External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-02 01:45:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

conf: split security label structs to util/

Browse Source 
In order to reuse the newly-created host-side disk struct in
the virstoragefile backing chain code, I first have to move
it to util/.  This starts the process, by first moving the
security label structures.

* src/conf/domain_conf.h (virDomainDefGenSecurityLabelDef)
(virDomainDiskDefGenSecurityLabelDef, virSecurityLabelDefFree)
(virSecurityDeviceLabelDefFree, virSecurityLabelDef)
(virSecurityDeviceLabelDef): Move...
* src/util/virseclabel.h: ...to new file.
(virSecurityLabelDefNew, virSecurityDeviceLabelDefNew): Rename the
GenSecurity functions.
* src/qemu/qemu_process.c (qemuProcessAttach): Adjust callers.
* src/security/security_manager.c (virSecurityManagerGenLabel):
Likewise.
* src/security/security_selinux.c
(virSecuritySELinuxSetSecurityFileLabel): Likewise.
* src/util/virseclabel.c: New file.
* src/conf/domain_conf.c: Move security code, and fix fallout.
* src/Makefile.am (UTIL_SOURCES): Build new file.
* src/libvirt_private.syms (domain_conf.h): Move symbols...
(virseclabel.h): ...to new section.

Signed-off-by: Eric Blake <eblake@redhat.com>
This commit is contained in:
Eric Blake 2014-03-26 14:09:46 -06:00
parent cbfd9a6170
commit 3e92938656
9 changed files with 161 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Makefile.am
View File

@ -142,6 +142,7 @@ UTIL_SOURCES = \
util/virprocess.c util/virprocess.h \
util/virrandom.h util/virrandom.c \
util/virscsi.c util/virscsi.h \
util/virseclabel.c util/virseclabel.h \
util/virsexpr.c util/virsexpr.h \
util/virsocketaddr.h util/virsocketaddr.c \
util/virstatslinux.c util/virstatslinux.h \

51
src/conf/domain_conf.c
View File

@ -1149,29 +1149,6 @@ virDomainGraphicsListenDefClear(virDomainGraphicsListenDefPtr def)
return;
}
void
virSecurityLabelDefFree(virSecurityLabelDefPtr def)
{
if (!def)
return;
VIR_FREE(def->model);
VIR_FREE(def->label);
VIR_FREE(def->imagelabel);
VIR_FREE(def->baselabel);
VIR_FREE(def);
}
void
virSecurityDeviceLabelDefFree(virSecurityDeviceLabelDefPtr def)
{
if (!def)
return;
VIR_FREE(def->model);
VIR_FREE(def->label);
VIR_FREE(def);
}
void virDomainGraphicsDefFree(virDomainGraphicsDefPtr def)
{
@ -19422,34 +19399,6 @@ virDomainChrDefGetSecurityLabelDef(virDomainChrDefPtr def, const char *model)
return NULL;
}
virSecurityLabelDefPtr
virDomainDefGenSecurityLabelDef(const char *model)
{
virSecurityLabelDefPtr seclabel = NULL;
if (VIR_ALLOC(seclabel) < 0 ||
VIR_STRDUP(seclabel->model, model) < 0) {
virSecurityLabelDefFree(seclabel);
seclabel = NULL;
}
return seclabel;
}
virSecurityDeviceLabelDefPtr
virDomainDiskDefGenSecurityLabelDef(const char *model)
{
virSecurityDeviceLabelDefPtr seclabel = NULL;
if (VIR_ALLOC(seclabel) < 0 ||
VIR_STRDUP(seclabel->model, model) < 0) {
virSecurityDeviceLabelDefFree(seclabel);
seclabel = NULL;
}
return seclabel;
}
typedef struct {
const char *devAlias;

43
src/conf/domain_conf.h
View File

@ -47,6 +47,7 @@
# include "virbitmap.h"
# include "virstoragefile.h"
# include "virnuma.h"
# include "virseclabel.h"
/* forward declarations of all device types, required by
* virDomainDeviceDef
@ -328,39 +329,6 @@ struct _virDomainDeviceInfo {
int bootIndex;
};
enum virDomainSeclabelType {
VIR_DOMAIN_SECLABEL_DEFAULT,
VIR_DOMAIN_SECLABEL_NONE,
VIR_DOMAIN_SECLABEL_DYNAMIC,
VIR_DOMAIN_SECLABEL_STATIC,
VIR_DOMAIN_SECLABEL_LAST
};
/* Security configuration for domain */
typedef struct _virSecurityLabelDef virSecurityLabelDef;
typedef virSecurityLabelDef *virSecurityLabelDefPtr;
struct _virSecurityLabelDef {
char *model; /* name of security model */
char *label; /* security label string */
char *imagelabel; /* security image label string */
char *baselabel; /* base name of label string */
int type; /* virDomainSeclabelType */
bool norelabel;
bool implicit; /* true if seclabel is auto-added */
};
/* Security configuration for domain */
typedef struct _virSecurityDeviceLabelDef virSecurityDeviceLabelDef;
typedef virSecurityDeviceLabelDef *virSecurityDeviceLabelDefPtr;
struct _virSecurityDeviceLabelDef {
char *model;
char *label; /* image label string */
bool norelabel; /* true to skip label attempts */
bool labelskip; /* live-only; true if skipping failed label attempt */
};
typedef struct _virDomainHostdevOrigStates virDomainHostdevOrigStates;
typedef virDomainHostdevOrigStates *virDomainHostdevOrigStatesPtr;
@ -2674,15 +2642,6 @@ virDomainDiskDefGetSecurityLabelDef(virDomainDiskDefPtr def, const char *model);
virSecurityDeviceLabelDefPtr
virDomainChrDefGetSecurityLabelDef(virDomainChrDefPtr def, const char *model);
virSecurityLabelDefPtr
virDomainDefGenSecurityLabelDef(const char *model);
virSecurityDeviceLabelDefPtr
virDomainDiskDefGenSecurityLabelDef(const char *model);
void virSecurityLabelDefFree(virSecurityLabelDefPtr def);
void virSecurityDeviceLabelDefFree(virSecurityDeviceLabelDefPtr def);
typedef const char* (*virEventActionToStringFunc)(int type);
typedef int (*virEventActionFromStringFunc)(const char *type);

11
src/libvirt_private.syms
View File

@ -161,7 +161,6 @@ virDomainDefFindDevice;
virDomainDefFormat;
virDomainDefFormatInternal;
virDomainDefFree;
virDomainDefGenSecurityLabelDef;
virDomainDefGetDefaultEmulator;
virDomainDefGetSecurityLabelDef;
virDomainDefMaybeAddController;
@ -191,7 +190,6 @@ virDomainDiskCopyOnReadTypeToString;
virDomainDiskDefAssignAddress;
virDomainDiskDefForeachPath;
virDomainDiskDefFree;
virDomainDiskDefGenSecurityLabelDef;
virDomainDiskDefGetSecurityLabelDef;
virDomainDiskDeviceTypeToString;
virDomainDiskDiscardTypeToString;
@ -425,8 +423,6 @@ virDomainWatchdogModelTypeFromString;
virDomainWatchdogModelTypeToString;
virDomainXMLOptionGetNamespace;
virDomainXMLOptionNew;
virSecurityDeviceLabelDefFree;
virSecurityLabelDefFree;
# conf/domain_event.h
@ -1778,6 +1774,13 @@ virSCSIDeviceNew;
virSCSIDeviceSetUsedBy;
# util/virseclabel.h
virSecurityDeviceLabelDefFree;
virSecurityDeviceLabelDefNew;
virSecurityLabelDefFree;
virSecurityLabelDefNew;
# util/virsexpr.h
sexpr2string;
sexpr_append;

2
src/qemu/qemu_process.c
View File

@ -4582,7 +4582,7 @@ int qemuProcessAttach(virConnectPtr conn ATTRIBUTE_UNUSED,
model = virSecurityManagerGetModel(sec_managers[i]);
seclabeldef = virDomainDefGetSecurityLabelDef(vm->def, model);
if (seclabeldef == NULL) {
if (!(seclabeldef = virDomainDefGenSecurityLabelDef(model)))
if (!(seclabeldef = virSecurityLabelDefNew(model)))
goto error;
seclabelgen = true;
}

2
src/security/security_manager.c
View File

@ -485,7 +485,7 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
generated = false;
seclabel = virDomainDefGetSecurityLabelDef(vm, sec_managers[i]->drv->name);
if (!seclabel) {
if (!(seclabel = virDomainDefGenSecurityLabelDef(sec_managers[i]->drv->name)))
if (!(seclabel = virSecurityLabelDefNew(sec_managers[i]->drv->name)))
goto cleanup;
generated = seclabel->implicit = true;
}

2
src/security/security_selinux.c
View File

@ -1233,7 +1233,7 @@ virSecuritySELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
if (ret == 1 && !disk_seclabel) {
/* If we failed to set a label, but virt_use_nfs let us
* proceed anyway, then we don't need to relabel later. */
disk_seclabel = virDomainDiskDefGenSecurityLabelDef(SECURITY_SELINUX_NAME);
disk_seclabel = virSecurityDeviceLabelDefNew(SECURITY_SELINUX_NAME);
if (!disk_seclabel)
return -1;
disk_seclabel->labelskip = true;

82
src/util/virseclabel.c Normal file
View File

@ -0,0 +1,82 @@
/*
* virseclabel.c: security label utility functions
*
* Copyright (C) 2006-2014 Red Hat, Inc.
* Copyright (C) 2006-2008 Daniel P. Berrange
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see
* <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include "internal.h"
#include "viralloc.h"
#include "virseclabel.h"
#include "virstring.h"
#define VIR_FROM_THIS VIR_FROM_NONE
void
virSecurityLabelDefFree(virSecurityLabelDefPtr def)
{
if (!def)
return;
VIR_FREE(def->model);
VIR_FREE(def->label);
VIR_FREE(def->imagelabel);
VIR_FREE(def->baselabel);
VIR_FREE(def);
}
void
virSecurityDeviceLabelDefFree(virSecurityDeviceLabelDefPtr def)
{
if (!def)
return;
VIR_FREE(def->model);
VIR_FREE(def->label);
VIR_FREE(def);
}
virSecurityLabelDefPtr
virSecurityLabelDefNew(const char *model)
{
virSecurityLabelDefPtr seclabel = NULL;
if (VIR_ALLOC(seclabel) < 0 ||
VIR_STRDUP(seclabel->model, model) < 0) {
virSecurityLabelDefFree(seclabel);
seclabel = NULL;
}
return seclabel;
}
virSecurityDeviceLabelDefPtr
virSecurityDeviceLabelDefNew(const char *model)
{
virSecurityDeviceLabelDefPtr seclabel = NULL;
if (VIR_ALLOC(seclabel) < 0 ||
VIR_STRDUP(seclabel->model, model) < 0) {
virSecurityDeviceLabelDefFree(seclabel);
seclabel = NULL;
}
return seclabel;
}

67
src/util/virseclabel.h Normal file
View File

@ -0,0 +1,67 @@
/*
* virseclabel.h: security label utility functions
*
* Copyright (C) 2006-2014 Red Hat, Inc.
* Copyright (C) 2006-2008 Daniel P. Berrange
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see
* <http://www.gnu.org/licenses/>.
*/
#ifndef __SECLABEL_H
# define __SECLABEL_H
enum virDomainSeclabelType {
VIR_DOMAIN_SECLABEL_DEFAULT,
VIR_DOMAIN_SECLABEL_NONE,
VIR_DOMAIN_SECLABEL_DYNAMIC,
VIR_DOMAIN_SECLABEL_STATIC,
VIR_DOMAIN_SECLABEL_LAST
};
/* Security configuration for domain */
typedef struct _virSecurityLabelDef virSecurityLabelDef;
typedef virSecurityLabelDef *virSecurityLabelDefPtr;
struct _virSecurityLabelDef {
char *model; /* name of security model */
char *label; /* security label string */
char *imagelabel; /* security image label string */
char *baselabel; /* base name of label string */
int type; /* virDomainSeclabelType */
bool norelabel;
bool implicit; /* true if seclabel is auto-added */
};
/* Security configuration for domain */
typedef struct _virSecurityDeviceLabelDef virSecurityDeviceLabelDef;
typedef virSecurityDeviceLabelDef *virSecurityDeviceLabelDefPtr;
struct _virSecurityDeviceLabelDef {
char *model;
char *label; /* image label string */
bool norelabel; /* true to skip label attempts */
bool labelskip; /* live-only; true if skipping failed label attempt */
};
virSecurityLabelDefPtr
virSecurityLabelDefNew(const char *model);
virSecurityDeviceLabelDefPtr
virSecurityDeviceLabelDefNew(const char *model);
void virSecurityLabelDefFree(virSecurityLabelDefPtr def);
void virSecurityDeviceLabelDefFree(virSecurityDeviceLabelDefPtr def);
#endif /* __SECLABEL_H */