security: Introduce internal APIs for memdev labelling

These APIs will be used whenever we are hot (un-)plugging a
memdev.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
Michal Privoznik 2016-08-04 14:48:15 +02:00
parent cde8e31938
commit 0064c4e2bc
5 changed files with 112 additions and 0 deletions

View File

@ -1180,6 +1180,7 @@ virSecurityManagerRestoreAllLabel;
virSecurityManagerRestoreDiskLabel;
virSecurityManagerRestoreHostdevLabel;
virSecurityManagerRestoreImageLabel;
virSecurityManagerRestoreMemoryLabel;
virSecurityManagerRestoreSavedStateLabel;
virSecurityManagerSetAllLabel;
virSecurityManagerSetChildProcessLabel;
@ -1188,6 +1189,7 @@ virSecurityManagerSetDiskLabel;
virSecurityManagerSetHostdevLabel;
virSecurityManagerSetImageFDLabel;
virSecurityManagerSetImageLabel;
virSecurityManagerSetMemoryLabel;
virSecurityManagerSetProcessLabel;
virSecurityManagerSetSavedStateLabel;
virSecurityManagerSetSocketLabel;

View File

@ -123,6 +123,12 @@ typedef int (*virSecurityDomainSetImageLabel) (virSecurityManagerPtr mgr,
typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
virStorageSourcePtr src);
typedef int (*virSecurityDomainSetMemoryLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
virDomainMemoryDefPtr mem);
typedef int (*virSecurityDomainRestoreMemoryLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
virDomainMemoryDefPtr mem);
typedef int (*virSecurityDomainSetPathLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
const char *path);
@ -152,6 +158,9 @@ struct _virSecurityDriver {
virSecurityDomainSetImageLabel domainSetSecurityImageLabel;
virSecurityDomainRestoreImageLabel domainRestoreSecurityImageLabel;
virSecurityDomainSetMemoryLabel domainSetSecurityMemoryLabel;
virSecurityDomainRestoreMemoryLabel domainRestoreSecurityMemoryLabel;
virSecurityDomainSetDaemonSocketLabel domainSetSecurityDaemonSocketLabel;
virSecurityDomainSetSocketLabel domainSetSecuritySocketLabel;
virSecurityDomainClearSocketLabel domainClearSecuritySocketLabel;

View File

@ -1052,3 +1052,59 @@ virSecurityManagerDomainSetPathLabel(virSecurityManagerPtr mgr,
return 0;
}
/**
* virSecurityManagerSetMemoryLabel:
* @mgr: security manager object
* @vm: domain definition object
* @mem: memory module to operate on
*
* Labels the host part of a memory module.
*
* Returns: 0 on success, -1 on error.
*/
int
virSecurityManagerSetMemoryLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
virDomainMemoryDefPtr mem)
{
if (mgr->drv->domainSetSecurityMemoryLabel) {
int ret;
virObjectLock(mgr);
ret = mgr->drv->domainSetSecurityMemoryLabel(mgr, vm, mem);
virObjectUnlock(mgr);
return ret;
}
virReportUnsupportedError();
return -1;
}
/**
* virSecurityManagerRestoreMemoryLabel:
* @mgr: security manager object
* @vm: domain definition object
* @mem: memory module to operate on
*
* Removes security label from the host part of a memory module.
*
* Returns: 0 on success, -1 on error.
*/
int
virSecurityManagerRestoreMemoryLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
virDomainMemoryDefPtr mem)
{
if (mgr->drv->domainRestoreSecurityMemoryLabel) {
int ret;
virObjectLock(mgr);
ret = mgr->drv->domainRestoreSecurityMemoryLabel(mgr, vm, mem);
virObjectUnlock(mgr);
return ret;
}
virReportUnsupportedError();
return -1;
}

View File

@ -162,6 +162,13 @@ int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
virStorageSourcePtr src);
int virSecurityManagerSetMemoryLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
virDomainMemoryDefPtr mem);
int virSecurityManagerRestoreMemoryLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
virDomainMemoryDefPtr mem);
int virSecurityManagerDomainSetPathLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
const char *path);

View File

@ -627,6 +627,41 @@ virSecurityStackRestoreImageLabel(virSecurityManagerPtr mgr,
return rc;
}
static int
virSecurityStackSetMemoryLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
virDomainMemoryDefPtr mem)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
virSecurityStackItemPtr item = priv->itemsHead;
int rc = 0;
for (; item; item = item->next) {
if (virSecurityManagerSetMemoryLabel(item->securityManager, vm, mem) < 0)
rc = -1;
}
return rc;
}
static int
virSecurityStackRestoreMemoryLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
virDomainMemoryDefPtr mem)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
virSecurityStackItemPtr item = priv->itemsHead;
int rc = 0;
for (; item; item = item->next) {
if (virSecurityManagerRestoreMemoryLabel(item->securityManager,
vm, mem) < 0)
rc = -1;
}
return rc;
}
static int
virSecurityStackDomainSetPathLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
@ -669,6 +704,9 @@ virSecurityDriver virSecurityDriverStack = {
.domainSetSecurityImageLabel = virSecurityStackSetImageLabel,
.domainRestoreSecurityImageLabel = virSecurityStackRestoreImageLabel,
.domainSetSecurityMemoryLabel = virSecurityStackSetMemoryLabel,
.domainRestoreSecurityMemoryLabel = virSecurityStackRestoreMemoryLabel,
.domainSetSecurityDaemonSocketLabel = virSecurityStackSetDaemonSocketLabel,
.domainSetSecuritySocketLabel = virSecurityStackSetSocketLabel,
.domainClearSecuritySocketLabel = virSecurityStackClearSocketLabel,