search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
docs: Reword virDomainGetEmulatorPinInfo description
[libvirt.git] / tests / qemusecuritytest.c
blob27eb101f8ceb93202f39c1d16f972f090859fe88
1 /*
2 * Copyright (C) 2018 Red Hat, Inc.
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library. If not, see
16 * <http://www.gnu.org/licenses/>.
17 */
18
19 #include <config.h>
20
21 #include "qemusecuritytest.h"
22 #include "testutils.h"
23 #include "testutilsqemu.h"
24 #include "security/security_manager.h"
25 #include "security/security_util.h"
26 #include "conf/domain_conf.h"
27 #include "qemu/qemu_domain.h"
28 #include "qemu/qemu_security.h"
29
30 #define VIR_FROM_THIS VIR_FROM_NONE
31
32 struct testData {
33 virQEMUDriver *driver;
34 const char *file; /* file name to load VM def XML from; qemuxmlconfdata/ */
35 };
36
37
38 static int
39 prepareObjects(virQEMUDriver *driver,
40 const char *xmlname,
41 virDomainObj **vm_ret)
42 {
43 qemuDomainObjPrivate *priv;
44 g_autoptr(virDomainObj) vm = NULL;
45 g_autofree char *filename = NULL;
46 g_autofree char *domxml = NULL;
47 g_autofree char *latestCapsFile = NULL;
48
49 filename = g_strdup_printf("%s/qemuxmlconfdata/%s.xml", abs_srcdir, xmlname);
50
51 if (virTestLoadFile(filename, &domxml) < 0)
52 return -1;
53
54 if (!(vm = virDomainObjNew(driver->xmlopt)))
55 return -1;
56
57 priv = vm->privateData;
58 priv->chardevStdioLogd = false;
59 priv->rememberOwner = true;
60
61 if (!(latestCapsFile = testQemuGetLatestCapsForArch("x86_64", "xml")))
62 return -1;
63
64 if (!(priv->qemuCaps = qemuTestParseCapabilitiesArch(VIR_ARCH_X86_64, latestCapsFile)))
65 return -1;
66
67 virFileCacheClear(driver->qemuCapsCache);
68
69 if (qemuTestCapsCacheInsert(driver->qemuCapsCache, priv->qemuCaps) < 0)
70 return -1;
71
72 if (!(vm->def = virDomainDefParseString(domxml,
73 driver->xmlopt,
74 NULL,
75 0)))
76 return -1;
77
78 if (virSecurityManagerGenLabel(driver->securityManager, vm->def) < 0)
79 return -1;
80
81 *vm_ret = g_steal_pointer(&vm);
82 return 0;
83 }
84
85
86 static int
87 testDomain(const void *opaque)
88 {
89 const struct testData *data = opaque;
90 g_autoptr(virDomainObj) vm = NULL;
91 g_autoptr(GHashTable) notRestored = virHashNew(NULL);
92 size_t i;
93 int ret = -1;
94
95 if (prepareObjects(data->driver, data->file, &vm) < 0)
96 return -1;
97
98 for (i = 0; i < vm->def->ndisks; i++) {
99 virStorageSource *src = vm->def->disks[i]->src;
100 virStorageSource *n;
101
102 if (!src)
103 continue;
104
105 if (virStorageSourceIsLocalStorage(src) && src->path &&
106 (src->shared || src->readonly))
107 g_hash_table_insert(notRestored, g_strdup(src->path), NULL);
108
109 for (n = src->backingStore; virStorageSourceIsBacking(n); n = n->backingStore) {
110 if (virStorageSourceIsLocalStorage(n) && n->path)
111 g_hash_table_insert(notRestored, g_strdup(n->path), NULL);
112 }
113 }
114
115 /* Mocking is enabled only when this env variable is set.
116 * See mock code for explanation. */
117 if (g_setenv(ENVVAR, "1", FALSE) == FALSE)
118 return -1;
119
120 if (qemuSecuritySetAllLabel(data->driver, vm, NULL, false) < 0)
121 goto cleanup;
122
123 qemuSecurityRestoreAllLabel(data->driver, vm, false);
124
125 if (checkPaths(notRestored) < 0)
126 goto cleanup;
127
128 ret = 0;
129 cleanup:
130 g_unsetenv(ENVVAR);
131 freePaths();
132 return ret;
133 }
134
135
136 static int
137 mymain(void)
138 {
139 virQEMUDriver driver;
140 virSecurityManager *stack = NULL;
141 virSecurityManager *dac = NULL;
142 #ifdef WITH_SELINUX
143 virSecurityManager *selinux = NULL;
144 #endif
145 int ret = 0;
146
147 if (!virSecurityXATTRNamespaceDefined())
148 return EXIT_AM_SKIP;
149
150 if (virInitialize() < 0 ||
151 qemuTestDriverInit(&driver) < 0)
152 return -1;
153
154 /* Now fix the secdriver */
155 virObjectUnref(driver.securityManager);
156
157 if (!(dac = virSecurityManagerNewDAC("test", 1000, 1000,
158 VIR_SECURITY_MANAGER_PRIVILEGED |
159 VIR_SECURITY_MANAGER_DYNAMIC_OWNERSHIP,
160 NULL))) {
161 fprintf(stderr, "Cannot initialize DAC security driver");
162 ret = -1;
163 goto cleanup;
164 }
165
166 if (!(stack = virSecurityManagerNewStack(dac))) {
167 fprintf(stderr, "Cannot initialize stack security driver");
168 ret = -1;
169 goto cleanup;
170 }
171 dac = NULL;
172
173 #if WITH_SELINUX
174 selinux = virSecurityManagerNew("selinux", "test",
175 VIR_SECURITY_MANAGER_PRIVILEGED |
176 VIR_SECURITY_MANAGER_DEFAULT_CONFINED |
177 VIR_SECURITY_MANAGER_REQUIRE_CONFINED);
178 if (!selinux) {
179 fprintf(stderr, "Cannot initialize selinux security driver");
180 ret = -1;
181 goto cleanup;
182 }
183
184 if (virSecurityManagerStackAddNested(stack, selinux) < 0) {
185 fprintf(stderr, "Cannot add selinux security driver onto stack");
186 ret = -1;
187 goto cleanup;
188 }
189 selinux = NULL;
190 #endif
191
192 driver.securityManager = g_steal_pointer(&stack);
193
194
195 #define DO_TEST_DOMAIN(f) \
196 do { \
197 struct testData data = {.driver = &driver, .file = f}; \
198 if (virTestRun(f, testDomain, &data) < 0) \
199 ret = -1; \
200 } while (0)
201
202 DO_TEST_DOMAIN("acpi-table");
203 DO_TEST_DOMAIN("channel-unix-guestfwd");
204 DO_TEST_DOMAIN("console-virtio-unix");
205 DO_TEST_DOMAIN("controller-virtio-scsi");
206 DO_TEST_DOMAIN("disk-aio");
207 DO_TEST_DOMAIN("disk-backing-chains-noindex");
208 DO_TEST_DOMAIN("disk-cache");
209 DO_TEST_DOMAIN("disk-cdrom");
210 DO_TEST_DOMAIN("disk-cdrom-bus-other");
211 DO_TEST_DOMAIN("disk-cdrom-network");
212 DO_TEST_DOMAIN("disk-cdrom-tray");
213 DO_TEST_DOMAIN("disk-copy_on_read");
214 DO_TEST_DOMAIN("disk-detect-zeroes");
215 DO_TEST_DOMAIN("disk-error-policy");
216 DO_TEST_DOMAIN("disk-floppy");
217 DO_TEST_DOMAIN("disk-floppy-q35");
218 DO_TEST_DOMAIN("disk-network-gluster");
219 DO_TEST_DOMAIN("disk-network-iscsi");
220 DO_TEST_DOMAIN("disk-network-nbd");
221 DO_TEST_DOMAIN("disk-network-rbd");
222 DO_TEST_DOMAIN("disk-network-sheepdog");
223 DO_TEST_DOMAIN("disk-network-source-auth");
224 DO_TEST_DOMAIN("disk-network-tlsx509-nbd");
225 DO_TEST_DOMAIN("disk-readonly-disk");
226 DO_TEST_DOMAIN("disk-scsi");
227 DO_TEST_DOMAIN("disk-scsi-device-auto");
228 DO_TEST_DOMAIN("disk-shared");
229 DO_TEST_DOMAIN("disk-virtio");
230 DO_TEST_DOMAIN("disk-virtio-scsi-reservations");
231 DO_TEST_DOMAIN("graphics-vnc-tls-secret");
232 DO_TEST_DOMAIN("hugepages-nvdimm");
233 DO_TEST_DOMAIN("iothreads-virtio-scsi-pci");
234 DO_TEST_DOMAIN("memory-hotplug-nvdimm");
235 DO_TEST_DOMAIN("memory-hotplug-nvdimm-access");
236 DO_TEST_DOMAIN("memory-hotplug-nvdimm-align");
237 DO_TEST_DOMAIN("memory-hotplug-nvdimm-label");
238 DO_TEST_DOMAIN("memory-hotplug-nvdimm-pmem");
239 DO_TEST_DOMAIN("memory-hotplug-nvdimm-readonly");
240 DO_TEST_DOMAIN("net-vhostuser");
241 DO_TEST_DOMAIN("firmware-auto-bios");
242 DO_TEST_DOMAIN("firmware-auto-efi");
243 DO_TEST_DOMAIN("firmware-auto-efi-loader-secure");
244 DO_TEST_DOMAIN("pci-bridge-many-disks");
245 DO_TEST_DOMAIN("tseg-explicit-size");
246 DO_TEST_DOMAIN("usb-redir-unix");
247 DO_TEST_DOMAIN("virtio-non-transitional");
248 DO_TEST_DOMAIN("virtio-transitional");
249 DO_TEST_DOMAIN("x86_64-pc-graphics");
250 DO_TEST_DOMAIN("x86_64-pc-headless");
251 DO_TEST_DOMAIN("x86_64-q35-graphics");
252 DO_TEST_DOMAIN("x86_64-q35-headless");
253
254 cleanup:
255 qemuTestDriverFree(&driver);
256 #ifdef WITH_SELINUX
257 virObjectUnref(selinux);
258 #endif
259 virObjectUnref(dac);
260 virObjectUnref(stack);
261 return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
262 }
263
264 VIR_TEST_MAIN_PRELOAD(mymain,
265 VIR_TEST_MOCK("domaincaps"))
libvirt mirror