mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-30 18:03:32 +00:00
security: Allow 'remember' to be set for HostdevLabelHelper
There is a case in which we do not want 'remember' to be set to true in SetOwnership() calls inside the HostdevLabelHelper() functions of both DAC and SELinux drivers. Next patch will explain and handle that scenario. For now, let's make virSecurityDACSetOwnership() and virSecuritySELinuxSetHostdevLabelHelper() accept a 'remember' flag, which will be used to set the 'remember' parameter of their respective SetOwnership() calls. No functional change is made. Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
parent
5b971b0f76
commit
09804edd0a
@ -1144,6 +1144,7 @@ virSecurityDACMoveImageMetadata(virSecurityManagerPtr mgr,
|
|||||||
|
|
||||||
static int
|
static int
|
||||||
virSecurityDACSetHostdevLabelHelper(const char *file,
|
virSecurityDACSetHostdevLabelHelper(const char *file,
|
||||||
|
bool remember,
|
||||||
void *opaque)
|
void *opaque)
|
||||||
{
|
{
|
||||||
virSecurityDACCallbackDataPtr cbdata = opaque;
|
virSecurityDACCallbackDataPtr cbdata = opaque;
|
||||||
@ -1156,7 +1157,7 @@ virSecurityDACSetHostdevLabelHelper(const char *file,
|
|||||||
if (virSecurityDACGetIds(secdef, priv, &user, &group, NULL, NULL) < 0)
|
if (virSecurityDACGetIds(secdef, priv, &user, &group, NULL, NULL) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
return virSecurityDACSetOwnership(mgr, NULL, file, user, group, true);
|
return virSecurityDACSetOwnership(mgr, NULL, file, user, group, remember);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -1165,7 +1166,7 @@ virSecurityDACSetPCILabel(virPCIDevicePtr dev G_GNUC_UNUSED,
|
|||||||
const char *file,
|
const char *file,
|
||||||
void *opaque)
|
void *opaque)
|
||||||
{
|
{
|
||||||
return virSecurityDACSetHostdevLabelHelper(file, opaque);
|
return virSecurityDACSetHostdevLabelHelper(file, true, opaque);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -1174,7 +1175,7 @@ virSecurityDACSetUSBLabel(virUSBDevicePtr dev G_GNUC_UNUSED,
|
|||||||
const char *file,
|
const char *file,
|
||||||
void *opaque)
|
void *opaque)
|
||||||
{
|
{
|
||||||
return virSecurityDACSetHostdevLabelHelper(file, opaque);
|
return virSecurityDACSetHostdevLabelHelper(file, true, opaque);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -1183,7 +1184,7 @@ virSecurityDACSetSCSILabel(virSCSIDevicePtr dev G_GNUC_UNUSED,
|
|||||||
const char *file,
|
const char *file,
|
||||||
void *opaque)
|
void *opaque)
|
||||||
{
|
{
|
||||||
return virSecurityDACSetHostdevLabelHelper(file, opaque);
|
return virSecurityDACSetHostdevLabelHelper(file, true, opaque);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -1192,7 +1193,7 @@ virSecurityDACSetHostLabel(virSCSIVHostDevicePtr dev G_GNUC_UNUSED,
|
|||||||
const char *file,
|
const char *file,
|
||||||
void *opaque)
|
void *opaque)
|
||||||
{
|
{
|
||||||
return virSecurityDACSetHostdevLabelHelper(file, opaque);
|
return virSecurityDACSetHostdevLabelHelper(file, true, opaque);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -1312,7 +1313,7 @@ virSecurityDACSetHostdevLabel(virSecurityManagerPtr mgr,
|
|||||||
if (!(vfiodev = virMediatedDeviceGetIOMMUGroupDev(mdevsrc->uuidstr)))
|
if (!(vfiodev = virMediatedDeviceGetIOMMUGroupDev(mdevsrc->uuidstr)))
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
ret = virSecurityDACSetHostdevLabelHelper(vfiodev, &cbdata);
|
ret = virSecurityDACSetHostdevLabelHelper(vfiodev, true, &cbdata);
|
||||||
|
|
||||||
VIR_FREE(vfiodev);
|
VIR_FREE(vfiodev);
|
||||||
break;
|
break;
|
||||||
|
@ -2001,7 +2001,9 @@ virSecuritySELinuxMoveImageMetadata(virSecurityManagerPtr mgr,
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
virSecuritySELinuxSetHostdevLabelHelper(const char *file, void *opaque)
|
virSecuritySELinuxSetHostdevLabelHelper(const char *file,
|
||||||
|
bool remember,
|
||||||
|
void *opaque)
|
||||||
{
|
{
|
||||||
virSecurityLabelDefPtr secdef;
|
virSecurityLabelDefPtr secdef;
|
||||||
virSecuritySELinuxCallbackDataPtr data = opaque;
|
virSecuritySELinuxCallbackDataPtr data = opaque;
|
||||||
@ -2011,21 +2013,21 @@ virSecuritySELinuxSetHostdevLabelHelper(const char *file, void *opaque)
|
|||||||
secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
|
secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
|
||||||
if (secdef == NULL)
|
if (secdef == NULL)
|
||||||
return 0;
|
return 0;
|
||||||
return virSecuritySELinuxSetFilecon(mgr, file, secdef->imagelabel, true);
|
return virSecuritySELinuxSetFilecon(mgr, file, secdef->imagelabel, remember);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
virSecuritySELinuxSetPCILabel(virPCIDevicePtr dev G_GNUC_UNUSED,
|
virSecuritySELinuxSetPCILabel(virPCIDevicePtr dev G_GNUC_UNUSED,
|
||||||
const char *file, void *opaque)
|
const char *file, void *opaque)
|
||||||
{
|
{
|
||||||
return virSecuritySELinuxSetHostdevLabelHelper(file, opaque);
|
return virSecuritySELinuxSetHostdevLabelHelper(file, true, opaque);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
virSecuritySELinuxSetUSBLabel(virUSBDevicePtr dev G_GNUC_UNUSED,
|
virSecuritySELinuxSetUSBLabel(virUSBDevicePtr dev G_GNUC_UNUSED,
|
||||||
const char *file, void *opaque)
|
const char *file, void *opaque)
|
||||||
{
|
{
|
||||||
return virSecuritySELinuxSetHostdevLabelHelper(file, opaque);
|
return virSecuritySELinuxSetHostdevLabelHelper(file, true, opaque);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
@ -2056,7 +2058,7 @@ static int
|
|||||||
virSecuritySELinuxSetHostLabel(virSCSIVHostDevicePtr dev G_GNUC_UNUSED,
|
virSecuritySELinuxSetHostLabel(virSCSIVHostDevicePtr dev G_GNUC_UNUSED,
|
||||||
const char *file, void *opaque)
|
const char *file, void *opaque)
|
||||||
{
|
{
|
||||||
return virSecuritySELinuxSetHostdevLabelHelper(file, opaque);
|
return virSecuritySELinuxSetHostdevLabelHelper(file, true, opaque);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -2164,7 +2166,7 @@ virSecuritySELinuxSetHostdevSubsysLabel(virSecurityManagerPtr mgr,
|
|||||||
if (!(vfiodev = virMediatedDeviceGetIOMMUGroupDev(mdevsrc->uuidstr)))
|
if (!(vfiodev = virMediatedDeviceGetIOMMUGroupDev(mdevsrc->uuidstr)))
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
ret = virSecuritySELinuxSetHostdevLabelHelper(vfiodev, &data);
|
ret = virSecuritySELinuxSetHostdevLabelHelper(vfiodev, true, &data);
|
||||||
|
|
||||||
VIR_FREE(vfiodev);
|
VIR_FREE(vfiodev);
|
||||||
break;
|
break;
|
||||||
|
Loading…
Reference in New Issue
Block a user