mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-03-07 17:28:15 +00:00
smartcard: enable SELinux support
* src/security/security_selinux.c (SELinuxRestoreSecuritySmartcardCallback) (SELinuxSetSecuritySmartcardCallback): New helper functions. (SELinuxRestoreSecurityAllLabel, SELinuxSetSecurityAllLabel): Use them.
This commit is contained in:
parent
7a2f29e4f9
commit
32e52134ff
@ -808,6 +808,38 @@ SELinuxRestoreSecurityChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
SELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
|
||||
virDomainSmartcardDefPtr dev,
|
||||
void *opaque)
|
||||
{
|
||||
virDomainObjPtr vm = opaque;
|
||||
const char *database;
|
||||
|
||||
switch (dev->type) {
|
||||
case VIR_DOMAIN_SMARTCARD_TYPE_HOST:
|
||||
break;
|
||||
|
||||
case VIR_DOMAIN_SMARTCARD_TYPE_HOST_CERTIFICATES:
|
||||
database = dev->data.cert.database;
|
||||
if (!database)
|
||||
database = VIR_DOMAIN_SMARTCARD_DEFAULT_DATABASE;
|
||||
return SELinuxRestoreSecurityFileLabel(database);
|
||||
|
||||
case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH:
|
||||
return SELinuxRestoreSecurityChardevLabel(vm, &dev->data.passthru);
|
||||
|
||||
default:
|
||||
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
|
||||
_("unknown smartcard type %d"),
|
||||
dev->type);
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
SELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||
virDomainObjPtr vm,
|
||||
@ -842,6 +874,12 @@ SELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||
vm) < 0)
|
||||
rc = -1;
|
||||
|
||||
if (virDomainSmartcardDefForeach(vm->def,
|
||||
false,
|
||||
SELinuxRestoreSecuritySmartcardCallback,
|
||||
vm) < 0)
|
||||
rc = -1;
|
||||
|
||||
if (vm->def->os.kernel &&
|
||||
SELinuxRestoreSecurityFileLabel(vm->def->os.kernel) < 0)
|
||||
rc = -1;
|
||||
@ -1073,6 +1111,38 @@ SELinuxSetSecurityChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
SELinuxSetSecuritySmartcardCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
|
||||
virDomainSmartcardDefPtr dev,
|
||||
void *opaque)
|
||||
{
|
||||
virDomainObjPtr vm = opaque;
|
||||
const char *database;
|
||||
|
||||
switch (dev->type) {
|
||||
case VIR_DOMAIN_SMARTCARD_TYPE_HOST:
|
||||
break;
|
||||
|
||||
case VIR_DOMAIN_SMARTCARD_TYPE_HOST_CERTIFICATES:
|
||||
database = dev->data.cert.database;
|
||||
if (!database)
|
||||
database = VIR_DOMAIN_SMARTCARD_DEFAULT_DATABASE;
|
||||
return SELinuxSetFilecon(database, default_content_context);
|
||||
|
||||
case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH:
|
||||
return SELinuxSetSecurityChardevLabel(vm, &dev->data.passthru);
|
||||
|
||||
default:
|
||||
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
|
||||
_("unknown smartcard type %d"),
|
||||
dev->type);
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
SELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
|
||||
virDomainObjPtr vm,
|
||||
@ -1108,6 +1178,12 @@ SELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
|
||||
vm) < 0)
|
||||
return -1;
|
||||
|
||||
if (virDomainSmartcardDefForeach(vm->def,
|
||||
true,
|
||||
SELinuxSetSecuritySmartcardCallback,
|
||||
vm) < 0)
|
||||
return -1;
|
||||
|
||||
if (vm->def->os.kernel &&
|
||||
SELinuxSetFilecon(vm->def->os.kernel, default_content_context) < 0)
|
||||
return -1;
|
||||
|
Loading…
x
Reference in New Issue
Block a user