summaryrefslogtreecommitdiff
path: root/virtinst/seclabel.py
blob: 76afb1d84ec9f679d2ac2e2135def47d82a13d6f (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

#
# Copyright 2010, 2012-2013 Red Hat, Inc.
# Cole Robinson <crobinso@redhat.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
# MA 02110-1301 USA.

from virtinst.xmlbuilder import XMLBuilder, XMLProperty


class Seclabel(XMLBuilder):
    """
    Class for generating <seclabel> XML
    """

    TYPE_DYNAMIC = "dynamic"
    TYPE_STATIC = "static"
    TYPE_DEFAULT = "default"
    TYPES = [TYPE_DYNAMIC, TYPE_STATIC]

    MODEL_DEFAULT = "default"

    MODEL_TEST = "testSecurity"
    MODEL_SELINUX = "selinux"
    MODEL_DAC = "dac"
    MODEL_NONE = "none"
    MODELS = [MODEL_SELINUX, MODEL_DAC, MODEL_NONE]

    _XML_ROOT_NAME = "seclabel"
    _XML_PROP_ORDER = ["type", "model", "relabel", "label", "imagelabel"]

    def _guess_secmodel(self):
        # We always want the testSecurity model when running tests
        if (self.MODEL_TEST in
            [x.model for x in self.conn.caps.host.secmodels]):
            return self.MODEL_TEST

        label = self.label
        imagelabel = self.imagelabel

        if not label and not imagelabel:
            for model in self.MODELS:
                if model in [x.model for x in self.conn.caps.host.secmodels]:
                    return model
            raise RuntimeError("No supported model found in capabilities")

        lab_len = imglab_len = None
        if label:
            lab_len = min(3, len(label.split(':')))
        if imagelabel:
            imglab_len = min(3, len(imagelabel.split(':')))
        if lab_len and imglab_len and lab_len != imglab_len:
            raise ValueError("Label and Imagelabel are incompatible")

        lab_len = lab_len or imglab_len
        if lab_len == 3:
            return self.MODEL_SELINUX
        elif lab_len == 2:
            return self.MODEL_DAC
        else:
            raise ValueError("Unknown model type for label '%s'" % self.label)
    def _get_default_model(self):
        if self.type is None or self.type == self.TYPE_DEFAULT:
            return None
        return self._guess_secmodel()
    model = XMLProperty("./@model",
                        default_cb=_get_default_model,
                        default_name=MODEL_DEFAULT)

    def _get_default_type(self):
        if self.model is None or self.model == self.MODEL_DEFAULT:
            return None
        return self.TYPE_DYNAMIC
    type = XMLProperty("./@type",
                       default_cb=_get_default_type,
                       default_name=TYPE_DEFAULT)

    label = XMLProperty("./label")
    imagelabel = XMLProperty("./imagelabel")
    relabel = XMLProperty("./@relabel", is_yesno=True)
View Lorry Controller Status