External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-01 02:25:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
a51ccaf828
libvirt/src/qemu/qemu_security_stacked.c

419 lines
15 KiB
C
Raw Normal View History

Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
/*
* Copyright (C) 2010 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* QEMU stacked security driver
*/
#include <config.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include "qemu_security_stacked.h"
#include "qemu_conf.h"
#include "datatypes.h"
#include "virterror_internal.h"
#include "util.h"
#include "memory.h"
#include "logging.h"
#include "pci.h"
#include "hostusb.h"
#include "storage_file.h"
#define VIR_FROM_THIS VIR_FROM_QEMU
static struct qemud_driver *driver;
void qemuSecurityStackedSetDriver(struct qemud_driver *newdriver)
{
driver = newdriver;
}
static int
Remove use of virConnectPtr from security driver APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in security_driver.{h,c} and update all callers to match
2010-02-09 19:18:21 +00:00
qemuSecurityStackedVerify(virDomainDefPtr def)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainSecurityVerify &&
Remove use of virConnectPtr from security driver APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in security_driver.{h,c} and update all callers to match
2010-02-09 19:18:21 +00:00
driver->securitySecondaryDriver->domainSecurityVerify(def) < 0)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainSecurityVerify &&
Remove use of virConnectPtr from security driver APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in security_driver.{h,c} and update all callers to match
2010-02-09 19:18:21 +00:00
driver->securityPrimaryDriver->domainSecurityVerify(def) < 0)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
rc = -1;
return rc;
}
static int
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
qemuSecurityStackedGenLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
virDomainObjPtr vm)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainGenSecurityLabel &&
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
driver->securitySecondaryDriver->domainGenSecurityLabel(driver->securitySecondaryDriver,
vm) < 0)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainGenSecurityLabel &&
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
driver->securityPrimaryDriver->domainGenSecurityLabel(driver->securityPrimaryDriver,
vm) < 0)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
rc = -1;
return rc;
}
static int
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
qemuSecurityStackedReleaseLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
virDomainObjPtr vm)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainReleaseSecurityLabel &&
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
driver->securitySecondaryDriver->domainReleaseSecurityLabel(driver->securitySecondaryDriver,
vm) < 0)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainReleaseSecurityLabel &&
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
driver->securityPrimaryDriver->domainReleaseSecurityLabel(driver->securityPrimaryDriver,
vm) < 0)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
rc = -1;
return rc;
}
static int
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
qemuSecurityStackedReserveLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
virDomainObjPtr vm)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainReserveSecurityLabel &&
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
driver->securitySecondaryDriver->domainReserveSecurityLabel(driver->securitySecondaryDriver,
vm) < 0)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainReserveSecurityLabel &&
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
driver->securityPrimaryDriver->domainReserveSecurityLabel(driver->securityPrimaryDriver,
vm) < 0)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
rc = -1;
return rc;
}
static int
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
qemuSecurityStackedSetSecurityImageLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
virDomainObjPtr vm,
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
virDomainDiskDefPtr disk)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainSetSecurityImageLabel &&
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
driver->securitySecondaryDriver->domainSetSecurityImageLabel(driver->securitySecondaryDriver,
vm, disk) < 0)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainSetSecurityImageLabel &&
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
driver->securityPrimaryDriver->domainSetSecurityImageLabel(driver->securityPrimaryDriver,
vm, disk) < 0)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
rc = -1;
return rc;
}
static int
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
qemuSecurityStackedRestoreSecurityImageLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
virDomainObjPtr vm,
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
virDomainDiskDefPtr disk)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainRestoreSecurityImageLabel &&
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
driver->securitySecondaryDriver->domainRestoreSecurityImageLabel(driver->securitySecondaryDriver,
vm, disk) < 0)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainRestoreSecurityImageLabel &&
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
driver->securityPrimaryDriver->domainRestoreSecurityImageLabel(driver->securityPrimaryDriver,
vm, disk) < 0)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
rc = -1;
return rc;
}
static int
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
qemuSecurityStackedSetSecurityHostdevLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
virDomainObjPtr vm,
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
virDomainHostdevDefPtr dev)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainSetSecurityHostdevLabel &&
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
driver->securitySecondaryDriver->domainSetSecurityHostdevLabel(driver->securitySecondaryDriver,
vm, dev) < 0)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainSetSecurityHostdevLabel &&
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
driver->securityPrimaryDriver->domainSetSecurityHostdevLabel(driver->securityPrimaryDriver,
vm, dev) < 0)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
rc = -1;
return rc;
}
static int
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
qemuSecurityStackedRestoreSecurityHostdevLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
virDomainObjPtr vm,
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
virDomainHostdevDefPtr dev)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainRestoreSecurityHostdevLabel &&
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
driver->securitySecondaryDriver->domainRestoreSecurityHostdevLabel(driver->securitySecondaryDriver,
vm, dev) < 0)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainRestoreSecurityHostdevLabel &&
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
driver->securityPrimaryDriver->domainRestoreSecurityHostdevLabel(driver->securityPrimaryDriver,
vm, dev) < 0)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
rc = -1;
return rc;
}
static int
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
qemuSecurityStackedSetSecurityAllLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
virDomainObjPtr vm,
const char *stdin_path)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainSetSecurityAllLabel &&
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
driver->securitySecondaryDriver->domainSetSecurityAllLabel(driver->securitySecondaryDriver,
vm, stdin_path) < 0)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainSetSecurityAllLabel &&
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
driver->securityPrimaryDriver->domainSetSecurityAllLabel(driver->securityPrimaryDriver,
vm, stdin_path) < 0)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
rc = -1;
return rc;
}
static int
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
qemuSecurityStackedRestoreSecurityAllLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
virDomainObjPtr vm,
Don't reset user/group/security label on shared filesystems during migrate When QEMU runs with its disk on NFS, and as a non-root user, the disk is chownd to that non-root user. When migration completes the last step is shutting down the QEMU on the source host. THis normally resets user/group/security label. This is bad when the VM was just migrated because the file is still in use on the dest host. It is thus neccessary to skip the reset step for any files found to be on a shared filesystem * src/libvirt_private.syms: Export virStorageFileIsSharedFS * src/util/storage_file.c, src/util/storage_file.h: Add a new method virStorageFileIsSharedFS() to determine if a file is on a shared filesystem (NFS, GFS, OCFS2, etc) * src/qemu/qemu_driver.c: Tell security driver not to reset disk labels on migration completion * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_selinux.c, src/security/security_driver.h, src/security/security_apparmor.c: Add ability to skip disk restore step for files on shared filesystems.
2010-05-13 15:49:22 +00:00
int migrated)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainRestoreSecurityAllLabel &&
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
driver->securitySecondaryDriver->domainRestoreSecurityAllLabel(driver->securitySecondaryDriver,
vm, migrated) < 0)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainRestoreSecurityAllLabel &&
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
driver->securityPrimaryDriver->domainRestoreSecurityAllLabel(driver->securityPrimaryDriver,
vm, migrated) < 0)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
rc = -1;
return rc;
}
static int
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
qemuSecurityStackedSetSavedStateLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
virDomainObjPtr vm,
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
const char *savefile)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainSetSavedStateLabel &&
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
driver->securitySecondaryDriver->domainSetSavedStateLabel(driver->securitySecondaryDriver,
vm, savefile) < 0)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainSetSavedStateLabel &&
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
driver->securityPrimaryDriver->domainSetSavedStateLabel(driver->securityPrimaryDriver,
vm, savefile) < 0)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
rc = -1;
return rc;
}
static int
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
qemuSecurityStackedRestoreSavedStateLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
virDomainObjPtr vm,
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
const char *savefile)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainRestoreSavedStateLabel &&
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
driver->securitySecondaryDriver->domainRestoreSavedStateLabel(driver->securitySecondaryDriver,
vm, savefile) < 0)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainRestoreSavedStateLabel &&
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
driver->securityPrimaryDriver->domainRestoreSavedStateLabel(driver->securityPrimaryDriver,
vm, savefile) < 0)
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
rc = -1;
return rc;
}
static int
Remove use of virConnectPtr from security driver APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in security_driver.{h,c} and update all callers to match
2010-02-09 19:18:21 +00:00
qemuSecurityStackedSetProcessLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
virDomainObjPtr vm)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainSetSecurityProcessLabel &&
Remove use of virConnectPtr from security driver APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in security_driver.{h,c} and update all callers to match
2010-02-09 19:18:21 +00:00
driver->securitySecondaryDriver->domainSetSecurityProcessLabel(driver->securitySecondaryDriver,
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
vm) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainSetSecurityProcessLabel &&
Remove use of virConnectPtr from security driver APIs The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in security_driver.{h,c} and update all callers to match
2010-02-09 19:18:21 +00:00
driver->securityPrimaryDriver->domainSetSecurityProcessLabel(driver->securityPrimaryDriver,
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
vm) < 0)
rc = -1;
return rc;
}
static int
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
qemuSecurityStackedGetProcessLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
virDomainObjPtr vm,
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
virSecurityLabelPtr seclabel)
{
int rc = 0;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainGetSecurityProcessLabel &&
Pass security driver object into all security driver callbacks The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
2010-06-15 16:44:19 +00:00
driver->securityPrimaryDriver->domainGetSecurityProcessLabel(driver->securityPrimaryDriver,
vm,
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
seclabel) < 0)
rc = -1;
return rc;
}
Add support for setting socket MLS level in SELinux driver When SELinux is running in MLS mode, libvirtd will have a different security level to the VMs. For libvirtd to be able to connect to the monitor console, the client end of the UNIX domain socket needs a different label. This adds infrastructure to set the socket label via the security driver framework * src/qemu/qemu_driver.c: Call out to socket label APIs in security driver * src/qemu/qemu_security_stacked.c: Wire up socket label drivers * src/security/security_driver.h: Define security driver entry points for socket labelling * src/security/security_selinux.c: Set socket label based on VM label
2010-05-27 15:44:47 +00:00
static int
qemuSecurityStackedSetSocketLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
virDomainObjPtr vm)
{
int rc = 0;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainSetSecuritySocketLabel &&
driver->securityPrimaryDriver->domainSetSecuritySocketLabel(driver->securityPrimaryDriver,
vm) < 0)
rc = -1;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainSetSecuritySocketLabel &&
driver->securitySecondaryDriver->domainSetSecuritySocketLabel(driver->securitySecondaryDriver,
vm) < 0)
rc = -1;
return rc;
}
static int
qemuSecurityStackedClearSocketLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
virDomainObjPtr vm)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainClearSecuritySocketLabel &&
driver->securitySecondaryDriver->domainClearSecuritySocketLabel(driver->securitySecondaryDriver,
vm) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainClearSecuritySocketLabel &&
driver->securityPrimaryDriver->domainClearSecuritySocketLabel(driver->securityPrimaryDriver,
vm) < 0)
rc = -1;
return rc;
}
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
virSecurityDriver qemuStackedSecurityDriver = {
.name = "qemuStacked",
.domainSecurityVerify = qemuSecurityStackedVerify,
.domainGenSecurityLabel = qemuSecurityStackedGenLabel,
.domainReleaseSecurityLabel = qemuSecurityStackedReleaseLabel,
.domainReserveSecurityLabel = qemuSecurityStackedReserveLabel,
.domainGetSecurityProcessLabel = qemuSecurityStackedGetProcessLabel,
.domainSetSecurityProcessLabel = qemuSecurityStackedSetProcessLabel,
.domainSetSecurityImageLabel = qemuSecurityStackedSetSecurityImageLabel,
.domainRestoreSecurityImageLabel = qemuSecurityStackedRestoreSecurityImageLabel,
.domainSetSecurityAllLabel = qemuSecurityStackedSetSecurityAllLabel,
.domainRestoreSecurityAllLabel = qemuSecurityStackedRestoreSecurityAllLabel,
.domainSetSecurityHostdevLabel = qemuSecurityStackedSetSecurityHostdevLabel,
.domainRestoreSecurityHostdevLabel = qemuSecurityStackedRestoreSecurityHostdevLabel,
.domainSetSavedStateLabel = qemuSecurityStackedSetSavedStateLabel,
.domainRestoreSavedStateLabel = qemuSecurityStackedRestoreSavedStateLabel,
Add support for setting socket MLS level in SELinux driver When SELinux is running in MLS mode, libvirtd will have a different security level to the VMs. For libvirtd to be able to connect to the monitor console, the client end of the UNIX domain socket needs a different label. This adds infrastructure to set the socket label via the security driver framework * src/qemu/qemu_driver.c: Call out to socket label APIs in security driver * src/qemu/qemu_security_stacked.c: Wire up socket label drivers * src/security/security_driver.h: Define security driver entry points for socket labelling * src/security/security_selinux.c: Set socket label based on VM label
2010-05-27 15:44:47 +00:00
.domainClearSecuritySocketLabel = qemuSecurityStackedClearSocketLabel,
.domainSetSecuritySocketLabel = qemuSecurityStackedSetSocketLabel,
Introduce a stacked security driver impl for QEMU * qemu/qemu_conf.h: Add securityPrimaryDriver and securitySecondaryDriver fields to 'struct qemud_driver' * Makefile.am: Add new files * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A simple stacked security driver
2010-01-13 16:26:55 +00:00
};
Reference in New Issue Copy Permalink