static int mymain(void) { int ret = 0; if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false))) { virErrorPtr err = virGetLastError(); if (err->code == VIR_ERR_CONFIG_UNSUPPORTED) exit(EXIT_AM_SKIP); fprintf(stderr, "Unable to initialize security driver: %s\n", err->message); exit(EXIT_FAILURE); } if ((caps = testQemuCapsInit()) == NULL) exit(EXIT_FAILURE); #define DO_TEST_LABELING(name) \ if (virtTestRun("Labelling " # name, 1, testSELinuxLabeling, name) < 0) \ ret = -1; \ setcon((security_context_t)"system_r:system_u:libvirtd_t:s0:c0.c1023"); DO_TEST_LABELING("disks"); DO_TEST_LABELING("kernel"); DO_TEST_LABELING("chardev"); return (ret == 0) ? EXIT_SUCCESS : EXIT_FAILURE; }
int qemuTestDriverInit(virQEMUDriver *driver) { virSecurityManagerPtr mgr = NULL; memset(driver, 0, sizeof(*driver)); if (virMutexInit(&driver->lock) < 0) return -1; driver->config = virQEMUDriverConfigNew(false); if (!driver->config) goto error; /* Overwrite some default paths so it's consistent for tests. */ VIR_FREE(driver->config->libDir); VIR_FREE(driver->config->channelTargetDir); if (VIR_STRDUP(driver->config->libDir, "/tmp/lib") < 0 || VIR_STRDUP(driver->config->channelTargetDir, "/tmp/channel") < 0) goto error; driver->caps = testQemuCapsInit(); if (!driver->caps) goto error; /* Using /dev/null for libDir and cacheDir automatically produces errors * upon attempt to use any of them */ driver->qemuCapsCache = virQEMUCapsCacheNew("/dev/null", "/dev/null", 0, 0); if (!driver->qemuCapsCache) goto error; driver->xmlopt = virQEMUDriverCreateXMLConf(driver); if (!driver->xmlopt) goto error; if (qemuTestCapsCacheInsert(driver->qemuCapsCache, "empty", NULL) < 0) goto error; if (!(mgr = virSecurityManagerNew("none", "qemu", VIR_SECURITY_MANAGER_PRIVILEGED))) goto error; if (!(driver->securityManager = virSecurityManagerNewStack(mgr))) goto error; return 0; error: virObjectUnref(mgr); qemuTestDriverFree(driver); return -1; }
static int mymain(void) { int ret = 0; int rc = testUserXattrEnabled(); if (rc < 0) return EXIT_FAILURE; if (!rc) return EXIT_AM_SKIP; if (!(mgr = virSecurityManagerNew("selinux", "QEMU", VIR_SECURITY_MANAGER_DEFAULT_CONFINED | VIR_SECURITY_MANAGER_PRIVILEGED))) { virErrorPtr err = virGetLastError(); VIR_TEST_VERBOSE("Unable to initialize security driver: %s\n", err->message); return EXIT_FAILURE; } if ((caps = testQemuCapsInit()) == NULL) return EXIT_FAILURE; if (qemuTestDriverInit(&driver) < 0) return EXIT_FAILURE; #define DO_TEST_LABELING(name) \ if (virtTestRun("Labelling " # name, testSELinuxLabeling, name) < 0) \ ret = -1; setcon((security_context_t)"system_r:system_u:libvirtd_t:s0:c0.c1023"); DO_TEST_LABELING("disks"); DO_TEST_LABELING("kernel"); DO_TEST_LABELING("chardev"); DO_TEST_LABELING("nfs"); qemuTestDriverFree(&driver); return (ret == 0) ? EXIT_SUCCESS : EXIT_FAILURE; }
static int mymain(void) { int ret = 0; int rc = testUserXattrEnabled(); if (rc < 0) return EXIT_FAILURE; if (!rc) return EXIT_AM_SKIP; if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false, true))) { virErrorPtr err = virGetLastError(); VIR_TEST_VERBOSE("Unable to initialize security driver: %s\n", err->message); return EXIT_FAILURE; } if ((caps = testQemuCapsInit()) == NULL) return EXIT_FAILURE; if (!(xmlopt = virQEMUDriverCreateXMLConf(NULL))) return EXIT_FAILURE; #define DO_TEST_LABELING(name) \ if (virtTestRun("Labelling " # name, testSELinuxLabeling, name) < 0) \ ret = -1; setcon((security_context_t)"system_r:system_u:libvirtd_t:s0:c0.c1023"); DO_TEST_LABELING("disks"); DO_TEST_LABELING("kernel"); DO_TEST_LABELING("chardev"); DO_TEST_LABELING("nfs"); return (ret == 0) ? EXIT_SUCCESS : EXIT_FAILURE; }
static int mymain(void) { int ret = 0; struct qemuHotplugTestData data = {0}; virSecurityManagerPtr mgr; #if !WITH_YAJL fputs("libvirt not compiled with yajl, skipping this test\n", stderr); return EXIT_AM_SKIP; #endif if (virThreadInitialize() < 0 || qemuTestDriverInit(&driver) < 0) return EXIT_FAILURE; virEventRegisterDefaultImpl(); VIR_FREE(driver.config->spiceListen); VIR_FREE(driver.config->vncListen); /* some dummy values from 'config file' */ if (VIR_STRDUP_QUIET(driver.config->spicePassword, "123456") < 0) return EXIT_FAILURE; if (!(driver.domainEventState = virObjectEventStateNew())) return EXIT_FAILURE; driver.lockManager = virLockManagerPluginNew("nop", "qemu", driver.config->configBaseDir, 0); if (!driver.lockManager) return EXIT_FAILURE; if (!(mgr = virSecurityManagerNew("none", "qemu", VIR_SECURITY_MANAGER_PRIVILEGED))) return EXIT_FAILURE; if (!(driver.securityManager = virSecurityManagerNewStack(mgr))) return EXIT_FAILURE; /* wait only 100ms for DEVICE_DELETED event */ qemuDomainRemoveDeviceWaitTime = 100; #define DO_TEST(file, ACTION, dev, event, fial, kep, ...) \ do { \ const char *my_mon[] = { __VA_ARGS__, NULL}; \ const char *name = file " " #ACTION " " dev; \ data.action = ACTION; \ data.domain_filename = file; \ data.device_filename = dev; \ data.fail = fial; \ data.mon = my_mon; \ data.keep = kep; \ data.deviceDeletedEvent = event; \ if (virtTestRun(name, testQemuHotplug, &data) < 0) \ ret = -1; \ } while (0) #define DO_TEST_ATTACH(file, dev, fial, kep, ...) \ DO_TEST(file, ATTACH, dev, false, fial, kep, __VA_ARGS__) #define DO_TEST_DETACH(file, dev, fial, kep, ...) \ DO_TEST(file, DETACH, dev, false, fial, kep, __VA_ARGS__) #define DO_TEST_ATTACH_EVENT(file, dev, fial, kep, ...) \ DO_TEST(file, ATTACH, dev, true, fial, kep, __VA_ARGS__) #define DO_TEST_DETACH_EVENT(file, dev, fial, kep, ...) \ DO_TEST(file, DETACH, dev, true, fial, kep, __VA_ARGS__) #define DO_TEST_UPDATE(file, dev, fial, kep, ...) \ DO_TEST(file, UPDATE, dev, false, fial, kep, __VA_ARGS__) #define QMP_OK "{\"return\": {}}" #define HMP(msg) "{\"return\": \"" msg "\"}" #define QMP_DEVICE_DELETED(dev) \ "{" \ " \"timestamp\": {" \ " \"seconds\": 1374137171," \ " \"microseconds\": 2659" \ " }," \ " \"event\": \"DEVICE_DELETED\"," \ " \"data\": {" \ " \"device\": \"" dev "\"," \ " \"path\": \"/machine/peripheral/" dev "\"" \ " }" \ "}\r\n" DO_TEST_UPDATE("graphics-spice", "graphics-spice-nochange", false, false, NULL); DO_TEST_UPDATE("graphics-spice-timeout", "graphics-spice-timeout-nochange", false, false, "set_password", QMP_OK, "expire_password", QMP_OK); DO_TEST_UPDATE("graphics-spice-timeout", "graphics-spice-timeout-password", false, false, "set_password", QMP_OK, "expire_password", QMP_OK); DO_TEST_UPDATE("graphics-spice", "graphics-spice-listen", true, false, NULL); DO_TEST_UPDATE("graphics-spice-listen-network", "graphics-spice-listen-network", false, false, "set_password", QMP_OK, "expire_password", QMP_OK); /* Strange huh? Currently, only graphics can be updated :-P */ DO_TEST_UPDATE("disk-cdrom", "disk-cdrom-nochange", true, false, NULL); DO_TEST_ATTACH("console-compat-2", "console-virtio", false, true, "chardev-add", "{\"return\": {\"pty\": \"/dev/pts/26\"}}", "device_add", QMP_OK); DO_TEST_DETACH("console-compat-2", "console-virtio", false, false, "device_del", QMP_OK, "chardev-remove", QMP_OK); DO_TEST_ATTACH("hotplug-base", "disk-virtio", false, true, "human-monitor-command", HMP("OK\\r\\n"), "device_add", QMP_OK); DO_TEST_DETACH("hotplug-base", "disk-virtio", false, false, "device_del", QMP_OK, "human-monitor-command", HMP("")); DO_TEST_ATTACH_EVENT("hotplug-base", "disk-virtio", false, true, "human-monitor-command", HMP("OK\\r\\n"), "device_add", QMP_OK); DO_TEST_DETACH("hotplug-base", "disk-virtio", true, true, "device_del", QMP_OK, "human-monitor-command", HMP("")); DO_TEST_DETACH("hotplug-base", "disk-virtio", false, false, "device_del", QMP_DEVICE_DELETED("virtio-disk4") QMP_OK, "human-monitor-command", HMP("")); DO_TEST_ATTACH("hotplug-base", "disk-usb", false, true, "human-monitor-command", HMP("OK\\r\\n"), "device_add", QMP_OK); DO_TEST_DETACH("hotplug-base", "disk-usb", false, false, "device_del", QMP_OK, "human-monitor-command", HMP("")); DO_TEST_ATTACH_EVENT("hotplug-base", "disk-usb", false, true, "human-monitor-command", HMP("OK\\r\\n"), "device_add", QMP_OK); DO_TEST_DETACH("hotplug-base", "disk-usb", true, true, "device_del", QMP_OK, "human-monitor-command", HMP("")); DO_TEST_DETACH("hotplug-base", "disk-usb", false, false, "device_del", QMP_DEVICE_DELETED("usb-disk16") QMP_OK, "human-monitor-command", HMP("")); DO_TEST_ATTACH("hotplug-base", "disk-scsi", false, true, "human-monitor-command", HMP("OK\\r\\n"), "device_add", QMP_OK); DO_TEST_DETACH("hotplug-base", "disk-scsi", false, false, "device_del", QMP_OK, "human-monitor-command", HMP("")); DO_TEST_ATTACH_EVENT("hotplug-base", "disk-scsi", false, true, "human-monitor-command", HMP("OK\\r\\n"), "device_add", QMP_OK); DO_TEST_DETACH("hotplug-base", "disk-scsi", true, true, "device_del", QMP_OK, "human-monitor-command", HMP("")); DO_TEST_DETACH("hotplug-base", "disk-scsi", false, false, "device_del", QMP_DEVICE_DELETED("scsi0-0-0-5") QMP_OK, "human-monitor-command", HMP("")); qemuTestDriverFree(&driver); return (ret == 0) ? EXIT_SUCCESS : EXIT_FAILURE; }
int qemuTestDriverInit(virQEMUDriver *driver) { virSecurityManagerPtr mgr = NULL; char statedir[] = STATEDIRTEMPLATE; char configdir[] = CONFIGDIRTEMPLATE; memset(driver, 0, sizeof(*driver)); if (virMutexInit(&driver->lock) < 0) return -1; driver->config = virQEMUDriverConfigNew(false); if (!driver->config) goto error; /* Do this early so that qemuTestDriverFree() doesn't see (unlink) the real * dirs. */ VIR_FREE(driver->config->stateDir); VIR_FREE(driver->config->configDir); /* Overwrite some default paths so it's consistent for tests. */ VIR_FREE(driver->config->libDir); VIR_FREE(driver->config->channelTargetDir); if (VIR_STRDUP(driver->config->libDir, "/tmp/lib") < 0 || VIR_STRDUP(driver->config->channelTargetDir, "/tmp/channel") < 0) goto error; if (!mkdtemp(statedir)) { virFilePrintf(stderr, "Cannot create fake stateDir"); goto error; } if (VIR_STRDUP(driver->config->stateDir, statedir) < 0) { rmdir(statedir); goto error; } if (!mkdtemp(configdir)) { virFilePrintf(stderr, "Cannot create fake configDir"); goto error; } if (VIR_STRDUP(driver->config->configDir, configdir) < 0) { rmdir(configdir); goto error; } driver->caps = testQemuCapsInit(); if (!driver->caps) goto error; /* Using /dev/null for libDir and cacheDir automatically produces errors * upon attempt to use any of them */ driver->qemuCapsCache = virQEMUCapsCacheNew("/dev/null", "/dev/null", 0, 0); if (!driver->qemuCapsCache) goto error; driver->xmlopt = virQEMUDriverCreateXMLConf(driver); if (!driver->xmlopt) goto error; if (qemuTestCapsCacheInsert(driver->qemuCapsCache, NULL) < 0) goto error; if (!(mgr = virSecurityManagerNew("none", "qemu", VIR_SECURITY_MANAGER_PRIVILEGED))) goto error; if (!(driver->securityManager = virSecurityManagerNewStack(mgr))) goto error; return 0; error: virObjectUnref(mgr); qemuTestDriverFree(driver); return -1; }
#include <config.h> #include <unistd.h> #include <stdlib.h> #include <stdio.h> #include <string.h> #include <errno.h> #include "security/security_driver.h" int main (int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED) { virSecurityManagerPtr mgr; const char *doi, *model; mgr = virSecurityManagerNew(NULL, "QEMU", false, true, false); if (mgr == NULL) { fprintf (stderr, "Failed to start security driver"); exit (-1); } model = virSecurityManagerGetModel(mgr); if (!model) { fprintf (stderr, "Failed to copy secModel model: %s", strerror (errno)); exit (-1); } doi = virSecurityManagerGetDOI(mgr); if (!doi)
static int mymain(void) { int ret = 0; virSecurityManagerPtr mgr; if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false))) { virErrorPtr err = virGetLastError(); if (err->code == VIR_ERR_CONFIG_UNSUPPORTED) return EXIT_AM_SKIP; fprintf(stderr, "Unable to initialize security driver: %s\n", err->message); return EXIT_FAILURE; } #define DO_TEST_GEN_LABEL(desc, pidcon, \ dynamic, label, baselabel, \ user, role, imageRole, \ type, imageType, \ sensMin, sensMax, catMin, catMax) \ do { \ struct testSELinuxGenLabelData data = { \ mgr, pidcon, dynamic, label, baselabel, \ user, role, imageRole, type, imageType, \ sensMin, sensMax, catMin, catMax \ }; \ if (virtTestRun("GenLabel " # desc, 1, testSELinuxGenLabel, &data) < 0) \ ret = -1; \ } while (0) DO_TEST_GEN_LABEL("dynamic unconfined, s0, c0.c1023", "unconfined_u:unconfined_r:unconfined_t:s0", true, NULL, NULL, "unconfined_u", "unconfined_r", "object_r", "svirt_t", "svirt_image_t", 0, 0, 0, 1023); DO_TEST_GEN_LABEL("dynamic unconfined, s0, c0.c1023", "unconfined_u:unconfined_r:unconfined_t:s0-s0", true, NULL, NULL, "unconfined_u", "unconfined_r", "object_r", "svirt_t", "svirt_image_t", 0, 0, 0, 1023); DO_TEST_GEN_LABEL("dynamic unconfined, s0, c0.c1023", "unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023", true, NULL, NULL, "unconfined_u", "unconfined_r", "object_r", "svirt_t", "svirt_image_t", 0, 0, 0, 1023); DO_TEST_GEN_LABEL("dynamic virtd, s0, c0.c1023", "system_u:system_r:virtd_t:s0-s0:c0.c1023", true, NULL, NULL, "system_u", "system_r", "object_r", "svirt_t", "svirt_image_t", 0, 0, 0, 1023); DO_TEST_GEN_LABEL("dynamic virtd, s0, c0.c10", "system_u:system_r:virtd_t:s0-s0:c0.c10", true, NULL, NULL, "system_u", "system_r", "object_r", "svirt_t", "svirt_image_t", 0, 0, 0, 10); DO_TEST_GEN_LABEL("dynamic virtd, s2-s3, c0.c1023", "system_u:system_r:virtd_t:s2-s3:c0.c1023", true, NULL, NULL, "system_u", "system_r", "object_r", "svirt_t", "svirt_image_t", 2, 3, 0, 1023); DO_TEST_GEN_LABEL("dynamic virtd, missing range", "system_u:system_r:virtd_t", true, NULL, NULL, "system_u", "system_r", "object_r", "svirt_t", "svirt_image_t", 0, 0, 0, 1023); return (ret == 0) ? EXIT_SUCCESS : EXIT_FAILURE; }