mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-11 07:17:44 +00:00
Refactor SELinux security driver hostdev labelling
Prepare to support different types of hostdevs by refactoring the current SELinux security driver code Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
parent
df5928ea56
commit
570ad09ef9
@ -1158,26 +1158,15 @@ virSecuritySELinuxSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
|
||||
return virSecuritySELinuxSetFilecon(file, secdef->imagelabel);
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
virSecuritySELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||
virDomainDefPtr def,
|
||||
virSecuritySELinuxSetSecurityHostdevSubsysLabel(virDomainDefPtr def,
|
||||
virDomainHostdevDefPtr dev,
|
||||
const char *vroot)
|
||||
|
||||
{
|
||||
virSecurityLabelDefPtr secdef;
|
||||
int ret = -1;
|
||||
|
||||
secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
|
||||
if (secdef == NULL)
|
||||
return -1;
|
||||
|
||||
if (secdef->norelabel)
|
||||
return 0;
|
||||
|
||||
if (dev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
|
||||
return 0;
|
||||
|
||||
switch (dev->source.subsys.type) {
|
||||
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: {
|
||||
usbDevice *usb;
|
||||
@ -1221,6 +1210,32 @@ done:
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
virSecuritySELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||
virDomainDefPtr def,
|
||||
virDomainHostdevDefPtr dev,
|
||||
const char *vroot)
|
||||
|
||||
{
|
||||
virSecurityLabelDefPtr secdef;
|
||||
|
||||
secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
|
||||
if (secdef == NULL)
|
||||
return -1;
|
||||
|
||||
if (secdef->norelabel)
|
||||
return 0;
|
||||
|
||||
switch (dev->mode) {
|
||||
case VIR_DOMAIN_HOSTDEV_MODE_SUBSYS:
|
||||
return virSecuritySELinuxSetSecurityHostdevSubsysLabel(def, dev, vroot);
|
||||
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
virSecuritySELinuxRestoreSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED,
|
||||
const char *file,
|
||||
@ -1237,26 +1252,14 @@ virSecuritySELinuxRestoreSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
|
||||
return virSecuritySELinuxRestoreSecurityFileLabel(file);
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
virSecuritySELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||
virDomainDefPtr def,
|
||||
virDomainHostdevDefPtr dev,
|
||||
virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(virDomainHostdevDefPtr dev,
|
||||
const char *vroot)
|
||||
|
||||
{
|
||||
virSecurityLabelDefPtr secdef;
|
||||
int ret = -1;
|
||||
|
||||
secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
|
||||
if (secdef == NULL)
|
||||
return -1;
|
||||
|
||||
if (secdef->norelabel)
|
||||
return 0;
|
||||
|
||||
if (dev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
|
||||
return 0;
|
||||
|
||||
switch (dev->source.subsys.type) {
|
||||
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: {
|
||||
usbDevice *usb;
|
||||
@ -1301,6 +1304,32 @@ done:
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
virSecuritySELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||
virDomainDefPtr def,
|
||||
virDomainHostdevDefPtr dev,
|
||||
const char *vroot)
|
||||
|
||||
{
|
||||
virSecurityLabelDefPtr secdef;
|
||||
|
||||
secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
|
||||
if (secdef == NULL)
|
||||
return -1;
|
||||
|
||||
if (secdef->norelabel)
|
||||
return 0;
|
||||
|
||||
switch (dev->mode) {
|
||||
case VIR_DOMAIN_HOSTDEV_MODE_SUBSYS:
|
||||
return virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(dev, vroot);
|
||||
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
virSecuritySELinuxSetSecurityChardevLabel(virDomainDefPtr def,
|
||||
virDomainChrDefPtr dev,
|
||||
|
Loading…
Reference in New Issue
Block a user