External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-17 07:07:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

security: Rename virSecurityManagerRestoreSavedStateLabel()

Browse Source 
The new name is virSecurityManagerDomainRestorePathLabel().

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
This commit is contained in:
Michal Privoznik 2020-06-17 11:32:53 +02:00
parent bd22eec903
commit 4ccbd207f2
10 changed files with 89 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libvirt_private.syms
View File

@ -1535,6 +1535,7 @@ virSecurityDriverLookup;
# security/security_manager.h
virSecurityManagerCheckAllLabel;
virSecurityManagerClearSocketLabel;
virSecurityManagerDomainRestorePathLabel;
virSecurityManagerDomainSetPathLabel;
virSecurityManagerDomainSetPathLabelRO;
virSecurityManagerGenLabel;
@ -1558,7 +1559,6 @@ virSecurityManagerRestoreHostdevLabel;
virSecurityManagerRestoreImageLabel;
virSecurityManagerRestoreInputLabel;
virSecurityManagerRestoreMemoryLabel;
virSecurityManagerRestoreSavedStateLabel;
virSecurityManagerRestoreTPMLabels;
virSecurityManagerSetAllLabel;
virSecurityManagerSetChardevLabel;

2
src/qemu/qemu_security.c
View File

@ -629,7 +629,7 @@ qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver,
if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
goto cleanup;
if (virSecurityManagerRestoreSavedStateLabel(driver->securityManager,
if (virSecurityManagerDomainRestorePathLabel(driver->securityManager,
vm->def,
savefile) < 0)
goto cleanup;

9
src/security/security_apparmor.c
View File

@ -1069,9 +1069,9 @@ AppArmorSetPathLabel(virSecurityManagerPtr mgr,
}
static int
AppArmorRestoreSavedStateLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
const char *savefile G_GNUC_UNUSED)
AppArmorRestorePathLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
const char *path G_GNUC_UNUSED)
{
return reload_profile(mgr, def, NULL, false);
}
@ -1157,9 +1157,8 @@ virSecurityDriver virAppArmorSecurityDriver = {
.domainSetSecurityHostdevLabel = AppArmorSetSecurityHostdevLabel,
.domainRestoreSecurityHostdevLabel = AppArmorRestoreSecurityHostdevLabel,
.domainRestoreSavedStateLabel = AppArmorRestoreSavedStateLabel,
.domainSetPathLabel = AppArmorSetPathLabel,
.domainRestorePathLabel = AppArmorRestorePathLabel,
.domainSetSecurityChardevLabel = AppArmorSetChardevLabel,
.domainRestoreSecurityChardevLabel = AppArmorRestoreChardevLabel,

26
src/security/security_dac.c
View File

@ -2257,20 +2257,6 @@ virSecurityDACSetAllLabel(virSecurityManagerPtr mgr,
}
static int
virSecurityDACRestoreSavedStateLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def G_GNUC_UNUSED,
const char *savefile)
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
if (!priv->dynamicOwnership)
return 0;
return virSecurityDACRestoreFileLabel(mgr, savefile);
}
static int
virSecurityDACSetProcessLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def)
@ -2570,6 +2556,15 @@ virSecurityDACDomainSetPathLabel(virSecurityManagerPtr mgr,
return virSecurityDACSetOwnership(mgr, NULL, path, user, group, true);
}
static int
virSecurityDACDomainRestorePathLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def G_GNUC_UNUSED,
const char *path)
{
return virSecurityDACRestoreFileLabel(mgr, path);
}
virSecurityDriver virSecurityDriverDAC = {
.privateDataLen = sizeof(virSecurityDACData),
.name = SECURITY_DAC_NAME,
@ -2616,8 +2611,6 @@ virSecurityDriver virSecurityDriverDAC = {
.domainSetSecurityHostdevLabel = virSecurityDACSetHostdevLabel,
.domainRestoreSecurityHostdevLabel = virSecurityDACRestoreHostdevLabel,
.domainRestoreSavedStateLabel = virSecurityDACRestoreSavedStateLabel,
.domainSetSecurityImageFDLabel = virSecurityDACSetImageFDLabel,
.domainSetSecurityTapFDLabel = virSecurityDACSetTapFDLabel,
@ -2626,6 +2619,7 @@ virSecurityDriver virSecurityDriverDAC = {
.getBaseLabel = virSecurityDACGetBaseLabel,
.domainSetPathLabel = virSecurityDACDomainSetPathLabel,
.domainRestorePathLabel = virSecurityDACDomainRestorePathLabel,
.domainSetSecurityChardevLabel = virSecurityDACSetChardevLabel,
.domainRestoreSecurityChardevLabel = virSecurityDACRestoreChardevLabel,

9
src/security/security_driver.h
View File

@ -67,9 +67,6 @@ typedef int (*virSecurityDomainSetHostdevLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
virDomainHostdevDefPtr dev,
const char *vroot);
typedef int (*virSecurityDomainRestoreSavedStateLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
const char *savefile);
typedef int (*virSecurityDomainGenLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr sec);
typedef int (*virSecurityDomainReserveLabel) (virSecurityManagerPtr mgr,
@ -140,6 +137,9 @@ typedef int (*virSecurityDomainSetPathLabel) (virSecurityManagerPtr mgr,
typedef int (*virSecurityDomainSetPathLabelRO) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
const char *path);
typedef int (*virSecurityDomainRestorePathLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
const char *path);
typedef int (*virSecurityDomainSetChardevLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
virDomainChrSourceDefPtr dev_source,
@ -200,8 +200,6 @@ struct _virSecurityDriver {
virSecurityDomainSetHostdevLabel domainSetSecurityHostdevLabel;
virSecurityDomainRestoreHostdevLabel domainRestoreSecurityHostdevLabel;
virSecurityDomainRestoreSavedStateLabel domainRestoreSavedStateLabel;
virSecurityDomainSetImageFDLabel domainSetSecurityImageFDLabel;
virSecurityDomainSetTapFDLabel domainSetSecurityTapFDLabel;
@ -211,6 +209,7 @@ struct _virSecurityDriver {
virSecurityDomainSetPathLabel domainSetPathLabel;
virSecurityDomainSetPathLabelRO domainSetPathLabelRO;
virSecurityDomainRestorePathLabel domainRestorePathLabel;
virSecurityDomainSetChardevLabel domainSetSecurityChardevLabel;
virSecurityDomainRestoreChardevLabel domainRestoreSecurityChardevLabel;

46
src/security/security_manager.c
View File

@ -596,24 +596,6 @@ virSecurityManagerSetHostdevLabel(virSecurityManagerPtr mgr,
}
int
virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
const char *savefile)
{
if (mgr->drv->domainRestoreSavedStateLabel) {
int ret;
virObjectLock(mgr);
ret = mgr->drv->domainRestoreSavedStateLabel(mgr, vm, savefile);
virObjectUnlock(mgr);
return ret;
}
virReportUnsupportedError();
return -1;
}
int
virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm)
@ -1087,6 +1069,34 @@ virSecurityManagerDomainSetPathLabelRO(virSecurityManagerPtr mgr,
return 0;
}
/**
* virSecurityManagerDomainRestorePathLabel:
* @mgr: security manager object
* @vm: domain definition object
* @path: path to restore labels one
*
* This function is a counterpart to virSecurityManagerDomainSetPathLabel() and
* virSecurityManagerDomainSetPathLabelRO() as it restores any labels set by them.
*
* Returns: 0 on success, -1 on error.
*/
int
virSecurityManagerDomainRestorePathLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
const char *path)
{
if (mgr->drv->domainRestorePathLabel) {
int ret;
virObjectLock(mgr);
ret = mgr->drv->domainRestorePathLabel(mgr, vm, path);
virObjectUnlock(mgr);
return ret;
}
return 0;
}
/**
* virSecurityManagerSetMemoryLabel:

8
src/security/security_manager.h
View File

@ -104,9 +104,6 @@ int virSecurityManagerSetHostdevLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
virDomainHostdevDefPtr dev,
const char *vroot);
int virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
const char *savefile);
int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
virDomainDefPtr sec);
int virSecurityManagerReserveLabel(virSecurityManagerPtr mgr,
@ -190,6 +187,11 @@ int virSecurityManagerDomainSetPathLabelRO(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
const char *path);
int virSecurityManagerDomainRestorePathLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
const char *path);
int virSecurityManagerSetChardevLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
virDomainChrSourceDefPtr dev_source,

10
src/security/security_nop.c
View File

@ -94,14 +94,6 @@ virSecurityDomainSetHostdevLabelNop(virSecurityManagerPtr mgr G_GNUC_UNUSED,
return 0;
}
static int
virSecurityDomainRestoreSavedStateLabelNop(virSecurityManagerPtr mgr G_GNUC_UNUSED,
virDomainDefPtr vm G_GNUC_UNUSED,
const char *savefile G_GNUC_UNUSED)
{
return 0;
}
static int
virSecurityDomainGenLabelNop(virSecurityManagerPtr mgr G_GNUC_UNUSED,
virDomainDefPtr sec G_GNUC_UNUSED)
@ -308,8 +300,6 @@ virSecurityDriver virSecurityDriverNop = {
.domainSetSecurityHostdevLabel = virSecurityDomainSetHostdevLabelNop,
.domainRestoreSecurityHostdevLabel = virSecurityDomainRestoreHostdevLabelNop,
.domainRestoreSavedStateLabel = virSecurityDomainRestoreSavedStateLabelNop,
.domainSetSecurityImageFDLabel = virSecurityDomainSetFDLabelNop,
.domainSetSecurityTapFDLabel = virSecurityDomainSetFDLabelNop,

33
src/security/security_selinux.c
View File

@ -2858,21 +2858,6 @@ virSecuritySELinuxReleaseLabel(virSecurityManagerPtr mgr,
}
static int
virSecuritySELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
const char *savefile)
{
virSecurityLabelDefPtr secdef;
secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
if (!secdef || !secdef->relabel)
return 0;
return virSecuritySELinuxRestoreFileLabel(mgr, savefile, true);
}
static int
virSecuritySELinuxVerify(virSecurityManagerPtr mgr G_GNUC_UNUSED,
virDomainDefPtr def)
@ -3428,6 +3413,21 @@ virSecuritySELinuxDomainSetPathLabelRO(virSecurityManagerPtr mgr,
return virSecuritySELinuxSetFilecon(mgr, path, data->content_context, false);
}
static int
virSecuritySELinuxDomainRestorePathLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
const char *path)
{
virSecurityLabelDefPtr secdef;
secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
if (!secdef || !secdef->relabel)
return 0;
return virSecuritySELinuxRestoreFileLabel(mgr, path, true);
}
/*
* virSecuritySELinuxSetFileLabels:
*
@ -3620,8 +3620,6 @@ virSecurityDriver virSecurityDriverSELinux = {
.domainSetSecurityHostdevLabel = virSecuritySELinuxSetHostdevLabel,
.domainRestoreSecurityHostdevLabel = virSecuritySELinuxRestoreHostdevLabel,
.domainRestoreSavedStateLabel = virSecuritySELinuxRestoreSavedStateLabel,
.domainSetSecurityImageFDLabel = virSecuritySELinuxSetImageFDLabel,
.domainSetSecurityTapFDLabel = virSecuritySELinuxSetTapFDLabel,
@ -3630,6 +3628,7 @@ virSecurityDriver virSecurityDriverSELinux = {
.domainSetPathLabel = virSecuritySELinuxDomainSetPathLabel,
.domainSetPathLabelRO = virSecuritySELinuxDomainSetPathLabelRO,
.domainRestorePathLabel = virSecuritySELinuxDomainRestorePathLabel,
.domainSetSecurityChardevLabel = virSecuritySELinuxSetChardevLabel,
.domainRestoreSecurityChardevLabel = virSecuritySELinuxRestoreChardevLabel,

40
src/security/security_stack.c
View File

@ -394,24 +394,6 @@ virSecurityStackRestoreAllLabel(virSecurityManagerPtr mgr,
}
static int
virSecurityStackRestoreSavedStateLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
const char *savefile)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
virSecurityStackItemPtr item = priv->itemsHead;
int rc = 0;
for (; item; item = item->next) {
if (virSecurityManagerRestoreSavedStateLabel(item->securityManager, vm, savefile) < 0)
rc = -1;
}
return rc;
}
static int
virSecurityStackSetProcessLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm)
@ -814,6 +796,25 @@ virSecurityStackDomainSetPathLabelRO(virSecurityManagerPtr mgr,
}
static int
virSecurityStackDomainRestorePathLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
const char *path)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
virSecurityStackItemPtr item = priv->itemsHead;
int rc = 0;
for (; item; item = item->next) {
if (virSecurityManagerDomainRestorePathLabel(item->securityManager,
vm, path) < 0)
rc = -1;
}
return rc;
}
static int
virSecurityStackDomainSetChardevLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
@ -963,8 +964,6 @@ virSecurityDriver virSecurityDriverStack = {
.domainSetSecurityHostdevLabel = virSecurityStackSetHostdevLabel,
.domainRestoreSecurityHostdevLabel = virSecurityStackRestoreHostdevLabel,
.domainRestoreSavedStateLabel = virSecurityStackRestoreSavedStateLabel,
.domainSetSecurityImageFDLabel = virSecurityStackSetImageFDLabel,
.domainSetSecurityTapFDLabel = virSecurityStackSetTapFDLabel,
@ -974,6 +973,7 @@ virSecurityDriver virSecurityDriverStack = {
.domainSetPathLabel = virSecurityStackDomainSetPathLabel,
.domainSetPathLabelRO = virSecurityStackDomainSetPathLabelRO,
.domainRestorePathLabel = virSecurityStackDomainRestorePathLabel,
.domainSetSecurityChardevLabel = virSecurityStackDomainSetChardevLabel,
.domainRestoreSecurityChardevLabel = virSecurityStackDomainRestoreChardevLabel,