Add 'Seclabel' module for building <seclabel> XML

Author: crobinso

tests/xmlconfig-xml/boot-many-devices.xml

@@ -11,7 +11,7 @@
   <features>
     <acpi/><apic/>
   </features>
-  <clock offset="utc"/>
+  <clock offset="localtime"/>
   <on_poweroff>destroy</on_poweroff>
   <on_reboot>restart</on_reboot>
   <on_crash>restart</on_crash>
@@ -60,4 +60,8 @@
       </source>
     </hostdev>
   </devices>
+  <seclabel type='static' model='selinux'>
+    <label>foolabel</label>
+    <imagelabel>imagelabel</imagelabel>
+  </seclabel>
 </domain>

tests/xmlconfig.py

@@ -556,6 +556,15 @@ def testManyDevices(self):
         g.add_device(vdev1)
         g.add_device(vdev2)
 
+        g.clock.offset = "localtime"
+
+        seclabel = virtinst.Seclabel(g.conn)
+        seclabel.type = seclabel.SECLABEL_TYPE_STATIC
+        seclabel.model = "selinux"
+        seclabel.label = "foolabel"
+        seclabel.imagelabel = "imagelabel"
+        g.seclabel = seclabel
+
         g.installer = virtinst.PXEInstaller(type="xen", os_type="hvm",
                                             conn=g.conn)
         self._compare(g, "boot-many-devices", False)

virtinst/Guest.py

@@ -31,6 +31,7 @@
 from VirtualDevice import VirtualDevice
 from VirtualDisk import VirtualDisk
 from Clock import Clock
+from Seclabel import Seclabel
 
 import osdict
 from virtinst import _virtinst as _
@@ -138,6 +139,7 @@ def __init__(self, type=None, connection=None, hypervisorURI=None,
         self._os_autodetect = False
         self._autostart = False
         self._clock = Clock(self.conn)
+        self._seclabel = None
         self.features = None
 
         self._os_type = None
@@ -185,6 +187,18 @@ def get_clock(self):
         return self._clock
     clock = property(get_clock)
 
+    def get_seclabel(self):
+        return self._seclabel
+    def set_seclabel(self, val):
+        if val and not isinstance(val, Seclabel):
+            raise ValueError("'seclabel' must be a Seclabel() instance.")
+
+        if val:
+            # Check for validation purposes
+            val.get_xml_config()
+        self._seclabel = val
+    seclabel = property(get_seclabel, set_seclabel)
+
     # Domain name of the guest
     def get_name(self):
         return self._name
@@ -681,6 +695,16 @@ def _get_clock_xml(self):
         """
         return self.clock.get_xml_config()
 
+    def _get_seclabel_xml(self):
+        """
+        Return <seclabel> XML
+        """
+        xml = ""
+        if self.seclabel:
+            xml = self.seclabel.get_xml_config()
+
+        return xml
+
     def _get_osblob(self, install):
         """
         Return os, features, and clock xml (Implemented in subclass)
@@ -751,6 +775,7 @@ def get_config_xml(self, install = True, disk_boot = False):
         xml = add("  <devices>")
         xml = add("%s" % self._get_device_xml(install))
         xml = add("  </devices>")
+        xml = add("%s" % self._get_seclabel_xml())
         xml = add("</domain>\n")
 
         return xml

virtinst/Seclabel.py

@@ -0,0 +1,78 @@
+#
+# Copyright 2010  Red Hat, Inc.
+# Cole Robinson <crobinso@redhat.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free  Software Foundation; either version 2 of the License, or
+# (at your option)  any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301 USA.
+
+class Seclabel(object):
+    """
+    Class for generating <seclabel> XML
+    """
+
+    SECLABEL_TYPE_DYNAMIC = "dynamic"
+    SECLABEL_TYPE_STATIC = "static"
+    SECLABEL_TYPES = [SECLABEL_TYPE_DYNAMIC, SECLABEL_TYPE_STATIC]
+
+    def __init__(self, conn):
+        self.conn = conn
+
+        self._type = self.SECLABEL_TYPE_DYNAMIC
+        self._model = None
+        self._label = None
+        self._imagelabel = None
+
+    def get_type(self):
+        return self._type
+    def set_type(self, val):
+        self._type = val
+    type = property(get_type, set_type)
+
+    def get_model(self):
+        return self._model
+    def set_model(self, val):
+        self._model = val
+    model = property(get_model, set_model)
+
+    def get_label(self):
+        return self._label
+    def set_label(self, val):
+        self._label = val
+    label = property(get_label, set_label)
+
+    def get_imagelabel(self):
+        return self._imagelabel
+    def set_imagelabel(self, val):
+        self._imagelabel = val
+    imagelabel = property(get_imagelabel, set_imagelabel)
+
+    def get_xml_config(self):
+        if not self.type or not self.model:
+            raise RuntimeError("Security type and model must be specified")
+
+        if (self.type == self.SECLABEL_TYPE_STATIC and not self.label):
+            raise RuntimeError("A label must be specified for static "
+                               "security type.")
+
+        xml = "  <seclabel type='%s' model='%s'>\n" % (self.type, self.model)
+
+        if self.label:
+            xml += "    <label>%s</label>\n" % self.label
+        if self.imagelabel:
+            xml += "    <imagelabel>%s</imagelabel>\n" % self.imagelabel
+
+        xml += "  </seclabel>"
+
+        return xml

virtinst/__init__.py

@@ -50,6 +50,7 @@ def _virtinst(msg):
 from CloneManager import CloneDesign
 from User import User
 from Clock import Clock
+from Seclabel import Seclabel
 import util
 import support
 
@@ -60,6 +61,6 @@ def _virtinst(msg):
            "VirtualDisk", "XenDisk", "FullVirtGuest", "ParaVirtGuest",
            "DistroInstaller", "PXEInstaller", "LiveCDInstaller",
            "ImportInstaller", "ImageInstaller", "CloneDesign", "Storage",
-           "User", "util", "support", "VirtualDevice", "Clock",
+           "User", "util", "support", "VirtualDevice", "Clock", "Seclabel",
            "VirtualHostDevice", "VirtualHostDeviceUSB", "VirtualVideoDevice",
            "VirtualHostDevicePCI", "VirtualCharDevice", "VirtualInputDevice"]