External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-22 12:35:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use standard naming prefix for SELinux driver function names

Browse Source 
The function names in the SELinux driver all start with
SELinux or 'mcs' as a prefix. Sanitize this so that they
all use 'virSecuritySELinux' as the prefix

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2012-05-24 16:42:51 +01:00
parent f8ab364c5f
commit 12b187fb95
1 changed files with 212 additions and 204 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

416
src/security/security_selinux.c
View File

@ -64,16 +64,18 @@ struct _virSecuritySELinuxCallbackData {
The data struct of used mcs should be replaced with a better data structure in the future The data struct of used mcs should be replaced with a better data structure in the future
*/ */
struct MCS { typedef struct virSecuritySELinuxMCS virSecuritySELinuxMCS;
typedef virSecuritySELinuxMCS *virSecuritySELinuxMCSPtr;
struct virSecuritySELinuxMCS {
char *mcs; char *mcs;
struct MCS *next; virSecuritySELinuxMCSPtr next;
}; };
static struct MCS *mcsList = NULL; static virSecuritySELinuxMCSPtr mcsList = NULL;
static int static int
mcsAdd(const char *mcs) virSecuritySELinuxMCSAdd(const char *mcs)
{ {
struct MCS *ptr; virSecuritySELinuxMCSPtr ptr;
for (ptr = mcsList; ptr; ptr = ptr->next) { for (ptr = mcsList; ptr; ptr = ptr->next) {
if (STREQ(ptr->mcs, mcs)) if (STREQ(ptr->mcs, mcs))
@ -88,10 +90,10 @@ mcsAdd(const char *mcs)
} }
static int static int
mcsRemove(const char *mcs) virSecuritySELinuxMCSRemove(const char *mcs)
{ {
struct MCS *prevptr = NULL; virSecuritySELinuxMCSPtr prevptr = NULL;
struct MCS *ptr = NULL; virSecuritySELinuxMCSPtr ptr = NULL;
for (ptr = mcsList; ptr; ptr = ptr->next) { for (ptr = mcsList; ptr; ptr = ptr->next) {
if (STREQ(ptr->mcs, mcs)) { if (STREQ(ptr->mcs, mcs)) {
@ -110,7 +112,7 @@ mcsRemove(const char *mcs)
} }
static char * static char *
SELinuxGenNewContext(const char *oldcontext, const char *mcs) virSecuritySELinuxGenNewContext(const char *oldcontext, const char *mcs)
{ {
char *newcontext = NULL; char *newcontext = NULL;
char *scontext = strdup(oldcontext); char *scontext = strdup(oldcontext);
@ -129,7 +131,7 @@ err:
#ifdef HAVE_SELINUX_LXC_CONTEXTS_PATH #ifdef HAVE_SELINUX_LXC_CONTEXTS_PATH
static int static int
SELinuxLXCInitialize(virSecurityManagerPtr mgr) virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr)
{ {
virConfValuePtr scon = NULL; virConfValuePtr scon = NULL;
virConfValuePtr tcon = NULL; virConfValuePtr tcon = NULL;
@ -192,7 +194,7 @@ error:
} }
#else #else
static int static int
SELinuxLXCInitialize(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED) virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
{ {
virReportSystemError(ENOSYS, "%s", virReportSystemError(ENOSYS, "%s",
_("libselinux does not support LXC contexts path")); _("libselinux does not support LXC contexts path"));
@ -202,7 +204,7 @@ SELinuxLXCInitialize(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
static int static int
SELinuxQEMUInitialize(virSecurityManagerPtr mgr) virSecuritySELinuxQEMUInitialize(virSecurityManagerPtr mgr)
{ {
char *ptr; char *ptr;
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr); virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
@ -249,20 +251,20 @@ error:
static int static int
SELinuxInitialize(virSecurityManagerPtr mgr) virSecuritySELinuxInitialize(virSecurityManagerPtr mgr)
{ {
VIR_DEBUG("SELinuxInitialize %s", virSecurityManagerGetDriver(mgr)); VIR_DEBUG("SELinuxInitialize %s", virSecurityManagerGetDriver(mgr));
if (STREQ(virSecurityManagerGetDriver(mgr), "LXC")) { if (STREQ(virSecurityManagerGetDriver(mgr), "LXC")) {
return SELinuxLXCInitialize(mgr); return virSecuritySELinuxLXCInitialize(mgr);
} else { } else {
return SELinuxQEMUInitialize(mgr); return virSecuritySELinuxQEMUInitialize(mgr);
} }
} }
static int static int
SELinuxGenSecurityLabel(virSecurityManagerPtr mgr, virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def) virDomainDefPtr def)
{ {
int rc = -1; int rc = -1;
char *mcs = NULL; char *mcs = NULL;
@ -273,7 +275,7 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
const char *range; const char *range;
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr); virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
VIR_DEBUG("SELinuxGenSecurityLabel %s", virSecurityManagerGetDriver(mgr)); VIR_DEBUG("driver=%s", virSecurityManagerGetDriver(mgr));
if ((def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) && if ((def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) &&
!def->seclabel.baselabel && !def->seclabel.baselabel &&
def->seclabel.model) { def->seclabel.model) {
@ -303,7 +305,7 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
return rc; return rc;
} }
VIR_DEBUG("SELinuxGenSecurityLabel %d", def->seclabel.type); VIR_DEBUG("type=%d", def->seclabel.type);
switch (def->seclabel.type) { switch (def->seclabel.type) {
case VIR_DOMAIN_SECLABEL_STATIC: case VIR_DOMAIN_SECLABEL_STATIC:
@ -343,12 +345,12 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
goto cleanup; goto cleanup;
} }
} }
} while (mcsAdd(mcs) == -1); } while (virSecuritySELinuxMCSAdd(mcs) == -1);
def->seclabel.label = def->seclabel.label =
SELinuxGenNewContext(def->seclabel.baselabel ? virSecuritySELinuxGenNewContext(def->seclabel.baselabel ?
def->seclabel.baselabel : def->seclabel.baselabel :
data->domain_context, mcs); data->domain_context, mcs);
if (! def->seclabel.label) { if (! def->seclabel.label) {
virReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot generate selinux context for %s"), mcs); _("cannot generate selinux context for %s"), mcs);
@ -368,7 +370,7 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
} }
if (!def->seclabel.norelabel) { if (!def->seclabel.norelabel) {
def->seclabel.imagelabel = SELinuxGenNewContext(data->file_context, mcs); def->seclabel.imagelabel = virSecuritySELinuxGenNewContext(data->file_context, mcs);
if (!def->seclabel.imagelabel) { if (!def->seclabel.imagelabel) {
virReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot generate selinux context for %s"), mcs); _("cannot generate selinux context for %s"), mcs);
@ -409,9 +411,9 @@ cleanup:
} }
static int static int
SELinuxReserveSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virSecuritySELinuxReserveSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr def, virDomainDefPtr def,
pid_t pid) pid_t pid)
{ {
security_context_t pctx; security_context_t pctx;
context_t ctx = NULL; context_t ctx = NULL;
@ -435,7 +437,7 @@ SELinuxReserveSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
if (!mcs) if (!mcs)
goto err; goto err;
mcsAdd(mcs); virSecuritySELinuxMCSAdd(mcs);
context_free(ctx); context_free(ctx);
@ -448,7 +450,7 @@ err:
static int static int
SELinuxSecurityDriverProbe(const char *virtDriver) virSecuritySELinuxSecurityDriverProbe(const char *virtDriver)
{ {
if (!is_selinux_enabled()) if (!is_selinux_enabled())
return SECURITY_DRIVER_DISABLE; return SECURITY_DRIVER_DISABLE;
@ -465,14 +467,14 @@ SELinuxSecurityDriverProbe(const char *virtDriver)
static int static int
SELinuxSecurityDriverOpen(virSecurityManagerPtr mgr) virSecuritySELinuxSecurityDriverOpen(virSecurityManagerPtr mgr)
{ {
return SELinuxInitialize(mgr); return virSecuritySELinuxInitialize(mgr);
} }
static int static int
SELinuxSecurityDriverClose(virSecurityManagerPtr mgr) virSecuritySELinuxSecurityDriverClose(virSecurityManagerPtr mgr)
{ {
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr); virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
@ -487,12 +489,14 @@ SELinuxSecurityDriverClose(virSecurityManagerPtr mgr)
} }
static const char *SELinuxSecurityGetModel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED) static const char *
virSecuritySELinuxSecurityGetModel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
{ {
return SECURITY_SELINUX_NAME; return SECURITY_SELINUX_NAME;
} }
static const char *SELinuxSecurityGetDOI(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED) static const char *
virSecuritySELinuxSecurityGetDOI(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
{ {
/* /*
* Where will the DOI come from? SELinux configuration, or qemu * Where will the DOI come from? SELinux configuration, or qemu
@ -502,10 +506,10 @@ static const char *SELinuxSecurityGetDOI(virSecurityManagerPtr mgr ATTRIBUTE_UNU
} }
static int static int
SELinuxGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virSecuritySELinuxGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr def ATTRIBUTE_UNUSED, virDomainDefPtr def ATTRIBUTE_UNUSED,
pid_t pid, pid_t pid,
virSecurityLabelPtr sec) virSecurityLabelPtr sec)
{ {
security_context_t ctx; security_context_t ctx;
@ -528,7 +532,7 @@ SELinuxGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
strcpy(sec->label, (char *) ctx); strcpy(sec->label, (char *) ctx);
freecon(ctx); freecon(ctx);
VIR_DEBUG("SELinuxGetSecurityProcessLabel %s", sec->label); VIR_DEBUG("label=%s", sec->label);
sec->enforcing = security_getenforce(); sec->enforcing = security_getenforce();
if (sec->enforcing == -1) { if (sec->enforcing == -1) {
virReportSystemError(errno, "%s", virReportSystemError(errno, "%s",
@ -543,7 +547,7 @@ SELinuxGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
* return 1 if labelling was not possible. Otherwise, require a label * return 1 if labelling was not possible. Otherwise, require a label
* change, and return 0 for success, -1 for failure. */ * change, and return 0 for success, -1 for failure. */
static int static int
SELinuxSetFileconHelper(const char *path, char *tcon, bool optional) virSecuritySELinuxSetFileconHelper(const char *path, char *tcon, bool optional)
{ {
security_context_t econ; security_context_t econ;
@ -596,19 +600,19 @@ SELinuxSetFileconHelper(const char *path, char *tcon, bool optional)
} }
static int static int
SELinuxSetFileconOptional(const char *path, char *tcon) virSecuritySELinuxSetFileconOptional(const char *path, char *tcon)
{ {
return SELinuxSetFileconHelper(path, tcon, true); return virSecuritySELinuxSetFileconHelper(path, tcon, true);
} }
static int static int
SELinuxSetFilecon(const char *path, char *tcon) virSecuritySELinuxSetFilecon(const char *path, char *tcon)
{ {
return SELinuxSetFileconHelper(path, tcon, false); return virSecuritySELinuxSetFileconHelper(path, tcon, false);
} }
static int static int
SELinuxFSetFilecon(int fd, char *tcon) virSecuritySELinuxFSetFilecon(int fd, char *tcon)
{ {
security_context_t econ; security_context_t econ;
@ -669,7 +673,7 @@ getContext(const char *newpath, mode_t mode, security_context_t *fcon)
/* This method shouldn't raise errors, since they'll overwrite /* This method shouldn't raise errors, since they'll overwrite
* errors that the caller(s) are already dealing with */ * errors that the caller(s) are already dealing with */
static int static int
SELinuxRestoreSecurityFileLabel(const char *path) virSecuritySELinuxRestoreSecurityFileLabel(const char *path)
{ {
struct stat buf; struct stat buf;
security_context_t fcon = NULL; security_context_t fcon = NULL;
@ -694,7 +698,7 @@ SELinuxRestoreSecurityFileLabel(const char *path)
if (getContext(newpath, buf.st_mode, &fcon) < 0) { if (getContext(newpath, buf.st_mode, &fcon) < 0) {
VIR_WARN("cannot lookup default selinux label for %s", newpath); VIR_WARN("cannot lookup default selinux label for %s", newpath);
} else { } else {
rc = SELinuxSetFilecon(newpath, fcon); rc = virSecuritySELinuxSetFilecon(newpath, fcon);
} }
err: err:
@ -704,10 +708,10 @@ err:
} }
static int static int
SELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virSecuritySELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr def, virDomainDefPtr def,
virDomainDiskDefPtr disk, virDomainDiskDefPtr disk,
int migrated) int migrated)
{ {
const virSecurityLabelDefPtr secdef = &def->seclabel; const virSecurityLabelDefPtr secdef = &def->seclabel;
@ -744,24 +748,24 @@ SELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
} }
} }
return SELinuxRestoreSecurityFileLabel(disk->src); return virSecuritySELinuxRestoreSecurityFileLabel(disk->src);
} }
static int static int
SELinuxRestoreSecurityImageLabel(virSecurityManagerPtr mgr, virSecuritySELinuxRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def, virDomainDefPtr def,
virDomainDiskDefPtr disk) virDomainDiskDefPtr disk)
{ {
return SELinuxRestoreSecurityImageLabelInt(mgr, def, disk, 0); return virSecuritySELinuxRestoreSecurityImageLabelInt(mgr, def, disk, 0);
} }
static int static int
SELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk, virSecuritySELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
const char *path, const char *path,
size_t depth, size_t depth,
void *opaque) void *opaque)
{ {
virSecuritySELinuxCallbackDataPtr cbdata = opaque; virSecuritySELinuxCallbackDataPtr cbdata = opaque;
const virSecurityLabelDefPtr secdef = cbdata->secdef; const virSecurityLabelDefPtr secdef = cbdata->secdef;
@ -773,20 +777,20 @@ SELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
if (disk->seclabel && !disk->seclabel->norelabel && if (disk->seclabel && !disk->seclabel->norelabel &&
disk->seclabel->label) { disk->seclabel->label) {
ret = SELinuxSetFilecon(path, disk->seclabel->label); ret = virSecuritySELinuxSetFilecon(path, disk->seclabel->label);
} else if (depth == 0) { } else if (depth == 0) {
if (disk->shared) { if (disk->shared) {
ret = SELinuxSetFileconOptional(path, data->file_context); ret = virSecuritySELinuxSetFileconOptional(path, data->file_context);
} else if (disk->readonly) { } else if (disk->readonly) {
ret = SELinuxSetFileconOptional(path, data->content_context); ret = virSecuritySELinuxSetFileconOptional(path, data->content_context);
} else if (secdef->imagelabel) { } else if (secdef->imagelabel) {
ret = SELinuxSetFileconOptional(path, secdef->imagelabel); ret = virSecuritySELinuxSetFileconOptional(path, secdef->imagelabel);
} else { } else {
ret = 0; ret = 0;
} }
} else { } else {
ret = SELinuxSetFileconOptional(path, data->content_context); ret = virSecuritySELinuxSetFileconOptional(path, data->content_context);
} }
if (ret == 1 && !disk->seclabel) { if (ret == 1 && !disk->seclabel) {
/* If we failed to set a label, but virt_use_nfs let us /* If we failed to set a label, but virt_use_nfs let us
@ -802,9 +806,9 @@ SELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
} }
static int static int
SELinuxSetSecurityImageLabel(virSecurityManagerPtr mgr, virSecuritySELinuxSetSecurityImageLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def, virDomainDefPtr def,
virDomainDiskDefPtr disk) virDomainDiskDefPtr disk)
{ {
virSecuritySELinuxCallbackData cbdata; virSecuritySELinuxCallbackData cbdata;
@ -829,35 +833,35 @@ SELinuxSetSecurityImageLabel(virSecurityManagerPtr mgr,
allowDiskFormatProbing, allowDiskFormatProbing,
true, true,
-1, -1, /* current process uid:gid */ -1, -1, /* current process uid:gid */
SELinuxSetSecurityFileLabel, virSecuritySELinuxSetSecurityFileLabel,
&cbdata); &cbdata);
} }
static int static int
SELinuxSetSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED, virSecuritySELinuxSetSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED,
const char *file, void *opaque) const char *file, void *opaque)
{ {
virDomainDefPtr def = opaque; virDomainDefPtr def = opaque;
const virSecurityLabelDefPtr secdef = &def->seclabel; const virSecurityLabelDefPtr secdef = &def->seclabel;
return SELinuxSetFilecon(file, secdef->imagelabel); return virSecuritySELinuxSetFilecon(file, secdef->imagelabel);
} }
static int static int
SELinuxSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED, virSecuritySELinuxSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
const char *file, void *opaque) const char *file, void *opaque)
{ {
virDomainDefPtr def = opaque; virDomainDefPtr def = opaque;
const virSecurityLabelDefPtr secdef = &def->seclabel; const virSecurityLabelDefPtr secdef = &def->seclabel;
return SELinuxSetFilecon(file, secdef->imagelabel); return virSecuritySELinuxSetFilecon(file, secdef->imagelabel);
} }
static int static int
SELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virSecuritySELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr def, virDomainDefPtr def,
virDomainHostdevDefPtr dev) virDomainHostdevDefPtr dev)
{ {
const virSecurityLabelDefPtr secdef = &def->seclabel; const virSecurityLabelDefPtr secdef = &def->seclabel;
@ -877,7 +881,7 @@ SELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
if (!usb) if (!usb)
goto done; goto done;
ret = usbDeviceFileIterate(usb, SELinuxSetSecurityUSBLabel, def); ret = usbDeviceFileIterate(usb, virSecuritySELinuxSetSecurityUSBLabel, def);
usbFreeDevice(usb); usbFreeDevice(usb);
break; break;
} }
@ -891,7 +895,7 @@ SELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
if (!pci) if (!pci)
goto done; goto done;
ret = pciDeviceFileIterate(pci, SELinuxSetSecurityPCILabel, def); ret = pciDeviceFileIterate(pci, virSecuritySELinuxSetSecurityPCILabel, def);
pciFreeDevice(pci); pciFreeDevice(pci);
break; break;
@ -908,25 +912,25 @@ done:
static int static int
SELinuxRestoreSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED, virSecuritySELinuxRestoreSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED,
const char *file, const char *file,
void *opaque ATTRIBUTE_UNUSED) void *opaque ATTRIBUTE_UNUSED)
{ {
return SELinuxRestoreSecurityFileLabel(file); return virSecuritySELinuxRestoreSecurityFileLabel(file);
} }
static int static int
SELinuxRestoreSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED, virSecuritySELinuxRestoreSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
const char *file, const char *file,
void *opaque ATTRIBUTE_UNUSED) void *opaque ATTRIBUTE_UNUSED)
{ {
return SELinuxRestoreSecurityFileLabel(file); return virSecuritySELinuxRestoreSecurityFileLabel(file);
} }
static int static int
SELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virSecuritySELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr def, virDomainDefPtr def,
virDomainHostdevDefPtr dev) virDomainHostdevDefPtr dev)
{ {
const virSecurityLabelDefPtr secdef = &def->seclabel; const virSecurityLabelDefPtr secdef = &def->seclabel;
@ -946,7 +950,7 @@ SELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
if (!usb) if (!usb)
goto done; goto done;
ret = usbDeviceFileIterate(usb, SELinuxRestoreSecurityUSBLabel, NULL); ret = usbDeviceFileIterate(usb, virSecuritySELinuxRestoreSecurityUSBLabel, NULL);
usbFreeDevice(usb); usbFreeDevice(usb);
break; break;
@ -961,7 +965,7 @@ SELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
if (!pci) if (!pci)
goto done; goto done;
ret = pciDeviceFileIterate(pci, SELinuxRestoreSecurityPCILabel, NULL); ret = pciDeviceFileIterate(pci, virSecuritySELinuxRestoreSecurityPCILabel, NULL);
pciFreeDevice(pci); pciFreeDevice(pci);
break; break;
@ -978,8 +982,8 @@ done:
static int static int
SELinuxSetSecurityChardevLabel(virDomainDefPtr def, virSecuritySELinuxSetSecurityChardevLabel(virDomainDefPtr def,
virDomainChrSourceDefPtr dev) virDomainChrSourceDefPtr dev)
{ {
const virSecurityLabelDefPtr secdef = &def->seclabel; const virSecurityLabelDefPtr secdef = &def->seclabel;
@ -992,7 +996,7 @@ SELinuxSetSecurityChardevLabel(virDomainDefPtr def,
switch (dev->type) { switch (dev->type) {
case VIR_DOMAIN_CHR_TYPE_DEV: case VIR_DOMAIN_CHR_TYPE_DEV:
case VIR_DOMAIN_CHR_TYPE_FILE: case VIR_DOMAIN_CHR_TYPE_FILE:
ret = SELinuxSetFilecon(dev->data.file.path, secdef->imagelabel); ret = virSecuritySELinuxSetFilecon(dev->data.file.path, secdef->imagelabel);
break; break;
case VIR_DOMAIN_CHR_TYPE_PIPE: case VIR_DOMAIN_CHR_TYPE_PIPE:
@ -1002,11 +1006,11 @@ SELinuxSetSecurityChardevLabel(virDomainDefPtr def,
goto done; goto done;
} }
if (virFileExists(in) && virFileExists(out)) { if (virFileExists(in) && virFileExists(out)) {
if ((SELinuxSetFilecon(in, secdef->imagelabel) < 0) || if ((virSecuritySELinuxSetFilecon(in, secdef->imagelabel) < 0) ||
(SELinuxSetFilecon(out, secdef->imagelabel) < 0)) { (virSecuritySELinuxSetFilecon(out, secdef->imagelabel) < 0)) {
goto done; goto done;
} }
} else if (SELinuxSetFilecon(dev->data.file.path, secdef->imagelabel) < 0) { } else if (virSecuritySELinuxSetFilecon(dev->data.file.path, secdef->imagelabel) < 0) {
goto done; goto done;
} }
ret = 0; ret = 0;
@ -1024,8 +1028,8 @@ done:
} }
static int static int
SELinuxRestoreSecurityChardevLabel(virDomainDefPtr def, virSecuritySELinuxRestoreSecurityChardevLabel(virDomainDefPtr def,
virDomainChrSourceDefPtr dev) virDomainChrSourceDefPtr dev)
{ {
const virSecurityLabelDefPtr secdef = &def->seclabel; const virSecurityLabelDefPtr secdef = &def->seclabel;
@ -1038,7 +1042,7 @@ SELinuxRestoreSecurityChardevLabel(virDomainDefPtr def,
switch (dev->type) { switch (dev->type) {
case VIR_DOMAIN_CHR_TYPE_DEV: case VIR_DOMAIN_CHR_TYPE_DEV:
case VIR_DOMAIN_CHR_TYPE_FILE: case VIR_DOMAIN_CHR_TYPE_FILE:
if (SELinuxRestoreSecurityFileLabel(dev->data.file.path) < 0) if (virSecuritySELinuxRestoreSecurityFileLabel(dev->data.file.path) < 0)
goto done; goto done;
ret = 0; ret = 0;
break; break;
@ -1049,11 +1053,11 @@ SELinuxRestoreSecurityChardevLabel(virDomainDefPtr def,
goto done; goto done;
} }
if (virFileExists(in) && virFileExists(out)) { if (virFileExists(in) && virFileExists(out)) {
if ((SELinuxRestoreSecurityFileLabel(out) < 0) || if ((virSecuritySELinuxRestoreSecurityFileLabel(out) < 0) ||
(SELinuxRestoreSecurityFileLabel(in) < 0)) { (virSecuritySELinuxRestoreSecurityFileLabel(in) < 0)) {
goto done; goto done;
} }
} else if (SELinuxRestoreSecurityFileLabel(dev->data.file.path) < 0) { } else if (virSecuritySELinuxRestoreSecurityFileLabel(dev->data.file.path) < 0) {
goto done; goto done;
} }
ret = 0; ret = 0;
@ -1072,23 +1076,23 @@ done:
static int static int
SELinuxRestoreSecurityChardevCallback(virDomainDefPtr def, virSecuritySELinuxRestoreSecurityChardevCallback(virDomainDefPtr def,
virDomainChrDefPtr dev, virDomainChrDefPtr dev,
void *opaque ATTRIBUTE_UNUSED) void *opaque ATTRIBUTE_UNUSED)
{ {
/* This is taken care of by processing of def->serials */ /* This is taken care of by processing of def->serials */
if (dev->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CONSOLE && if (dev->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CONSOLE &&
dev->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL) dev->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL)
return 0; return 0;
return SELinuxRestoreSecurityChardevLabel(def, &dev->source); return virSecuritySELinuxRestoreSecurityChardevLabel(def, &dev->source);
} }
static int static int
SELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def, virSecuritySELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def,
virDomainSmartcardDefPtr dev, virDomainSmartcardDefPtr dev,
void *opaque ATTRIBUTE_UNUSED) void *opaque ATTRIBUTE_UNUSED)
{ {
const char *database; const char *database;
@ -1100,10 +1104,10 @@ SELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def,
database = dev->data.cert.database; database = dev->data.cert.database;
if (!database) if (!database)
database = VIR_DOMAIN_SMARTCARD_DEFAULT_DATABASE; database = VIR_DOMAIN_SMARTCARD_DEFAULT_DATABASE;
return SELinuxRestoreSecurityFileLabel(database); return virSecuritySELinuxRestoreSecurityFileLabel(database);
case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH: case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH:
return SELinuxRestoreSecurityChardevLabel(def, &dev->data.passthru); return virSecuritySELinuxRestoreSecurityChardevLabel(def, &dev->data.passthru);
default: default:
virReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
@ -1117,9 +1121,9 @@ SELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def,
static int static int
SELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr def, virDomainDefPtr def,
int migrated ATTRIBUTE_UNUSED) int migrated ATTRIBUTE_UNUSED)
{ {
const virSecurityLabelDefPtr secdef = &def->seclabel; const virSecurityLabelDefPtr secdef = &def->seclabel;
int i; int i;
@ -1131,45 +1135,45 @@ SELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
return 0; return 0;
for (i = 0 ; i < def->nhostdevs ; i++) { for (i = 0 ; i < def->nhostdevs ; i++) {
if (SELinuxRestoreSecurityHostdevLabel(mgr, if (virSecuritySELinuxRestoreSecurityHostdevLabel(mgr,
def, def,
def->hostdevs[i]) < 0) def->hostdevs[i]) < 0)
rc = -1; rc = -1;
} }
for (i = 0 ; i < def->ndisks ; i++) { for (i = 0 ; i < def->ndisks ; i++) {
if (SELinuxRestoreSecurityImageLabelInt(mgr, if (virSecuritySELinuxRestoreSecurityImageLabelInt(mgr,
def, def,
def->disks[i], def->disks[i],
migrated) < 0) migrated) < 0)
rc = -1; rc = -1;
} }
if (virDomainChrDefForeach(def, if (virDomainChrDefForeach(def,
false, false,
SELinuxRestoreSecurityChardevCallback, virSecuritySELinuxRestoreSecurityChardevCallback,
NULL) < 0) NULL) < 0)
rc = -1; rc = -1;
if (virDomainSmartcardDefForeach(def, if (virDomainSmartcardDefForeach(def,
false, false,
SELinuxRestoreSecuritySmartcardCallback, virSecuritySELinuxRestoreSecuritySmartcardCallback,
NULL) < 0) NULL) < 0)
rc = -1; rc = -1;
if (def->os.kernel && if (def->os.kernel &&
SELinuxRestoreSecurityFileLabel(def->os.kernel) < 0) virSecuritySELinuxRestoreSecurityFileLabel(def->os.kernel) < 0)
rc = -1; rc = -1;
if (def->os.initrd && if (def->os.initrd &&
SELinuxRestoreSecurityFileLabel(def->os.initrd) < 0) virSecuritySELinuxRestoreSecurityFileLabel(def->os.initrd) < 0)
rc = -1; rc = -1;
return rc; return rc;
} }
static int static int
SELinuxReleaseSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virSecuritySELinuxReleaseSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr def) virDomainDefPtr def)
{ {
const virSecurityLabelDefPtr secdef = &def->seclabel; const virSecurityLabelDefPtr secdef = &def->seclabel;
@ -1177,7 +1181,7 @@ SELinuxReleaseSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
if (secdef->label != NULL) { if (secdef->label != NULL) {
context_t con = context_new(secdef->label); context_t con = context_new(secdef->label);
if (con) { if (con) {
mcsRemove(context_range_get(con)); virSecuritySELinuxMCSRemove(context_range_get(con));
context_free(con); context_free(con);
} }
} }
@ -1192,36 +1196,36 @@ SELinuxReleaseSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
static int static int
SELinuxSetSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virSecuritySELinuxSetSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr def, virDomainDefPtr def,
const char *savefile) const char *savefile)
{ {
const virSecurityLabelDefPtr secdef = &def->seclabel; const virSecurityLabelDefPtr secdef = &def->seclabel;
if (secdef->norelabel) if (secdef->norelabel)
return 0; return 0;
return SELinuxSetFilecon(savefile, secdef->imagelabel); return virSecuritySELinuxSetFilecon(savefile, secdef->imagelabel);
} }
static int static int
SELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virSecuritySELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr def, virDomainDefPtr def,
const char *savefile) const char *savefile)
{ {
const virSecurityLabelDefPtr secdef = &def->seclabel; const virSecurityLabelDefPtr secdef = &def->seclabel;
if (secdef->norelabel) if (secdef->norelabel)
return 0; return 0;
return SELinuxRestoreSecurityFileLabel(savefile); return virSecuritySELinuxRestoreSecurityFileLabel(savefile);
} }
static int static int
SELinuxSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virSecuritySELinuxSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr def) virDomainDefPtr def)
{ {
const virSecurityLabelDefPtr secdef = &def->seclabel; const virSecurityLabelDefPtr secdef = &def->seclabel;
if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) { if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
@ -1244,12 +1248,12 @@ SELinuxSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
} }
static int static int
SELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr, virSecuritySELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def) virDomainDefPtr def)
{ {
/* TODO: verify DOI */ /* TODO: verify DOI */
const virSecurityLabelDefPtr secdef = &def->seclabel; const virSecurityLabelDefPtr secdef = &def->seclabel;
VIR_DEBUG("SELinuxSetSecurityProcessLabel %s", secdef->label); VIR_DEBUG("label=%s", secdef->label);
if (def->seclabel.label == NULL) if (def->seclabel.label == NULL)
return 0; return 0;
@ -1276,8 +1280,8 @@ SELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr,
} }
static int static int
SELinuxSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr, virSecuritySELinuxSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def) virDomainDefPtr def)
{ {
/* TODO: verify DOI */ /* TODO: verify DOI */
const virSecurityLabelDefPtr secdef = &def->seclabel; const virSecurityLabelDefPtr secdef = &def->seclabel;
@ -1347,8 +1351,8 @@ done:
} }
static int static int
SELinuxSetSecuritySocketLabel(virSecurityManagerPtr mgr, virSecuritySELinuxSetSecuritySocketLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm) virDomainDefPtr vm)
{ {
const virSecurityLabelDefPtr secdef = &vm->seclabel; const virSecurityLabelDefPtr secdef = &vm->seclabel;
int rc = -1; int rc = -1;
@ -1384,8 +1388,8 @@ done:
} }
static int static int
SELinuxClearSecuritySocketLabel(virSecurityManagerPtr mgr, virSecuritySELinuxClearSecuritySocketLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def) virDomainDefPtr def)
{ {
/* TODO: verify DOI */ /* TODO: verify DOI */
const virSecurityLabelDefPtr secdef = &def->seclabel; const virSecurityLabelDefPtr secdef = &def->seclabel;
@ -1415,23 +1419,23 @@ SELinuxClearSecuritySocketLabel(virSecurityManagerPtr mgr,
static int static int
SELinuxSetSecurityChardevCallback(virDomainDefPtr def, virSecuritySELinuxSetSecurityChardevCallback(virDomainDefPtr def,
virDomainChrDefPtr dev, virDomainChrDefPtr dev,
void *opaque ATTRIBUTE_UNUSED) void *opaque ATTRIBUTE_UNUSED)
{ {
/* This is taken care of by processing of def->serials */ /* This is taken care of by processing of def->serials */
if (dev->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CONSOLE && if (dev->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CONSOLE &&
dev->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL) dev->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL)
return 0; return 0;
return SELinuxSetSecurityChardevLabel(def, &dev->source); return virSecuritySELinuxSetSecurityChardevLabel(def, &dev->source);
} }
static int static int
SELinuxSetSecuritySmartcardCallback(virDomainDefPtr def, virSecuritySELinuxSetSecuritySmartcardCallback(virDomainDefPtr def,
virDomainSmartcardDefPtr dev, virDomainSmartcardDefPtr dev,
void *opaque) void *opaque)
{ {
const char *database; const char *database;
virSecurityManagerPtr mgr = opaque; virSecurityManagerPtr mgr = opaque;
@ -1445,10 +1449,10 @@ SELinuxSetSecuritySmartcardCallback(virDomainDefPtr def,
database = dev->data.cert.database; database = dev->data.cert.database;
if (!database) if (!database)
database = VIR_DOMAIN_SMARTCARD_DEFAULT_DATABASE; database = VIR_DOMAIN_SMARTCARD_DEFAULT_DATABASE;
return SELinuxSetFilecon(database, data->content_context); return virSecuritySELinuxSetFilecon(database, data->content_context);
case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH: case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH:
return SELinuxSetSecurityChardevLabel(def, &dev->data.passthru); return virSecuritySELinuxSetSecurityChardevLabel(def, &dev->data.passthru);
default: default:
virReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
@ -1462,9 +1466,9 @@ SELinuxSetSecuritySmartcardCallback(virDomainDefPtr def,
static int static int
SELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr, virSecuritySELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def, virDomainDefPtr def,
const char *stdin_path) const char *stdin_path)
{ {
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr); virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
const virSecurityLabelDefPtr secdef = &def->seclabel; const virSecurityLabelDefPtr secdef = &def->seclabel;
@ -1480,14 +1484,14 @@ SELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
def->disks[i]->src, def->disks[i]->dst); def->disks[i]->src, def->disks[i]->dst);
continue; continue;
} }
if (SELinuxSetSecurityImageLabel(mgr, if (virSecuritySELinuxSetSecurityImageLabel(mgr,
def, def->disks[i]) < 0) def, def->disks[i]) < 0)
return -1; return -1;
} }
/* XXX fixme process def->fss if relabel == true */ /* XXX fixme process def->fss if relabel == true */
for (i = 0 ; i < def->nhostdevs ; i++) { for (i = 0 ; i < def->nhostdevs ; i++) {
if (SELinuxSetSecurityHostdevLabel(mgr, if (virSecuritySELinuxSetSecurityHostdevLabel(mgr,
def, def,
def->hostdevs[i]) < 0) def->hostdevs[i]) < 0)
return -1; return -1;
@ -1495,26 +1499,26 @@ SELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
if (virDomainChrDefForeach(def, if (virDomainChrDefForeach(def,
true, true,
SELinuxSetSecurityChardevCallback, virSecuritySELinuxSetSecurityChardevCallback,
NULL) < 0) NULL) < 0)
return -1; return -1;
if (virDomainSmartcardDefForeach(def, if (virDomainSmartcardDefForeach(def,
true, true,
SELinuxSetSecuritySmartcardCallback, virSecuritySELinuxSetSecuritySmartcardCallback,
mgr) < 0) mgr) < 0)
return -1; return -1;
if (def->os.kernel && if (def->os.kernel &&
SELinuxSetFilecon(def->os.kernel, data->content_context) < 0) virSecuritySELinuxSetFilecon(def->os.kernel, data->content_context) < 0)
return -1; return -1;
if (def->os.initrd && if (def->os.initrd &&
SELinuxSetFilecon(def->os.initrd, data->content_context) < 0) virSecuritySELinuxSetFilecon(def->os.initrd, data->content_context) < 0)
return -1; return -1;
if (stdin_path) { if (stdin_path) {
if (SELinuxSetFilecon(stdin_path, data->content_context) < 0 && if (virSecuritySELinuxSetFilecon(stdin_path, data->content_context) < 0 &&
virStorageFileIsSharedFSType(stdin_path, virStorageFileIsSharedFSType(stdin_path,
VIR_STORAGE_FILE_SHFS_NFS) != 1) VIR_STORAGE_FILE_SHFS_NFS) != 1)
return -1; return -1;
@ -1524,20 +1528,22 @@ SELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
} }
static int static int
SELinuxSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virSecuritySELinuxSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr def, virDomainDefPtr def,
int fd) int fd)
{ {
const virSecurityLabelDefPtr secdef = &def->seclabel; const virSecurityLabelDefPtr secdef = &def->seclabel;
if (secdef->imagelabel == NULL) if (secdef->imagelabel == NULL)
return 0; return 0;
return SELinuxFSetFilecon(fd, secdef->imagelabel); return virSecuritySELinuxFSetFilecon(fd, secdef->imagelabel);
} }
static char *genImageLabel(virSecurityManagerPtr mgr, static char *
virDomainDefPtr def) { virSecuritySELinuxGenImageLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def)
{
const virSecurityLabelDefPtr secdef = &def->seclabel; const virSecurityLabelDefPtr secdef = &def->seclabel;
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr); virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
const char *range; const char *range;
@ -1558,7 +1564,7 @@ static char *genImageLabel(virSecurityManagerPtr mgr,
virReportOOMError(); virReportOOMError();
goto cleanup; goto cleanup;
} }
label = SELinuxGenNewContext(data->file_context, mcs); label = virSecuritySELinuxGenNewContext(data->file_context, mcs);
if (!label) { if (!label) {
virReportOOMError(); virReportOOMError();
goto cleanup; goto cleanup;
@ -1572,13 +1578,15 @@ cleanup:
return label; return label;
} }
static char *SELinuxGetSecurityMountOptions(virSecurityManagerPtr mgr, static char *
virDomainDefPtr def) { virSecuritySELinuxGetSecurityMountOptions(virSecurityManagerPtr mgr,
virDomainDefPtr def)
{
char *opts = NULL; char *opts = NULL;
const virSecurityLabelDefPtr secdef = &def->seclabel; const virSecurityLabelDefPtr secdef = &def->seclabel;
if (! secdef->imagelabel) if (! secdef->imagelabel)
secdef->imagelabel = genImageLabel(mgr,def); secdef->imagelabel = virSecuritySELinuxGenImageLabel(mgr,def);
if (secdef->imagelabel) { if (secdef->imagelabel) {
virAsprintf(&opts, virAsprintf(&opts,
@ -1586,46 +1594,46 @@ static char *SELinuxGetSecurityMountOptions(virSecurityManagerPtr mgr,
(const char*) secdef->imagelabel); (const char*) secdef->imagelabel);
} }
VIR_DEBUG("SELinuxGetSecurityMountOptions imageLabel %s", secdef->imagelabel); VIR_DEBUG("imageLabel=%s", secdef->imagelabel);
return opts; return opts;
} }
virSecurityDriver virSecurityDriverSELinux = { virSecurityDriver virSecurityDriverSELinux = {
.privateDataLen = sizeof(virSecuritySELinuxData), .privateDataLen = sizeof(virSecuritySELinuxData),
.name = SECURITY_SELINUX_NAME, .name = SECURITY_SELINUX_NAME,
.probe = SELinuxSecurityDriverProbe, .probe = virSecuritySELinuxSecurityDriverProbe,
.open = SELinuxSecurityDriverOpen, .open = virSecuritySELinuxSecurityDriverOpen,
.close = SELinuxSecurityDriverClose, .close = virSecuritySELinuxSecurityDriverClose,
.getModel = SELinuxSecurityGetModel, .getModel = virSecuritySELinuxSecurityGetModel,
.getDOI = SELinuxSecurityGetDOI, .getDOI = virSecuritySELinuxSecurityGetDOI,
.domainSecurityVerify = SELinuxSecurityVerify, .domainSecurityVerify = virSecuritySELinuxSecurityVerify,
.domainSetSecurityImageLabel = SELinuxSetSecurityImageLabel, .domainSetSecurityImageLabel = virSecuritySELinuxSetSecurityImageLabel,
.domainRestoreSecurityImageLabel = SELinuxRestoreSecurityImageLabel, .domainRestoreSecurityImageLabel = virSecuritySELinuxRestoreSecurityImageLabel,
.domainSetSecurityDaemonSocketLabel = SELinuxSetSecurityDaemonSocketLabel, .domainSetSecurityDaemonSocketLabel = virSecuritySELinuxSetSecurityDaemonSocketLabel,
.domainSetSecuritySocketLabel = SELinuxSetSecuritySocketLabel, .domainSetSecuritySocketLabel = virSecuritySELinuxSetSecuritySocketLabel,
.domainClearSecuritySocketLabel = SELinuxClearSecuritySocketLabel, .domainClearSecuritySocketLabel = virSecuritySELinuxClearSecuritySocketLabel,
.domainGenSecurityLabel = SELinuxGenSecurityLabel, .domainGenSecurityLabel = virSecuritySELinuxGenSecurityLabel,
.domainReserveSecurityLabel = SELinuxReserveSecurityLabel, .domainReserveSecurityLabel = virSecuritySELinuxReserveSecurityLabel,
.domainReleaseSecurityLabel = SELinuxReleaseSecurityLabel, .domainReleaseSecurityLabel = virSecuritySELinuxReleaseSecurityLabel,
.domainGetSecurityProcessLabel = SELinuxGetSecurityProcessLabel, .domainGetSecurityProcessLabel = virSecuritySELinuxGetSecurityProcessLabel,
.domainSetSecurityProcessLabel = SELinuxSetSecurityProcessLabel, .domainSetSecurityProcessLabel = virSecuritySELinuxSetSecurityProcessLabel,
.domainSetSecurityAllLabel = SELinuxSetSecurityAllLabel, .domainSetSecurityAllLabel = virSecuritySELinuxSetSecurityAllLabel,
.domainRestoreSecurityAllLabel = SELinuxRestoreSecurityAllLabel, .domainRestoreSecurityAllLabel = virSecuritySELinuxRestoreSecurityAllLabel,
.domainSetSecurityHostdevLabel = SELinuxSetSecurityHostdevLabel, .domainSetSecurityHostdevLabel = virSecuritySELinuxSetSecurityHostdevLabel,
.domainRestoreSecurityHostdevLabel = SELinuxRestoreSecurityHostdevLabel, .domainRestoreSecurityHostdevLabel = virSecuritySELinuxRestoreSecurityHostdevLabel,
.domainSetSavedStateLabel = SELinuxSetSavedStateLabel, .domainSetSavedStateLabel = virSecuritySELinuxSetSavedStateLabel,
.domainRestoreSavedStateLabel = SELinuxRestoreSavedStateLabel, .domainRestoreSavedStateLabel = virSecuritySELinuxRestoreSavedStateLabel,
.domainSetSecurityImageFDLabel = SELinuxSetImageFDLabel, .domainSetSecurityImageFDLabel = virSecuritySELinuxSetImageFDLabel,
.domainGetSecurityMountOptions = SELinuxGetSecurityMountOptions, .domainGetSecurityMountOptions = virSecuritySELinuxGetSecurityMountOptions,
}; };