virtinst: parse capabilities baselabel element

libvirt since version 1.1.4 shows the security context used to execute the hypervisor process. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-02-09 23:15:46 -06:00 · 2013-11-15 11:08:41 +01:00 · 2013-11-15 11:08:41 +01:00 · d3a6f1a537
commit d3a6f1a537
parent 1ffcc0cced
3 changed files with 17 additions and 2 deletions
--- a/tests/capabilities-xml/capabilities-kvm.xml
+++ b/tests/capabilities-xml/capabilities-kvm.xml
@ -3,6 +3,12 @@
    <cpu>
      <arch>i686</arch>
    </cpu>
+    <secmodel>
+      <model>dac</model>
+      <doi>0</doi>
+      <baselabel type='kvm'>+0:+0</baselabel>
+      <baselabel type='qemu'>+0:+0</baselabel>
+    </secmodel>
  </host>

  <guest>
--- a/tests/capabilities.py
+++ b/tests/capabilities.py
@ -61,6 +61,9 @@ class TestCapabilities(unittest.TestCase):
        if secmodel:
            self.assertEqual(secmodel[0], caps.host.secmodel.model)
            self.assertEqual(secmodel[1], caps.host.secmodel.doi)
+            if secmodel[2]:
+                for k, v in secmodel[2].items():
+                    self.assertEqual(v, caps.host.secmodel.baselabels[k])

        for idx in range(len(guests)):
            self._compareGuest(guests[idx], caps.guests[idx])
@ -83,7 +86,7 @@ class TestCapabilities(unittest.TestCase):

    def testCapabilities2(self):
        host = ('x86_64', {})
-        secmodel = ('selinux', '0')
+        secmodel = ('selinux', '0', None)

        guests = [
            ('x86_64', 'hvm',
@ -123,7 +126,9 @@ class TestCapabilities(unittest.TestCase):
               ['g3bw', 'mac99', 'prep']]], {}),
       ]

-        self._testCapabilities("capabilities-kvm.xml", host, guests)
+        secmodel = ('dac', '0', {"kvm" : "+0:+0", "qemu" : "+0:+0"})
+
+        self._testCapabilities("capabilities-kvm.xml", host, guests, secmodel)

    def testCapabilities4(self):
        host = ('i686',
--- a/virtinst/capabilities.py
+++ b/virtinst/capabilities.py
@ -486,6 +486,7 @@ class SecurityModel(object):
    def __init__(self, node=None):
        self.model = None
        self.doi = None
+        self.baselabels = {}

        if not node is None:
            self.parseXML(node)
@ -496,6 +497,9 @@ class SecurityModel(object):
                self.model = child.content
            elif child.name == "doi":
                self.doi = child.content
+            elif child.name == "baselabel":
+                typ = child.prop("type")
+                self.baselabels[typ] = child.content


 class Capabilities(object):