tests/qemusecuritytest.c

   1 /*
   2  * Copyright (C) 2018 Red Hat, Inc.
   3  *
   4  * This library is free software; you can redistribute it and/or
   5  * modify it under the terms of the GNU Lesser General Public
   6  * License as published by the Free Software Foundation; either
   7  * version 2.1 of the License, or (at your option) any later version.
   8  *
   9  * This library is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  12  * Lesser General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU Lesser General Public
  15  * License along with this library.  If not, see
  16  * <http://www.gnu.org/licenses/>.
  17  */
  18
  19 #include <config.h>
  20
  21 #include "qemusecuritytest.h"
  22 #include "testutils.h"
  23 #include "testutilsqemu.h"
  24 #include "security/security_manager.h"
  25 #include "conf/domain_conf.h"
  26 #include "qemu/qemu_domain.h"
  27 #include "qemu/qemu_security.h"
  28
  29 #define VIR_FROM_THIS VIR_FROM_NONE
  30
  31 struct testData {
  32     virQEMUDriverPtr driver;
  33     const char *file; /* file name to load VM def XML from; qemuxml2argvdata/ */
  34 };
  35
  36
  37 static int
  38 prepareObjects(virQEMUDriverPtr driver,
  39                const char *xmlname,
  40                virDomainObjPtr *vm_ret)
  41 {
  42     qemuDomainObjPrivatePtr priv;
  43     VIR_AUTOUNREF(virDomainObjPtr) vm = NULL;
  44     VIR_AUTOFREE(char *) filename = NULL;
  45     VIR_AUTOFREE(char *) domxml = NULL;
  46     VIR_AUTOFREE(char *) latestCapsFile = NULL;
  47
  48     if (virAsprintf(&filename, "%s/qemuxml2argvdata/%s.xml", abs_srcdir, xmlname) < 0)
  49         return -1;
  50
  51     if (virTestLoadFile(filename, &domxml) < 0)
  52         return -1;
  53
  54     if (!(vm = virDomainObjNew(driver->xmlopt)))
  55         return -1;
  56
  57     vm->pid = -1;
  58     priv = vm->privateData;
  59     priv->chardevStdioLogd = false;
  60     priv->rememberOwner = true;
  61
  62     if (!(latestCapsFile = testQemuGetLatestCapsForArch("x86_64", "xml")))
  63         return -1;
  64
  65     if (!(priv->qemuCaps = qemuTestParseCapabilitiesArch(VIR_ARCH_X86_64, latestCapsFile)))
  66         return -1;
  67
  68     if (qemuTestCapsCacheInsert(driver->qemuCapsCache, priv->qemuCaps) < 0)
  69         return -1;
  70
  71     if (!(vm->def = virDomainDefParseString(domxml,
  72                                             driver->caps,
  73                                             driver->xmlopt,
  74                                             NULL,
  75                                             0)))
  76         return -1;
  77
  78     VIR_STEAL_PTR(*vm_ret, vm);
  79     return 0;
  80 }
  81
  82
  83 static int
  84 testDomain(const void *opaque)
  85 {
  86     const struct testData *data = opaque;
  87     VIR_AUTOUNREF(virDomainObjPtr) vm = NULL;
  88     VIR_AUTOSTRINGLIST notRestored = NULL;
  89     size_t i;
  90     int ret = -1;
  91
  92     if (prepareObjects(data->driver, data->file, &vm) < 0)
  93         return -1;
  94
  95     for (i = 0; i < vm->def->ndisks; i++) {
  96         virStorageSourcePtr src = vm->def->disks[i]->src;
  97         virStorageSourcePtr n;
  98
  99         if (!src)
 100             continue;
 101
 102         if (virStorageSourceIsLocalStorage(src) && src->path &&
 103             (src->shared || src->readonly) &&
 104             virStringListAdd(&notRestored, src->path) < 0)
 105             return -1;
 106
 107         for (n = src->backingStore; virStorageSourceIsBacking(n); n = n->backingStore) {
 108             if (virStorageSourceIsLocalStorage(n) && n->path &&
 109                 virStringListAdd(&notRestored, n->path) < 0)
 110                 return -1;
 111         }
 112     }
 113
 114     /* Mocking is enabled only when this env variable is set.
 115      * See mock code for explanation. */
 116     if (setenv(ENVVAR, "1", 0) < 0)
 117         return -1;
 118
 119     if (qemuSecuritySetAllLabel(data->driver, vm, NULL) < 0)
 120         goto cleanup;
 121
 122     qemuSecurityRestoreAllLabel(data->driver, vm, false);
 123
 124     if (checkPaths((const char **) notRestored) < 0)
 125         goto cleanup;
 126
 127     ret = 0;
 128  cleanup:
 129     unsetenv(ENVVAR);
 130     freePaths();
 131     return ret;
 132 }
 133
 134
 135 static int
 136 mymain(void)
 137 {
 138     virQEMUDriver driver;
 139     int ret = 0;
 140
 141     if (virInitialize() < 0 ||
 142         qemuTestDriverInit(&driver) < 0)
 143         return -1;
 144
 145     /* Now fix the secdriver */
 146     virObjectUnref(driver.securityManager);
 147     if (!(driver.securityManager = virSecurityManagerNewDAC("test", 1000, 1000,
 148                                                             VIR_SECURITY_MANAGER_PRIVILEGED |
 149                                                             VIR_SECURITY_MANAGER_DYNAMIC_OWNERSHIP,
 150                                                             NULL))) {
 151         virFilePrintf(stderr, "Cannot initialize DAC security driver");
 152         ret = -1;
 153         goto cleanup;
 154     }
 155
 156 #define DO_TEST_DOMAIN(f) \
 157     do { \
 158         struct testData data = {.driver = &driver, .file = f}; \
 159         if (virTestRun(f, testDomain, &data) < 0) \
 160             ret = -1; \
 161     } while (0)
 162
 163     DO_TEST_DOMAIN("acpi-table");
 164     DO_TEST_DOMAIN("channel-unix-guestfwd");
 165     DO_TEST_DOMAIN("console-virtio-unix");
 166     DO_TEST_DOMAIN("controller-virtio-scsi");
 167     DO_TEST_DOMAIN("disk-aio");
 168     DO_TEST_DOMAIN("disk-backing-chains-noindex");
 169     DO_TEST_DOMAIN("disk-cache");
 170     DO_TEST_DOMAIN("disk-cdrom");
 171     DO_TEST_DOMAIN("disk-cdrom-bus-other");
 172     DO_TEST_DOMAIN("disk-cdrom-network");
 173     DO_TEST_DOMAIN("disk-cdrom-tray");
 174     DO_TEST_DOMAIN("disk-copy_on_read");
 175     DO_TEST_DOMAIN("disk-detect-zeroes");
 176     DO_TEST_DOMAIN("disk-error-policy");
 177     DO_TEST_DOMAIN("disk-floppy");
 178     DO_TEST_DOMAIN("disk-floppy-q35-2_11");
 179     DO_TEST_DOMAIN("disk-floppy-q35-2_9");
 180     DO_TEST_DOMAIN("disk-network-gluster");
 181     DO_TEST_DOMAIN("disk-network-iscsi");
 182     DO_TEST_DOMAIN("disk-network-nbd");
 183     DO_TEST_DOMAIN("disk-network-rbd");
 184     DO_TEST_DOMAIN("disk-network-sheepdog");
 185     DO_TEST_DOMAIN("disk-network-source-auth");
 186     DO_TEST_DOMAIN("disk-network-tlsx509");
 187     DO_TEST_DOMAIN("disk-readonly-disk");
 188     DO_TEST_DOMAIN("disk-scsi");
 189     DO_TEST_DOMAIN("disk-scsi-device-auto");
 190     DO_TEST_DOMAIN("disk-shared");
 191     DO_TEST_DOMAIN("disk-virtio");
 192     DO_TEST_DOMAIN("disk-virtio-scsi-reservations");
 193     DO_TEST_DOMAIN("graphics-vnc-tls-secret");
 194     DO_TEST_DOMAIN("hugepages-nvdimm");
 195     DO_TEST_DOMAIN("iothreads-virtio-scsi-pci");
 196     DO_TEST_DOMAIN("memory-hotplug-nvdimm");
 197     DO_TEST_DOMAIN("memory-hotplug-nvdimm-access");
 198     DO_TEST_DOMAIN("memory-hotplug-nvdimm-align");
 199     DO_TEST_DOMAIN("memory-hotplug-nvdimm-label");
 200     DO_TEST_DOMAIN("memory-hotplug-nvdimm-pmem");
 201     DO_TEST_DOMAIN("memory-hotplug-nvdimm-readonly");
 202     DO_TEST_DOMAIN("net-vhostuser");
 203     DO_TEST_DOMAIN("os-firmware-bios");
 204     DO_TEST_DOMAIN("os-firmware-efi");
 205     DO_TEST_DOMAIN("os-firmware-efi-secboot");
 206     DO_TEST_DOMAIN("pci-bridge-many-disks");
 207     DO_TEST_DOMAIN("tseg-explicit-size");
 208     DO_TEST_DOMAIN("usb-redir-unix");
 209     DO_TEST_DOMAIN("virtio-non-transitional");
 210     DO_TEST_DOMAIN("virtio-transitional");
 211     DO_TEST_DOMAIN("x86_64-pc-graphics");
 212     DO_TEST_DOMAIN("x86_64-pc-headless");
 213     DO_TEST_DOMAIN("x86_64-q35-graphics");
 214     DO_TEST_DOMAIN("x86_64-q35-headless");
 215
 216  cleanup:
 217     qemuTestDriverFree(&driver);
 218     return ret;
 219 }
 220
 221 VIR_TEST_MAIN(mymain)