Core internal driver stub for sVirt support (Jams Morris & Dan Walsh)

上级 a8cd24b3
master openEuler-20.03-LTS openEuler-20.09 v0.10.2-maint v0.8.3-maint v0.9.11-maint v0.9.12-maint v0.9.6-maint v1.0.0-maint v1.0.1-maint v1.0.2-maint v1.0.3-maint v1.0.4-maint v1.0.5-maint v1.0.6-maint v1.1.0-maint v1.1.1-maint v1.1.2-maint v1.1.3-maint v1.1.4-maint v1.2.0-maint v1.2.1-maint v1.2.10-maint v1.2.11-maint v1.2.12-maint v1.2.13-maint v1.2.14-maint v1.2.15-maint v1.2.16-maint v1.2.17-maint v1.2.18-maint v1.2.19-maint v1.2.2-maint v1.2.20-maint v1.2.21-maint v1.2.3-maint v1.2.4-maint v1.2.5-maint v1.2.6-maint v1.2.7-maint v1.2.8-maint v1.2.9-maint v1.3.0-maint v1.3.1-maint v1.3.2-maint v1.3.3-maint v1.3.4-maint v1.3.5-maint v2.0-maint v2.1-maint v2.2-maint v3.0-maint v3.2-maint v3.7-maint v4.1-maint v4.10-maint v4.2-maint v4.3-maint v4.4-maint v4.5-maint v4.6-maint v4.7-maint v4.8-maint v4.9-maint v5.0-maint v5.1-maint v5.1.0-maint v5.2-maint v5.3-maint v6.5.0-rc2 v6.5.0-rc1 v6.4.0 v6.4.0-rc1 v6.3.0 v6.3.0-rc1 v6.2.0 v6.2.0-rc1 v6.1.0 v6.1.0-rc2 v6.1.0-rc1 v6.0.0 v6.0.0-rc2 v6.0.0-rc1 v5.10.0 v5.10.0-rc2 v5.10.0-rc1 v5.9.0 v5.9.0-rc1 v5.8.0 v5.8.0-rc2 v5.8.0-rc1 v5.7.0 v5.7.0-rc2 v5.7.0-rc1 v5.6.0 v5.6.0-rc2 v5.6.0-rc1 v5.5.0 v5.5.0-rc2 v5.5.0-rc1 v5.4.0 v5.4.0-rc2 v5.4.0-rc1 v5.3.0 v5.3.0-rc2 v5.3.0-rc1 v5.2.0 v5.2.0-rc2 v5.2.0-rc1 v5.1.0 v5.1.0-rc2 v5.1.0-rc1 v5.0.0 v5.0.0-rc2 v5.0.0-rc1 v4.10.0 v4.10.0-rc2 v4.10.0-rc1 v4.9.0 v4.9.0-rc1 v4.8.0 v4.8.0-rc2 v4.8.0-rc1 v4.7.0 v4.7.0-rc2 v4.7.0-rc1 v4.6.0 v4.6.0-rc2 v4.6.0-rc1 v4.5.0 v4.5.0-rc2 v4.5.0-rc1 v4.4.0 v4.4.0-rc2 v4.4.0-rc1 v4.3.0 v4.3.0-rc2 v4.3.0-rc1 v4.2.0 v4.2.0-rc2 v4.2.0-rc1 v4.1.0 v4.1.0-rc2 v4.1.0-rc1 v4.0.0 v4.0.0-rc2 v4.0.0-rc1 v3.10.0 v3.10.0-rc2 v3.10.0-rc1 v3.9.0 v3.9.0-rc2 v3.9.0-rc1 v3.8.0 v3.8.0-rc1 v3.7.0 v3.7.0-rc2 v3.7.0-rc1 v3.6.0 v3.6.0-rc2 v3.6.0-rc1 v3.5.0 v3.5.0-rc2 v3.5.0-rc1 v3.4.0 v3.4.0-rc2 v3.4.0-rc1 v3.3.0 v3.3.0-rc2 v3.3.0-rc1 v3.2.1 v3.2.0 v3.2.0-rc2 v3.2.0-rc1 v3.1.0 v3.1.0-rc2 v3.1.0-rc1 v3.0.0 v3.0.0-rc2 v3.0.0-rc1 v2.5.0 v2.5.0-rc2 v2.5.0-rc1 v2.4.0 v2.4.0-rc2 v2.4.0-rc1 v2.3.0 v2.3.0-rc2 v2.3.0-rc1 v2.2.1 v2.2.0 v2.2.0-rc2 v2.2.0-rc1 v2.1.0 v2.1.0-rc1 v2.0.0 v2.0.0-rc2 v2.0.0-rc1 v1.3.5 v1.3.5-rc1 v1.3.4 v1.3.4-rc2 v1.3.4-rc1 v1.3.3.3 v1.3.3.2 v1.3.3.1 v1.3.3 v1.3.3-rc2 v1.3.3-rc1 v1.3.2 v1.3.2-rc2 v1.3.2-rc1 v1.3.1 v1.3.1-rc2 v1.3.1-rc1 v1.3.0 v1.3.0-rc2 v1.3.0-rc1 v1.2.21 v1.2.21-rc2 v1.2.21-rc1 v1.2.20 v1.2.20-rc2 v1.2.20-rc1 v1.2.19 v1.2.19-rc2 v1.2.19-rc1 v1.2.18.4 v1.2.18.3 v1.2.18.2 v1.2.18.1 v1.2.18 v1.2.18-rc2 v1.2.18-rc1 v1.2.17 v1.2.17-rc2 v1.2.17-rc1 v1.2.16 v1.2.16-rc2 v1.2.16-rc1 v1.2.15 v1.2.15-rc2 v1.2.15-rc1 v1.2.14 v1.2.14-rc2 v1.2.14-rc1 v1.2.13.2 v1.2.13.1 v1.2.13 v1.2.13-rc2 v1.2.13-rc1 v1.2.12 v1.2.12-rc2 v1.2.12-rc1 v1.2.11 v1.2.11-rc2 v1.2.11-rc1 v1.2.10 v1.2.10-rc2 v1.2.10-rc1 v1.2.9.3 v1.2.9.2 v1.2.9.1 v1.2.9 v1.2.9-rc2 v1.2.9-rc1 v1.2.8 v1.2.8-rc2 v1.2.8-rc1 v1.2.7 v1.2.7-rc2 v1.2.7-rc1 v1.2.6 v1.2.6-rc2 v1.2.6-rc1 v1.2.5 v1.2.5-rc2 v1.2.5-rc1 v1.2.4 v1.2.4-rc2 v1.2.4-rc1 v1.2.3 v1.2.3-rc2 v1.2.3-rc1 v1.2.2 v1.2.2-rc2 v1.2.2-rc1 v1.2.1 v1.2.1-rc2 v1.2.1-rc1 v1.2.0 v1.2.0-rc2 v1.2.0-rc1 v1.1.4 v1.1.4-rc2 v1.1.4-rc1 v1.1.3.9 v1.1.3.8 v1.1.3.7 v1.1.3.6 v1.1.3.5 v1.1.3.4 v1.1.3.3 v1.1.3.2 v1.1.3.1 v1.1.3 v1.1.3-rc2 v1.1.3-rc1 v1.1.2 v1.1.2-rc2 v1.1.2-rc1 v1.1.1 v1.1.1-rc2 v1.1.1-rc1 v1.1.0 v1.1.0-rc2 v1.1.0-rc1 v1.0.6 v1.0.6-rc2 v1.0.6-rc1 v1.0.5.9 v1.0.5.8 v1.0.5.7 v1.0.5.6 v1.0.5.5 v1.0.5.4 v1.0.5.3 v1.0.5.2 v1.0.5.1 v1.0.5 v1.0.5-rc1 v1.0.4 v1.0.4-rc2 v1.0.4-rc1 v1.0.3 v1.0.3-rc2 v1.0.3-rc1 v1.0.2 v1.0.2-rc2 v1.0.2-rc1 v1.0.1 v1.0.1-rc2 v1.0.1-rc1 v1.0.0 v1.0.0-rc3 v1.0.0-rc2 v1.0.0-rc1 v0.10.2.8 v0.10.2.7 v0.10.2.6 v0.10.2.5 v0.10.2.4 v0.10.2.3 v0.10.2.2 v0.10.2.1 v0.10.2 v0.10.2-rc2 v0.10.2-rc1 v0.10.1 v0.10.0 v0.10.0-rc2 v0.10.0-rc1 v0.10.0-rc0 v0.9.13 v0.9.13-rc2 v0.9.13-rc1 v0.9.12.3 v0.9.12.2 v0.9.12.1 v0.9.12 v0.9.12-rc2 v0.9.12-rc1 v0.9.11.10 v0.9.11.9 v0.9.11.8 v0.9.11.7 v0.9.11.6 v0.9.11.5 v0.9.11.4 v0.9.11.3 v0.9.11.2 v0.9.11.1 v0.9.11 v0.9.11-rc2 v0.9.11-rc1 v0.9.10 v0.9.10-rc2 v0.9.10-rc1 v0.9.9 v0.9.9-rc2 v0.9.9-rc1 v0.9.8 v0.9.8-rc2 v0.9.8-rc1 v0.9.7 v0.9.7-rc1 v0.9.6.4 v0.9.6.3 v0.9.6.2 v0.9.6.1 v0.9.6 v0.9.5 v0.9.5-rc3 v0.9.5-rc2 v0.9.5-rc1 v0.9.4 v0.9.4-rc2 v0.9.4-rc1 v0.9.3 v0.9.3-rc2 v0.9.3-rc1 v0.9.2 v0.9.1 v0.9.0 v0.8.8 v0.8.7 v0.8.6 v0.8.5 v0.8.4 v0.8.3 v0.8.2 v0.8.1 v0.8.0 v0.7.7 v0.7.6 v0.7.5 v0.7.4 v0.7.3 v0.7.2 v0.7.1 v0.7.0 v0.6.5 v0.6.4 v0.6.3 v0.6.2 v0.6.1 LIBVIRT_0_6_5 LIBVIRT_0_6_4 LIBVIRT_0_6_3 LIBVIRT_0_6_2 LIBVIRT_0_6_1 CVE-2017-1000256 CVE-2017-2635 CVE-2016-5008 CVE-2015-5313 CVE-2015-5247-3 CVE-2015-5247-2 CVE-2015-5247-1 CVE-2015-0236-2 CVE-2015-0236-1 CVE-2014-8136 CVE-2014-8135 CVE-2014-8131-2 CVE-2014-8131-1 CVE-2014-7823 CVE-2014-3657 CVE-2014-3633 CVE-2014-1447-2 CVE-2014-1447-1 CVE-2014-0179 CVE-2014-0028 CVE-2013-7336 CVE-2013-6458-4 CVE-2013-6458-3 CVE-2013-6458-2 CVE-2013-6458-1 CVE-2013-6457 CVE-2013-6436 CVE-2013-5651 CVE-2013-4401 CVE-2013-4400-3 CVE-2013-4400-2 CVE-2013-4400-1 CVE-2013-4399 CVE-2013-4311 CVE-2013-4297 CVE-2013-4296 CVE-2013-4292 CVE-2013-4291 CVE-2013-4239 CVE-2013-4154 CVE-2013-4153 CVE-2013-2230 CVE-2013-2218 CVE-2013-1962 CVE-2013-0170 CVE-2012-4423 CVE-2012-3445 CVE-2012-3411 CVE-2011-2178 CVE-2011-1486 CVE-2011-1146
无相关合并请求
Tue Mar 3 09:40:13 GMT 2009 Daniel P. Berrange <berrange@redhat.com>
Core internal driver stub for sVirt support (Jams Morris & Dan Walsh)
* Makefile.maint: Add virSecurityReportError as a msggen
function
* docs/schemas/capability.rng: Add <secmodel> element
* docs/schemas/domain.rng: Add <seclabel> element
* include/libvirt/virterror.h, src/virterror.c: Add
VIR_FROM_SECURITY and VIR_ERR_NO_SECURITY_MODEL
* po/POTFILES.in: Add src/security.c
* src/Makefile.am: Build security driver into libvirt.so
* src/capabilities.c, src/capabilities.h: Handling of
<secmodel> element / data
* src/domain_conf.c, src/domain_conf.h: Handling of
<seclabel> element / data
* src/libvirt_private.syms: Add virXPathStringLimit and
virSecurity* methods
* src/security.c, src/security.h: Add internal driver
stub impl
* src/storage_backend.c: TODO item about seclabel
* src/xml.c, src/xml.h: Add virXPathStringLimit
Tue Mar 3 09:25:13 GMT 2009 Daniel P. Berrange <berrange@redhat.com>
Remote protocol / RPC API for sVirt support (James Morris & Dan Walsh)
......
......@@ -343,6 +343,7 @@ msg_gen_function += umlLog
msg_gen_function += umlReportError
msg_gen_function += virConfError
msg_gen_function += virDomainReportError
msg_gen_function += virSecurityReportError
msg_gen_function += virHashError
msg_gen_function += virLibConnError
msg_gen_function += virLibDomainError
......
......@@ -33,9 +33,24 @@
<optional>
<ref name='topology'/>
</optional>
<optional>
<ref name='secmodel'/>
</optional>
</element>
</define>
<define name='secmodel'>
<element name='secmodel'>
<element name='model'>
<text/>
</element>
<element name='doi'>
<text/>
</element>
</element>
</define>
<define name='cpufeatures'>
<element name='features'>
<optional>
......
......@@ -22,10 +22,25 @@
<optional>
<ref name='devices'/>
</optional>
<optional>
<ref name='seclabel'/>
</optional>
</interleave>
</element>
</define>
<define name='seclabel'>
<element name='seclabel'>
<attribute name='model'>
<text/>
</attribute>
<element name='label'>
<text/>
</element>
</element>
</define>
<define name='hvs'>
<attribute name='type'>
<choice>
......
......@@ -61,6 +61,7 @@ typedef enum {
VIR_FROM_UML, /* Error at the UML driver */
VIR_FROM_NODEDEV, /* Error from node device monitor */
VIR_FROM_XEN_INOTIFY, /* Error from xen inotify layer */
VIR_FROM_SECURITY, /* Error from security framework */
} virErrorDomain;
......@@ -154,6 +155,7 @@ typedef enum {
VIR_WAR_NO_NODE, /* failed to start node driver */
VIR_ERR_INVALID_NODE_DEVICE,/* invalid node device object */
VIR_ERR_NO_NODE_DEVICE,/* node device not found */
VIR_ERR_NO_SECURITY_MODEL, /* security model not found */
} virErrorNumber;
/**
......
......@@ -23,6 +23,7 @@ src/proxy_internal.c
src/qemu_conf.c
src/qemu_driver.c
src/remote_internal.c
src/security.c
src/storage_backend.c
src/storage_backend_disk.c
src/storage_backend_fs.c
......
......@@ -140,7 +140,7 @@ UML_DRIVER_SOURCES = \
NETWORK_DRIVER_SOURCES = \
network_driver.h network_driver.c
# And finally storage backend specific impls
# Storage backend specific impls
STORAGE_DRIVER_SOURCES = \
storage_driver.h storage_driver.c \
storage_backend.h storage_backend.c
......@@ -166,6 +166,11 @@ STORAGE_HELPER_DISK_SOURCES = \
parthelper.c
# Security framework and drivers for various models
SECURITY_DRIVER_SOURCES = \
security.h security.c
NODE_DEVICE_DRIVER_SOURCES = \
node_device.c node_device.h
......@@ -379,6 +384,10 @@ endif
endif
libvirt_driver_security_la_SOURCES = $(SECURITY_DRIVER_SOURCES)
noinst_LTLIBRARIES += libvirt_driver_security.la
libvirt_la_LIBADD += libvirt_driver_security.la
# Add all conditional sources just in case...
EXTRA_DIST += \
$(TEST_DRIVER_SOURCES) \
......
......@@ -150,6 +150,8 @@ virCapabilitiesFree(virCapsPtr caps) {
VIR_FREE(caps->host.migrateTrans);
VIR_FREE(caps->host.arch);
VIR_FREE(caps->host.secModel.model);
VIR_FREE(caps->host.secModel.doi);
VIR_FREE(caps);
}
......@@ -599,6 +601,14 @@ virCapabilitiesFormatXML(virCapsPtr caps)
virBufferAddLit(&xml, " </cells>\n");
virBufferAddLit(&xml, " </topology>\n");
}
if (caps->host.secModel.model) {
virBufferAddLit(&xml, " <secmodel>\n");
virBufferVSprintf(&xml, " <model>%s</model>\n", caps->host.secModel.model);
virBufferVSprintf(&xml, " <doi>%s</doi>\n", caps->host.secModel.doi);
virBufferAddLit(&xml, " </secmodel>\n");
}
virBufferAddLit(&xml, " </host>\n\n");
......
......@@ -78,6 +78,12 @@ struct _virCapsHostNUMACell {
int *cpus;
};
typedef struct _virCapsHostSecModel virCapsHostSecModel;
struct _virCapsHostSecModel {
char *model;
char *doi;
};
typedef struct _virCapsHost virCapsHost;
typedef virCapsHost *virCapsHostPtr;
struct _virCapsHost {
......@@ -90,6 +96,7 @@ struct _virCapsHost {
char **migrateTrans;
int nnumaCell;
virCapsHostNUMACellPtr *numaCell;
virCapsHostSecModel secModel;
};
typedef struct _virCaps virCaps;
......
......@@ -387,6 +387,15 @@ void virDomainDeviceDefFree(virDomainDeviceDefPtr def)
VIR_FREE(def);
}
void virSecurityLabelDefFree(virDomainDefPtr def);
void virSecurityLabelDefFree(virDomainDefPtr def)
{
VIR_FREE(def->seclabel.model);
VIR_FREE(def->seclabel.label);
VIR_FREE(def->seclabel.imagelabel);
}
void virDomainDefFree(virDomainDefPtr def)
{
unsigned int i;
......@@ -445,6 +454,8 @@ void virDomainDefFree(virDomainDefPtr def)
VIR_FREE(def->cpumask);
VIR_FREE(def->emulator);
virSecurityLabelDefFree(def);
VIR_FREE(def);
}
......@@ -1833,6 +1844,34 @@ static int virDomainLifecycleParseXML(virConnectPtr conn,
return 0;
}
static int
virSecurityLabelDefParseXML(virConnectPtr conn,
const virDomainDefPtr def,
xmlXPathContextPtr ctxt)
{
char *p;
if (virXPathNode(conn, "./seclabel", ctxt) == NULL)
return 0;
p = virXPathStringLimit(conn, "string(./seclabel/label[1])",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
if (p == NULL)
goto error;
def->seclabel.label = p;
p = virXPathStringLimit(conn, "string(./seclabel/@model)",
VIR_SECURITY_MODEL_BUFLEN-1, ctxt);
if (p == NULL)
goto error;
def->seclabel.model = p;
return 0;
error:
virSecurityLabelDefFree(def);
return -1;
}
virDomainDeviceDefPtr virDomainDeviceDefParse(virConnectPtr conn,
virCapsPtr caps,
......@@ -2418,6 +2457,10 @@ static virDomainDefPtr virDomainDefParseXML(virConnectPtr conn,
}
VIR_FREE(nodes);
/* analysis of security label */
if (virSecurityLabelDefParseXML(conn, def, ctxt) == -1)
goto error;
return def;
no_memory:
......@@ -3435,6 +3478,13 @@ char *virDomainDefFormat(virConnectPtr conn,
goto cleanup;
virBufferAddLit(&buf, " </devices>\n");
if (def->seclabel.model) {
virBufferEscapeString(&buf, " <seclabel model='%s'>\n", def->seclabel.model);
virBufferEscapeString(&buf, " <label>%s</label>\n", def->seclabel.label);
virBufferAddLit(&buf, " </seclabel>\n");
}
virBufferAddLit(&buf, "</domain>\n");
if (virBufferError(&buf))
......
......@@ -410,6 +410,15 @@ struct _virDomainOSDef {
char *bootloaderArgs;
};
/* Security configuration for domain */
typedef struct _virSecurityLabelDef virSecurityLabelDef;
typedef virSecurityLabelDef *virSecurityLabelDefPtr;
struct _virSecurityLabelDef {
char *model; /* name of security model */
char *label; /* security label string */
char *imagelabel; /* security image label string */
};
#define VIR_DOMAIN_CPUMASK_LEN 1024
/* Guest VM main configuration */
......@@ -467,6 +476,7 @@ struct _virDomainDef {
/* Only 1 */
virDomainChrDefPtr console;
virSecurityLabelDef seclabel;
};
/* Guest VM runtime state */
......
......@@ -247,6 +247,14 @@ qparam_query_parse;
free_qparam_set;
# security.h
virSecurityDriverStartup;
virSecurityDriverInit;
virSecurityDriverSetDOI;
virSecurityDriverGetDOI;
virSecurityDriverGetModel;
# storage_conf.h
virStoragePoolDefFormat;
virStoragePoolDefFree;
......@@ -351,3 +359,4 @@ virXPathNode;
virXPathNodeSet;
virXPathString;
virXMLPropString;
virXPathStringLimit;
/*
* Copyright (C) 2008 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* Authors:
* James Morris <jmorris@namei.org>
*
*/
#include <config.h>
#include <string.h>
#include "virterror_internal.h"
#include "security.h"
static virSecurityDriverPtr security_drivers[] = {
NULL
};
int
virSecurityDriverStartup(virSecurityDriverPtr *drv,
const char *name)
{
unsigned int i;
if (name && STREQ(name, "none"))
return -2;
for (i = 0; security_drivers[i] != NULL ; i++) {
virSecurityDriverPtr tmp = security_drivers[i];
if (name && STRNEQ(tmp->name, name))
continue;
switch (tmp->probe()) {
case SECURITY_DRIVER_ENABLE:
virSecurityDriverInit(tmp);
if (tmp->open(NULL, tmp) == -1) {
return -1;
} else {
*drv = tmp;
return 0;
}
break;
case SECURITY_DRIVER_DISABLE:
break;
default:
return -1;
}
}
return -2;
}
void
virSecurityReportError(virConnectPtr conn, int code, const char *fmt, ...)
{
va_list args;
char errorMessage[1024];
if (fmt) {
va_start(args, fmt);
vsnprintf(errorMessage, sizeof(errorMessage) - 1, fmt, args);
va_end(args);
} else
errorMessage[0] = '\0';
virRaiseError(conn, NULL, NULL, VIR_FROM_SECURITY, code,
VIR_ERR_ERROR, NULL, NULL, NULL, -1, -1, "%s",
errorMessage);
}
/*
* Helpers
*/
void
virSecurityDriverInit(virSecurityDriverPtr drv)
{
memset(&drv->_private, 0, sizeof drv->_private);
}
int
virSecurityDriverSetDOI(virConnectPtr conn,
virSecurityDriverPtr drv,
const char *doi)
{
if (strlen(doi) >= VIR_SECURITY_DOI_BUFLEN) {
virSecurityReportError(conn, VIR_ERR_ERROR,
_("%s: DOI \'%s\' is "
"longer than the maximum allowed length of %d"),
__func__, doi, VIR_SECURITY_DOI_BUFLEN - 1);
return -1;
}
strcpy(drv->_private.doi, doi);
return 0;
}
const char *
virSecurityDriverGetDOI(virSecurityDriverPtr drv)
{
return drv->_private.doi;
}
const char *
virSecurityDriverGetModel(virSecurityDriverPtr drv)
{
return drv->name;
}
/*
* Copyright (C) 2008 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* Authors:
* James Morris <jmorris@namei.org>
*
*/
#ifndef __VIR_SECURITY_H__
#define __VIR_SECURITY_H__
#include "internal.h"
#include "domain_conf.h"
/*
* Return values for security driver probing: the driver will determine
* whether it should be enabled or disabled.
*/
typedef enum {
SECURITY_DRIVER_ENABLE = 0,
SECURITY_DRIVER_ERROR = -1,
SECURITY_DRIVER_DISABLE = -2,
} virSecurityDriverStatus;
typedef struct _virSecurityDriver virSecurityDriver;
typedef virSecurityDriver *virSecurityDriverPtr;
typedef virSecurityDriverStatus (*virSecurityDriverProbe) (void);
typedef int (*virSecurityDriverOpen) (virConnectPtr conn,
virSecurityDriverPtr drv);
typedef int (*virSecurityDomainRestoreImageLabel) (virConnectPtr conn,
virDomainObjPtr vm,
virDomainDeviceDefPtr dev);
typedef int (*virSecurityDomainSetImageLabel) (virConnectPtr conn,
virDomainObjPtr vm,
virDomainDeviceDefPtr dev);
typedef int (*virSecurityDomainGenLabel) (virDomainObjPtr sec);
typedef int (*virSecurityDomainGetLabel) (virConnectPtr conn,
virDomainObjPtr vm,
virSecurityLabelPtr sec);
typedef int (*virSecurityDomainRestoreLabel) (virConnectPtr conn,
virDomainObjPtr vm);
typedef int (*virSecurityDomainSetLabel) (virConnectPtr conn,
virSecurityDriverPtr drv,
virDomainObjPtr vm);
struct _virSecurityDriver {
const char *name;
virSecurityDriverProbe probe;
virSecurityDriverOpen open;
virSecurityDomainRestoreImageLabel domainRestoreSecurityImageLabel;
virSecurityDomainSetImageLabel domainSetSecurityImageLabel;
virSecurityDomainGenLabel domainGenSecurityLabel;
virSecurityDomainGetLabel domainGetSecurityLabel;
virSecurityDomainSetLabel domainSetSecurityLabel;
virSecurityDomainRestoreLabel domainRestoreSecurityLabel;
/*
* This is internally managed driver state and should only be accessed
* via helpers below.
*/
struct {
char doi[VIR_SECURITY_DOI_BUFLEN];
} _private;
};
/* Global methods */
int virSecurityDriverStartup(virSecurityDriverPtr *drv,
const char *name);
void
virSecurityReportError(virConnectPtr conn, int code, const char *fmt, ...)
ATTRIBUTE_FORMAT(printf, 3, 4);
/* Helpers */
void virSecurityDriverInit(virSecurityDriverPtr drv);
int virSecurityDriverSetDOI(virConnectPtr conn,
virSecurityDriverPtr drv,
const char *doi);
const char *virSecurityDriverGetDOI(virSecurityDriverPtr drv);
const char *virSecurityDriverGetModel(virSecurityDriverPtr drv);
#endif /* __VIR_SECURITY_H__ */
......@@ -276,6 +276,7 @@ virStorageBackendUpdateVolTargetInfoFD(virConnectPtr conn,
VIR_FREE(target->perms.label);
#if HAVE_SELINUX
/* XXX: make this a security driver call */
if (fgetfilecon(fd, &filecon) == -1) {
if (errno != ENODATA && errno != ENOTSUP) {
virReportSystemError(conn, errno,
......
......@@ -151,6 +151,9 @@ static const char *virErrorDomainName(virErrorDomain domain) {
case VIR_FROM_UML:
dom = "UML ";
break;
case VIR_FROM_SECURITY:
dom = "Security Labeling ";
break;
}
return(dom);
}
......@@ -995,6 +998,12 @@ virErrorMsg(virErrorNumber error, const char *info)
else
errmsg = _("Node device not found: %s");
break;
case VIR_ERR_NO_SECURITY_MODEL:
if (info == NULL)
errmsg = _("Security model not found");
else
errmsg = _("Security model not found: %s");
break;
}
return (errmsg);
}
......
......@@ -76,6 +76,36 @@ virXPathString(virConnectPtr conn,
return (ret);
}
/**
* virXPathStringLimit:
* @xpath: the XPath string to evaluate
* @maxlen: maximum length permittred string
* @ctxt: an XPath context
*
* Wrapper for virXPathString, which validates the length of the returned
* string.
*
* Returns a new string which must be deallocated by the caller or NULL if
* the evaluation failed.
*/
char *
virXPathStringLimit(virConnectPtr conn,
const char *xpath,
size_t maxlen,
xmlXPathContextPtr ctxt)
{
char *tmp = virXPathString(conn, xpath, ctxt);
if (tmp != NULL && strlen(tmp) >= maxlen) {
virXMLError(conn, VIR_ERR_INTERNAL_ERROR,
_("\'%s\' value longer than %Zd bytes in virXPathStringLimit()"),
xpath, maxlen);
return NULL;
}
return tmp;
}
/**
* virXPathNumber:
* @xpath: the XPath string to evaluate
......
......@@ -17,6 +17,10 @@ int virXPathBoolean (virConnectPtr conn,
char * virXPathString (virConnectPtr conn,
const char *xpath,
xmlXPathContextPtr ctxt);
char * virXPathStringLimit(virConnectPtr conn,
const char *xpath,
size_t maxlen,
xmlXPathContextPtr ctxt);
int virXPathNumber (virConnectPtr conn,
const char *xpath,
xmlXPathContextPtr ctxt,
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册
反馈
建议
客服 返回
顶部