2018-12-07 15:21:43 +03:00
/*
* Copyright ( C ) 2018 Red Hat , Inc .
*
* This library is free software ; you can redistribute it and / or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation ; either
* version 2.1 of the License , or ( at your option ) any later version .
*
* This library is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the GNU
* Lesser General Public License for more details .
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library . If not , see
* < http : //www.gnu.org/licenses/>.
*/
# include <config.h>
# include "qemusecuritytest.h"
# include "testutils.h"
# include "testutilsqemu.h"
# include "security/security_manager.h"
2020-11-03 15:26:00 +03:00
# include "security/security_util.h"
2018-12-07 15:21:43 +03:00
# include "conf/domain_conf.h"
# include "qemu/qemu_domain.h"
# include "qemu/qemu_security.h"
# define VIR_FROM_THIS VIR_FROM_NONE
struct testData {
virQEMUDriverPtr driver ;
const char * file ; /* file name to load VM def XML from; qemuxml2argvdata/ */
} ;
static int
prepareObjects ( virQEMUDriverPtr driver ,
const char * xmlname ,
2019-04-15 16:34:54 +03:00
virDomainObjPtr * vm_ret )
2018-12-07 15:21:43 +03:00
{
qemuDomainObjPrivatePtr priv ;
2019-10-15 15:47:50 +03:00
g_autoptr ( virDomainObj ) vm = NULL ;
2019-10-15 16:16:31 +03:00
g_autofree char * filename = NULL ;
g_autofree char * domxml = NULL ;
g_autofree char * latestCapsFile = NULL ;
2018-12-07 15:21:43 +03:00
2019-10-22 16:26:14 +03:00
filename = g_strdup_printf ( " %s/qemuxml2argvdata/%s.xml " , abs_srcdir , xmlname ) ;
2018-12-07 15:21:43 +03:00
if ( virTestLoadFile ( filename , & domxml ) < 0 )
2019-04-15 16:34:54 +03:00
return - 1 ;
2018-12-07 15:21:43 +03:00
2019-04-15 16:34:54 +03:00
if ( ! ( vm = virDomainObjNew ( driver - > xmlopt ) ) )
return - 1 ;
2018-12-07 15:21:43 +03:00
2019-04-15 16:34:54 +03:00
vm - > pid = - 1 ;
priv = vm - > privateData ;
2018-12-07 15:21:43 +03:00
priv - > chardevStdioLogd = false ;
priv - > rememberOwner = true ;
2019-04-15 17:38:28 +03:00
if ( ! ( latestCapsFile = testQemuGetLatestCapsForArch ( " x86_64 " , " xml " ) ) )
2019-04-15 16:34:54 +03:00
return - 1 ;
2018-12-07 15:21:43 +03:00
2019-04-15 17:38:28 +03:00
if ( ! ( priv - > qemuCaps = qemuTestParseCapabilitiesArch ( VIR_ARCH_X86_64 , latestCapsFile ) ) )
return - 1 ;
2018-12-07 15:21:43 +03:00
if ( qemuTestCapsCacheInsert ( driver - > qemuCapsCache , priv - > qemuCaps ) < 0 )
2019-04-15 16:34:54 +03:00
return - 1 ;
2018-12-07 15:21:43 +03:00
2019-04-15 16:34:54 +03:00
if ( ! ( vm - > def = virDomainDefParseString ( domxml ,
driver - > xmlopt ,
NULL ,
0 ) ) )
return - 1 ;
2018-12-07 15:21:43 +03:00
2020-11-03 00:31:03 +03:00
if ( virSecurityManagerGenLabel ( driver - > securityManager , vm - > def ) < 0 )
return - 1 ;
2019-10-16 14:45:15 +03:00
* vm_ret = g_steal_pointer ( & vm ) ;
2019-04-15 16:34:54 +03:00
return 0 ;
2018-12-07 15:21:43 +03:00
}
static int
testDomain ( const void * opaque )
{
const struct testData * data = opaque ;
2019-10-15 15:47:50 +03:00
g_autoptr ( virDomainObj ) vm = NULL ;
2020-12-01 11:21:32 +03:00
g_auto ( GStrv ) notRestored = NULL ;
2019-02-15 13:37:03 +03:00
size_t i ;
2018-12-07 15:21:43 +03:00
int ret = - 1 ;
if ( prepareObjects ( data - > driver , data - > file , & vm ) < 0 )
return - 1 ;
2019-02-15 13:37:03 +03:00
for ( i = 0 ; i < vm - > def - > ndisks ; i + + ) {
virStorageSourcePtr src = vm - > def - > disks [ i ] - > src ;
virStorageSourcePtr n ;
if ( ! src )
continue ;
if ( virStorageSourceIsLocalStorage ( src ) & & src - > path & &
( src - > shared | | src - > readonly ) & &
virStringListAdd ( & notRestored , src - > path ) < 0 )
return - 1 ;
for ( n = src - > backingStore ; virStorageSourceIsBacking ( n ) ; n = n - > backingStore ) {
if ( virStorageSourceIsLocalStorage ( n ) & & n - > path & &
virStringListAdd ( & notRestored , n - > path ) < 0 )
return - 1 ;
}
}
2018-12-07 15:21:43 +03:00
/* Mocking is enabled only when this env variable is set.
* See mock code for explanation . */
2019-12-18 20:16:19 +03:00
if ( g_setenv ( ENVVAR , " 1 " , FALSE ) = = FALSE )
2019-04-15 16:34:54 +03:00
return - 1 ;
2018-12-07 15:21:43 +03:00
2019-09-11 08:53:09 +03:00
if ( qemuSecuritySetAllLabel ( data - > driver , vm , NULL , false ) < 0 )
2018-12-07 15:21:43 +03:00
goto cleanup ;
qemuSecurityRestoreAllLabel ( data - > driver , vm , false ) ;
2019-02-15 13:37:03 +03:00
if ( checkPaths ( ( const char * * ) notRestored ) < 0 )
2018-12-07 15:21:43 +03:00
goto cleanup ;
ret = 0 ;
cleanup :
2019-12-18 20:16:19 +03:00
g_unsetenv ( ENVVAR ) ;
2019-04-15 17:15:10 +03:00
freePaths ( ) ;
2018-12-07 15:21:43 +03:00
return ret ;
}
static int
mymain ( void )
{
virQEMUDriver driver ;
2020-11-03 00:31:03 +03:00
virSecurityManagerPtr stack = NULL ;
virSecurityManagerPtr dac = NULL ;
# ifdef WITH_SELINUX
virSecurityManagerPtr selinux = NULL ;
# endif
2018-12-07 15:21:43 +03:00
int ret = 0 ;
if ( virInitialize ( ) < 0 | |
qemuTestDriverInit ( & driver ) < 0 )
return - 1 ;
2020-11-03 15:26:00 +03:00
if ( ! virSecurityXATTRNamespaceDefined ( ) ) {
ret = EXIT_AM_SKIP ;
goto cleanup ;
}
2018-12-07 15:21:43 +03:00
/* Now fix the secdriver */
virObjectUnref ( driver . securityManager ) ;
2020-11-03 00:31:03 +03:00
if ( ! ( dac = virSecurityManagerNewDAC ( " test " , 1000 , 1000 ,
VIR_SECURITY_MANAGER_PRIVILEGED |
VIR_SECURITY_MANAGER_DYNAMIC_OWNERSHIP ,
NULL ) ) ) {
2020-01-27 15:52:23 +03:00
fprintf ( stderr , " Cannot initialize DAC security driver " ) ;
2018-12-07 15:21:43 +03:00
ret = - 1 ;
goto cleanup ;
}
2020-11-03 00:31:03 +03:00
if ( ! ( stack = virSecurityManagerNewStack ( dac ) ) ) {
fprintf ( stderr , " Cannot initialize stack security driver " ) ;
ret = - 1 ;
goto cleanup ;
}
dac = NULL ;
# if WITH_SELINUX
selinux = virSecurityManagerNew ( " selinux " , " test " ,
VIR_SECURITY_MANAGER_PRIVILEGED |
VIR_SECURITY_MANAGER_DEFAULT_CONFINED |
VIR_SECURITY_MANAGER_REQUIRE_CONFINED ) ;
if ( ! selinux ) {
fprintf ( stderr , " Cannot initialize selinux security driver " ) ;
ret = - 1 ;
goto cleanup ;
}
if ( virSecurityManagerStackAddNested ( stack , selinux ) < 0 ) {
fprintf ( stderr , " Cannot add selinux security driver onto stack " ) ;
ret = - 1 ;
goto cleanup ;
}
selinux = NULL ;
# endif
driver . securityManager = g_steal_pointer ( & stack ) ;
2018-12-07 15:21:43 +03:00
# define DO_TEST_DOMAIN(f) \
do { \
struct testData data = { . driver = & driver , . file = f } ; \
if ( virTestRun ( f , testDomain , & data ) < 0 ) \
ret = - 1 ; \
} while ( 0 )
2019-04-15 17:38:28 +03:00
DO_TEST_DOMAIN ( " acpi-table " ) ;
DO_TEST_DOMAIN ( " channel-unix-guestfwd " ) ;
DO_TEST_DOMAIN ( " console-virtio-unix " ) ;
DO_TEST_DOMAIN ( " controller-virtio-scsi " ) ;
DO_TEST_DOMAIN ( " disk-aio " ) ;
2019-02-15 13:37:03 +03:00
DO_TEST_DOMAIN ( " disk-backing-chains-noindex " ) ;
2019-04-15 17:38:28 +03:00
DO_TEST_DOMAIN ( " disk-cache " ) ;
DO_TEST_DOMAIN ( " disk-cdrom " ) ;
DO_TEST_DOMAIN ( " disk-cdrom-bus-other " ) ;
DO_TEST_DOMAIN ( " disk-cdrom-network " ) ;
DO_TEST_DOMAIN ( " disk-cdrom-tray " ) ;
DO_TEST_DOMAIN ( " disk-copy_on_read " ) ;
DO_TEST_DOMAIN ( " disk-detect-zeroes " ) ;
DO_TEST_DOMAIN ( " disk-error-policy " ) ;
DO_TEST_DOMAIN ( " disk-floppy " ) ;
DO_TEST_DOMAIN ( " disk-floppy-q35-2_11 " ) ;
DO_TEST_DOMAIN ( " disk-floppy-q35-2_9 " ) ;
DO_TEST_DOMAIN ( " disk-network-gluster " ) ;
DO_TEST_DOMAIN ( " disk-network-iscsi " ) ;
DO_TEST_DOMAIN ( " disk-network-nbd " ) ;
DO_TEST_DOMAIN ( " disk-network-rbd " ) ;
DO_TEST_DOMAIN ( " disk-network-sheepdog " ) ;
DO_TEST_DOMAIN ( " disk-network-source-auth " ) ;
2020-07-30 18:29:44 +03:00
DO_TEST_DOMAIN ( " disk-network-tlsx509-nbd " ) ;
DO_TEST_DOMAIN ( " disk-network-tlsx509-vxhs " ) ;
2019-04-15 17:38:28 +03:00
DO_TEST_DOMAIN ( " disk-readonly-disk " ) ;
DO_TEST_DOMAIN ( " disk-scsi " ) ;
DO_TEST_DOMAIN ( " disk-scsi-device-auto " ) ;
DO_TEST_DOMAIN ( " disk-shared " ) ;
2018-12-07 15:21:43 +03:00
DO_TEST_DOMAIN ( " disk-virtio " ) ;
2019-04-15 17:38:28 +03:00
DO_TEST_DOMAIN ( " disk-virtio-scsi-reservations " ) ;
DO_TEST_DOMAIN ( " graphics-vnc-tls-secret " ) ;
DO_TEST_DOMAIN ( " hugepages-nvdimm " ) ;
DO_TEST_DOMAIN ( " iothreads-virtio-scsi-pci " ) ;
DO_TEST_DOMAIN ( " memory-hotplug-nvdimm " ) ;
DO_TEST_DOMAIN ( " memory-hotplug-nvdimm-access " ) ;
DO_TEST_DOMAIN ( " memory-hotplug-nvdimm-align " ) ;
DO_TEST_DOMAIN ( " memory-hotplug-nvdimm-label " ) ;
DO_TEST_DOMAIN ( " memory-hotplug-nvdimm-pmem " ) ;
DO_TEST_DOMAIN ( " memory-hotplug-nvdimm-readonly " ) ;
DO_TEST_DOMAIN ( " net-vhostuser " ) ;
DO_TEST_DOMAIN ( " os-firmware-bios " ) ;
DO_TEST_DOMAIN ( " os-firmware-efi " ) ;
DO_TEST_DOMAIN ( " os-firmware-efi-secboot " ) ;
2018-12-07 15:21:43 +03:00
DO_TEST_DOMAIN ( " pci-bridge-many-disks " ) ;
2019-04-15 17:38:28 +03:00
DO_TEST_DOMAIN ( " tseg-explicit-size " ) ;
DO_TEST_DOMAIN ( " usb-redir-unix " ) ;
DO_TEST_DOMAIN ( " virtio-non-transitional " ) ;
DO_TEST_DOMAIN ( " virtio-transitional " ) ;
DO_TEST_DOMAIN ( " x86_64-pc-graphics " ) ;
DO_TEST_DOMAIN ( " x86_64-pc-headless " ) ;
DO_TEST_DOMAIN ( " x86_64-q35-graphics " ) ;
DO_TEST_DOMAIN ( " x86_64-q35-headless " ) ;
2018-12-07 15:21:43 +03:00
cleanup :
qemuTestDriverFree ( & driver ) ;
2020-11-03 00:31:03 +03:00
# ifdef WITH_SELINUX
virObjectUnref ( selinux ) ;
# endif
virObjectUnref ( dac ) ;
virObjectUnref ( stack ) ;
2018-12-07 15:21:43 +03:00
return ret ;
}
2019-11-15 13:56:46 +03:00
VIR_TEST_MAIN_PRELOAD ( mymain ,
VIR_TEST_MOCK ( " domaincaps " ) )