External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-22 12:35:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove bogus virSecurityManagerSetProcessFDLabel method

Browse Source 
The virSecurityManagerSetProcessFDLabel method was introduced
after a mis-understanding from a conversation about SELinux
socket labelling. The virSecurityManagerSetSocketLabel method
should have been used for all such scenarios.

* src/security/security_apparmor.c, src/security/security_apparmor.c,
  src/security/security_driver.h, src/security/security_manager.c,
  src/security/security_manager.h, src/security/security_selinux.c,
  src/security/security_stack.c: Remove SetProcessFDLabel driver
This commit is contained in:
Daniel P. Berrange 2011-08-30 12:31:03 -04:00
parent 64bdec3841
commit 183383889a
7 changed files with 0 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
src/security/security_apparmor.c
View File

@ -799,34 +799,6 @@ AppArmorSetImageFDLabel(virSecurityManagerPtr mgr,
return reload_profile(mgr, vm, fd_path, true);
}
static int
AppArmorSetProcessFDLabel(virSecurityManagerPtr mgr,
virDomainObjPtr vm,
int fd)
{
int rc = -1;
char *proc = NULL;
char *fd_path = NULL;
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
if (secdef->imagelabel == NULL)
return 0;
if (virAsprintf(&proc, "/proc/self/fd/%d", fd) == -1) {
virReportOOMError();
return rc;
}
if (virFileResolveLink(proc, &fd_path) < 0) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("could not find path for descriptor"));
return rc;
}
return reload_profile(mgr, vm, fd_path, true);
}
virSecurityDriver virAppArmorSecurityDriver = {
0,
SECURITY_APPARMOR_NAME,
@ -863,5 +835,4 @@ virSecurityDriver virAppArmorSecurityDriver = {
AppArmorRestoreSavedStateLabel,
AppArmorSetImageFDLabel,
AppArmorSetProcessFDLabel,
};

9
src/security/security_dac.c
View File

@ -697,14 +697,6 @@ virSecurityDACSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
return 0;
}
static int
virSecurityDACSetProcessFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainObjPtr vm ATTRIBUTE_UNUSED,
int fd ATTRIBUTE_UNUSED)
{
return 0;
}
virSecurityDriver virSecurityDriverDAC = {
sizeof(virSecurityDACData),
@ -743,5 +735,4 @@ virSecurityDriver virSecurityDriverDAC = {
virSecurityDACRestoreSavedStateLabel,
virSecurityDACSetImageFDLabel,
virSecurityDACSetProcessFDLabel,
};

4
src/security/security_driver.h
View File

@ -84,9 +84,6 @@ typedef int (*virSecurityDomainSecurityVerify) (virSecurityManagerPtr mgr,
typedef int (*virSecurityDomainSetImageFDLabel) (virSecurityManagerPtr mgr,
virDomainObjPtr vm,
int fd);
typedef int (*virSecurityDomainSetProcessFDLabel) (virSecurityManagerPtr mgr,
virDomainObjPtr vm,
int fd);
struct _virSecurityDriver {
size_t privateDataLen;
@ -124,7 +121,6 @@ struct _virSecurityDriver {
virSecurityDomainRestoreSavedStateLabel domainRestoreSavedStateLabel;
virSecurityDomainSetImageFDLabel domainSetSecurityImageFDLabel;
virSecurityDomainSetProcessFDLabel domainSetSecurityProcessFDLabel;
};
virSecurityDriverPtr virSecurityDriverLookup(const char *name);

11
src/security/security_manager.c
View File

@ -346,14 +346,3 @@ int virSecurityManagerSetImageFDLabel(virSecurityManagerPtr mgr,
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}
int virSecurityManagerSetProcessFDLabel(virSecurityManagerPtr mgr,
virDomainObjPtr vm,
int fd)
{
if (mgr->drv->domainSetSecurityProcessFDLabel)
return mgr->drv->domainSetSecurityProcessFDLabel(mgr, vm, fd);
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}

3
src/security/security_manager.h
View File

@ -96,8 +96,5 @@ int virSecurityManagerVerify(virSecurityManagerPtr mgr,
int virSecurityManagerSetImageFDLabel(virSecurityManagerPtr mgr,
virDomainObjPtr vm,
int fd);
int virSecurityManagerSetProcessFDLabel(virSecurityManagerPtr mgr,
virDomainObjPtr vm,
int fd);
#endif /* VIR_SECURITY_MANAGER_H__ */

14
src/security/security_selinux.c
View File

@ -1321,19 +1321,6 @@ SELinuxSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
return SELinuxFSetFilecon(fd, secdef->imagelabel);
}
static int
SELinuxSetProcessFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainObjPtr vm,
int fd)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
if (secdef->label == NULL)
return 0;
return SELinuxFSetFilecon(fd, secdef->label);
}
virSecurityDriver virSecurityDriverSELinux = {
0,
SECURITY_SELINUX_NAME,
@ -1370,5 +1357,4 @@ virSecurityDriver virSecurityDriverSELinux = {
SELinuxRestoreSavedStateLabel,
SELinuxSetImageFDLabel,
SELinuxSetProcessFDLabel,
};

18
src/security/security_stack.c
View File

@ -402,23 +402,6 @@ virSecurityStackSetImageFDLabel(virSecurityManagerPtr mgr,
}
static int
virSecurityStackSetProcessFDLabel(virSecurityManagerPtr mgr,
virDomainObjPtr vm,
int fd)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
int rc = 0;
if (virSecurityManagerSetProcessFDLabel(priv->secondary, vm, fd) < 0)
rc = -1;
if (virSecurityManagerSetProcessFDLabel(priv->primary, vm, fd) < 0)
rc = -1;
return rc;
}
virSecurityDriver virSecurityDriverStack = {
sizeof(virSecurityStackData),
"stack",
@ -455,5 +438,4 @@ virSecurityDriver virSecurityDriverStack = {
virSecurityStackRestoreSavedStateLabel,
virSecurityStackSetImageFDLabel,
virSecurityStackSetProcessFDLabel,
};