static int
mymain(void)
{
    int ret = 0;

    if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false))) {
        virErrorPtr err = virGetLastError();
        if (err->code == VIR_ERR_CONFIG_UNSUPPORTED)
            exit(EXIT_AM_SKIP);

        fprintf(stderr, "Unable to initialize security driver: %s\n",
                err->message);
        exit(EXIT_FAILURE);
    }

    if ((caps = testQemuCapsInit()) == NULL)
        exit(EXIT_FAILURE);

#define DO_TEST_LABELING(name) \
    if (virtTestRun("Labelling " # name, 1, testSELinuxLabeling, name) < 0) \
        ret = -1;                                                       \

    setcon((security_context_t)"system_r:system_u:libvirtd_t:s0:c0.c1023");

    DO_TEST_LABELING("disks");
    DO_TEST_LABELING("kernel");
    DO_TEST_LABELING("chardev");

    return (ret == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
}
Beispiel #2
0
int qemuTestDriverInit(virQEMUDriver *driver)
{
    virSecurityManagerPtr mgr = NULL;

    memset(driver, 0, sizeof(*driver));

    if (virMutexInit(&driver->lock) < 0)
        return -1;

    driver->config = virQEMUDriverConfigNew(false);
    if (!driver->config)
        goto error;

    /* Overwrite some default paths so it's consistent for tests. */
    VIR_FREE(driver->config->libDir);
    VIR_FREE(driver->config->channelTargetDir);
    if (VIR_STRDUP(driver->config->libDir, "/tmp/lib") < 0 ||
        VIR_STRDUP(driver->config->channelTargetDir, "/tmp/channel") < 0)
        goto error;

    driver->caps = testQemuCapsInit();
    if (!driver->caps)
        goto error;

    /* Using /dev/null for libDir and cacheDir automatically produces errors
     * upon attempt to use any of them */
    driver->qemuCapsCache = virQEMUCapsCacheNew("/dev/null", "/dev/null", 0, 0);
    if (!driver->qemuCapsCache)
        goto error;

    driver->xmlopt = virQEMUDriverCreateXMLConf(driver);
    if (!driver->xmlopt)
        goto error;

    if (qemuTestCapsCacheInsert(driver->qemuCapsCache, "empty", NULL) < 0)
        goto error;

    if (!(mgr = virSecurityManagerNew("none", "qemu",
                                      VIR_SECURITY_MANAGER_PRIVILEGED)))
        goto error;
    if (!(driver->securityManager = virSecurityManagerNewStack(mgr)))
        goto error;

    return 0;

 error:
    virObjectUnref(mgr);
    qemuTestDriverFree(driver);
    return -1;
}
static int
mymain(void)
{
    int ret = 0;
    int rc = testUserXattrEnabled();

    if (rc < 0)
        return EXIT_FAILURE;
    if (!rc)
        return EXIT_AM_SKIP;

    if (!(mgr = virSecurityManagerNew("selinux", "QEMU",
                                      VIR_SECURITY_MANAGER_DEFAULT_CONFINED |
                                      VIR_SECURITY_MANAGER_PRIVILEGED))) {
        virErrorPtr err = virGetLastError();
        VIR_TEST_VERBOSE("Unable to initialize security driver: %s\n",
                err->message);
        return EXIT_FAILURE;
    }

    if ((caps = testQemuCapsInit()) == NULL)
        return EXIT_FAILURE;

    if (qemuTestDriverInit(&driver) < 0)
        return EXIT_FAILURE;

#define DO_TEST_LABELING(name)                                           \
    if (virtTestRun("Labelling " # name, testSELinuxLabeling, name) < 0) \
        ret = -1;

    setcon((security_context_t)"system_r:system_u:libvirtd_t:s0:c0.c1023");

    DO_TEST_LABELING("disks");
    DO_TEST_LABELING("kernel");
    DO_TEST_LABELING("chardev");
    DO_TEST_LABELING("nfs");

    qemuTestDriverFree(&driver);

    return (ret == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
}
static int
mymain(void)
{
    int ret = 0;
    int rc = testUserXattrEnabled();

    if (rc < 0)
        return EXIT_FAILURE;
    if (!rc)
        return EXIT_AM_SKIP;

    if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false, true))) {
        virErrorPtr err = virGetLastError();
        VIR_TEST_VERBOSE("Unable to initialize security driver: %s\n",
                err->message);
        return EXIT_FAILURE;
    }

    if ((caps = testQemuCapsInit()) == NULL)
        return EXIT_FAILURE;

    if (!(xmlopt = virQEMUDriverCreateXMLConf(NULL)))
        return EXIT_FAILURE;

#define DO_TEST_LABELING(name)                                           \
    if (virtTestRun("Labelling " # name, testSELinuxLabeling, name) < 0) \
        ret = -1;

    setcon((security_context_t)"system_r:system_u:libvirtd_t:s0:c0.c1023");

    DO_TEST_LABELING("disks");
    DO_TEST_LABELING("kernel");
    DO_TEST_LABELING("chardev");
    DO_TEST_LABELING("nfs");

    return (ret == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
}
Beispiel #5
0
static int
mymain(void)
{
    int ret = 0;
    struct qemuHotplugTestData data = {0};
    virSecurityManagerPtr mgr;

#if !WITH_YAJL
    fputs("libvirt not compiled with yajl, skipping this test\n", stderr);
    return EXIT_AM_SKIP;
#endif

    if (virThreadInitialize() < 0 ||
        qemuTestDriverInit(&driver) < 0)
        return EXIT_FAILURE;

    virEventRegisterDefaultImpl();

    VIR_FREE(driver.config->spiceListen);
    VIR_FREE(driver.config->vncListen);
    /* some dummy values from 'config file' */
    if (VIR_STRDUP_QUIET(driver.config->spicePassword, "123456") < 0)
        return EXIT_FAILURE;

    if (!(driver.domainEventState = virObjectEventStateNew()))
        return EXIT_FAILURE;

    driver.lockManager = virLockManagerPluginNew("nop", "qemu",
                                                 driver.config->configBaseDir,
                                                 0);
    if (!driver.lockManager)
        return EXIT_FAILURE;

    if (!(mgr = virSecurityManagerNew("none", "qemu",
                                      VIR_SECURITY_MANAGER_PRIVILEGED)))
        return EXIT_FAILURE;
    if (!(driver.securityManager = virSecurityManagerNewStack(mgr)))
        return EXIT_FAILURE;

    /* wait only 100ms for DEVICE_DELETED event */
    qemuDomainRemoveDeviceWaitTime = 100;

#define DO_TEST(file, ACTION, dev, event, fial, kep, ...)                   \
    do {                                                                    \
        const char *my_mon[] = { __VA_ARGS__, NULL};                        \
        const char *name = file " " #ACTION " " dev;                        \
        data.action = ACTION;                                               \
        data.domain_filename = file;                                        \
        data.device_filename = dev;                                         \
        data.fail = fial;                                                   \
        data.mon = my_mon;                                                  \
        data.keep = kep;                                                    \
        data.deviceDeletedEvent = event;                                    \
        if (virtTestRun(name, testQemuHotplug, &data) < 0)                  \
            ret = -1;                                                       \
    } while (0)

#define DO_TEST_ATTACH(file, dev, fial, kep, ...)                           \
    DO_TEST(file, ATTACH, dev, false, fial, kep, __VA_ARGS__)

#define DO_TEST_DETACH(file, dev, fial, kep, ...)                           \
    DO_TEST(file, DETACH, dev, false, fial, kep, __VA_ARGS__)

#define DO_TEST_ATTACH_EVENT(file, dev, fial, kep, ...)                     \
    DO_TEST(file, ATTACH, dev, true, fial, kep, __VA_ARGS__)

#define DO_TEST_DETACH_EVENT(file, dev, fial, kep, ...)                     \
    DO_TEST(file, DETACH, dev, true, fial, kep, __VA_ARGS__)

#define DO_TEST_UPDATE(file, dev, fial, kep, ...)                           \
    DO_TEST(file, UPDATE, dev, false, fial, kep, __VA_ARGS__)


#define QMP_OK      "{\"return\": {}}"
#define HMP(msg)    "{\"return\": \"" msg "\"}"

#define QMP_DEVICE_DELETED(dev) \
    "{"                                                     \
    "    \"timestamp\": {"                                  \
    "        \"seconds\": 1374137171,"                      \
    "        \"microseconds\": 2659"                        \
    "    },"                                                \
    "    \"event\": \"DEVICE_DELETED\","                    \
    "    \"data\": {"                                       \
    "        \"device\": \"" dev "\","                      \
    "        \"path\": \"/machine/peripheral/" dev "\""     \
    "    }"                                                 \
    "}\r\n"

    DO_TEST_UPDATE("graphics-spice", "graphics-spice-nochange", false, false, NULL);
    DO_TEST_UPDATE("graphics-spice-timeout", "graphics-spice-timeout-nochange", false, false,
                   "set_password", QMP_OK, "expire_password", QMP_OK);
    DO_TEST_UPDATE("graphics-spice-timeout", "graphics-spice-timeout-password", false, false,
                   "set_password", QMP_OK, "expire_password", QMP_OK);
    DO_TEST_UPDATE("graphics-spice", "graphics-spice-listen", true, false, NULL);
    DO_TEST_UPDATE("graphics-spice-listen-network", "graphics-spice-listen-network", false, false,
                   "set_password", QMP_OK, "expire_password", QMP_OK);
    /* Strange huh? Currently, only graphics can be updated :-P */
    DO_TEST_UPDATE("disk-cdrom", "disk-cdrom-nochange", true, false, NULL);

    DO_TEST_ATTACH("console-compat-2", "console-virtio", false, true,
                   "chardev-add", "{\"return\": {\"pty\": \"/dev/pts/26\"}}",
                   "device_add", QMP_OK);

    DO_TEST_DETACH("console-compat-2", "console-virtio", false, false,
                   "device_del", QMP_OK,
                   "chardev-remove", QMP_OK);

    DO_TEST_ATTACH("hotplug-base", "disk-virtio", false, true,
                   "human-monitor-command", HMP("OK\\r\\n"),
                   "device_add", QMP_OK);
    DO_TEST_DETACH("hotplug-base", "disk-virtio", false, false,
                   "device_del", QMP_OK,
                   "human-monitor-command", HMP(""));

    DO_TEST_ATTACH_EVENT("hotplug-base", "disk-virtio", false, true,
                         "human-monitor-command", HMP("OK\\r\\n"),
                         "device_add", QMP_OK);
    DO_TEST_DETACH("hotplug-base", "disk-virtio", true, true,
                   "device_del", QMP_OK,
                   "human-monitor-command", HMP(""));
    DO_TEST_DETACH("hotplug-base", "disk-virtio", false, false,
                   "device_del", QMP_DEVICE_DELETED("virtio-disk4") QMP_OK,
                   "human-monitor-command", HMP(""));

    DO_TEST_ATTACH("hotplug-base", "disk-usb", false, true,
                   "human-monitor-command", HMP("OK\\r\\n"),
                   "device_add", QMP_OK);
    DO_TEST_DETACH("hotplug-base", "disk-usb", false, false,
                   "device_del", QMP_OK,
                   "human-monitor-command", HMP(""));

    DO_TEST_ATTACH_EVENT("hotplug-base", "disk-usb", false, true,
                         "human-monitor-command", HMP("OK\\r\\n"),
                         "device_add", QMP_OK);
    DO_TEST_DETACH("hotplug-base", "disk-usb", true, true,
                   "device_del", QMP_OK,
                   "human-monitor-command", HMP(""));
    DO_TEST_DETACH("hotplug-base", "disk-usb", false, false,
                   "device_del", QMP_DEVICE_DELETED("usb-disk16") QMP_OK,
                   "human-monitor-command", HMP(""));

    DO_TEST_ATTACH("hotplug-base", "disk-scsi", false, true,
                   "human-monitor-command", HMP("OK\\r\\n"),
                   "device_add", QMP_OK);
    DO_TEST_DETACH("hotplug-base", "disk-scsi", false, false,
                   "device_del", QMP_OK,
                   "human-monitor-command", HMP(""));

    DO_TEST_ATTACH_EVENT("hotplug-base", "disk-scsi", false, true,
                         "human-monitor-command", HMP("OK\\r\\n"),
                         "device_add", QMP_OK);
    DO_TEST_DETACH("hotplug-base", "disk-scsi", true, true,
                   "device_del", QMP_OK,
                   "human-monitor-command", HMP(""));
    DO_TEST_DETACH("hotplug-base", "disk-scsi", false, false,
                   "device_del", QMP_DEVICE_DELETED("scsi0-0-0-5") QMP_OK,
                   "human-monitor-command", HMP(""));

    qemuTestDriverFree(&driver);
    return (ret == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
}
Beispiel #6
0
int qemuTestDriverInit(virQEMUDriver *driver)
{
    virSecurityManagerPtr mgr = NULL;
    char statedir[] = STATEDIRTEMPLATE;
    char configdir[] = CONFIGDIRTEMPLATE;

    memset(driver, 0, sizeof(*driver));

    if (virMutexInit(&driver->lock) < 0)
        return -1;

    driver->config = virQEMUDriverConfigNew(false);
    if (!driver->config)
        goto error;

    /* Do this early so that qemuTestDriverFree() doesn't see (unlink) the real
     * dirs. */
    VIR_FREE(driver->config->stateDir);
    VIR_FREE(driver->config->configDir);

    /* Overwrite some default paths so it's consistent for tests. */
    VIR_FREE(driver->config->libDir);
    VIR_FREE(driver->config->channelTargetDir);
    if (VIR_STRDUP(driver->config->libDir, "/tmp/lib") < 0 ||
        VIR_STRDUP(driver->config->channelTargetDir, "/tmp/channel") < 0)
        goto error;

    if (!mkdtemp(statedir)) {
        virFilePrintf(stderr, "Cannot create fake stateDir");
        goto error;
    }

    if (VIR_STRDUP(driver->config->stateDir, statedir) < 0) {
        rmdir(statedir);
        goto error;
    }

    if (!mkdtemp(configdir)) {
        virFilePrintf(stderr, "Cannot create fake configDir");
        goto error;
    }

    if (VIR_STRDUP(driver->config->configDir, configdir) < 0) {
        rmdir(configdir);
        goto error;
    }

    driver->caps = testQemuCapsInit();
    if (!driver->caps)
        goto error;

    /* Using /dev/null for libDir and cacheDir automatically produces errors
     * upon attempt to use any of them */
    driver->qemuCapsCache = virQEMUCapsCacheNew("/dev/null", "/dev/null", 0, 0);
    if (!driver->qemuCapsCache)
        goto error;

    driver->xmlopt = virQEMUDriverCreateXMLConf(driver);
    if (!driver->xmlopt)
        goto error;

    if (qemuTestCapsCacheInsert(driver->qemuCapsCache, NULL) < 0)
        goto error;

    if (!(mgr = virSecurityManagerNew("none", "qemu",
                                      VIR_SECURITY_MANAGER_PRIVILEGED)))
        goto error;
    if (!(driver->securityManager = virSecurityManagerNewStack(mgr)))
        goto error;

    return 0;

 error:
    virObjectUnref(mgr);
    qemuTestDriverFree(driver);
    return -1;
}
Beispiel #7
0
#include <config.h>

#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include "security/security_driver.h"

int
main (int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED)
{
    virSecurityManagerPtr mgr;
    const char *doi, *model;

    mgr = virSecurityManagerNew(NULL, "QEMU", false, true, false);
    if (mgr == NULL) {
        fprintf (stderr, "Failed to start security driver");
        exit (-1);
    }

    model = virSecurityManagerGetModel(mgr);
    if (!model)
    {
        fprintf (stderr, "Failed to copy secModel model: %s",
                 strerror (errno));
        exit (-1);
    }

    doi = virSecurityManagerGetDOI(mgr);
    if (!doi)
static int
mymain(void)
{
    int ret = 0;
    virSecurityManagerPtr mgr;

    if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false))) {
        virErrorPtr err = virGetLastError();
        if (err->code == VIR_ERR_CONFIG_UNSUPPORTED)
            return EXIT_AM_SKIP;

        fprintf(stderr, "Unable to initialize security driver: %s\n",
                err->message);
        return EXIT_FAILURE;
    }

#define DO_TEST_GEN_LABEL(desc, pidcon,                                 \
                          dynamic, label, baselabel,                    \
                          user, role, imageRole,                        \
                          type, imageType,                              \
                          sensMin, sensMax, catMin, catMax)             \
    do {                                                                \
        struct testSELinuxGenLabelData data = {                         \
            mgr, pidcon, dynamic, label, baselabel,                     \
            user, role, imageRole, type, imageType,                     \
            sensMin, sensMax, catMin, catMax                            \
        };                                                              \
        if (virtTestRun("GenLabel " # desc, 1, testSELinuxGenLabel, &data) < 0) \
            ret = -1;                                                   \
    } while (0)

    DO_TEST_GEN_LABEL("dynamic unconfined, s0, c0.c1023",
                      "unconfined_u:unconfined_r:unconfined_t:s0",
                      true, NULL, NULL,
                      "unconfined_u", "unconfined_r", "object_r",
                      "svirt_t", "svirt_image_t",
                      0, 0, 0, 1023);
    DO_TEST_GEN_LABEL("dynamic unconfined, s0, c0.c1023",
                      "unconfined_u:unconfined_r:unconfined_t:s0-s0",
                      true, NULL, NULL,
                      "unconfined_u", "unconfined_r", "object_r",
                      "svirt_t", "svirt_image_t",
                      0, 0, 0, 1023);
    DO_TEST_GEN_LABEL("dynamic unconfined, s0, c0.c1023",
                      "unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023",
                      true, NULL, NULL,
                      "unconfined_u", "unconfined_r", "object_r",
                      "svirt_t", "svirt_image_t",
                      0, 0, 0, 1023);
    DO_TEST_GEN_LABEL("dynamic virtd, s0, c0.c1023",
                      "system_u:system_r:virtd_t:s0-s0:c0.c1023",
                      true, NULL, NULL,
                      "system_u", "system_r", "object_r",
                      "svirt_t", "svirt_image_t",
                      0, 0, 0, 1023);
    DO_TEST_GEN_LABEL("dynamic virtd, s0, c0.c10",
                      "system_u:system_r:virtd_t:s0-s0:c0.c10",
                      true, NULL, NULL,
                      "system_u", "system_r", "object_r",
                      "svirt_t", "svirt_image_t",
                      0, 0, 0, 10);
    DO_TEST_GEN_LABEL("dynamic virtd, s2-s3, c0.c1023",
                      "system_u:system_r:virtd_t:s2-s3:c0.c1023",
                      true, NULL, NULL,
                      "system_u", "system_r", "object_r",
                      "svirt_t", "svirt_image_t",
                      2, 3, 0, 1023);
    DO_TEST_GEN_LABEL("dynamic virtd, missing range",
                      "system_u:system_r:virtd_t",
                      true, NULL, NULL,
                      "system_u", "system_r", "object_r",
                      "svirt_t", "svirt_image_t",
                      0, 0, 0, 1023);

    return (ret == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
}