search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
virt-aa-helper: Use virCommand APIs directly
[libvirt/ericb.git] / src / security / virt-aa-helper.c
blobc5080f698abe365959ac397d70cb15b243b0e14b
1 /*
2 * virt-aa-helper: wrapper program used by AppArmor security driver.
3 *
4 * Copyright (C) 2010-2014 Red Hat, Inc.
5 * Copyright (C) 2009-2011 Canonical Ltd.
6 *
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library. If not, see
19 * <http://www.gnu.org/licenses/>.
20 */
21
22 #include <config.h>
23
24 #include <stdarg.h>
25 #include <unistd.h>
26 #include <sys/types.h>
27 #include <fcntl.h>
28 #include <getopt.h>
29 #include <sys/utsname.h>
30
31 #include "internal.h"
32 #include "virbuffer.h"
33 #include "viralloc.h"
34 #include "vircommand.h"
35 #include "virlog.h"
36 #include "dirname.h"
37 #include "driver.h"
38
39 #include "security_driver.h"
40 #include "security_apparmor.h"
41 #include "domain_conf.h"
42 #include "virxml.h"
43 #include "viruuid.h"
44 #include "virusb.h"
45 #include "virpci.h"
46 #include "virfile.h"
47 #include "configmake.h"
48 #include "virrandom.h"
49 #include "virstring.h"
50 #include "virgettext.h"
51 #include "virhostdev.h"
52
53 #define VIR_FROM_THIS VIR_FROM_SECURITY
54
55 static char *progname;
56
57 typedef struct {
58 char uuid[PROFILE_NAME_SIZE]; /* UUID of vm */
59 bool dryrun; /* dry run */
60 char cmd; /* 'c' create
61 * 'a' add (load)
62 * 'r' replace
63 * 'R' remove */
64 char *files; /* list of files */
65 virDomainDefPtr def; /* VM definition */
66 virCapsPtr caps; /* VM capabilities */
67 virDomainXMLOptionPtr xmlopt; /* XML parser data */
68 char *virtType; /* type of hypervisor (eg qemu, xen, lxc) */
69 char *os; /* type of os (eg hvm, xen, exe) */
70 virArch arch; /* machine architecture */
71 char *newfile; /* newly added file */
72 bool append; /* append to .files instead of rewrite */
73 } vahControl;
74
75 static int
76 vahDeinit(vahControl * ctl)
77 {
78 if (ctl == NULL)
79 return -1;
80
81 VIR_FREE(ctl->def);
82 virObjectUnref(ctl->caps);
83 virObjectUnref(ctl->xmlopt);
84 VIR_FREE(ctl->files);
85 VIR_FREE(ctl->virtType);
86 VIR_FREE(ctl->os);
87 VIR_FREE(ctl->newfile);
88
89 return 0;
90 }
91
92 /*
93 * Print usage
94 */
95 static void
96 vah_usage(void)
97 {
98 printf(_("\n%s [options] [< def.xml]\n\n"
99 " Options:\n"
100 " -a | --add load profile\n"
101 " -c | --create create profile from template\n"
102 " -d | --dryrun dry run\n"
103 " -D | --delete unload and delete profile\n"
104 " -f | --add-file <file> add file to profile\n"
105 " -F | --append-file <file> append file to profile\n"
106 " -r | --replace reload profile\n"
107 " -R | --remove unload profile\n"
108 " -h | --help this help\n"
109 " -u | --uuid <uuid> uuid (profile name)\n"
110 "\n"), progname);
111
112 puts(_("This command is intended to be used by libvirtd "
113 "and not used directly.\n"));
114 return;
115 }
116
117 static void
118 vah_error(vahControl * ctl, int doexit, const char *str)
119 {
120 fprintf(stderr, _("%s: error: %s%c"), progname, str, '\n');
121
122 if (doexit) {
123 if (ctl != NULL)
124 vahDeinit(ctl);
125 exit(EXIT_FAILURE);
126 }
127 }
128
129 static void
130 vah_warning(const char *str)
131 {
132 fprintf(stderr, _("%s: warning: %s%c"), progname, str, '\n');
133 }
134
135 static void
136 vah_info(const char *str)
137 {
138 fprintf(stderr, _("%s:\n%s%c"), progname, str, '\n');
139 }
140
141 /*
142 * run an apparmor_parser command
143 */
144 static int
145 parserCommand(const char *profile_name, const char cmd)
146 {
147 int result = -1;
148 char flag[3];
149 char *profile;
150 int status;
151 int ret;
152
153 if (strchr("arR", cmd) == NULL) {
154 vah_error(NULL, 0, _("invalid flag"));
155 return -1;
156 }
157
158 snprintf(flag, 3, "-%c", cmd);
159
160 if (virAsprintfQuiet(&profile, "%s/%s",
161 APPARMOR_DIR "/libvirt", profile_name) < 0) {
162 vah_error(NULL, 0, _("profile name exceeds maximum length"));
163 return -1;
164 }
165
166 if (!virFileExists(profile)) {
167 vah_error(NULL, 0, _("profile does not exist"));
168 goto cleanup;
169 } else {
170 const char * const argv[] = {
171 "/sbin/apparmor_parser", flag, profile, NULL
172 };
173 VIR_AUTOPTR(virCommand) command = virCommandNewArgs(argv);
174
175 if ((ret = virCommandRun(command, &status)) != 0 ||
176 (WIFEXITED(status) && WEXITSTATUS(status) != 0)) {
177 if (ret != 0) {
178 vah_error(NULL, 0, _("failed to run apparmor_parser"));
179 goto cleanup;
180 } else if (cmd == 'R' && WIFEXITED(status) &&
181 WEXITSTATUS(status) == 234) {
182 vah_warning(_("unable to unload already unloaded profile"));
183 } else {
184 vah_error(NULL, 0, _("apparmor_parser exited with error"));
185 goto cleanup;
186 }
187 }
188 }
189
190 result = 0;
191
192 cleanup:
193 VIR_FREE(profile);
194
195 return result;
196 }
197
198 /*
199 * Update the dynamic files
200 */
201 static int
202 update_include_file(const char *include_file, const char *included_files,
203 bool append)
204 {
205 int rc = -1;
206 int plen, flen = 0;
207 int fd;
208 char *pcontent = NULL;
209 char *existing = NULL;
210 const char *warning =
211 "# DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.\n";
212
213 if (virFileExists(include_file)) {
214 flen = virFileReadAll(include_file, MAX_FILE_LEN, &existing);
215 if (flen < 0)
216 return rc;
217 }
218
219 if (append && virFileExists(include_file)) {
220 if (virAsprintfQuiet(&pcontent, "%s%s", existing, included_files) == -1) {
221 vah_error(NULL, 0, _("could not allocate memory for profile"));
222 goto cleanup;
223 }
224 } else {
225 if (virAsprintfQuiet(&pcontent, "%s%s", warning, included_files) == -1) {
226 vah_error(NULL, 0, _("could not allocate memory for profile"));
227 goto cleanup;
228 }
229 }
230
231 plen = strlen(pcontent);
232 if (plen > MAX_FILE_LEN) {
233 vah_error(NULL, 0, _("invalid length for new profile"));
234 goto cleanup;
235 }
236
237 /* only update the disk profile if it is different */
238 if (flen > 0 && flen == plen && STREQLEN(existing, pcontent, plen)) {
239 rc = 0;
240 goto cleanup;
241 }
242
243 /* write the file */
244 if ((fd = open(include_file, O_CREAT | O_TRUNC | O_WRONLY, 0644)) == -1) {
245 vah_error(NULL, 0, _("failed to create include file"));
246 goto cleanup;
247 }
248
249 if (safewrite(fd, pcontent, plen) < 0) { /* don't write the '\0' */
250 VIR_FORCE_CLOSE(fd);
251 vah_error(NULL, 0, _("failed to write to profile"));
252 goto cleanup;
253 }
254
255 if (VIR_CLOSE(fd) != 0) {
256 vah_error(NULL, 0, _("failed to close or write to profile"));
257 goto cleanup;
258 }
259 rc = 0;
260
261 cleanup:
262 VIR_FREE(pcontent);
263 VIR_FREE(existing);
264
265 return rc;
266 }
267
268 /*
269 * Create a profile based on a template
270 */
271 static int
272 create_profile(const char *profile, const char *profile_name,
273 const char *profile_files, int virtType)
274 {
275 char *template;
276 char *tcontent = NULL;
277 char *pcontent = NULL;
278 char *replace_name = NULL;
279 char *replace_files = NULL;
280 char *tmp = NULL;
281 const char *template_name = "\nprofile LIBVIRT_TEMPLATE";
282 const char *template_end = "\n}";
283 int tlen, plen;
284 int fd;
285 int rc = -1;
286 const char *driver_name = NULL;
287
288 if (virFileExists(profile)) {
289 vah_error(NULL, 0, _("profile exists"));
290 goto end;
291 }
292
293 switch (virtType) {
294 case VIR_DOMAIN_VIRT_QEMU:
295 case VIR_DOMAIN_VIRT_KQEMU:
296 case VIR_DOMAIN_VIRT_KVM:
297 driver_name = "qemu";
298 break;
299 default:
300 driver_name = virDomainVirtTypeToString(virtType);
301 }
302
303 if (virAsprintfQuiet(&template, "%s/TEMPLATE.%s", APPARMOR_DIR "/libvirt",
304 driver_name) < 0) {
305 vah_error(NULL, 0, _("template name exceeds maximum length"));
306 goto end;
307 }
308
309 if (!virFileExists(template)) {
310 vah_error(NULL, 0, _("template does not exist"));
311 goto end;
312 }
313
314 if ((tlen = virFileReadAll(template, MAX_FILE_LEN, &tcontent)) < 0) {
315 vah_error(NULL, 0, _("failed to read AppArmor template"));
316 goto end;
317 }
318
319 if (strstr(tcontent, template_name) == NULL) {
320 vah_error(NULL, 0, _("no replacement string in template"));
321 goto clean_tcontent;
322 }
323
324 if (strstr(tcontent, template_end) == NULL) {
325 vah_error(NULL, 0, _("no replacement string in template"));
326 goto clean_tcontent;
327 }
328
329 /* '\nprofile <profile_name>\0' */
330 if (virAsprintfQuiet(&replace_name, "\nprofile %s", profile_name) == -1) {
331 vah_error(NULL, 0, _("could not allocate memory for profile name"));
332 goto clean_tcontent;
333 }
334
335 /* '\n<profile_files>\n}\0' */
336 if ((virtType != VIR_DOMAIN_VIRT_LXC) &&
337 virAsprintfQuiet(&replace_files, "\n%s\n}", profile_files) == -1) {
338 vah_error(NULL, 0, _("could not allocate memory for profile files"));
339 VIR_FREE(replace_name);
340 goto clean_tcontent;
341 }
342
343 plen = tlen + strlen(replace_name) - strlen(template_name) + 1;
344
345 if (virtType != VIR_DOMAIN_VIRT_LXC)
346 plen += strlen(replace_files) - strlen(template_end);
347
348 if (plen > MAX_FILE_LEN || plen < tlen) {
349 vah_error(NULL, 0, _("invalid length for new profile"));
350 goto clean_replace;
351 }
352
353 if (!(pcontent = virStringReplace(tcontent, template_name, replace_name)))
354 goto clean_all;
355
356 if (virtType != VIR_DOMAIN_VIRT_LXC) {
357 if (!(tmp = virStringReplace(pcontent, template_end, replace_files)))
358 goto clean_all;
359 VIR_FREE(pcontent);
360 VIR_STEAL_PTR(pcontent, tmp);
361 }
362
363 /* write the file */
364 if ((fd = open(profile, O_CREAT | O_EXCL | O_WRONLY, 0644)) == -1) {
365 vah_error(NULL, 0, _("failed to create profile"));
366 goto clean_all;
367 }
368
369 if (safewrite(fd, pcontent, plen - 1) < 0) { /* don't write the '\0' */
370 VIR_FORCE_CLOSE(fd);
371 vah_error(NULL, 0, _("failed to write to profile"));
372 goto clean_all;
373 }
374
375 if (VIR_CLOSE(fd) != 0) {
376 vah_error(NULL, 0, _("failed to close or write to profile"));
377 goto clean_all;
378 }
379 rc = 0;
380
381 clean_all:
382 VIR_FREE(pcontent);
383 clean_replace:
384 VIR_FREE(replace_name);
385 VIR_FREE(replace_files);
386 clean_tcontent:
387 VIR_FREE(tcontent);
388 end:
389 VIR_FREE(template);
390 return rc;
391 }
392
393 /*
394 * Load an existing profile
395 */
396 static int
397 parserLoad(const char *profile_name)
398 {
399 return parserCommand(profile_name, 'a');
400 }
401
402 /*
403 * Remove an existing profile
404 */
405 static int
406 parserRemove(const char *profile_name)
407 {
408 return parserCommand(profile_name, 'R');
409 }
410
411 /*
412 * Replace an existing profile
413 */
414 static int
415 parserReplace(const char *profile_name)
416 {
417 return parserCommand(profile_name, 'r');
418 }
419
420 static int
421 valid_uuid(const char *uuid)
422 {
423 unsigned char rawuuid[VIR_UUID_BUFLEN];
424
425 if (strlen(uuid) != PROFILE_NAME_SIZE - 1)
426 return -1;
427
428 if (!STRPREFIX(uuid, AA_PREFIX))
429 return -1;
430
431 if (virUUIDParse(uuid + strlen(AA_PREFIX), rawuuid) < 0)
432 return -1;
433
434 return 0;
435 }
436
437 static int
438 valid_name(const char *name)
439 {
440 /* just try to filter out any dangerous characters in the name that can be
441 * used to subvert the profile */
442 const char *bad = "/[]{}?^,\"*";
443
444 if (strlen(name) == 0)
445 return -1;
446
447 if (strcspn(name, bad) != strlen(name))
448 return -1;
449
450 return 0;
451 }
452
453 /* see if one of the strings in arr starts with str */
454 static int
455 array_starts_with(const char *str, const char * const *arr, const long size)
456 {
457 size_t i;
458 for (i = 0; i < size; i++) {
459 if (strlen(str) < strlen(arr[i]))
460 continue;
461
462 if (STRPREFIX(str, arr[i]))
463 return 0;
464 }
465 return 1;
466 }
467
468 /*
469 * Don't allow access to special files or restricted paths such as /bin, /sbin,
470 * /usr/bin, /usr/sbin and /etc. This is in an effort to prevent read/write
471 * access to system files which could be used to elevate privileges. This is a
472 * safety measure in case libvirtd is under a restrictive profile and is
473 * subverted and trying to escape confinement.
474 *
475 * Note that we cannot exclude block devices because they are valid devices.
476 * The TEMPLATE file can be adjusted to explicitly disallow these if needed.
477 *
478 * RETURN: -1 on error, 0 if ok, 1 if blocked
479 */
480 static int
481 valid_path(const char *path, const bool readonly)
482 {
483 const char * const restricted[] = {
484 "/bin/",
485 "/etc/",
486 "/lib",
487 "/lost+found/",
488 "/proc/",
489 "/sbin/",
490 "/selinux/",
491 "/sys/",
492 "/usr/bin/",
493 "/usr/lib",
494 "/usr/sbin/",
495 "/usr/share/",
496 "/usr/local/bin/",
497 "/usr/local/etc/",
498 "/usr/local/lib",
499 "/usr/local/sbin/"
500 };
501 /* these paths are ok for readonly, but not read/write */
502 const char * const restricted_rw[] = {
503 "/boot/",
504 "/vmlinuz",
505 "/initrd",
506 "/initrd.img",
507 "/usr/share/OVMF/", /* for OVMF images */
508 "/usr/share/ovmf/", /* for OVMF images */
509 "/usr/share/AAVMF/", /* for AAVMF images */
510 "/usr/share/qemu-efi/", /* for AAVMF images */
511 "/usr/share/qemu-efi-aarch64/" /* for AAVMF images */
512 };
513 /* override the above with these */
514 const char * const override[] = {
515 "/sys/devices/pci", /* for hostdev pci devices */
516 "/sys/kernel/config/target/vhost", /* for hostdev vhost_scsi devices */
517 "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */
518 };
519
520 const int nropaths = ARRAY_CARDINALITY(restricted);
521 const int nrwpaths = ARRAY_CARDINALITY(restricted_rw);
522 const int nopaths = ARRAY_CARDINALITY(override);
523
524 if (path == NULL) {
525 vah_error(NULL, 0, _("bad pathname"));
526 return -1;
527 }
528
529 /* Don't allow double quotes, since we use them to quote the filename
530 * and this will confuse the apparmor parser.
531 */
532 if (strchr(path, '"') != NULL)
533 return 1;
534
535 /* Require an absolute path */
536 if (STRNEQLEN(path, "/", 1))
537 return 1;
538
539 if (!virFileExists(path))
540 vah_warning(_("path does not exist, skipping file type checks"));
541
542 /* overrides are always allowed */
543 if (array_starts_with(path, override, nopaths) == 0)
544 return 0;
545
546 /* allow read only paths upfront */
547 if (readonly) {
548 if (array_starts_with(path, restricted_rw, nrwpaths) == 0)
549 return 0;
550 }
551
552 /* disallow RW access to all paths in restricted and restriced_rw */
553 if ((array_starts_with(path, restricted, nropaths) == 0 ||
554 array_starts_with(path, restricted_rw, nrwpaths) == 0))
555 return 1;
556
557 return 0;
558 }
559
560 static int
561 verify_xpath_context(xmlXPathContextPtr ctxt)
562 {
563 int rc = -1;
564 char *tmp = NULL;
565
566 if (!ctxt) {
567 vah_warning(_("Invalid context"));
568 goto error;
569 }
570
571 /* check if have <name> */
572 if (!(tmp = virXPathString("string(./name[1])", ctxt))) {
573 vah_warning(_("Could not find <name>"));
574 goto error;
575 }
576 VIR_FREE(tmp);
577
578 /* check if have <uuid> */
579 if (!(tmp = virXPathString("string(./uuid[1])", ctxt))) {
580 vah_warning(_("Could not find <uuid>"));
581 goto error;
582 }
583 VIR_FREE(tmp);
584
585 rc = 0;
586
587 error:
588 return rc;
589 }
590
591 /*
592 * Parse the xml we received to fill in the following:
593 * ctl->virtType
594 * ctl->os
595 * ctl->arch
596 *
597 * These are suitable for setting up a virCapsPtr
598 */
599 static int
600 caps_mockup(vahControl * ctl, const char *xmlStr)
601 {
602 int rc = -1;
603 xmlDocPtr xml = NULL;
604 xmlXPathContextPtr ctxt = NULL;
605 char *arch;
606
607 if (!(xml = virXMLParseStringCtxt(xmlStr, _("(domain_definition)"),
608 &ctxt))) {
609 goto cleanup;
610 }
611
612 if (!virXMLNodeNameEqual(ctxt->node, "domain")) {
613 vah_error(NULL, 0, _("unexpected root element, expecting <domain>"));
614 goto cleanup;
615 }
616
617 /* Quick sanity check for some required elements */
618 if (verify_xpath_context(ctxt) != 0)
619 goto cleanup;
620
621 ctl->virtType = virXPathString("string(./@type)", ctxt);
622 if (!ctl->virtType) {
623 vah_error(ctl, 0, _("domain type is not defined"));
624 goto cleanup;
625 }
626 ctl->os = virXPathString("string(./os/type[1])", ctxt);
627 if (!ctl->os) {
628 vah_error(ctl, 0, _("os.type is not defined"));
629 goto cleanup;
630 }
631 arch = virXPathString("string(./os/type[1]/@arch)", ctxt);
632 if (!arch) {
633 ctl->arch = virArchFromHost();
634 } else {
635 ctl->arch = virArchFromString(arch);
636 VIR_FREE(arch);
637 }
638
639 rc = 0;
640
641 cleanup:
642 xmlFreeDoc(xml);
643 xmlXPathFreeContext(ctxt);
644
645 return rc;
646 }
647
648 virDomainDefParserConfig virAAHelperDomainDefParserConfig = {
649 .features = VIR_DOMAIN_DEF_FEATURE_MEMORY_HOTPLUG |
650 VIR_DOMAIN_DEF_FEATURE_OFFLINE_VCPUPIN |
651 VIR_DOMAIN_DEF_FEATURE_INDIVIDUAL_VCPUS |
652 VIR_DOMAIN_DEF_FEATURE_NET_MODEL_STRING,
653 };
654
655 static int
656 get_definition(vahControl * ctl, const char *xmlStr)
657 {
658 int rc = -1, ostype, virtType;
659 virCapsGuestPtr guest; /* this is freed when caps is freed */
660
661 /*
662 * mock up some capabilities. We don't currently use these explicitly,
663 * but need them for virDomainDefParseString().
664 */
665 if (caps_mockup(ctl, xmlStr) != 0)
666 goto exit;
667
668 if ((ctl->caps = virCapabilitiesNew(ctl->arch, true, true)) == NULL) {
669 vah_error(ctl, 0, _("could not allocate memory"));
670 goto exit;
671 }
672
673 if (!(ctl->xmlopt = virDomainXMLOptionNew(&virAAHelperDomainDefParserConfig,
674 NULL, NULL, NULL, NULL))) {
675 vah_error(ctl, 0, _("Failed to create XML config object"));
676 goto exit;
677 }
678
679 if ((ostype = virDomainOSTypeFromString(ctl->os)) < 0) {
680 vah_error(ctl, 0, _("unknown OS type"));
681 goto exit;
682 }
683
684 if ((guest = virCapabilitiesAddGuest(ctl->caps,
685 ostype,
686 ctl->arch,
687 NULL,
688 NULL,
689 0,
690 NULL)) == NULL) {
691 vah_error(ctl, 0, _("could not allocate memory"));
692 goto exit;
693 }
694
695 if ((virtType = virDomainVirtTypeFromString(ctl->virtType)) < 0) {
696 vah_error(ctl, 0, _("unknown virtualization type"));
697 goto exit;
698 }
699
700 if (virCapabilitiesAddGuestDomain(guest,
701 virtType,
702 NULL,
703 NULL,
704 0,
705 NULL) == NULL) {
706 vah_error(ctl, 0, _("could not allocate memory"));
707 goto exit;
708 }
709
710 ctl->def = virDomainDefParseString(xmlStr,
711 ctl->caps, ctl->xmlopt, NULL,
712 VIR_DOMAIN_DEF_PARSE_SKIP_SECLABEL |
713 VIR_DOMAIN_DEF_PARSE_SKIP_VALIDATE);
714
715 if (ctl->def == NULL) {
716 vah_error(ctl, 0, _("could not parse XML"));
717 goto exit;
718 }
719
720 if (!ctl->def->name) {
721 vah_error(ctl, 0, _("could not find name in XML"));
722 goto exit;
723 }
724
725 if (valid_name(ctl->def->name) != 0) {
726 vah_error(ctl, 0, _("bad name"));
727 goto exit;
728 }
729
730 rc = 0;
731
732 exit:
733 return rc;
734 }
735
736 /**
737 * The permissions allowed are apparmor valid permissions and 'R'. 'R' stands for
738 * read with no explicit deny rule.
739 */
740 static int
741 vah_add_path(virBufferPtr buf, const char *path, const char *perms, bool recursive)
742 {
743 char *tmp = NULL;
744 int rc = -1;
745 bool readonly = true;
746 bool explicit_deny_rule = true;
747 char *sub = NULL;
748 char *perms_new = NULL;
749 char *pathdir = NULL;
750 char *pathtmp = NULL;
751 char *pathreal = NULL;
752
753 if (path == NULL)
754 return rc;
755
756 /* Skip files without an absolute path. Not having one confuses the
757 * apparmor parser and this also ensures things like tcp consoles don't
758 * get added to the profile.
759 */
760 if (STRNEQLEN(path, "/", 1)) {
761 vah_warning(path);
762 vah_warning(_("skipped non-absolute path"));
763 return 0;
764 }
765
766 /* files might be created by qemu later on and not exist right now.
767 * But realpath needs a valid path to work on, therefore:
768 * 1. walk the path to find longest valid path
769 * 2. get the realpath of that valid path
770 * 3. re-combine the realpath with the remaining suffix
771 * Note: A totally non existent path is used as-is
772 */
773 if (VIR_STRDUP_QUIET(pathdir, path) < 0)
774 goto cleanup;
775 while (!virFileExists(pathdir)) {
776 if ((pathtmp = mdir_name(pathdir)) == NULL)
777 goto cleanup;
778 VIR_FREE(pathdir);
779 VIR_STEAL_PTR(pathdir, pathtmp);
780 }
781
782 if (strlen(pathdir) == 1) {
783 /* nothing of the path does exist yet */
784 if (VIR_STRDUP_QUIET(tmp, path) < 0)
785 goto cleanup;
786 } else {
787 if (VIR_STRDUP_QUIET(pathtmp, path+strlen(pathdir)) < 0)
788 goto cleanup;
789 if ((pathreal = realpath(pathdir, NULL)) == NULL) {
790 vah_error(NULL, 0, pathdir);
791 vah_error(NULL, 0, _("could not find realpath"));
792 goto cleanup;
793 }
794 if (virAsprintfQuiet(&tmp, "%s%s", pathreal, pathtmp) < 0)
795 goto cleanup;
796 }
797
798 if (VIR_STRDUP_QUIET(perms_new, perms) < 0)
799 goto cleanup;
800
801 if (strchr(perms_new, 'w') != NULL) {
802 readonly = false;
803 explicit_deny_rule = false;
804 }
805
806 if ((sub = strchr(perms_new, 'R')) != NULL) {
807 /* Don't write the invalid R permission, replace it with 'r' */
808 sub[0] = 'r';
809 explicit_deny_rule = false;
810 }
811
812 rc = valid_path(tmp, readonly);
813 if (rc != 0) {
814 if (rc > 0) {
815 vah_error(NULL, 0, path);
816 vah_error(NULL, 0, _("skipped restricted file"));
817 }
818 goto cleanup;
819 }
820
821 if (tmp[strlen(tmp) - 1] == '/')
822 tmp[strlen(tmp) - 1] = '\0';
823
824 virBufferAsprintf(buf, " \"%s%s\" %s,\n", tmp, recursive ? "/**" : "",
825 perms_new);
826 if (explicit_deny_rule) {
827 virBufferAddLit(buf, " # don't audit writes to readonly files\n");
828 virBufferAsprintf(buf, " deny \"%s%s\" w,\n", tmp, recursive ? "/**" : "");
829 }
830 if (recursive) {
831 /* allow reading (but not creating) the dir */
832 virBufferAsprintf(buf, " \"%s/\" r,\n", tmp);
833 }
834
835 cleanup:
836 VIR_FREE(pathdir);
837 VIR_FREE(pathtmp);
838 VIR_FREE(pathreal);
839 VIR_FREE(perms_new);
840 VIR_FREE(tmp);
841
842 return rc;
843 }
844
845 static int
846 vah_add_file(virBufferPtr buf, const char *path, const char *perms)
847 {
848 return vah_add_path(buf, path, perms, false);
849 }
850
851 static int
852 vah_add_file_chardev(virBufferPtr buf,
853 const char *path,
854 const char *perms,
855 const int type)
856 {
857 char *pipe_in;
858 char *pipe_out;
859 int rc = -1;
860
861 if (type == VIR_DOMAIN_CHR_TYPE_PIPE) {
862 /* add the pipe input */
863 if (virAsprintfQuiet(&pipe_in, "%s.in", path) == -1) {
864 vah_error(NULL, 0, _("could not allocate memory"));
865 goto cleanup;
866 }
867
868 if (vah_add_file(buf, pipe_in, perms) != 0)
869 goto clean_pipe_in;
870
871 /* add the pipe output */
872 if (virAsprintfQuiet(&pipe_out, "%s.out", path) == -1) {
873 vah_error(NULL, 0, _("could not allocate memory"));
874 goto clean_pipe_in;
875 }
876
877 if (vah_add_file(buf, pipe_out, perms) != 0)
878 goto clean_pipe_out;
879
880 rc = 0;
881 clean_pipe_out:
882 VIR_FREE(pipe_out);
883 clean_pipe_in:
884 VIR_FREE(pipe_in);
885 } else {
886 /* add the file */
887 if (vah_add_file(buf, path, perms) != 0)
888 goto cleanup;
889 rc = 0;
890 }
891
892 cleanup:
893 return rc;
894 }
895
896 static int
897 file_iterate_hostdev_cb(virUSBDevicePtr dev ATTRIBUTE_UNUSED,
898 const char *file, void *opaque)
899 {
900 virBufferPtr buf = opaque;
901 return vah_add_file(buf, file, "rw");
902 }
903
904 static int
905 file_iterate_pci_cb(virPCIDevicePtr dev ATTRIBUTE_UNUSED,
906 const char *file, void *opaque)
907 {
908 virBufferPtr buf = opaque;
909 return vah_add_file(buf, file, "rw");
910 }
911
912 static int
913 add_file_path(virDomainDiskDefPtr disk,
914 const char *path,
915 size_t depth,
916 void *opaque)
917 {
918 virBufferPtr buf = opaque;
919 int ret;
920
921 if (depth == 0) {
922 if (disk->src->readonly)
923 ret = vah_add_file(buf, path, "rk");
924 else
925 ret = vah_add_file(buf, path, "rwk");
926 } else {
927 ret = vah_add_file(buf, path, "rk");
928 }
929
930 if (ret != 0)
931 ret = -1;
932
933 return ret;
934 }
935
936 static int
937 get_files(vahControl * ctl)
938 {
939 virBuffer buf = VIR_BUFFER_INITIALIZER;
940 int rc = -1;
941 size_t i;
942 char *uuid;
943 char uuidstr[VIR_UUID_STRING_BUFLEN];
944 bool needsVfio = false, needsvhost = false, needsgl = false;
945
946 /* verify uuid is same as what we were given on the command line */
947 virUUIDFormat(ctl->def->uuid, uuidstr);
948 if (virAsprintfQuiet(&uuid, "%s%s", AA_PREFIX, uuidstr) == -1) {
949 vah_error(ctl, 0, _("could not allocate memory"));
950 return rc;
951 }
952
953 if (STRNEQ(uuid, ctl->uuid)) {
954 vah_error(ctl, 0, _("given uuid does not match XML uuid"));
955 goto cleanup;
956 }
957
958 /* load the storage driver so that backing store can be accessed */
959 #ifdef WITH_STORAGE
960 virDriverLoadModule("storage", "storageRegister", false);
961 #endif
962
963 for (i = 0; i < ctl->def->ndisks; i++) {
964 virDomainDiskDefPtr disk = ctl->def->disks[i];
965
966 if (!virDomainDiskGetSource(disk))
967 continue;
968 /* XXX - if we knew the qemu user:group here we could send it in
969 * so that the open could be re-tried as that user:group.
970 */
971 if (!virStorageSourceHasBacking(disk->src))
972 virStorageFileGetMetadata(disk->src, -1, -1, false);
973
974 /* XXX passing ignoreOpenFailure = true to get back to the behavior
975 * from before using virDomainDiskDefForeachPath. actually we should
976 * be passing ignoreOpenFailure = false and handle open errors more
977 * careful than just ignoring them.
978 */
979 if (virDomainDiskDefForeachPath(disk, true, add_file_path, &buf) < 0)
980 goto cleanup;
981 }
982
983 for (i = 0; i < ctl->def->nserials; i++)
984 if (ctl->def->serials[i] &&
985 (ctl->def->serials[i]->source->type == VIR_DOMAIN_CHR_TYPE_PTY ||
986 ctl->def->serials[i]->source->type == VIR_DOMAIN_CHR_TYPE_DEV ||
987 ctl->def->serials[i]->source->type == VIR_DOMAIN_CHR_TYPE_FILE ||
988 ctl->def->serials[i]->source->type == VIR_DOMAIN_CHR_TYPE_UNIX ||
989 ctl->def->serials[i]->source->type == VIR_DOMAIN_CHR_TYPE_PIPE) &&
990 ctl->def->serials[i]->source->data.file.path &&
991 ctl->def->serials[i]->source->data.file.path[0] != '\0')
992 if (vah_add_file_chardev(&buf,
993 ctl->def->serials[i]->source->data.file.path,
994 "rw",
995 ctl->def->serials[i]->source->type) != 0)
996 goto cleanup;
997
998 for (i = 0; i < ctl->def->nconsoles; i++)
999 if (ctl->def->consoles[i] &&
1000 (ctl->def->consoles[i]->source->type == VIR_DOMAIN_CHR_TYPE_PTY ||
1001 ctl->def->consoles[i]->source->type == VIR_DOMAIN_CHR_TYPE_DEV ||
1002 ctl->def->consoles[i]->source->type == VIR_DOMAIN_CHR_TYPE_FILE ||
1003 ctl->def->consoles[i]->source->type == VIR_DOMAIN_CHR_TYPE_UNIX ||
1004 ctl->def->consoles[i]->source->type == VIR_DOMAIN_CHR_TYPE_PIPE) &&
1005 ctl->def->consoles[i]->source->data.file.path &&
1006 ctl->def->consoles[i]->source->data.file.path[0] != '\0')
1007 if (vah_add_file(&buf,
1008 ctl->def->consoles[i]->source->data.file.path, "rw") != 0)
1009 goto cleanup;
1010
1011 for (i = 0; i < ctl->def->nparallels; i++)
1012 if (ctl->def->parallels[i] &&
1013 (ctl->def->parallels[i]->source->type == VIR_DOMAIN_CHR_TYPE_PTY ||
1014 ctl->def->parallels[i]->source->type == VIR_DOMAIN_CHR_TYPE_DEV ||
1015 ctl->def->parallels[i]->source->type == VIR_DOMAIN_CHR_TYPE_FILE ||
1016 ctl->def->parallels[i]->source->type == VIR_DOMAIN_CHR_TYPE_UNIX ||
1017 ctl->def->parallels[i]->source->type == VIR_DOMAIN_CHR_TYPE_PIPE) &&
1018 ctl->def->parallels[i]->source->data.file.path &&
1019 ctl->def->parallels[i]->source->data.file.path[0] != '\0')
1020 if (vah_add_file_chardev(&buf,
1021 ctl->def->parallels[i]->source->data.file.path,
1022 "rw",
1023 ctl->def->parallels[i]->source->type) != 0)
1024 goto cleanup;
1025
1026 for (i = 0; i < ctl->def->nchannels; i++)
1027 if (ctl->def->channels[i] &&
1028 (ctl->def->channels[i]->source->type == VIR_DOMAIN_CHR_TYPE_PTY ||
1029 ctl->def->channels[i]->source->type == VIR_DOMAIN_CHR_TYPE_DEV ||
1030 ctl->def->channels[i]->source->type == VIR_DOMAIN_CHR_TYPE_FILE ||
1031 ctl->def->channels[i]->source->type == VIR_DOMAIN_CHR_TYPE_UNIX ||
1032 ctl->def->channels[i]->source->type == VIR_DOMAIN_CHR_TYPE_PIPE) &&
1033 ctl->def->channels[i]->source->data.file.path &&
1034 ctl->def->channels[i]->source->data.file.path[0] != '\0')
1035 if (vah_add_file_chardev(&buf,
1036 ctl->def->channels[i]->source->data.file.path,
1037 "rw",
1038 ctl->def->channels[i]->source->type) != 0)
1039 goto cleanup;
1040
1041 if (ctl->def->os.kernel)
1042 if (vah_add_file(&buf, ctl->def->os.kernel, "r") != 0)
1043 goto cleanup;
1044
1045 if (ctl->def->os.initrd)
1046 if (vah_add_file(&buf, ctl->def->os.initrd, "r") != 0)
1047 goto cleanup;
1048
1049 if (ctl->def->os.dtb)
1050 if (vah_add_file(&buf, ctl->def->os.dtb, "r") != 0)
1051 goto cleanup;
1052
1053 if (ctl->def->os.slic_table)
1054 if (vah_add_file(&buf, ctl->def->os.slic_table, "r") != 0)
1055 goto cleanup;
1056
1057 if (ctl->def->os.loader && ctl->def->os.loader->path)
1058 if (vah_add_file(&buf, ctl->def->os.loader->path, "rk") != 0)
1059 goto cleanup;
1060
1061 if (ctl->def->os.loader && ctl->def->os.loader->nvram)
1062 if (vah_add_file(&buf, ctl->def->os.loader->nvram, "rwk") != 0)
1063 goto cleanup;
1064
1065 for (i = 0; i < ctl->def->ngraphics; i++) {
1066 virDomainGraphicsDefPtr graphics = ctl->def->graphics[i];
1067 size_t n;
1068 const char *rendernode = virDomainGraphicsGetRenderNode(graphics);
1069
1070 if (rendernode) {
1071 vah_add_file(&buf, rendernode, "rw");
1072 needsgl = true;
1073 } else {
1074 if (virDomainGraphicsNeedsAutoRenderNode(graphics)) {
1075 char *defaultRenderNode = virHostGetDRMRenderNode();
1076 needsgl = true;
1077
1078 if (defaultRenderNode) {
1079 vah_add_file(&buf, defaultRenderNode, "rw");
1080 VIR_FREE(defaultRenderNode);
1081 }
1082 }
1083 }
1084
1085 for (n = 0; n < graphics->nListens; n++) {
1086 virDomainGraphicsListenDef listenObj = graphics->listens[n];
1087
1088 if (listenObj.type == VIR_DOMAIN_GRAPHICS_LISTEN_TYPE_SOCKET &&
1089 listenObj.socket &&
1090 vah_add_file(&buf, listenObj.socket, "rw"))
1091 goto cleanup;
1092 }
1093 }
1094
1095 if (ctl->def->ngraphics == 1 &&
1096 ctl->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_SDL)
1097 if (vah_add_file(&buf, ctl->def->graphics[0]->data.sdl.xauth,
1098 "r") != 0)
1099 goto cleanup;
1100
1101 for (i = 0; i < ctl->def->nhostdevs; i++)
1102 if (ctl->def->hostdevs[i]) {
1103 virDomainHostdevDefPtr dev = ctl->def->hostdevs[i];
1104 virDomainHostdevSubsysUSBPtr usbsrc = &dev->source.subsys.u.usb;
1105 switch (dev->source.subsys.type) {
1106 case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: {
1107 virUSBDevicePtr usb =
1108 virUSBDeviceNew(usbsrc->bus, usbsrc->device, NULL);
1109
1110 if (usb == NULL)
1111 continue;
1112
1113 if (virHostdevFindUSBDevice(dev, true, &usb) < 0)
1114 continue;
1115
1116 rc = virUSBDeviceFileIterate(usb, file_iterate_hostdev_cb, &buf);
1117 virUSBDeviceFree(usb);
1118 if (rc != 0)
1119 goto cleanup;
1120 break;
1121 }
1122
1123 case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV: {
1124 virDomainHostdevSubsysMediatedDevPtr mdevsrc = &dev->source.subsys.u.mdev;
1125 switch ((virMediatedDeviceModelType) mdevsrc->model) {
1126 case VIR_MDEV_MODEL_TYPE_VFIO_PCI:
1127 case VIR_MDEV_MODEL_TYPE_VFIO_AP:
1128 case VIR_MDEV_MODEL_TYPE_VFIO_CCW:
1129 needsVfio = true;
1130 break;
1131 case VIR_MDEV_MODEL_TYPE_LAST:
1132 default:
1133 virReportEnumRangeError(virMediatedDeviceModelType,
1134 mdevsrc->model);
1135 break;
1136 }
1137 break;
1138 }
1139
1140 case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI: {
1141 virPCIDevicePtr pci = virPCIDeviceNew(
1142 dev->source.subsys.u.pci.addr.domain,
1143 dev->source.subsys.u.pci.addr.bus,
1144 dev->source.subsys.u.pci.addr.slot,
1145 dev->source.subsys.u.pci.addr.function);
1146
1147 virDomainHostdevSubsysPCIBackendType backend = dev->source.subsys.u.pci.backend;
1148 if (backend == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO ||
1149 backend == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_DEFAULT) {
1150 needsVfio = true;
1151 }
1152
1153 if (pci == NULL)
1154 continue;
1155
1156 rc = virPCIDeviceFileIterate(pci, file_iterate_pci_cb, &buf);
1157 virPCIDeviceFree(pci);
1158
1159 break;
1160 }
1161
1162 default:
1163 rc = 0;
1164 break;
1165 } /* switch */
1166 }
1167
1168 for (i = 0; i < ctl->def->nfss; i++) {
1169 if (ctl->def->fss[i] &&
1170 ctl->def->fss[i]->type == VIR_DOMAIN_FS_TYPE_MOUNT &&
1171 (ctl->def->fss[i]->fsdriver == VIR_DOMAIN_FS_DRIVER_TYPE_PATH ||
1172 ctl->def->fss[i]->fsdriver == VIR_DOMAIN_FS_DRIVER_TYPE_DEFAULT) &&
1173 ctl->def->fss[i]->src) {
1174 virDomainFSDefPtr fs = ctl->def->fss[i];
1175
1176 /* We don't need to add deny rw rules for readonly mounts,
1177 * this can only lead to troubles when mounting / readonly.
1178 */
1179 if (vah_add_path(&buf, fs->src->path, fs->readonly ? "R" : "rw", true) != 0)
1180 goto cleanup;
1181 }
1182 }
1183
1184 for (i = 0; i < ctl->def->ninputs; i++) {
1185 if (ctl->def->inputs[i] &&
1186 ctl->def->inputs[i]->type == VIR_DOMAIN_INPUT_TYPE_PASSTHROUGH) {
1187 if (vah_add_file(&buf, ctl->def->inputs[i]->source.evdev, "rw") != 0)
1188 goto cleanup;
1189 }
1190 }
1191
1192 for (i = 0; i < ctl->def->nnets; i++) {
1193 if (ctl->def->nets[i] &&
1194 ctl->def->nets[i]->type == VIR_DOMAIN_NET_TYPE_VHOSTUSER &&
1195 ctl->def->nets[i]->data.vhostuser) {
1196 virDomainChrSourceDefPtr vhu = ctl->def->nets[i]->data.vhostuser;
1197
1198 if (vah_add_file_chardev(&buf, vhu->data.nix.path, "rw",
1199 vhu->type) != 0)
1200 goto cleanup;
1201 }
1202 }
1203
1204 for (i = 0; i < ctl->def->nmems; i++) {
1205 if (ctl->def->mems[i] &&
1206 ctl->def->mems[i]->model == VIR_DOMAIN_MEMORY_MODEL_NVDIMM) {
1207 if (vah_add_file(&buf, ctl->def->mems[i]->nvdimmPath, "rw") != 0)
1208 goto cleanup;
1209 }
1210 }
1211
1212 if (ctl->def->tpm) {
1213 char *shortName = NULL;
1214 const char *tpmpath = NULL;
1215
1216 switch (ctl->def->tpm->type) {
1217 case VIR_DOMAIN_TPM_TYPE_EMULATOR:
1218 shortName = virDomainDefGetShortName(ctl->def);
1219
1220 switch (ctl->def->tpm->version) {
1221 case VIR_DOMAIN_TPM_VERSION_1_2:
1222 tpmpath = "tpm1.2";
1223 break;
1224 case VIR_DOMAIN_TPM_VERSION_2_0:
1225 tpmpath = "tpm2";
1226 break;
1227 case VIR_DOMAIN_TPM_VERSION_DEFAULT:
1228 case VIR_DOMAIN_TPM_VERSION_LAST:
1229 break;
1230 }
1231
1232 /* Unix socket for QEMU and swtpm to use */
1233 virBufferAsprintf(&buf,
1234 " \"/run/libvirt/qemu/swtpm/%s-swtpm.sock\" rw,\n",
1235 shortName);
1236 /* Paths for swtpm to use: give it access to its state
1237 * directory, log, and PID files.
1238 */
1239 virBufferAsprintf(&buf,
1240 " \"%s/lib/libvirt/swtpm/%s/%s/**\" rw,\n",
1241 LOCALSTATEDIR, uuidstr, tpmpath);
1242 virBufferAsprintf(&buf,
1243 " \"%s/log/swtpm/libvirt/qemu/%s-swtpm.log\" a,\n",
1244 LOCALSTATEDIR, ctl->def->name);
1245 virBufferAsprintf(&buf,
1246 " \"/run/libvirt/qemu/swtpm/%s-swtpm.pid\" rw,\n",
1247 shortName);
1248
1249 VIR_FREE(shortName);
1250 break;
1251 case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
1252 case VIR_DOMAIN_TPM_TYPE_LAST:
1253 break;
1254 }
1255 }
1256
1257 if (ctl->def->virtType == VIR_DOMAIN_VIRT_KVM) {
1258 for (i = 0; i < ctl->def->nnets; i++) {
1259 virDomainNetDefPtr net = ctl->def->nets[i];
1260 if (net && virDomainNetGetModelString(net)) {
1261 if (net->driver.virtio.name == VIR_DOMAIN_NET_BACKEND_TYPE_QEMU)
1262 continue;
1263 if (!virDomainNetIsVirtioModel(net))
1264 continue;
1265 }
1266 needsvhost = true;
1267 }
1268 }
1269 if (needsvhost)
1270 virBufferAddLit(&buf, " \"/dev/vhost-net\" rw,\n");
1271
1272 if (needsVfio) {
1273 virBufferAddLit(&buf, " \"/dev/vfio/vfio\" rw,\n");
1274 virBufferAddLit(&buf, " \"/dev/vfio/[0-9]*\" rw,\n");
1275 }
1276 if (needsgl) {
1277 /* if using gl all sorts of further dri related paths will be needed */
1278 virBufferAddLit(&buf, " # DRI/Mesa/(e)GL config and driver paths\n");
1279 virBufferAddLit(&buf, " \"/usr/lib{,32,64}/dri/*.so*\" mr,\n");
1280 virBufferAddLit(&buf, " \"/usr/lib/@{multiarch}/dri/*.so*\" mr,\n");
1281 virBufferAddLit(&buf, " \"/usr/lib/fglrx/dri/*.so*\" mr,\n");
1282 virBufferAddLit(&buf, " \"/etc/drirc\" r,\n");
1283 virBufferAddLit(&buf, " \"/usr/share/drirc.d/{,*.conf}\" r,\n");
1284 virBufferAddLit(&buf, " \"/etc/glvnd/egl_vendor.d/{,*}\" r,\n");
1285 virBufferAddLit(&buf, " \"/usr/share/glvnd/egl_vendor.d/{,*}\" r,\n");
1286 virBufferAddLit(&buf, " \"/usr/share/egl/egl_external_platform.d/\" r,\n");
1287 virBufferAddLit(&buf, " \"/usr/share/egl/egl_external_platform.d/*\" r,\n");
1288 virBufferAddLit(&buf, " \"/proc/modules\" r,\n");
1289 virBufferAddLit(&buf, " \"/proc/driver/nvidia/params\" r,\n");
1290 virBufferAddLit(&buf, " \"/dev/nvidiactl\" rw,\n");
1291 virBufferAddLit(&buf, " # Probe DRI device attributes\n");
1292 virBufferAddLit(&buf, " \"/dev/dri/\" r,\n");
1293 virBufferAddLit(&buf, " \"/sys/devices/**/{uevent,vendor,device,subsystem_vendor,subsystem_device}\" r,\n");
1294 virBufferAddLit(&buf, " # dri libs will trigger that, but t is not requited and DAC would deny it anyway\n");
1295 virBufferAddLit(&buf, " deny \"/var/lib/libvirt/.cache/\" w,\n");
1296 }
1297
1298 if (ctl->newfile)
1299 if (vah_add_file(&buf, ctl->newfile, "rwk") != 0)
1300 goto cleanup;
1301
1302 if (virBufferError(&buf)) {
1303 virBufferFreeAndReset(&buf);
1304 vah_error(NULL, 0, _("failed to allocate file buffer"));
1305 goto cleanup;
1306 }
1307
1308 rc = 0;
1309 ctl->files = virBufferContentAndReset(&buf);
1310
1311 cleanup:
1312 VIR_FREE(uuid);
1313 return rc;
1314 }
1315
1316 static int
1317 vahParseArgv(vahControl * ctl, int argc, char **argv)
1318 {
1319 int arg, idx = 0;
1320 struct option opt[] = {
1321 {"add", 0, 0, 'a'},
1322 {"create", 0, 0, 'c'},
1323 {"dryrun", 0, 0, 'd'},
1324 {"delete", 0, 0, 'D'},
1325 {"add-file", 0, 0, 'f'},
1326 {"append-file", 0, 0, 'F'},
1327 {"help", 0, 0, 'h'},
1328 {"replace", 0, 0, 'r'},
1329 {"remove", 0, 0, 'R'},
1330 {"uuid", 1, 0, 'u'},
1331 {0, 0, 0, 0}
1332 };
1333
1334 while ((arg = getopt_long(argc, argv, "acdDhrRH:b:u:p:f:F:", opt,
1335 &idx)) != -1) {
1336 switch (arg) {
1337 case 'a':
1338 ctl->cmd = 'a';
1339 break;
1340 case 'c':
1341 ctl->cmd = 'c';
1342 break;
1343 case 'd':
1344 ctl->dryrun = true;
1345 break;
1346 case 'D':
1347 ctl->cmd = 'D';
1348 break;
1349 case 'f':
1350 case 'F':
1351 if (VIR_STRDUP_QUIET(ctl->newfile, optarg) < 0)
1352 vah_error(ctl, 1, _("could not allocate memory for disk"));
1353 ctl->append = arg == 'F';
1354 break;
1355 case 'h':
1356 vah_usage();
1357 exit(EXIT_SUCCESS);
1358 break;
1359 case 'r':
1360 ctl->cmd = 'r';
1361 break;
1362 case 'R':
1363 ctl->cmd = 'R';
1364 break;
1365 case 'u':
1366 if (strlen(optarg) > PROFILE_NAME_SIZE - 1)
1367 vah_error(ctl, 1, _("invalid UUID"));
1368 if (virStrcpy((char *)ctl->uuid, optarg,
1369 PROFILE_NAME_SIZE) < 0)
1370 vah_error(ctl, 1, _("error copying UUID"));
1371 break;
1372 default:
1373 vah_error(ctl, 1, _("unsupported option"));
1374 break;
1375 }
1376 }
1377 if (strchr("acDrR", ctl->cmd) == NULL)
1378 vah_error(ctl, 1, _("bad command"));
1379
1380 if (valid_uuid(ctl->uuid) != 0)
1381 vah_error(ctl, 1, _("invalid UUID"));
1382
1383 if (!ctl->cmd) {
1384 vah_usage();
1385 exit(EXIT_FAILURE);
1386 }
1387
1388 if (ctl->cmd == 'c' || ctl->cmd == 'r') {
1389 char *xmlStr = NULL;
1390 if (virFileReadLimFD(STDIN_FILENO, MAX_FILE_LEN, &xmlStr) < 0)
1391 vah_error(ctl, 1, _("could not read xml file"));
1392
1393 if (get_definition(ctl, xmlStr) != 0 || ctl->def == NULL) {
1394 VIR_FREE(xmlStr);
1395 vah_error(ctl, 1, _("could not get VM definition"));
1396 }
1397 VIR_FREE(xmlStr);
1398
1399 if (get_files(ctl) != 0)
1400 vah_error(ctl, 1, _("invalid VM definition"));
1401 }
1402 return 0;
1403 }
1404
1405
1406 /*
1407 * virt-aa-helper -c -u UUID < file.xml
1408 * virt-aa-helper -r -u UUID [-f <file>] < file.xml
1409 * virt-aa-helper -a -u UUID
1410 * virt-aa-helper -R -u UUID
1411 * virt-aa-helper -D -u UUID
1412 */
1413 int
1414 main(int argc, char **argv)
1415 {
1416 vahControl _ctl, *ctl = &_ctl;
1417 virBuffer buf = VIR_BUFFER_INITIALIZER;
1418 int rc = -1;
1419 char *profile = NULL;
1420 char *include_file = NULL;
1421
1422 if (virGettextInitialize() < 0 ||
1423 virThreadInitialize() < 0 ||
1424 virErrorInitialize() < 0) {
1425 fprintf(stderr, _("%s: initialization failed\n"), argv[0]);
1426 exit(EXIT_FAILURE);
1427 }
1428
1429 virFileActivateDirOverride(argv[0]);
1430
1431 /* Initialize the log system */
1432 virLogSetFromEnv();
1433
1434 /* clear the environment */
1435 environ = NULL;
1436 if (setenv("PATH", "/sbin:/usr/sbin", 1) != 0)
1437 vah_error(ctl, 1, _("could not set PATH"));
1438
1439 /* ensure the traditional IFS setting */
1440 if (setenv("IFS", " \t\n", 1) != 0)
1441 vah_error(ctl, 1, _("could not set IFS"));
1442
1443 if (!(progname = strrchr(argv[0], '/')))
1444 progname = argv[0];
1445 else
1446 progname++;
1447
1448 memset(ctl, 0, sizeof(vahControl));
1449
1450 if (vahParseArgv(ctl, argc, argv) != 0)
1451 vah_error(ctl, 1, _("could not parse arguments"));
1452
1453 if (virAsprintfQuiet(&profile, "%s/%s",
1454 APPARMOR_DIR "/libvirt", ctl->uuid) < 0)
1455 vah_error(ctl, 0, _("could not allocate memory"));
1456
1457 if (virAsprintfQuiet(&include_file, "%s/%s.files",
1458 APPARMOR_DIR "/libvirt", ctl->uuid) < 0)
1459 vah_error(ctl, 0, _("could not allocate memory"));
1460
1461 if (ctl->cmd == 'a') {
1462 rc = parserLoad(ctl->uuid);
1463 } else if (ctl->cmd == 'R' || ctl->cmd == 'D') {
1464 rc = parserRemove(ctl->uuid);
1465 if (ctl->cmd == 'D') {
1466 unlink(include_file);
1467 unlink(profile);
1468 }
1469 } else if (ctl->cmd == 'c' || ctl->cmd == 'r') {
1470 char *included_files = NULL;
1471
1472 if (ctl->cmd == 'c' && virFileExists(profile))
1473 vah_error(ctl, 1, _("profile exists"));
1474
1475 if (ctl->append && ctl->newfile) {
1476 if (vah_add_file(&buf, ctl->newfile, "rwk") != 0)
1477 goto cleanup;
1478 } else {
1479 if (ctl->def->virtType == VIR_DOMAIN_VIRT_QEMU ||
1480 ctl->def->virtType == VIR_DOMAIN_VIRT_KQEMU ||
1481 ctl->def->virtType == VIR_DOMAIN_VIRT_KVM) {
1482 virBufferAsprintf(&buf, " \"%s/log/libvirt/**/%s.log\" w,\n",
1483 LOCALSTATEDIR, ctl->def->name);
1484 virBufferAsprintf(&buf, " \"%s/lib/libvirt/qemu/domain-%s/monitor.sock\" rw,\n",
1485 LOCALSTATEDIR, ctl->def->name);
1486 virBufferAsprintf(&buf, " \"%s/lib/libvirt/qemu/domain-%d-%.*s/*\" rw,\n",
1487 LOCALSTATEDIR, ctl->def->id, 20, ctl->def->name);
1488 virBufferAsprintf(&buf, " \"%s/run/libvirt/**/%s.pid\" rwk,\n",
1489 LOCALSTATEDIR, ctl->def->name);
1490 virBufferAsprintf(&buf, " \"/run/libvirt/**/%s.pid\" rwk,\n",
1491 ctl->def->name);
1492 virBufferAsprintf(&buf, " \"%s/run/libvirt/**/*.tunnelmigrate.dest.%s\" rw,\n",
1493 LOCALSTATEDIR, ctl->def->name);
1494 virBufferAsprintf(&buf, " \"/run/libvirt/**/*.tunnelmigrate.dest.%s\" rw,\n",
1495 ctl->def->name);
1496 }
1497 if (ctl->files)
1498 virBufferAdd(&buf, ctl->files, -1);
1499 }
1500
1501 if (virBufferError(&buf)) {
1502 virBufferFreeAndReset(&buf);
1503 vah_error(ctl, 1, _("failed to allocate buffer"));
1504 }
1505
1506 included_files = virBufferContentAndReset(&buf);
1507
1508 /* (re)create the include file using included_files */
1509 if (ctl->dryrun) {
1510 vah_info(include_file);
1511 vah_info(included_files);
1512 rc = 0;
1513 } else if (ctl->def->virtType == VIR_DOMAIN_VIRT_LXC) {
1514 rc = 0;
1515 } else if ((rc = update_include_file(include_file,
1516 included_files,
1517 ctl->append)) != 0) {
1518 goto cleanup;
1519 }
1520
1521
1522 /* create the profile from TEMPLATE */
1523 if (ctl->cmd == 'c') {
1524 char *tmp = NULL;
1525 if (virAsprintfQuiet(&tmp, " #include <libvirt/%s.files>\n",
1526 ctl->uuid) == -1) {
1527 vah_error(ctl, 0, _("could not allocate memory"));
1528 goto cleanup;
1529 }
1530
1531 if (ctl->dryrun) {
1532 vah_info(profile);
1533 vah_info(ctl->uuid);
1534 vah_info(tmp);
1535 rc = 0;
1536 } else if ((rc = create_profile(profile, ctl->uuid, tmp,
1537 ctl->def->virtType)) != 0) {
1538 vah_error(ctl, 0, _("could not create profile"));
1539 unlink(include_file);
1540 }
1541 VIR_FREE(tmp);
1542 }
1543
1544 if (rc == 0 && !ctl->dryrun) {
1545 if (ctl->cmd == 'c')
1546 rc = parserLoad(ctl->uuid);
1547 else
1548 rc = parserReplace(ctl->uuid);
1549
1550 /* cleanup */
1551 if (rc != 0) {
1552 unlink(include_file);
1553 if (ctl->cmd == 'c')
1554 unlink(profile);
1555 }
1556 }
1557 cleanup:
1558 VIR_FREE(included_files);
1559 }
1560
1561 vahDeinit(ctl);
1562
1563 VIR_FREE(profile);
1564 VIR_FREE(include_file);
1565
1566 exit(rc == 0 ? EXIT_SUCCESS : EXIT_FAILURE);
1567 }
A toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes).