mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-05 12:35:20 +00:00
security: introduce virSecurityManager(Set|Restore)ChardevLabel
SELinux and DAC drivers already have both functions but they were not exported as public API of security manager. Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
This commit is contained in:
parent
f28ed2e98c
commit
1b4f66ec80
@ -1276,6 +1276,7 @@ virSecurityManagerPreFork;
|
|||||||
virSecurityManagerReleaseLabel;
|
virSecurityManagerReleaseLabel;
|
||||||
virSecurityManagerReserveLabel;
|
virSecurityManagerReserveLabel;
|
||||||
virSecurityManagerRestoreAllLabel;
|
virSecurityManagerRestoreAllLabel;
|
||||||
|
virSecurityManagerRestoreChardevLabel;
|
||||||
virSecurityManagerRestoreDiskLabel;
|
virSecurityManagerRestoreDiskLabel;
|
||||||
virSecurityManagerRestoreHostdevLabel;
|
virSecurityManagerRestoreHostdevLabel;
|
||||||
virSecurityManagerRestoreImageLabel;
|
virSecurityManagerRestoreImageLabel;
|
||||||
@ -1283,6 +1284,7 @@ virSecurityManagerRestoreInputLabel;
|
|||||||
virSecurityManagerRestoreMemoryLabel;
|
virSecurityManagerRestoreMemoryLabel;
|
||||||
virSecurityManagerRestoreSavedStateLabel;
|
virSecurityManagerRestoreSavedStateLabel;
|
||||||
virSecurityManagerSetAllLabel;
|
virSecurityManagerSetAllLabel;
|
||||||
|
virSecurityManagerSetChardevLabel;
|
||||||
virSecurityManagerSetChildProcessLabel;
|
virSecurityManagerSetChildProcessLabel;
|
||||||
virSecurityManagerSetDaemonSocketLabel;
|
virSecurityManagerSetDaemonSocketLabel;
|
||||||
virSecurityManagerSetDiskLabel;
|
virSecurityManagerSetDiskLabel;
|
||||||
|
@ -2155,4 +2155,7 @@ virSecurityDriver virSecurityDriverDAC = {
|
|||||||
.getBaseLabel = virSecurityDACGetBaseLabel,
|
.getBaseLabel = virSecurityDACGetBaseLabel,
|
||||||
|
|
||||||
.domainSetPathLabel = virSecurityDACDomainSetPathLabel,
|
.domainSetPathLabel = virSecurityDACDomainSetPathLabel,
|
||||||
|
|
||||||
|
.domainSetSecurityChardevLabel = virSecurityDACSetChardevLabel,
|
||||||
|
.domainRestoreSecurityChardevLabel = virSecurityDACRestoreChardevLabel,
|
||||||
};
|
};
|
||||||
|
@ -140,6 +140,14 @@ typedef int (*virSecurityDomainRestoreInputLabel) (virSecurityManagerPtr mgr,
|
|||||||
typedef int (*virSecurityDomainSetPathLabel) (virSecurityManagerPtr mgr,
|
typedef int (*virSecurityDomainSetPathLabel) (virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr def,
|
virDomainDefPtr def,
|
||||||
const char *path);
|
const char *path);
|
||||||
|
typedef int (*virSecurityDomainSetChardevLabel) (virSecurityManagerPtr mgr,
|
||||||
|
virDomainDefPtr def,
|
||||||
|
virDomainChrSourceDefPtr dev_source,
|
||||||
|
bool chardevStdioLogd);
|
||||||
|
typedef int (*virSecurityDomainRestoreChardevLabel) (virSecurityManagerPtr mgr,
|
||||||
|
virDomainDefPtr def,
|
||||||
|
virDomainChrSourceDefPtr dev_source,
|
||||||
|
bool chardevStdioLogd);
|
||||||
|
|
||||||
|
|
||||||
struct _virSecurityDriver {
|
struct _virSecurityDriver {
|
||||||
@ -201,6 +209,9 @@ struct _virSecurityDriver {
|
|||||||
virSecurityDriverGetBaseLabel getBaseLabel;
|
virSecurityDriverGetBaseLabel getBaseLabel;
|
||||||
|
|
||||||
virSecurityDomainSetPathLabel domainSetPathLabel;
|
virSecurityDomainSetPathLabel domainSetPathLabel;
|
||||||
|
|
||||||
|
virSecurityDomainSetChardevLabel domainSetSecurityChardevLabel;
|
||||||
|
virSecurityDomainRestoreChardevLabel domainRestoreSecurityChardevLabel;
|
||||||
};
|
};
|
||||||
|
|
||||||
virSecurityDriverPtr virSecurityDriverLookup(const char *name,
|
virSecurityDriverPtr virSecurityDriverLookup(const char *name,
|
||||||
|
@ -1152,3 +1152,43 @@ virSecurityManagerRestoreInputLabel(virSecurityManagerPtr mgr,
|
|||||||
virReportUnsupportedError();
|
virReportUnsupportedError();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int
|
||||||
|
virSecurityManagerSetChardevLabel(virSecurityManagerPtr mgr,
|
||||||
|
virDomainDefPtr def,
|
||||||
|
virDomainChrSourceDefPtr dev_source,
|
||||||
|
bool chardevStdioLogd)
|
||||||
|
{
|
||||||
|
if (mgr->drv->domainSetSecurityChardevLabel) {
|
||||||
|
int ret;
|
||||||
|
virObjectLock(mgr);
|
||||||
|
ret = mgr->drv->domainSetSecurityChardevLabel(mgr, def, dev_source,
|
||||||
|
chardevStdioLogd);
|
||||||
|
virObjectUnlock(mgr);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
virReportUnsupportedError();
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int
|
||||||
|
virSecurityManagerRestoreChardevLabel(virSecurityManagerPtr mgr,
|
||||||
|
virDomainDefPtr def,
|
||||||
|
virDomainChrSourceDefPtr dev_source,
|
||||||
|
bool chardevStdioLogd)
|
||||||
|
{
|
||||||
|
if (mgr->drv->domainRestoreSecurityChardevLabel) {
|
||||||
|
int ret;
|
||||||
|
virObjectLock(mgr);
|
||||||
|
ret = mgr->drv->domainRestoreSecurityChardevLabel(mgr, def, dev_source,
|
||||||
|
chardevStdioLogd);
|
||||||
|
virObjectUnlock(mgr);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
virReportUnsupportedError();
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
@ -184,4 +184,14 @@ int virSecurityManagerDomainSetPathLabel(virSecurityManagerPtr mgr,
|
|||||||
virDomainDefPtr vm,
|
virDomainDefPtr vm,
|
||||||
const char *path);
|
const char *path);
|
||||||
|
|
||||||
|
int virSecurityManagerSetChardevLabel(virSecurityManagerPtr mgr,
|
||||||
|
virDomainDefPtr def,
|
||||||
|
virDomainChrSourceDefPtr dev_source,
|
||||||
|
bool chardevStdioLogd);
|
||||||
|
|
||||||
|
int virSecurityManagerRestoreChardevLabel(virSecurityManagerPtr mgr,
|
||||||
|
virDomainDefPtr def,
|
||||||
|
virDomainChrSourceDefPtr dev_source,
|
||||||
|
bool chardevStdioLogd);
|
||||||
|
|
||||||
#endif /* VIR_SECURITY_MANAGER_H__ */
|
#endif /* VIR_SECURITY_MANAGER_H__ */
|
||||||
|
@ -262,6 +262,23 @@ virSecurityDomainInputLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
virSecurityDomainSetChardevLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||||
|
virDomainDefPtr def ATTRIBUTE_UNUSED,
|
||||||
|
virDomainChrSourceDefPtr dev_source ATTRIBUTE_UNUSED,
|
||||||
|
bool chardevStdioLogd ATTRIBUTE_UNUSED)
|
||||||
|
{
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
virSecurityDomainRestoreChardevLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||||
|
virDomainDefPtr def ATTRIBUTE_UNUSED,
|
||||||
|
virDomainChrSourceDefPtr dev_source ATTRIBUTE_UNUSED,
|
||||||
|
bool chardevStdioLogd ATTRIBUTE_UNUSED)
|
||||||
|
{
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
virSecurityDriver virSecurityDriverNop = {
|
virSecurityDriver virSecurityDriverNop = {
|
||||||
.privateDataLen = 0,
|
.privateDataLen = 0,
|
||||||
@ -314,4 +331,7 @@ virSecurityDriver virSecurityDriverNop = {
|
|||||||
.domainGetSecurityMountOptions = virSecurityDomainGetMountOptionsNop,
|
.domainGetSecurityMountOptions = virSecurityDomainGetMountOptionsNop,
|
||||||
|
|
||||||
.getBaseLabel = virSecurityGetBaseLabel,
|
.getBaseLabel = virSecurityGetBaseLabel,
|
||||||
|
|
||||||
|
.domainSetSecurityChardevLabel = virSecurityDomainSetChardevLabelNop,
|
||||||
|
.domainRestoreSecurityChardevLabel = virSecurityDomainRestoreChardevLabelNop,
|
||||||
};
|
};
|
||||||
|
@ -3095,4 +3095,7 @@ virSecurityDriver virSecurityDriverSELinux = {
|
|||||||
.getBaseLabel = virSecuritySELinuxGetBaseLabel,
|
.getBaseLabel = virSecuritySELinuxGetBaseLabel,
|
||||||
|
|
||||||
.domainSetPathLabel = virSecuritySELinuxDomainSetPathLabel,
|
.domainSetPathLabel = virSecuritySELinuxDomainSetPathLabel,
|
||||||
|
|
||||||
|
.domainSetSecurityChardevLabel = virSecuritySELinuxSetChardevLabel,
|
||||||
|
.domainRestoreSecurityChardevLabel = virSecuritySELinuxRestoreChardevLabel,
|
||||||
};
|
};
|
||||||
|
@ -719,6 +719,46 @@ virSecurityStackDomainSetPathLabel(virSecurityManagerPtr mgr,
|
|||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
virSecurityStackDomainSetChardevLabel(virSecurityManagerPtr mgr,
|
||||||
|
virDomainDefPtr def,
|
||||||
|
virDomainChrSourceDefPtr dev_source,
|
||||||
|
bool chardevStdioLogd)
|
||||||
|
{
|
||||||
|
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
||||||
|
virSecurityStackItemPtr item = priv->itemsHead;
|
||||||
|
int rc = 0;
|
||||||
|
|
||||||
|
for (; item; item = item->next) {
|
||||||
|
if (virSecurityManagerSetChardevLabel(item->securityManager,
|
||||||
|
def, dev_source,
|
||||||
|
chardevStdioLogd) < 0)
|
||||||
|
rc = -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
virSecurityStackDomainRestoreChardevLabel(virSecurityManagerPtr mgr,
|
||||||
|
virDomainDefPtr def,
|
||||||
|
virDomainChrSourceDefPtr dev_source,
|
||||||
|
bool chardevStdioLogd)
|
||||||
|
{
|
||||||
|
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
||||||
|
virSecurityStackItemPtr item = priv->itemsHead;
|
||||||
|
int rc = 0;
|
||||||
|
|
||||||
|
for (; item; item = item->next) {
|
||||||
|
if (virSecurityManagerRestoreChardevLabel(item->securityManager,
|
||||||
|
def, dev_source,
|
||||||
|
chardevStdioLogd) < 0)
|
||||||
|
rc = -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
virSecurityDriver virSecurityDriverStack = {
|
virSecurityDriver virSecurityDriverStack = {
|
||||||
.privateDataLen = sizeof(virSecurityStackData),
|
.privateDataLen = sizeof(virSecurityStackData),
|
||||||
.name = "stack",
|
.name = "stack",
|
||||||
@ -778,4 +818,7 @@ virSecurityDriver virSecurityDriverStack = {
|
|||||||
.getBaseLabel = virSecurityStackGetBaseLabel,
|
.getBaseLabel = virSecurityStackGetBaseLabel,
|
||||||
|
|
||||||
.domainSetPathLabel = virSecurityStackDomainSetPathLabel,
|
.domainSetPathLabel = virSecurityStackDomainSetPathLabel,
|
||||||
|
|
||||||
|
.domainSetSecurityChardevLabel = virSecurityStackDomainSetChardevLabel,
|
||||||
|
.domainRestoreSecurityChardevLabel = virSecurityStackDomainRestoreChardevLabel,
|
||||||
};
|
};
|
||||||
|
Loading…
Reference in New Issue
Block a user