mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-23 22:25:25 +00:00
security: add new internal function "virSecurityManagerGetBaseLabel"
virSecurityManagerGetBaseLabel queries the default settings used by a security model. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
parent
4387132f31
commit
64a68a4a09
@ -842,6 +842,7 @@ virSecurityDriverLookup;
|
||||
# security/security_manager.h
|
||||
virSecurityManagerClearSocketLabel;
|
||||
virSecurityManagerGenLabel;
|
||||
virSecurityManagerGetBaseLabel;
|
||||
virSecurityManagerGetDOI;
|
||||
virSecurityManagerGetModel;
|
||||
virSecurityManagerGetMountOptions;
|
||||
|
@ -931,6 +931,12 @@ AppArmorGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||
return opts;
|
||||
}
|
||||
|
||||
static const char *
|
||||
AppArmorGetBaseLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||
int virtType ATTRIBUTE_UNUSED)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
virSecurityDriver virAppArmorSecurityDriver = {
|
||||
.privateDataLen = 0,
|
||||
@ -972,4 +978,6 @@ virSecurityDriver virAppArmorSecurityDriver = {
|
||||
.domainSetSecurityTapFDLabel = AppArmorSetFDLabel,
|
||||
|
||||
.domainGetSecurityMountOptions = AppArmorGetMountOptions,
|
||||
|
||||
.getBaseLabel = AppArmoryGetBaseLabel,
|
||||
};
|
||||
|
@ -1174,6 +1174,14 @@ virSecurityDACGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static const char *
|
||||
virSecurityDACGetBaseLabel(virSecurityManagerPtr mgr,
|
||||
int virt ATTRIBUTE_UNUSED)
|
||||
{
|
||||
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
||||
return priv->baselabel;
|
||||
}
|
||||
|
||||
virSecurityDriver virSecurityDriverDAC = {
|
||||
.privateDataLen = sizeof(virSecurityDACData),
|
||||
.name = SECURITY_DAC_NAME,
|
||||
@ -1216,4 +1224,6 @@ virSecurityDriver virSecurityDriverDAC = {
|
||||
.domainSetSecurityTapFDLabel = virSecurityDACSetTapFDLabel,
|
||||
|
||||
.domainGetSecurityMountOptions = virSecurityDACGetMountOptions,
|
||||
|
||||
.getBaseLabel = virSecurityDACGetBaseLabel,
|
||||
};
|
||||
|
@ -46,6 +46,8 @@ typedef int (*virSecurityDriverClose) (virSecurityManagerPtr mgr);
|
||||
|
||||
typedef const char *(*virSecurityDriverGetModel) (virSecurityManagerPtr mgr);
|
||||
typedef const char *(*virSecurityDriverGetDOI) (virSecurityManagerPtr mgr);
|
||||
typedef const char *(*virSecurityDriverGetBaseLabel) (virSecurityManagerPtr mgr,
|
||||
int virtType);
|
||||
|
||||
typedef int (*virSecurityDriverPreFork) (virSecurityManagerPtr mgr);
|
||||
|
||||
@ -154,6 +156,8 @@ struct _virSecurityDriver {
|
||||
|
||||
virSecurityDomainGetMountOptions domainGetSecurityMountOptions;
|
||||
virSecurityDomainSetHugepages domainSetSecurityHugepages;
|
||||
|
||||
virSecurityDriverGetBaseLabel getBaseLabel;
|
||||
};
|
||||
|
||||
virSecurityDriverPtr virSecurityDriverLookup(const char *name,
|
||||
|
@ -275,6 +275,21 @@ virSecurityManagerGetModel(virSecurityManagerPtr mgr)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* return NULL if a base label is not present */
|
||||
const char *
|
||||
virSecurityManagerGetBaseLabel(virSecurityManagerPtr mgr, int virtType)
|
||||
{
|
||||
if (mgr->drv->getBaseLabel) {
|
||||
const char *ret;
|
||||
virObjectLock(mgr);
|
||||
ret = mgr->drv->getBaseLabel(mgr, virtType);
|
||||
virObjectUnlock(mgr);
|
||||
return ret;
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr)
|
||||
{
|
||||
return mgr->allowDiskFormatProbing;
|
||||
|
@ -55,6 +55,8 @@ void *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr);
|
||||
const char *virSecurityManagerGetDriver(virSecurityManagerPtr mgr);
|
||||
const char *virSecurityManagerGetDOI(virSecurityManagerPtr mgr);
|
||||
const char *virSecurityManagerGetModel(virSecurityManagerPtr mgr);
|
||||
const char *virSecurityManagerGetBaseLabel(virSecurityManagerPtr mgr, int virtType);
|
||||
|
||||
bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr);
|
||||
bool virSecurityManagerGetDefaultConfined(virSecurityManagerPtr mgr);
|
||||
bool virSecurityManagerGetRequireConfined(virSecurityManagerPtr mgr);
|
||||
|
@ -186,6 +186,14 @@ static char *virSecurityDomainGetMountOptionsNop(virSecurityManagerPtr mgr ATTRI
|
||||
return opts;
|
||||
}
|
||||
|
||||
static const char *
|
||||
virSecurityGetBaseLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||
int virtType ATTRIBUTE_UNUSED)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
virSecurityDriver virSecurityDriverNop = {
|
||||
.privateDataLen = 0,
|
||||
.name = "none",
|
||||
@ -226,4 +234,6 @@ virSecurityDriver virSecurityDriverNop = {
|
||||
.domainSetSecurityTapFDLabel = virSecurityDomainSetFDLabelNop,
|
||||
|
||||
.domainGetSecurityMountOptions = virSecurityDomainGetMountOptionsNop,
|
||||
|
||||
.getBaseLabel = virSecurityGetBaseLabel,
|
||||
};
|
||||
|
@ -1830,6 +1830,17 @@ virSecuritySELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def,
|
||||
}
|
||||
|
||||
|
||||
static const char *
|
||||
virSecuritySELinuxGetBaseLabel(virSecurityManagerPtr mgr, int virtType)
|
||||
{
|
||||
virSecuritySELinuxDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
||||
if (virtType == VIR_DOMAIN_VIRT_QEMU && priv->alt_domain_context)
|
||||
return priv->alt_domain_context;
|
||||
else
|
||||
return priv->domain_context;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
|
||||
virDomainDefPtr def,
|
||||
@ -2477,4 +2488,5 @@ virSecurityDriver virSecurityDriverSELinux = {
|
||||
.domainSetSecurityTapFDLabel = virSecuritySELinuxSetTapFDLabel,
|
||||
|
||||
.domainGetSecurityMountOptions = virSecuritySELinuxGetSecurityMountOptions,
|
||||
.getBaseLabel = virSecuritySELinuxGetBaseLabel,
|
||||
};
|
||||
|
@ -555,6 +555,13 @@ virSecurityStackGetNested(virSecurityManagerPtr mgr)
|
||||
return list;
|
||||
}
|
||||
|
||||
static const char *
|
||||
virSecurityStackGetBaseLabel(virSecurityManagerPtr mgr, int virtType)
|
||||
{
|
||||
return virSecurityManagerGetBaseLabel(virSecurityStackGetPrimary(mgr),
|
||||
virtType);
|
||||
}
|
||||
|
||||
virSecurityDriver virSecurityDriverStack = {
|
||||
.privateDataLen = sizeof(virSecurityStackData),
|
||||
.name = "stack",
|
||||
@ -599,4 +606,6 @@ virSecurityDriver virSecurityDriverStack = {
|
||||
.domainGetSecurityMountOptions = virSecurityStackGetMountOptions,
|
||||
|
||||
.domainSetSecurityHugepages = virSecurityStackSetHugepages,
|
||||
|
||||
.getBaseLabel = virSecurityStackGetBaseLabel,
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user