External/libvirt
1
0
Fork 0
Code

Revert "security_manager: Load lock plugin on init"

Browse Source 
This reverts commit 3e26b476b5f322353bf0dcd8e3f037ca672b8c62.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
This commit is contained in:
Michal Privoznik 2018-10-02 15:08:28 +02:00
parent 207860927a
commit 0aad10cdae
10 changed files with 8 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cfg.mk
View File

@ -788,10 +788,8 @@ sc_prohibit_cross_inclusion:
case $$dir in \ case $$dir in \
util/) safe="util";; \ util/) safe="util";; \
access/ | conf/) safe="($$dir|conf|util)";; \ access/ | conf/) safe="($$dir|conf|util)";; \
cpu/| network/| node_device/| rpc/| storage/) \ cpu/| network/| node_device/| rpc/| security/| storage/) \
safe="($$dir|util|conf|storage)";; \ safe="($$dir|util|conf|storage)";; \
security/) \
safe="($$dir|util|conf|storage|locking)";; \
xenapi/ | xenconfig/ ) safe="($$dir|util|conf|xen|cpu)";; \ xenapi/ | xenconfig/ ) safe="($$dir|util|conf|xen|cpu)";; \
*) safe="($$dir|$(mid_dirs)|util)";; \ *) safe="($$dir|$(mid_dirs)|util)";; \
esac; \ esac; \

3
src/lxc/lxc_controller.c
View File

@ -2624,8 +2624,7 @@ int main(int argc, char *argv[])
ctrl->handshakeFd = handshakeFd; ctrl->handshakeFd = handshakeFd;
if (!(ctrl->securityManager = virSecurityManagerNew(securityDriver, if (!(ctrl->securityManager = virSecurityManagerNew(securityDriver,
LXC_DRIVER_NAME, LXC_DRIVER_NAME, 0)))
NULL, 0)))
goto cleanup; goto cleanup;
if (ctrl->def->seclabels) { if (ctrl->def->seclabels) {

2
src/lxc/lxc_driver.c
View File

@ -1531,7 +1531,7 @@ lxcSecurityInit(virLXCDriverConfigPtr cfg)
flags |= VIR_SECURITY_MANAGER_REQUIRE_CONFINED; flags |= VIR_SECURITY_MANAGER_REQUIRE_CONFINED;
virSecurityManagerPtr mgr = virSecurityManagerNew(cfg->securityDriverName, virSecurityManagerPtr mgr = virSecurityManagerNew(cfg->securityDriverName,
LXC_DRIVER_NAME, NULL, flags); LXC_DRIVER_NAME, flags);
if (!mgr) if (!mgr)
goto error; goto error;

3
src/qemu/qemu_driver.c
View File

@ -350,7 +350,6 @@ qemuSecurityInit(virQEMUDriverPtr driver)
while (names && *names) { while (names && *names) {
if (!(mgr = qemuSecurityNew(*names, if (!(mgr = qemuSecurityNew(*names,
QEMU_DRIVER_NAME, QEMU_DRIVER_NAME,
cfg->metadataLockManagerName,
flags))) flags)))
goto error; goto error;
if (!stack) { if (!stack) {
@ -366,7 +365,6 @@ qemuSecurityInit(virQEMUDriverPtr driver)
} else { } else {
if (!(mgr = qemuSecurityNew(NULL, if (!(mgr = qemuSecurityNew(NULL,
QEMU_DRIVER_NAME, QEMU_DRIVER_NAME,
cfg->metadataLockManagerName,
flags))) flags)))
goto error; goto error;
if (!(stack = qemuSecurityNewStack(mgr))) if (!(stack = qemuSecurityNewStack(mgr)))
@ -383,7 +381,6 @@ qemuSecurityInit(virQEMUDriverPtr driver)
cfg->user, cfg->user,
cfg->group, cfg->group,
flags, flags,
cfg->metadataLockManagerName,
qemuSecurityChownCallback))) qemuSecurityChownCallback)))
goto error; goto error;
if (!stack) { if (!stack) {

25
src/security/security_manager.c
View File

@ -32,7 +32,6 @@
#include "viralloc.h" #include "viralloc.h"
#include "virobject.h" #include "virobject.h"
#include "virlog.h" #include "virlog.h"
#include "locking/lock_manager.h"
#include "virfile.h" #include "virfile.h"
#define VIR_FROM_THIS VIR_FROM_SECURITY #define VIR_FROM_THIS VIR_FROM_SECURITY
@ -46,8 +45,6 @@ struct _virSecurityManager {
unsigned int flags; unsigned int flags;
const char *virtDriver; const char *virtDriver;
void *privateData; void *privateData;
virLockManagerPluginPtr lockPlugin;
}; };
static virClassPtr virSecurityManagerClass; static virClassPtr virSecurityManagerClass;
@ -58,12 +55,8 @@ void virSecurityManagerDispose(void *obj)
{ {
virSecurityManagerPtr mgr = obj; virSecurityManagerPtr mgr = obj;
if (mgr->drv && if (mgr->drv->close)
mgr->drv->close)
mgr->drv->close(mgr); mgr->drv->close(mgr);
virObjectUnref(mgr->lockPlugin);
VIR_FREE(mgr->privateData); VIR_FREE(mgr->privateData);
} }
@ -83,7 +76,6 @@ VIR_ONCE_GLOBAL_INIT(virSecurityManager);
static virSecurityManagerPtr static virSecurityManagerPtr
virSecurityManagerNewDriver(virSecurityDriverPtr drv, virSecurityManagerNewDriver(virSecurityDriverPtr drv,
const char *virtDriver, const char *virtDriver,
const char *lockManagerPluginName,
unsigned int flags) unsigned int flags)
{ {
virSecurityManagerPtr mgr = NULL; virSecurityManagerPtr mgr = NULL;
@ -103,14 +95,6 @@ virSecurityManagerNewDriver(virSecurityDriverPtr drv,
if (!(mgr = virObjectLockableNew(virSecurityManagerClass))) if (!(mgr = virObjectLockableNew(virSecurityManagerClass)))
goto error; goto error;
if (!lockManagerPluginName)
lockManagerPluginName = "nop";
if (!(mgr->lockPlugin = virLockManagerPluginNew(lockManagerPluginName,
NULL, NULL, 0))) {
goto error;
}
mgr->drv = drv; mgr->drv = drv;
mgr->flags = flags; mgr->flags = flags;
mgr->virtDriver = virtDriver; mgr->virtDriver = virtDriver;
@ -133,7 +117,6 @@ virSecurityManagerNewStack(virSecurityManagerPtr primary)
virSecurityManagerPtr mgr = virSecurityManagerPtr mgr =
virSecurityManagerNewDriver(&virSecurityDriverStack, virSecurityManagerNewDriver(&virSecurityDriverStack,
virSecurityManagerGetDriver(primary), virSecurityManagerGetDriver(primary),
NULL,
primary->flags); primary->flags);
if (!mgr) if (!mgr)
@ -142,8 +125,6 @@ virSecurityManagerNewStack(virSecurityManagerPtr primary)
if (virSecurityStackAddNested(mgr, primary) < 0) if (virSecurityStackAddNested(mgr, primary) < 0)
goto error; goto error;
mgr->lockPlugin = virObjectRef(mgr->lockPlugin);
return mgr; return mgr;
error: error:
virObjectUnref(mgr); virObjectUnref(mgr);
@ -166,7 +147,6 @@ virSecurityManagerNewDAC(const char *virtDriver,
uid_t user, uid_t user,
gid_t group, gid_t group,
unsigned int flags, unsigned int flags,
const char *lockManagerPluginName,
virSecurityManagerDACChownCallback chownCallback) virSecurityManagerDACChownCallback chownCallback)
{ {
virSecurityManagerPtr mgr; virSecurityManagerPtr mgr;
@ -177,7 +157,6 @@ virSecurityManagerNewDAC(const char *virtDriver,
mgr = virSecurityManagerNewDriver(&virSecurityDriverDAC, mgr = virSecurityManagerNewDriver(&virSecurityDriverDAC,
virtDriver, virtDriver,
lockManagerPluginName,
flags & VIR_SECURITY_MANAGER_NEW_MASK); flags & VIR_SECURITY_MANAGER_NEW_MASK);
if (!mgr) if (!mgr)
@ -199,7 +178,6 @@ virSecurityManagerNewDAC(const char *virtDriver,
virSecurityManagerPtr virSecurityManagerPtr
virSecurityManagerNew(const char *name, virSecurityManagerNew(const char *name,
const char *virtDriver, const char *virtDriver,
const char *lockManagerPluginName,
unsigned int flags) unsigned int flags)
{ {
virSecurityDriverPtr drv = virSecurityDriverLookup(name, virtDriver); virSecurityDriverPtr drv = virSecurityDriverLookup(name, virtDriver);
@ -228,7 +206,6 @@ virSecurityManagerNew(const char *name,
return virSecurityManagerNewDriver(drv, return virSecurityManagerNewDriver(drv,
virtDriver, virtDriver,
lockManagerPluginName,
flags); flags);
} }

2
src/security/security_manager.h
View File

@ -45,7 +45,6 @@ typedef enum {
virSecurityManagerPtr virSecurityManagerNew(const char *name, virSecurityManagerPtr virSecurityManagerNew(const char *name,
const char *virtDriver, const char *virtDriver,
const char *lockManagerPluginName,
unsigned int flags); unsigned int flags);
virSecurityManagerPtr virSecurityManagerNewStack(virSecurityManagerPtr primary); virSecurityManagerPtr virSecurityManagerNewStack(virSecurityManagerPtr primary);
@ -71,7 +70,6 @@ virSecurityManagerPtr virSecurityManagerNewDAC(const char *virtDriver,
uid_t user, uid_t user,
gid_t group, gid_t group,
unsigned int flags, unsigned int flags,
const char *lockManagerPluginName,
virSecurityManagerDACChownCallback chownCallback); virSecurityManagerDACChownCallback chownCallback);
int virSecurityManagerPreFork(virSecurityManagerPtr mgr); int virSecurityManagerPreFork(virSecurityManagerPtr mgr);

2
tests/seclabeltest.c
View File

@ -14,7 +14,7 @@ mymain(void)
if (virThreadInitialize() < 0) if (virThreadInitialize() < 0)
return EXIT_FAILURE; return EXIT_FAILURE;
mgr = virSecurityManagerNew(NULL, "QEMU", NULL, VIR_SECURITY_MANAGER_DEFAULT_CONFINED); mgr = virSecurityManagerNew(NULL, "QEMU", VIR_SECURITY_MANAGER_DEFAULT_CONFINED);
if (mgr == NULL) { if (mgr == NULL) {
fprintf(stderr, "Failed to start security driver"); fprintf(stderr, "Failed to start security driver");
return EXIT_FAILURE; return EXIT_FAILURE;

2
tests/securityselinuxlabeltest.c
View File

@ -346,7 +346,7 @@ mymain(void)
if (!rc) if (!rc)
return EXIT_AM_SKIP; return EXIT_AM_SKIP;
if (!(mgr = virSecurityManagerNew("selinux", "QEMU", NULL, if (!(mgr = virSecurityManagerNew("selinux", "QEMU",
VIR_SECURITY_MANAGER_DEFAULT_CONFINED | VIR_SECURITY_MANAGER_DEFAULT_CONFINED |
VIR_SECURITY_MANAGER_PRIVILEGED))) { VIR_SECURITY_MANAGER_PRIVILEGED))) {
VIR_TEST_VERBOSE("Unable to initialize security driver: %s\n", VIR_TEST_VERBOSE("Unable to initialize security driver: %s\n",

2
tests/securityselinuxtest.c
View File

@ -272,7 +272,7 @@ mymain(void)
int ret = 0; int ret = 0;
virSecurityManagerPtr mgr; virSecurityManagerPtr mgr;
if (!(mgr = virSecurityManagerNew("selinux", "QEMU", NULL, if (!(mgr = virSecurityManagerNew("selinux", "QEMU",
VIR_SECURITY_MANAGER_DEFAULT_CONFINED | VIR_SECURITY_MANAGER_DEFAULT_CONFINED |
VIR_SECURITY_MANAGER_PRIVILEGED))) { VIR_SECURITY_MANAGER_PRIVILEGED))) {
fprintf(stderr, "Unable to initialize security driver: %s\n", fprintf(stderr, "Unable to initialize security driver: %s\n",

2
tests/testutilsqemu.c
View File

@ -716,7 +716,7 @@ int qemuTestDriverInit(virQEMUDriver *driver)
if (qemuTestCapsCacheInsert(driver->qemuCapsCache, NULL) < 0) if (qemuTestCapsCacheInsert(driver->qemuCapsCache, NULL) < 0)
goto error; goto error;
if (!(mgr = virSecurityManagerNew("none", "qemu", NULL, if (!(mgr = virSecurityManagerNew("none", "qemu",
VIR_SECURITY_MANAGER_PRIVILEGED))) VIR_SECURITY_MANAGER_PRIVILEGED)))
goto error; goto error;
if (!(driver->securityManager = virSecurityManagerNewStack(mgr))) if (!(driver->securityManager = virSecurityManagerNewStack(mgr)))