2018-12-07 13:21:43 +01:00
/*
* Copyright ( C ) 2018 Red Hat , Inc .
*
* This library is free software ; you can redistribute it and / or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation ; either
* version 2.1 of the License , or ( at your option ) any later version .
*
* This library is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the GNU
* Lesser General Public License for more details .
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library . If not , see
* < http : //www.gnu.org/licenses/>.
*/
# include <config.h>
# include "qemusecuritytest.h"
# include "testutils.h"
# include "testutilsqemu.h"
# include "security/security_manager.h"
2020-11-03 13:26:00 +01:00
# include "security/security_util.h"
2018-12-07 13:21:43 +01:00
# include "conf/domain_conf.h"
# include "qemu/qemu_domain.h"
# include "qemu/qemu_security.h"
# define VIR_FROM_THIS VIR_FROM_NONE
struct testData {
2021-03-11 08:16:13 +01:00
virQEMUDriver * driver ;
2018-12-07 13:21:43 +01:00
const char * file ; /* file name to load VM def XML from; qemuxml2argvdata/ */
} ;
static int
2021-03-11 08:16:13 +01:00
prepareObjects ( virQEMUDriver * driver ,
2018-12-07 13:21:43 +01:00
const char * xmlname ,
2021-03-11 08:16:13 +01:00
virDomainObj * * vm_ret )
2018-12-07 13:21:43 +01:00
{
2021-03-11 08:16:13 +01:00
qemuDomainObjPrivate * priv ;
2019-10-15 14:47:50 +02:00
g_autoptr ( virDomainObj ) vm = NULL ;
2019-10-15 15:16:31 +02:00
g_autofree char * filename = NULL ;
g_autofree char * domxml = NULL ;
g_autofree char * latestCapsFile = NULL ;
2018-12-07 13:21:43 +01:00
2019-10-22 15:26:14 +02:00
filename = g_strdup_printf ( " %s/qemuxml2argvdata/%s.xml " , abs_srcdir , xmlname ) ;
2018-12-07 13:21:43 +01:00
if ( virTestLoadFile ( filename , & domxml ) < 0 )
2019-04-15 15:34:54 +02:00
return - 1 ;
2018-12-07 13:21:43 +01:00
2019-04-15 15:34:54 +02:00
if ( ! ( vm = virDomainObjNew ( driver - > xmlopt ) ) )
return - 1 ;
2018-12-07 13:21:43 +01:00
2019-04-15 15:34:54 +02:00
priv = vm - > privateData ;
2018-12-07 13:21:43 +01:00
priv - > chardevStdioLogd = false ;
priv - > rememberOwner = true ;
2019-04-15 16:38:28 +02:00
if ( ! ( latestCapsFile = testQemuGetLatestCapsForArch ( " x86_64 " , " xml " ) ) )
2019-04-15 15:34:54 +02:00
return - 1 ;
2018-12-07 13:21:43 +01:00
2019-04-15 16:38:28 +02:00
if ( ! ( priv - > qemuCaps = qemuTestParseCapabilitiesArch ( VIR_ARCH_X86_64 , latestCapsFile ) ) )
return - 1 ;
2018-12-07 13:21:43 +01:00
2023-03-02 17:44:21 +01:00
virFileCacheClear ( driver - > qemuCapsCache ) ;
2018-12-07 13:21:43 +01:00
if ( qemuTestCapsCacheInsert ( driver - > qemuCapsCache , priv - > qemuCaps ) < 0 )
2019-04-15 15:34:54 +02:00
return - 1 ;
2018-12-07 13:21:43 +01:00
2019-04-15 15:34:54 +02:00
if ( ! ( vm - > def = virDomainDefParseString ( domxml ,
driver - > xmlopt ,
NULL ,
0 ) ) )
return - 1 ;
2018-12-07 13:21:43 +01:00
2020-11-02 22:31:03 +01:00
if ( virSecurityManagerGenLabel ( driver - > securityManager , vm - > def ) < 0 )
return - 1 ;
2019-10-16 13:45:15 +02:00
* vm_ret = g_steal_pointer ( & vm ) ;
2019-04-15 15:34:54 +02:00
return 0 ;
2018-12-07 13:21:43 +01:00
}
static int
testDomain ( const void * opaque )
{
const struct testData * data = opaque ;
2019-10-15 14:47:50 +02:00
g_autoptr ( virDomainObj ) vm = NULL ;
2021-02-05 09:53:36 +01:00
g_autoptr ( GHashTable ) notRestored = virHashNew ( NULL ) ;
2019-02-15 11:37:03 +01:00
size_t i ;
2018-12-07 13:21:43 +01:00
int ret = - 1 ;
if ( prepareObjects ( data - > driver , data - > file , & vm ) < 0 )
return - 1 ;
2019-02-15 11:37:03 +01:00
for ( i = 0 ; i < vm - > def - > ndisks ; i + + ) {
2021-03-11 08:16:13 +01:00
virStorageSource * src = vm - > def - > disks [ i ] - > src ;
virStorageSource * n ;
2019-02-15 11:37:03 +01:00
if ( ! src )
continue ;
if ( virStorageSourceIsLocalStorage ( src ) & & src - > path & &
2021-02-05 09:53:36 +01:00
( src - > shared | | src - > readonly ) )
g_hash_table_insert ( notRestored , g_strdup ( src - > path ) , NULL ) ;
2019-02-15 11:37:03 +01:00
for ( n = src - > backingStore ; virStorageSourceIsBacking ( n ) ; n = n - > backingStore ) {
2021-02-05 09:53:36 +01:00
if ( virStorageSourceIsLocalStorage ( n ) & & n - > path )
g_hash_table_insert ( notRestored , g_strdup ( n - > path ) , NULL ) ;
2019-02-15 11:37:03 +01:00
}
}
2018-12-07 13:21:43 +01:00
/* Mocking is enabled only when this env variable is set.
* See mock code for explanation . */
2019-12-18 17:16:19 +00:00
if ( g_setenv ( ENVVAR , " 1 " , FALSE ) = = FALSE )
2019-04-15 15:34:54 +02:00
return - 1 ;
2018-12-07 13:21:43 +01:00
2019-09-11 07:53:09 +02:00
if ( qemuSecuritySetAllLabel ( data - > driver , vm , NULL , false ) < 0 )
2018-12-07 13:21:43 +01:00
goto cleanup ;
qemuSecurityRestoreAllLabel ( data - > driver , vm , false ) ;
2021-02-05 09:53:36 +01:00
if ( checkPaths ( notRestored ) < 0 )
2018-12-07 13:21:43 +01:00
goto cleanup ;
ret = 0 ;
cleanup :
2019-12-18 17:16:19 +00:00
g_unsetenv ( ENVVAR ) ;
2019-04-15 16:15:10 +02:00
freePaths ( ) ;
2018-12-07 13:21:43 +01:00
return ret ;
}
static int
mymain ( void )
{
virQEMUDriver driver ;
2021-03-11 08:16:13 +01:00
virSecurityManager * stack = NULL ;
virSecurityManager * dac = NULL ;
2020-11-02 22:31:03 +01:00
# ifdef WITH_SELINUX
2021-03-11 08:16:13 +01:00
virSecurityManager * selinux = NULL ;
2020-11-02 22:31:03 +01:00
# endif
2018-12-07 13:21:43 +01:00
int ret = 0 ;
2021-05-17 21:34:55 +02:00
if ( ! virSecurityXATTRNamespaceDefined ( ) )
return EXIT_AM_SKIP ;
2018-12-07 13:21:43 +01:00
if ( virInitialize ( ) < 0 | |
qemuTestDriverInit ( & driver ) < 0 )
return - 1 ;
/* Now fix the secdriver */
virObjectUnref ( driver . securityManager ) ;
2020-11-02 22:31:03 +01:00
if ( ! ( dac = virSecurityManagerNewDAC ( " test " , 1000 , 1000 ,
VIR_SECURITY_MANAGER_PRIVILEGED |
VIR_SECURITY_MANAGER_DYNAMIC_OWNERSHIP ,
NULL ) ) ) {
2020-01-27 12:52:23 +00:00
fprintf ( stderr , " Cannot initialize DAC security driver " ) ;
2018-12-07 13:21:43 +01:00
ret = - 1 ;
goto cleanup ;
}
2020-11-02 22:31:03 +01:00
if ( ! ( stack = virSecurityManagerNewStack ( dac ) ) ) {
fprintf ( stderr , " Cannot initialize stack security driver " ) ;
ret = - 1 ;
goto cleanup ;
}
dac = NULL ;
# if WITH_SELINUX
selinux = virSecurityManagerNew ( " selinux " , " test " ,
VIR_SECURITY_MANAGER_PRIVILEGED |
VIR_SECURITY_MANAGER_DEFAULT_CONFINED |
VIR_SECURITY_MANAGER_REQUIRE_CONFINED ) ;
if ( ! selinux ) {
fprintf ( stderr , " Cannot initialize selinux security driver " ) ;
ret = - 1 ;
goto cleanup ;
}
if ( virSecurityManagerStackAddNested ( stack , selinux ) < 0 ) {
fprintf ( stderr , " Cannot add selinux security driver onto stack " ) ;
ret = - 1 ;
goto cleanup ;
}
selinux = NULL ;
# endif
driver . securityManager = g_steal_pointer ( & stack ) ;
2018-12-07 13:21:43 +01:00
# define DO_TEST_DOMAIN(f) \
do { \
struct testData data = { . driver = & driver , . file = f } ; \
if ( virTestRun ( f , testDomain , & data ) < 0 ) \
ret = - 1 ; \
} while ( 0 )
2019-04-15 16:38:28 +02:00
DO_TEST_DOMAIN ( " acpi-table " ) ;
DO_TEST_DOMAIN ( " channel-unix-guestfwd " ) ;
DO_TEST_DOMAIN ( " console-virtio-unix " ) ;
DO_TEST_DOMAIN ( " controller-virtio-scsi " ) ;
DO_TEST_DOMAIN ( " disk-aio " ) ;
2019-02-15 11:37:03 +01:00
DO_TEST_DOMAIN ( " disk-backing-chains-noindex " ) ;
2019-04-15 16:38:28 +02:00
DO_TEST_DOMAIN ( " disk-cache " ) ;
DO_TEST_DOMAIN ( " disk-cdrom " ) ;
DO_TEST_DOMAIN ( " disk-cdrom-bus-other " ) ;
DO_TEST_DOMAIN ( " disk-cdrom-network " ) ;
DO_TEST_DOMAIN ( " disk-cdrom-tray " ) ;
DO_TEST_DOMAIN ( " disk-copy_on_read " ) ;
DO_TEST_DOMAIN ( " disk-detect-zeroes " ) ;
DO_TEST_DOMAIN ( " disk-error-policy " ) ;
DO_TEST_DOMAIN ( " disk-floppy " ) ;
2022-01-05 10:07:41 +01:00
DO_TEST_DOMAIN ( " disk-floppy-q35 " ) ;
2019-04-15 16:38:28 +02:00
DO_TEST_DOMAIN ( " disk-network-gluster " ) ;
DO_TEST_DOMAIN ( " disk-network-iscsi " ) ;
DO_TEST_DOMAIN ( " disk-network-nbd " ) ;
DO_TEST_DOMAIN ( " disk-network-rbd " ) ;
DO_TEST_DOMAIN ( " disk-network-sheepdog " ) ;
DO_TEST_DOMAIN ( " disk-network-source-auth " ) ;
2020-07-30 17:29:44 +02:00
DO_TEST_DOMAIN ( " disk-network-tlsx509-nbd " ) ;
DO_TEST_DOMAIN ( " disk-network-tlsx509-vxhs " ) ;
2019-04-15 16:38:28 +02:00
DO_TEST_DOMAIN ( " disk-readonly-disk " ) ;
DO_TEST_DOMAIN ( " disk-scsi " ) ;
DO_TEST_DOMAIN ( " disk-scsi-device-auto " ) ;
DO_TEST_DOMAIN ( " disk-shared " ) ;
2018-12-07 13:21:43 +01:00
DO_TEST_DOMAIN ( " disk-virtio " ) ;
2019-04-15 16:38:28 +02:00
DO_TEST_DOMAIN ( " disk-virtio-scsi-reservations " ) ;
DO_TEST_DOMAIN ( " graphics-vnc-tls-secret " ) ;
DO_TEST_DOMAIN ( " hugepages-nvdimm " ) ;
DO_TEST_DOMAIN ( " iothreads-virtio-scsi-pci " ) ;
DO_TEST_DOMAIN ( " memory-hotplug-nvdimm " ) ;
DO_TEST_DOMAIN ( " memory-hotplug-nvdimm-access " ) ;
DO_TEST_DOMAIN ( " memory-hotplug-nvdimm-align " ) ;
DO_TEST_DOMAIN ( " memory-hotplug-nvdimm-label " ) ;
DO_TEST_DOMAIN ( " memory-hotplug-nvdimm-pmem " ) ;
DO_TEST_DOMAIN ( " memory-hotplug-nvdimm-readonly " ) ;
DO_TEST_DOMAIN ( " net-vhostuser " ) ;
2022-06-09 15:54:36 +02:00
DO_TEST_DOMAIN ( " firmware-auto-bios " ) ;
DO_TEST_DOMAIN ( " firmware-auto-efi " ) ;
DO_TEST_DOMAIN ( " firmware-auto-efi-loader-secure " ) ;
2018-12-07 13:21:43 +01:00
DO_TEST_DOMAIN ( " pci-bridge-many-disks " ) ;
2019-04-15 16:38:28 +02:00
DO_TEST_DOMAIN ( " tseg-explicit-size " ) ;
DO_TEST_DOMAIN ( " usb-redir-unix " ) ;
DO_TEST_DOMAIN ( " virtio-non-transitional " ) ;
DO_TEST_DOMAIN ( " virtio-transitional " ) ;
DO_TEST_DOMAIN ( " x86_64-pc-graphics " ) ;
DO_TEST_DOMAIN ( " x86_64-pc-headless " ) ;
DO_TEST_DOMAIN ( " x86_64-q35-graphics " ) ;
DO_TEST_DOMAIN ( " x86_64-q35-headless " ) ;
2018-12-07 13:21:43 +01:00
cleanup :
qemuTestDriverFree ( & driver ) ;
2020-11-02 22:31:03 +01:00
# ifdef WITH_SELINUX
virObjectUnref ( selinux ) ;
# endif
virObjectUnref ( dac ) ;
virObjectUnref ( stack ) ;
2021-05-16 18:14:53 +02:00
return ret = = 0 ? EXIT_SUCCESS : EXIT_FAILURE ;
2018-12-07 13:21:43 +01:00
}
2019-11-15 11:56:46 +01:00
VIR_TEST_MAIN_PRELOAD ( mymain ,
VIR_TEST_MOCK ( " domaincaps " ) )