virt-manager/virtinst/domain/seclabel.py

#
# Copyright 2010, 2012-2013 Red Hat, Inc.
#
# This work is licensed under the GNU GPLv2 or later.
# See the COPYING file in the top-level directory.

from ..xmlbuilder import XMLBuilder, XMLProperty


class DomainSeclabel(XMLBuilder):
    """
    Class for generating <seclabel> XML
    """

    TYPE_DYNAMIC = "dynamic"
    TYPE_STATIC = "static"

    MODEL_TEST = "testSecurity"
    MODEL_SELINUX = "selinux"
    MODEL_DAC = "dac"
    MODEL_NONE = "none"

    XML_NAME = "seclabel"
    _XML_PROP_ORDER = ["type", "model", "relabel", "label"]

    def _guess_secmodel(self):
        caps_models = [x.model for x in self.conn.caps.host.secmodels]

        # We always want the testSecurity model when running tests
        if self.MODEL_TEST in caps_models:
            return self.MODEL_TEST
        if not self.label:
            return caps_models and caps_models[0] or None

        lab_len = None
        if self.label:
            lab_len = min(3, len(self.label.split(':')))

        if lab_len == 3:
            return self.MODEL_SELINUX
        elif lab_len == 2:
            return self.MODEL_DAC
    model = XMLProperty("./@model")
    type = XMLProperty("./@type")

    label = XMLProperty("./label")
    baselabel = XMLProperty("./baselabel")
    relabel = XMLProperty("./@relabel", is_yesno=True)


    ##################
    # Default config #
    ##################

    def set_defaults(self, _guest):
        if not self.type and not self.model:
            # Let libvirt fill it in
            return
        if self.type is None:
            self.type = self.TYPE_DYNAMIC
        if self.model is None:
            self.model = self._guess_secmodel()
Merge code from python-virtinst.git As outlined here: https://www.redhat.com/archives/virt-tools-list/2012-February/msg00040.html For now this is just a direct import of the code from virtinst commit dca5a4d6245f21d554f8853197a6a234bfc8e52c. History is not merged, so please refer to original git for detailed commit histor: http://git.fedorahosted.org/cgit/python-virtinst.git/ 2013-03-17 17:06:52 -04:00			`#`
headers: update "Red Hat, Inc." copyright for the year 2013 Ensure that any file touched by a @redhat.com author in 2013 has an updated copyright header. The files were updated using the build-aux/update-copyright gnulib script and manually added where the copyright line wasn't present. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> 2013-10-27 21:59:46 +01:00			`# Copyright 2010, 2012-2013 Red Hat, Inc.`
Merge code from python-virtinst.git As outlined here: https://www.redhat.com/archives/virt-tools-list/2012-February/msg00040.html For now this is just a direct import of the code from virtinst commit dca5a4d6245f21d554f8853197a6a234bfc8e52c. History is not merged, so please refer to original git for detailed commit histor: http://git.fedorahosted.org/cgit/python-virtinst.git/ 2013-03-17 17:06:52 -04:00			`#`
Fix copyright header to specify GPLv2 or later, not GPLv2 only. The copyright headers in every file were chjanged in this previous commit commit b6dcee8eb7ec4de999058c187162fe4aedef36b4 Author: Cole Robinson <crobinso@redhat.com> Date: Tue Mar 20 15:00:02 2018 -0400 Use consistent and minimal license header for every file Where before this they said " "either version 2 of the License, or (at your option) any later version." Now they just say "GNU GPLv2" This fixes it to say "GNU GPLv2 or later" again. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> 2018-04-04 14:35:41 +01:00			`# This work is licensed under the GNU GPLv2 or later.`
Use consistent and minimal license header for every file 2018-03-20 15:00:02 -04:00			`# See the COPYING file in the top-level directory.`
Merge code from python-virtinst.git As outlined here: https://www.redhat.com/archives/virt-tools-list/2012-February/msg00040.html For now this is just a direct import of the code from virtinst commit dca5a4d6245f21d554f8853197a6a234bfc8e52c. History is not merged, so please refer to original git for detailed commit histor: http://git.fedorahosted.org/cgit/python-virtinst.git/ 2013-03-17 17:06:52 -04:00
virtinst: move <domain> XML files to virtinst/domain And give the classes consistent naming 2018-03-20 15:10:04 -04:00			`from ..xmlbuilder import XMLBuilder, XMLProperty`
Merge code from python-virtinst.git As outlined here: https://www.redhat.com/archives/virt-tools-list/2012-February/msg00040.html For now this is just a direct import of the code from virtinst commit dca5a4d6245f21d554f8853197a6a234bfc8e52c. History is not merged, so please refer to original git for detailed commit histor: http://git.fedorahosted.org/cgit/python-virtinst.git/ 2013-03-17 17:06:52 -04:00
Revive pep8 and clean up the code autopep8 is pretty cool :) 2013-04-13 14:34:52 -04:00
virtinst: move <domain> XML files to virtinst/domain And give the classes consistent naming 2018-03-20 15:10:04 -04:00			`class DomainSeclabel(XMLBuilder):`
Merge code from python-virtinst.git As outlined here: https://www.redhat.com/archives/virt-tools-list/2012-February/msg00040.html For now this is just a direct import of the code from virtinst commit dca5a4d6245f21d554f8853197a6a234bfc8e52c. History is not merged, so please refer to original git for detailed commit histor: http://git.fedorahosted.org/cgit/python-virtinst.git/ 2013-03-17 17:06:52 -04:00			`"""`
			`Class for generating <seclabel> XML`
			`"""`

Seclabel: Convert to new style XML props. 2013-07-16 12:30:43 -04:00			`TYPE_DYNAMIC = "dynamic"`
			`TYPE_STATIC = "static"`
Merge code from python-virtinst.git As outlined here: https://www.redhat.com/archives/virt-tools-list/2012-February/msg00040.html For now this is just a direct import of the code from virtinst commit dca5a4d6245f21d554f8853197a6a234bfc8e52c. History is not merged, so please refer to original git for detailed commit histor: http://git.fedorahosted.org/cgit/python-virtinst.git/ 2013-03-17 17:06:52 -04:00
Seclabel: Convert to new style XML props. 2013-07-16 12:30:43 -04:00			`MODEL_TEST = "testSecurity"`
			`MODEL_SELINUX = "selinux"`
			`MODEL_DAC = "dac"`
			`MODEL_NONE = "none"`
Merge code from python-virtinst.git As outlined here: https://www.redhat.com/archives/virt-tools-list/2012-February/msg00040.html For now this is just a direct import of the code from virtinst commit dca5a4d6245f21d554f8853197a6a234bfc8e52c. History is not merged, so please refer to original git for detailed commit histor: http://git.fedorahosted.org/cgit/python-virtinst.git/ 2013-03-17 17:06:52 -04:00
virtinst: s/_XML_ROOT_NAME/XML_NAME/g No reason for it to be privatized, could be useful in some cases 2018-03-21 10:53:34 -04:00			`XML_NAME = "seclabel"`
domain: seclabel: Drop some unneeded logic * imagelabel is a runtime only XML attribute which we don't use at all, so drop parsing * drop validation checks that libvirt will do for us 2019-06-09 17:05:57 -04:00			`_XML_PROP_ORDER = ["type", "model", "relabel", "label"]`
Merge code from python-virtinst.git As outlined here: https://www.redhat.com/archives/virt-tools-list/2012-February/msg00040.html For now this is just a direct import of the code from virtinst commit dca5a4d6245f21d554f8853197a6a234bfc8e52c. History is not merged, so please refer to original git for detailed commit histor: http://git.fedorahosted.org/cgit/python-virtinst.git/ 2013-03-17 17:06:52 -04:00
Seclabel: Convert to new style XML props. 2013-07-16 12:30:43 -04:00			`def _guess_secmodel(self):`
domain: seclabel: Add set_defaults 2018-09-02 09:52:00 -04:00			`caps_models = [x.model for x in self.conn.caps.host.secmodels]`

Merge code from python-virtinst.git As outlined here: https://www.redhat.com/archives/virt-tools-list/2012-February/msg00040.html For now this is just a direct import of the code from virtinst commit dca5a4d6245f21d554f8853197a6a234bfc8e52c. History is not merged, so please refer to original git for detailed commit histor: http://git.fedorahosted.org/cgit/python-virtinst.git/ 2013-03-17 17:06:52 -04:00			`# We always want the testSecurity model when running tests`
domain: seclabel: Add set_defaults 2018-09-02 09:52:00 -04:00			`if self.MODEL_TEST in caps_models:`
Seclabel: Convert to new style XML props. 2013-07-16 12:30:43 -04:00			`return self.MODEL_TEST`
domain: seclabel: Drop some unneeded logic * imagelabel is a runtime only XML attribute which we don't use at all, so drop parsing * drop validation checks that libvirt will do for us 2019-06-09 17:05:57 -04:00			`if not self.label:`
domain: seclabel: Add set_defaults 2018-09-02 09:52:00 -04:00			`return caps_models and caps_models[0] or None`
Merge code from python-virtinst.git As outlined here: https://www.redhat.com/archives/virt-tools-list/2012-February/msg00040.html For now this is just a direct import of the code from virtinst commit dca5a4d6245f21d554f8853197a6a234bfc8e52c. History is not merged, so please refer to original git for detailed commit histor: http://git.fedorahosted.org/cgit/python-virtinst.git/ 2013-03-17 17:06:52 -04:00
domain: seclabel: Drop some unneeded logic * imagelabel is a runtime only XML attribute which we don't use at all, so drop parsing * drop validation checks that libvirt will do for us 2019-06-09 17:05:57 -04:00			`lab_len = None`
domain: seclabel: Add set_defaults 2018-09-02 09:52:00 -04:00			`if self.label:`
			`lab_len = min(3, len(self.label.split(':')))`
Merge code from python-virtinst.git As outlined here: https://www.redhat.com/archives/virt-tools-list/2012-February/msg00040.html For now this is just a direct import of the code from virtinst commit dca5a4d6245f21d554f8853197a6a234bfc8e52c. History is not merged, so please refer to original git for detailed commit histor: http://git.fedorahosted.org/cgit/python-virtinst.git/ 2013-03-17 17:06:52 -04:00
			`if lab_len == 3:`
Seclabel: Convert to new style XML props. 2013-07-16 12:30:43 -04:00			`return self.MODEL_SELINUX`
Merge code from python-virtinst.git As outlined here: https://www.redhat.com/archives/virt-tools-list/2012-February/msg00040.html For now this is just a direct import of the code from virtinst commit dca5a4d6245f21d554f8853197a6a234bfc8e52c. History is not merged, so please refer to original git for detailed commit histor: http://git.fedorahosted.org/cgit/python-virtinst.git/ 2013-03-17 17:06:52 -04:00			`elif lab_len == 2:`
Seclabel: Convert to new style XML props. 2013-07-16 12:30:43 -04:00			`return self.MODEL_DAC`
domain: seclabel: Add set_defaults 2018-09-02 09:52:00 -04:00			`model = XMLProperty("./@model")`
			`type = XMLProperty("./@type")`
Seclabel: Convert to new style XML props. 2013-07-16 12:30:43 -04:00
Simplify XMLProperty declarations 2013-09-19 13:27:30 -04:00			`label = XMLProperty("./label")`
virtinst: Support multiple seclabels libvirt has supported this for a while. Wire it all up through the cli, and fix some bad assumptions along the way. 2015-05-03 18:08:10 -04:00			`baselabel = XMLProperty("./baselabel")`
Simplify XMLProperty declarations 2013-09-19 13:27:30 -04:00			`relabel = XMLProperty("./@relabel", is_yesno=True)`
domain: seclabel: Add set_defaults 2018-09-02 09:52:00 -04:00

			`##################`
			`# Default config #`
			`##################`

			`def set_defaults(self, _guest):`
tests: cli: A bunch of cleanup - Move most xml suboption testing to many-devices test - Clarify every specific bit we are testing in the singleton tests - Consolidate/drop/reduce a lot of tests Signed-off-by: Cole Robinson <crobinso@redhat.com> 2022-02-18 09:39:19 -05:00			`if not self.type and not self.model:`
			`# Let libvirt fill it in`
			`return`
			`if self.type is None:`
			`self.type = self.TYPE_DYNAMIC`
			`if self.model is None:`
			`self.model = self._guess_secmodel()`