE_UNUSED,
490 491 492
                                  const char *file,
                                  void *opaque)
{
493 494
    return virSecurityDACSetSecurityHostdevLabelHelper(file, opaque);
}
495

496

497 498 499 500 501 502
static int
virSecurityDACSetSecuritySCSILabel(virSCSIDevicePtr dev ATTRIBUTE_UNUSED,
                                   const char *file,
                                   void *opaque)
{
    return virSecurityDACSetSecurityHostdevLabelHelper(file, opaque);
503 504 505 506 507
}


static int
virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
508
                                      virDomainDefPtr def,
509 510
                                      virDomainHostdevDefPtr dev,
                                      const char *vroot)
511 512
{
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
513
    virSecurityDACCallbackData cbdata;
514
    virDomainHostdevSubsysUSBPtr usbsrc = &dev->source.subsys.u.usb;
515
    virDomainHostdevSubsysPCIPtr pcisrc = &dev->source.subsys.u.pci;
516
    virDomainHostdevSubsysSCSIPtr scsisrc = &dev->source.subsys.u.scsi;
517 518 519 520 521 522 523 524
    int ret = -1;

    if (!priv->dynamicOwnership)
        return 0;

    if (dev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
        return 0;

525 526 527
    /* Like virSecurityDACSetSecurityImageLabel() for a networked disk,
     * do nothing for an iSCSI hostdev
     */
528 529
    if (dev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI &&
        scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI)
530 531
        return 0;

532 533 534
    cbdata.manager = mgr;
    cbdata.secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);

535
    if (cbdata.secdef && !cbdata.secdef->relabel)
536 537
        return 0;

538
    switch ((virDomainHostdevSubsysType) dev->source.subsys.type) {
539
    case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: {
540
        virUSBDevicePtr usb;
541

542 543 544
        if (dev->missing)
            return 0;

545
        if (!(usb = virUSBDeviceNew(usbsrc->bus, usbsrc->device, vroot)))
546 547
            goto done;

548 549 550
        ret = virUSBDeviceFileIterate(usb,
                                      virSecurityDACSetSecurityUSBLabel,
                                      &cbdata);
551
        virUSBDeviceFree(usb);
552 553 554 555
        break;
    }

    case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI: {
556
        virPCIDevicePtr pci =
557 558
            virPCIDeviceNew(pcisrc->addr.domain, pcisrc->addr.bus,
                            pcisrc->addr.slot, pcisrc->addr.function);
559 560 561 562

        if (!pci)
            goto done;

563
        if (pcisrc->backend == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
564
            char *vfioGroupDev = virPCIDeviceGetIOMMUGroupDev(pci);
565

566 567
            if (!vfioGroupDev) {
                virPCIDeviceFree(pci);
568
                goto done;
569
            }
570
            ret = virSecurityDACSetSecurityPCILabel(pci, vfioGroupDev, &cbdata);
571 572
            VIR_FREE(vfioGroupDev);
        } else {
573 574 575
            ret = virPCIDeviceFileIterate(pci,
                                          virSecurityDACSetSecurityPCILabel,
                                          &cbdata);
576 577
        }

578
        virPCIDeviceFree(pci);
579 580 581
        break;
    }

582
    case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI: {
583
        virDomainHostdevSubsysSCSIHostPtr scsihostsrc = &scsisrc->u.host;
584
        virSCSIDevicePtr scsi =
585
            virSCSIDeviceNew(NULL,
586 587
                             scsihostsrc->adapter, scsihostsrc->bus,
                             scsihostsrc->target, scsihostsrc->unit,
588
                             dev->readonly, dev->shareable);
589 590 591 592

        if (!scsi)
            goto done;

593 594 595
        ret = virSCSIDeviceFileIterate(scsi,
                                       virSecurityDACSetSecuritySCSILabel,
                                       &cbdata);
596 597 598 599 600
        virSCSIDeviceFree(scsi);

        break;
    }

601
    case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
602 603 604 605
        ret = 0;
        break;
    }

606
 done:
607 608 609 610 611
    return ret;
}


static int
612
virSecurityDACRestoreSecurityPCILabel(virPCIDevicePtr dev ATTRIBUTE_UNUSED,
613 614 615 616 617 618 619 620
                                      const char *file,
                                      void *opaque ATTRIBUTE_UNUSED)
{
    return virSecurityDACRestoreSecurityFileLabel(file);
}


static int
621 622 623
virSecurityDACRestoreSecurityUSBLabel(virUSBDevicePtr dev ATTRIBUTE_UNUSED,
                                      const char *file,
                                      void *opaque ATTRIBUTE_UNUSED)
624 625 626 627 628
{
    return virSecurityDACRestoreSecurityFileLabel(file);
}


629 630 631 632 633 634 635 636 637
static int
virSecurityDACRestoreSecuritySCSILabel(virSCSIDevicePtr dev ATTRIBUTE_UNUSED,
                                       const char *file,
                                       void *opaque ATTRIBUTE_UNUSED)
{
    return virSecurityDACRestoreSecurityFileLabel(file);
}


638 639
static int
virSecurityDACRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
640
                                          virDomainDefPtr def,
641 642
                                          virDomainHostdevDefPtr dev,
                                          const char *vroot)
643 644 645

{
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
646
    virSecurityLabelDefPtr secdef;
647
    virDomainHostdevSubsysUSBPtr usbsrc = &dev->source.subsys.u.usb;
648
    virDomainHostdevSubsysPCIPtr pcisrc = &dev->source.subsys.u.pci;
649
    virDomainHostdevSubsysSCSIPtr scsisrc = &dev->source.subsys.u.scsi;
650 651
    int ret = -1;

652 653
    secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);

654
    if (!priv->dynamicOwnership || (secdef && !secdef->relabel))
655 656 657 658 659
        return 0;

    if (dev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
        return 0;

660 661 662
    /* Like virSecurityDACRestoreSecurityImageLabelInt() for a networked disk,
     * do nothing for an iSCSI hostdev
     */
663 664
    if (dev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI &&
        scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI)
665 666
        return 0;

667
    switch ((virDomainHostdevSubsysType) dev->source.subsys.type) {
668
    case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: {
669
        virUSBDevicePtr usb;
670 671 672

        if (dev->missing)
            return 0;
673

674
        if (!(usb = virUSBDeviceNew(usbsrc->bus, usbsrc->device, vroot)))
675 676
            goto done;

677 678
        ret = virUSBDeviceFileIterate(usb, virSecurityDACRestoreSecurityUSBLabel, mgr);
        virUSBDeviceFree(usb);
679 680 681 682 683

        break;
    }

    case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI: {
684
        virPCIDevicePtr pci =
685 686
            virPCIDeviceNew(pcisrc->addr.domain, pcisrc->addr.bus,
                            pcisrc->addr.slot, pcisrc->addr.function);
687 688 689 690

        if (!pci)
            goto done;

691
        if (pcisrc->backend == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
692
            char *vfioGroupDev = virPCIDeviceGetIOMMUGroupDev(pci);
693

694 695
            if (!vfioGroupDev) {
                virPCIDeviceFree(pci);
696
                goto done;
697
            }
698 699 700 701 702
            ret = virSecurityDACRestoreSecurityPCILabel(pci, vfioGroupDev, mgr);
            VIR_FREE(vfioGroupDev);
        } else {
            ret = virPCIDeviceFileIterate(pci, virSecurityDACRestoreSecurityPCILabel, mgr);
        }
703
        virPCIDeviceFree(pci);
704 705 706
        break;
    }

707
    case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI: {
708
        virDomainHostdevSubsysSCSIHostPtr scsihostsrc = &scsisrc->u.host;
709
        virSCSIDevicePtr scsi =
710
            virSCSIDeviceNew(NULL,
711 712
                             scsihostsrc->adapter, scsihostsrc->bus,
                             scsihostsrc->target, scsihostsrc->unit,
713
                             dev->readonly, dev->shareable);
714 715 716 717 718 719 720 721 722 723

        if (!scsi)
            goto done;

        ret = virSCSIDeviceFileIterate(scsi, virSecurityDACRestoreSecuritySCSILabel, mgr);
        virSCSIDeviceFree(scsi);

        break;
    }

724
    case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
725 726 727 728
        ret = 0;
        break;
    }

729
 done:
730 731 732 733 734 735
    return ret;
}


static int
virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
736
                              virDomainDefPtr def,
737 738
                              virDomainChrDefPtr dev,
                              virDomainChrSourceDefPtr dev_source)
739 740 741

{
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
742
    virSecurityLabelDefPtr seclabel;
743
    virSecurityDeviceLabelDefPtr chr_seclabel = NULL;
744 745
    char *in = NULL, *out = NULL;
    int ret = -1;
746 747 748
    uid_t user;
    gid_t group;

749 750
    seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);

751 752 753 754
    if (dev)
        chr_seclabel = virDomainChrDefGetSecurityLabelDef(dev,
                                                          SECURITY_DAC_NAME);

755
    if (chr_seclabel && !chr_seclabel->relabel)
756 757 758 759 760 761 762 763 764
        return 0;

    if (chr_seclabel && chr_seclabel->label) {
        if (virParseOwnershipIds(chr_seclabel->label, &user, &group) < 0)
            return -1;
    } else {
        if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < 0)
            return -1;
    }
765

766
    switch ((virDomainChrType) dev_source->type) {
767 768
    case VIR_DOMAIN_CHR_TYPE_DEV:
    case VIR_DOMAIN_CHR_TYPE_FILE:
769 770
        ret = virSecurityDACSetOwnership(dev_source->data.file.path,
                                         user, group);
771 772 773
        break;

    case VIR_DOMAIN_CHR_TYPE_PIPE:
774 775
        if ((virAsprintf(&in, "%s.in", dev_source->data.file.path) < 0) ||
            (virAsprintf(&out, "%s.out", dev_source->data.file.path) < 0))
776 777
            goto done;
        if (virFileExists(in) && virFileExists(out)) {
778 779
            if ((virSecurityDACSetOwnership(in, user, group) < 0) ||
                (virSecurityDACSetOwnership(out, user, group) < 0)) {
780
                goto done;
781
            }
782
        } else if (virSecurityDACSetOwnership(dev_source->data.file.path,
783
                                              user, group) < 0) {
784
            goto done;
785 786 787 788
        }
        ret = 0;
        break;

789 790 791 792 793 794 795 796 797
    case VIR_DOMAIN_CHR_TYPE_UNIX:
        if (!dev_source->data.nix.listen) {
            if (virSecurityDACSetOwnership(dev_source->data.nix.path,
                                           user, group) < 0)
                goto done;
        }
        ret = 0;
        break;

798 799 800 801 802 803 804 805 806 807
    case VIR_DOMAIN_CHR_TYPE_SPICEPORT:
    case VIR_DOMAIN_CHR_TYPE_NULL:
    case VIR_DOMAIN_CHR_TYPE_VC:
    case VIR_DOMAIN_CHR_TYPE_PTY:
    case VIR_DOMAIN_CHR_TYPE_STDIO:
    case VIR_DOMAIN_CHR_TYPE_UDP:
    case VIR_DOMAIN_CHR_TYPE_TCP:
    case VIR_DOMAIN_CHR_TYPE_SPICEVMC:
    case VIR_DOMAIN_CHR_TYPE_NMDM:
    case VIR_DOMAIN_CHR_TYPE_LAST:
808 809 810 811
        ret = 0;
        break;
    }

812
 done:
813 814 815 816 817 818 819
    VIR_FREE(in);
    VIR_FREE(out);
    return ret;
}

static int
virSecurityDACRestoreChardevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
820
                                  virDomainDefPtr def ATTRIBUTE_UNUSED,
821 822
                                  virDomainChrDefPtr dev,
                                  virDomainChrSourceDefPtr dev_source)
823
{
824
    virSecurityDeviceLabelDefPtr chr_seclabel = NULL;
825 826 827
    char *in = NULL, *out = NULL;
    int ret = -1;

828 829 830 831
    if (dev)
        chr_seclabel = virDomainChrDefGetSecurityLabelDef(dev,
                                                          SECURITY_DAC_NAME);

832
    if (chr_seclabel && !chr_seclabel->relabel)
833 834
        return 0;

835
    switch ((virDomainChrType) dev_source->type) {
836 837
    case VIR_DOMAIN_CHR_TYPE_DEV:
    case VIR_DOMAIN_CHR_TYPE_FILE:
838
        ret = virSecurityDACRestoreSecurityFileLabel(dev_source->data.file.path);
839 840 841
        break;

    case VIR_DOMAIN_CHR_TYPE_PIPE:
842 843
        if ((virAsprintf(&out, "%s.out", dev_source->data.file.path) < 0) ||
            (virAsprintf(&in, "%s.in", dev_source->data.file.path) < 0))
844
            goto done;
845 846 847
        if (virFileExists(in) && virFileExists(out)) {
            if ((virSecurityDACRestoreSecurityFileLabel(out) < 0) ||
                (virSecurityDACRestoreSecurityFileLabel(in) < 0)) {
J
Jim Fehlig 已提交
848
                goto done;
849
            }
850
        } else if (virSecurityDACRestoreSecurityFileLabel(dev_source->data.file.path) < 0) {
851 852
            goto done;
        }
853 854 855
        ret = 0;
        break;

856 857 858 859 860 861 862 863 864 865 866
    case VIR_DOMAIN_CHR_TYPE_NULL:
    case VIR_DOMAIN_CHR_TYPE_VC:
    case VIR_DOMAIN_CHR_TYPE_PTY:
    case VIR_DOMAIN_CHR_TYPE_STDIO:
    case VIR_DOMAIN_CHR_TYPE_UDP:
    case VIR_DOMAIN_CHR_TYPE_TCP:
    case VIR_DOMAIN_CHR_TYPE_UNIX:
    case VIR_DOMAIN_CHR_TYPE_SPICEVMC:
    case VIR_DOMAIN_CHR_TYPE_SPICEPORT:
    case VIR_DOMAIN_CHR_TYPE_NMDM:
    case VIR_DOMAIN_CHR_TYPE_LAST:
867 868 869 870
        ret = 0;
        break;
    }

871
 done:
872 873 874 875 876 877 878
    VIR_FREE(in);
    VIR_FREE(out);
    return ret;
}


static int
879
virSecurityDACRestoreChardevCallback(virDomainDefPtr def,
880 881 882 883 884
                                     virDomainChrDefPtr dev,
                                     void *opaque)
{
    virSecurityManagerPtr mgr = opaque;

885
    return virSecurityDACRestoreChardevLabel(mgr, def, dev, &dev->source);
886 887 888
}


889 890 891 892 893 894 895 896 897
static int
virSecurityDACSetSecurityTPMFileLabel(virSecurityManagerPtr mgr,
                                      virDomainDefPtr def,
                                      virDomainTPMDefPtr tpm)
{
    int ret = 0;

    switch (tpm->type) {
    case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
898
        ret = virSecurityDACSetChardevLabel(mgr, def, NULL,
899 900 901 902 903 904 905 906 907 908 909
                                            &tpm->data.passthrough.source);
        break;
    case VIR_DOMAIN_TPM_TYPE_LAST:
        break;
    }

    return ret;
}


static int
O
Osier Yang 已提交
910
virSecurityDACRestoreSecurityTPMFileLabel(virSecurityManagerPtr mgr,
911
                                          virDomainDefPtr def,
O
Osier Yang 已提交
912
                                          virDomainTPMDefPtr tpm)
913 914 915 916 917
{
    int ret = 0;

    switch (tpm->type) {
    case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
918
        ret = virSecurityDACRestoreChardevLabel(mgr, def, NULL,
919 920 921 922 923 924 925 926 927 928
                                          &tpm->data.passthrough.source);
        break;
    case VIR_DOMAIN_TPM_TYPE_LAST:
        break;
    }

    return ret;
}


929 930
static int
virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
931
                                      virDomainDefPtr def,
932
                                      bool migrated)
933 934
{
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
935
    virSecurityLabelDefPtr secdef;
936
    size_t i;
937 938
    int rc = 0;

939
    secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
940

941
    if (!priv->dynamicOwnership || (secdef && !secdef->relabel))
942
        return 0;
943 944

    VIR_DEBUG("Restoring security label on %s migrated=%d",
945
              def->name, migrated);
946

947
    for (i = 0; i < def->nhostdevs; i++) {
948
        if (virSecurityDACRestoreSecurityHostdevLabel(mgr,
949
                                                      def,
950 951
                                                      def->hostdevs[i],
                                                      NULL) < 0)
952 953
            rc = -1;
    }
954
    for (i = 0; i < def->ndisks; i++) {
955
        if (virSecurityDACRestoreSecurityImageLabelInt(mgr,
956
                                                       def,
957
                                                       def->disks[i]->src,
958 959 960 961
                                                       migrated) < 0)
            rc = -1;
    }

962
    if (virDomainChrDefForeach(def,
963 964
                               false,
                               virSecurityDACRestoreChardevCallback,
965
                               mgr) < 0)
966 967
        rc = -1;

968 969
    if (def->tpm) {
        if (virSecurityDACRestoreSecurityTPMFileLabel(mgr,
970
                                                      def,
971 972 973 974
                                                      def->tpm) < 0)
            rc = -1;
    }

975 976 977 978
    if (def->os.loader && def->os.loader->nvram &&
        virSecurityDACRestoreSecurityFileLabel(def->os.loader->nvram) < 0)
        rc = -1;

979 980
    if (def->os.kernel &&
        virSecurityDACRestoreSecurityFileLabel(def->os.kernel) < 0)
981 982
        rc = -1;

983 984
    if (def->os.initrd &&
        virSecurityDACRestoreSecurityFileLabel(def->os.initrd) < 0)
985 986
        rc = -1;

O
Olivia Yin 已提交
987 988 989 990
    if (def->os.dtb &&
        virSecurityDACRestoreSecurityFileLabel(def->os.dtb) < 0)
        rc = -1;

991 992 993 994 995
    return rc;
}


static int
996
virSecurityDACSetChardevCallback(virDomainDefPtr def,
997 998 999 1000 1001
                                 virDomainChrDefPtr dev,
                                 void *opaque)
{
    virSecurityManagerPtr mgr = opaque;

1002
    return virSecurityDACSetChardevLabel(mgr, def, dev, &dev->source);
1003 1004 1005 1006 1007
}


static int
virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr,
1008
                                  virDomainDefPtr def,
1009 1010 1011
                                  const char *stdin_path ATTRIBUTE_UNUSED)
{
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
1012
    virSecurityLabelDefPtr secdef;
1013
    size_t i;
1014 1015
    uid_t user;
    gid_t group;
1016

1017 1018
    secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);

1019
    if (!priv->dynamicOwnership || (secdef && !secdef->relabel))
1020 1021
        return 0;

1022
    for (i = 0; i < def->ndisks; i++) {
1023
        /* XXX fixme - we need to recursively label the entire tree :-( */
E
Eric Blake 已提交
1024
        if (virDomainDiskGetType(def->disks[i]) == VIR_STORAGE_TYPE_DIR)
1025
            continue;
1026 1027 1028
        if (virSecurityDACSetSecurityDiskLabel(mgr,
                                               def,
                                               def->disks[i]) < 0)
1029 1030
            return -1;
    }
1031
    for (i = 0; i < def->nhostdevs; i++) {
1032
        if (virSecurityDACSetSecurityHostdevLabel(mgr,
1033
                                                  def,
1034 1035
                                                  def->hostdevs[i],
                                                  NULL) < 0)
1036 1037 1038
            return -1;
    }

1039
    if (virDomainChrDefForeach(def,
1040 1041
                               true,
                               virSecurityDACSetChardevCallback,
1042
                               mgr) < 0)
1043 1044
        return -1;

1045 1046 1047 1048 1049 1050 1051
    if (def->tpm) {
        if (virSecurityDACSetSecurityTPMFileLabel(mgr,
                                                  def,
                                                  def->tpm) < 0)
            return -1;
    }

1052
    if (virSecurityDACGetImageIds(secdef, priv, &user, &group))
1053 1054
        return -1;

1055 1056 1057 1058
    if (def->os.loader && def->os.loader->nvram &&
        virSecurityDACSetOwnership(def->os.loader->nvram, user, group) < 0)
        return -1;

1059
    if (def->os.kernel &&
1060
        virSecurityDACSetOwnership(def->os.kernel, user, group) < 0)
1061 1062
        return -1;

1063
    if (def->os.initrd &&
1064
        virSecurityDACSetOwnership(def->os.initrd, user, group) < 0)
1065 1066
        return -1;

O
Olivia Yin 已提交
1067 1068 1069 1070
    if (def->os.dtb &&
        virSecurityDACSetOwnership(def->os.dtb, user, group) < 0)
        return -1;

1071 1072 1073 1074 1075 1076
    return 0;
}


static int
virSecurityDACSetSavedStateLabel(virSecurityManagerPtr mgr,
1077
                                 virDomainDefPtr def,
1078 1079
                                 const char *savefile)
{
1080 1081
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    virSecurityLabelDefPtr secdef;
1082 1083
    uid_t user;
    gid_t group;
1084

1085 1086 1087
    secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);

    if (virSecurityDACGetImageIds(secdef, priv, &user, &group) < 0)
1088 1089 1090
        return -1;

    return virSecurityDACSetOwnership(savefile, user, group);
1091 1092 1093 1094 1095
}


static int
virSecurityDACRestoreSavedStateLabel(virSecurityManagerPtr mgr,
1096
                                     virDomainDefPtr def ATTRIBUTE_UNUSED,
1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109
                                     const char *savefile)
{
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);

    if (!priv->dynamicOwnership)
        return 0;

    return virSecurityDACRestoreSecurityFileLabel(savefile);
}


static int
virSecurityDACSetProcessLabel(virSecurityManagerPtr mgr,
1110
                              virDomainDefPtr def)
1111
{
1112 1113
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    virSecurityLabelDefPtr secdef;
1114 1115
    uid_t user;
    gid_t group;
1116 1117
    gid_t *groups;
    int ngroups;
1118

1119 1120 1121
    secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);

    if (virSecurityDACGetIds(secdef, priv, &user, &group, &groups, &ngroups) < 0)
1122
        return -1;
1123

1124 1125
    VIR_DEBUG("Dropping privileges of DEF to %u:%u, %d supplemental groups",
              (unsigned int) user, (unsigned int) group, ngroups);
1126

1127
    if (virSetUIDGID(user, group, groups, ngroups) < 0)
1128 1129 1130
        return -1;

    return 0;
1131 1132 1133
}


1134 1135
static int
virSecurityDACSetChildProcessLabel(virSecurityManagerPtr mgr,
1136
                                   virDomainDefPtr def,
1137 1138
                                   virCommandPtr cmd)
{
1139 1140
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    virSecurityLabelDefPtr secdef;
1141 1142 1143
    uid_t user;
    gid_t group;

1144 1145 1146
    secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);

    if (virSecurityDACGetIds(secdef, priv, &user, &group, NULL, NULL))
1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157
        return -1;

    VIR_DEBUG("Setting child to drop privileges of DEF to %u:%u",
              (unsigned int) user, (unsigned int) group);

    virCommandSetUID(cmd, user);
    virCommandSetGID(cmd, group);
    return 0;
}


1158 1159 1160 1161 1162 1163 1164 1165
static int
virSecurityDACVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
                     virDomainDefPtr def ATTRIBUTE_UNUSED)
{
    return 0;
}

static int
1166 1167
virSecurityDACGenLabel(virSecurityManagerPtr mgr,
                       virDomainDefPtr def)
1168
{
1169 1170 1171 1172 1173
    int rc = -1;
    virSecurityLabelDefPtr seclabel;
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);

    seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
1174
    if (seclabel == NULL)
1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192
        return rc;

    if (seclabel->imagelabel) {
        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
                       _("security image label already "
                         "defined for VM"));
        return rc;
    }

    if (seclabel->model
        && STRNEQ(seclabel->model, SECURITY_DAC_NAME)) {
        virReportError(VIR_ERR_INTERNAL_ERROR,
                       _("security label model %s is not supported "
                         "with selinux"),
                       seclabel->model);
            return rc;
    }

1193
    switch ((virDomainSeclabelType) seclabel->type) {
1194 1195 1196 1197 1198 1199 1200 1201 1202
    case VIR_DOMAIN_SECLABEL_STATIC:
        if (seclabel->label == NULL) {
            virReportError(VIR_ERR_INTERNAL_ERROR,
                           _("missing label for static security "
                             "driver in domain %s"), def->name);
            return rc;
        }
        break;
    case VIR_DOMAIN_SECLABEL_DYNAMIC:
1203
        if (virAsprintf(&seclabel->label, "+%u:+%u",
1204
                        (unsigned int) priv->user,
1205
                        (unsigned int) priv->group) < 0)
1206 1207 1208 1209 1210 1211 1212 1213 1214 1215
            return rc;
        if (seclabel->label == NULL) {
            virReportError(VIR_ERR_INTERNAL_ERROR,
                           _("cannot generate dac user and group id "
                             "for domain %s"), def->name);
            return rc;
        }
        break;
    case VIR_DOMAIN_SECLABEL_NONE:
        /* no op */
1216
        return 0;
1217 1218
    case VIR_DOMAIN_SECLABEL_DEFAULT:
    case VIR_DOMAIN_SECLABEL_LAST:
1219 1220 1221 1222 1223 1224
        virReportError(VIR_ERR_INTERNAL_ERROR,
                       _("unexpected security label type '%s'"),
                       virDomainSeclabelTypeToString(seclabel->type));
        return rc;
    }

1225
    if (seclabel->relabel && !seclabel->imagelabel &&
1226 1227 1228
        VIR_STRDUP(seclabel->imagelabel, seclabel->label) < 0) {
        VIR_FREE(seclabel->label);
        return rc;
1229 1230
    }

1231 1232 1233 1234 1235
    return 0;
}

static int
virSecurityDACReleaseLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
1236
                           virDomainDefPtr def ATTRIBUTE_UNUSED)
1237 1238 1239 1240 1241 1242
{
    return 0;
}

static int
virSecurityDACReserveLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
1243 1244
                           virDomainDefPtr def ATTRIBUTE_UNUSED,
                           pid_t pid ATTRIBUTE_UNUSED)
1245 1246 1247 1248
{
    return 0;
}

1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305
#ifdef __linux__
static int
virSecurityDACGetProcessLabelInternal(pid_t pid,
                                      virSecurityLabelPtr seclabel)
{
    struct stat sb;
    char *path = NULL;
    int ret = -1;

    VIR_DEBUG("Getting DAC user and group on process '%d'", pid);

    if (virAsprintf(&path, "/proc/%d", (int) pid) < 0)
        goto cleanup;

    if (lstat(path, &sb) < 0) {
        virReportSystemError(errno,
                             _("unable to get uid and gid for PID %d via procfs"),
                             pid);
        goto cleanup;
    }

    snprintf(seclabel->label, VIR_SECURITY_LABEL_BUFLEN,
             "+%u:+%u", (unsigned int) sb.st_uid, (unsigned int) sb.st_gid);
    ret = 0;

 cleanup:
    VIR_FREE(path);
    return ret;
}
#elif defined(__FreeBSD__)
static int
virSecurityDACGetProcessLabelInternal(pid_t pid,
                                      virSecurityLabelPtr seclabel)
{
    struct kinfo_proc p;
    int mib[4];
    size_t len = 4;

    sysctlnametomib("kern.proc.pid", mib, &len);

    len = sizeof(struct kinfo_proc);
    mib[3] = pid;

    if (sysctl(mib, 4, &p, &len, NULL, 0) < 0) {
        virReportSystemError(errno,
                             _("unable to get PID %d uid and gid via sysctl"),
                             pid);
        return -1;
    }

    snprintf(seclabel->label, VIR_SECURITY_LABEL_BUFLEN,
             "+%u:+%u", (unsigned int) p.ki_uid, (unsigned int) p.ki_groups[0]);

    return 0;
}
#else
static int
J
Ján Tomko 已提交
1306 1307
virSecurityDACGetProcessLabelInternal(pid_t pid ATTRIBUTE_UNUSED,
                                      virSecurityLabelPtr seclabel ATTRIBUTE_UNUSED)
1308 1309 1310 1311 1312 1313 1314
{
    virReportSystemError(ENOSYS, "%s",
                         _("Cannot get process uid and gid on this platform"));
    return -1;
}
#endif

1315 1316
static int
virSecurityDACGetProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
1317
                              virDomainDefPtr def,
1318
                              pid_t pid,
1319
                              virSecurityLabelPtr seclabel)
1320
{
1321 1322 1323
    virSecurityLabelDefPtr secdef =
        virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);

1324 1325 1326 1327 1328 1329 1330 1331
    if (secdef == NULL) {
        VIR_DEBUG("missing label for DAC security "
                  "driver in domain %s", def->name);

        if (virSecurityDACGetProcessLabelInternal(pid, seclabel) < 0)
            return -1;
        return 0;
    }
1332 1333

    if (secdef->label)
1334 1335
        ignore_value(virStrcpy(seclabel->label, secdef->label,
                               VIR_SECURITY_LABEL_BUFLEN));
1336

1337 1338 1339 1340
    return 0;
}

static int
1341
virSecurityDACSetDaemonSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
1342
                                   virDomainDefPtr vm ATTRIBUTE_UNUSED)
1343 1344 1345 1346 1347
{
    return 0;
}


1348 1349
static int
virSecurityDACSetSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
1350
                             virDomainDefPtr def ATTRIBUTE_UNUSED)
1351 1352 1353 1354 1355
{
    return 0;
}


1356 1357
static int
virSecurityDACClearSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
1358
                               virDomainDefPtr def ATTRIBUTE_UNUSED)
1359 1360 1361 1362
{
    return 0;
}

1363
static int
1364
virSecurityDACSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
1365
                              virDomainDefPtr def ATTRIBUTE_UNUSED,
1366
                              int fd ATTRIBUTE_UNUSED)
1367 1368 1369 1370
{
    return 0;
}

1371 1372 1373 1374 1375 1376 1377 1378
static int
virSecurityDACSetTapFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
                            virDomainDefPtr def ATTRIBUTE_UNUSED,
                            int fd ATTRIBUTE_UNUSED)
{
    return 0;
}

O
Osier Yang 已提交
1379 1380 1381 1382
static char *
virSecurityDACGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
                              virDomainDefPtr vm ATTRIBUTE_UNUSED)
{
1383 1384 1385
    return NULL;
}

1386 1387 1388 1389 1390 1391 1392 1393
static const char *
virSecurityDACGetBaseLabel(virSecurityManagerPtr mgr,
                           int virt ATTRIBUTE_UNUSED)
{
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    return priv->baselabel;
}

1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411
static int
virSecurityDACDomainSetDirLabel(virSecurityManagerPtr mgr,
                                virDomainDefPtr def,
                                const char *path)
{
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    virSecurityLabelDefPtr seclabel;
    uid_t user;
    gid_t group;

    seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);

    if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < 0)
        return -1;

    return virSecurityDACSetOwnership(path, user, group);
}

1412
virSecurityDriver virSecurityDriverDAC = {
1413
    .privateDataLen                     = sizeof(virSecurityDACData),
1414
    .name                               = SECURITY_DAC_NAME,
1415 1416 1417
    .probe                              = virSecurityDACProbe,
    .open                               = virSecurityDACOpen,
    .close                              = virSecurityDACClose,
1418

1419 1420
    .getModel                           = virSecurityDACGetModel,
    .getDOI                             = virSecurityDACGetDOI,
1421

1422 1423
    .preFork                            = virSecurityDACPreFork,

1424
    .domainSecurityVerify               = virSecurityDACVerify,
1425

1426
    .domainSetSecurityDiskLabel         = virSecurityDACSetSecurityDiskLabel,
1427
    .domainRestoreSecurityDiskLabel     = virSecurityDACRestoreSecurityDiskLabel,
1428

1429
    .domainSetSecurityImageLabel        = virSecurityDACSetSecurityImageLabel,
1430 1431
    .domainRestoreSecurityImageLabel    = virSecurityDACRestoreSecurityImageLabel,

1432 1433 1434
    .domainSetSecurityDaemonSocketLabel = virSecurityDACSetDaemonSocketLabel,
    .domainSetSecuritySocketLabel       = virSecurityDACSetSocketLabel,
    .domainClearSecuritySocketLabel     = virSecurityDACClearSocketLabel,
1435

1436 1437 1438
    .domainGenSecurityLabel             = virSecurityDACGenLabel,
    .domainReserveSecurityLabel         = virSecurityDACReserveLabel,
    .domainReleaseSecurityLabel         = virSecurityDACReleaseLabel,
1439

1440 1441
    .domainGetSecurityProcessLabel      = virSecurityDACGetProcessLabel,
    .domainSetSecurityProcessLabel      = virSecurityDACSetProcessLabel,
1442
    .domainSetSecurityChildProcessLabel = virSecurityDACSetChildProcessLabel,
1443

1444 1445
    .domainSetSecurityAllLabel          = virSecurityDACSetSecurityAllLabel,
    .domainRestoreSecurityAllLabel      = virSecurityDACRestoreSecurityAllLabel,
1446

1447 1448
    .domainSetSecurityHostdevLabel      = virSecurityDACSetSecurityHostdevLabel,
    .domainRestoreSecurityHostdevLabel  = virSecurityDACRestoreSecurityHostdevLabel,
1449

1450 1451
    .domainSetSavedStateLabel           = virSecurityDACSetSavedStateLabel,
    .domainRestoreSavedStateLabel       = virSecurityDACRestoreSavedStateLabel,
1452

1453
    .domainSetSecurityImageFDLabel      = virSecurityDACSetImageFDLabel,
1454
    .domainSetSecurityTapFDLabel        = virSecurityDACSetTapFDLabel,
1455

1456
    .domainGetSecurityMountOptions      = virSecurityDACGetMountOptions,
1457 1458

    .getBaseLabel                       = virSecurityDACGetBaseLabel,
1459 1460

    .domainSetDirLabel                  = virSecurityDACDomainSetDirLabel,
1461
};