Add a test suite for validating SELinux labelling

There are many aspects of the guest XML which result in the
SELinux driver applying file labelling. With the increasing
configuration options it is desirable to test this behaviour.
It is not possible to assume that the test suite has the
ability to set SELinux labels. Most filesystems though will
support extended attributes. Thus for the purpose of testing,
it is possible to extend the existing LD_PRELOAD hack to
override setfilecon() and getfilecon() to simply use the
'user.libvirt.selinux' attribute for the sake of testing.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

tests/securityselinuxlabeldata/chardev.txt

@@ -0,0 +1,7 @@
+/plain.txt;system_u:object_r:svirt_image_t:s0:c41,c264
+/plain.dev;system_u:object_r:svirt_image_t:s0:c41,c264
+/plain.fifo;system_u:object_r:svirt_image_t:s0:c41,c264
+/nolabel.sock;
+/plain.sock;
+/yeslabel.sock;system_u:object_r:svirt_image_t:s0:c41,c264
+/altlabel.sock;system_u:object_r:svirt_image_custom_t:s0:c41,c264

tests/securityselinuxlabeldata/chardev.xml

@@ -0,0 +1,47 @@
+<domain type='kvm'>
+  <name>vm1</name>
+  <uuid>c7b3edbd-edaf-9455-926a-d65c16db1800</uuid>
+  <memory unit='KiB'>219200</memory>
+  <os>
+    <type arch='i686' machine='pc-1.0'>hvm</type>
+    <boot dev='cdrom'/>
+  </os>
+  <devices>
+    <serial type='file'>
+      <source path='/plain.txt'/>
+    </serial>
+    <serial type='pipe'>
+      <source path='/plain.fifo'/>
+    </serial>
+    <serial type='dev'>
+      <source path='/plain.dev'/>
+    </serial>
+    <serial type='unix'>
+      <source mode='bind' path='/plain.sock'/>
+    </serial>
+    <serial type='unix'>
+      <source mode='connect' path='/nolabel.sock'>
+        <seclabel relabel='no' model='selinux'/>
+      </source>
+    </serial>
+    <serial type='unix'>
+      <source mode='connect' path='/yeslabel.sock'>
+      </source>
+    </serial>
+    <serial type='unix'>
+      <source mode='connect' path='/altlabel.sock'>
+        <seclabel relabel='yes' model='selinux'>
+          <label>system_u:object_r:svirt_image_custom_t:s0:c41,c264</label>
+        </seclabel>
+      </source>
+    </serial>
+    <input type='mouse' bus='ps2'/>
+    <graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0'>
+      <listen type='address' address='0.0.0.0'/>
+    </graphics>
+  </devices>
+  <seclabel model="selinux" type="dynamic" relabel="yes">
+    <label>system_u:system_r:svirt_t:s0:c41,c264</label>
+    <imagelabel>system_u:object_r:svirt_image_t:s0:c41,c264</imagelabel>
+  </seclabel>
+</domain>

tests/securityselinuxlabeldata/disks.txt

@@ -0,0 +1,5 @@
+/plain.raw;system_u:object_r:svirt_image_t:s0:c41,c264
+/shared.raw;system_u:object_r:svirt_image_t:s0
+/readonly.raw;system_u:object_r:virt_content_t:s0
+/nolabel.raw;
+/altlabel.raw;system_u:object_r:svirt_image_custom_t:s0:c41,c264

tests/securityselinuxlabeldata/disks.xml

@@ -0,0 +1,52 @@
+<domain type='kvm'>
+  <name>vm1</name>
+  <uuid>c7b3edbd-edaf-9455-926a-d65c16db1800</uuid>
+  <memory unit='KiB'>219200</memory>
+  <os>
+    <type arch='i686' machine='pc-1.0'>hvm</type>
+    <boot dev='cdrom'/>
+  </os>
+  <devices>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source file='/plain.raw'/>
+      <target dev='vda' bus='virtio'/>
+    </disk>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source file='/shared.raw'/>
+      <shareable/>
+      <target dev='vdb' bus='virtio'/>
+    </disk>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source file='/readonly.raw'/>
+      <readonly/>
+      <target dev='vdc' bus='virtio'/>
+    </disk>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source file='/nolabel.raw'>
+        <seclabel model='selinux' relabel='no'/>
+      </source>
+      <target dev='vdd' bus='virtio'/>
+    </disk>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source file='/altlabel.raw'>
+        <seclabel model='selinux' relabel='yes'>
+          <label>system_u:object_r:svirt_image_custom_t:s0:c41,c264</label>
+        </seclabel>
+      </source>
+      <target dev='vde' bus='virtio'/>
+    </disk>
+    <input type='mouse' bus='ps2'/>
+    <graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0'>
+      <listen type='address' address='0.0.0.0'/>
+    </graphics>
+  </devices>
+  <seclabel model="selinux" type="dynamic" relabel="yes">
+    <label>system_u:system_r:svirt_t:s0:c41,c264</label>
+    <imagelabel>system_u:object_r:svirt_image_t:s0:c41,c264</imagelabel>
+  </seclabel>
+</domain>

tests/securityselinuxlabeldata/kernel.txt

@@ -0,0 +1,2 @@
+/vmlinuz.raw;system_u:object_r:virt_content_t:s0
+/initrd.raw;system_u:object_r:virt_content_t:s0

tests/securityselinuxlabeldata/kernel.xml

@@ -0,0 +1,20 @@
+<domain type='kvm'>
+  <name>vm1</name>
+  <uuid>c7b3edbd-edaf-9455-926a-d65c16db1800</uuid>
+  <memory unit='KiB'>219200</memory>
+  <os>
+    <type arch='i686' machine='pc-1.0'>hvm</type>
+    <kernel>/vmlinuz.raw</kernel>
+    <initrd>/initrd.raw</initrd>
+  </os>
+  <devices>
+    <input type='mouse' bus='ps2'/>
+    <graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0'>
+      <listen type='address' address='0.0.0.0'/>
+    </graphics>
+  </devices>
+  <seclabel model="selinux" type="dynamic" relabel="yes">
+    <label>system_u:system_r:svirt_t:s0:c41,c264</label>
+    <imagelabel>system_u:object_r:svirt_image_t:s0:c41,c264</imagelabel>
+  </seclabel>
+</domain>