mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-11 15:27:47 +00:00
security: add new internal function "virSecurityManagerGetBaseLabel"
virSecurityManagerGetBaseLabel queries the default settings used by a security model. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano
Eric Blake
parent
4387132f31
commit
64a68a4a09
@ -842,6 +842,7 @@ virSecurityDriverLookup;
|
|||||||
# security/security_manager.h
|
# security/security_manager.h
|
||||||
virSecurityManagerClearSocketLabel;
|
virSecurityManagerClearSocketLabel;
|
||||||
virSecurityManagerGenLabel;
|
virSecurityManagerGenLabel;
|
||||||
|
virSecurityManagerGetBaseLabel;
|
||||||
virSecurityManagerGetDOI;
|
virSecurityManagerGetDOI;
|
||||||
virSecurityManagerGetModel;
|
virSecurityManagerGetModel;
|
||||||
virSecurityManagerGetMountOptions;
|
virSecurityManagerGetMountOptions;
|
||||||
|
|||||||
@ -931,6 +931,12 @@ AppArmorGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
|||||||
return opts;
|
return opts;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static const char *
|
||||||
|
AppArmorGetBaseLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||||
|
int virtType ATTRIBUTE_UNUSED)
|
||||||
|
{
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
virSecurityDriver virAppArmorSecurityDriver = {
|
virSecurityDriver virAppArmorSecurityDriver = {
|
||||||
.privateDataLen = 0,
|
.privateDataLen = 0,
|
||||||
@ -972,4 +978,6 @@ virSecurityDriver virAppArmorSecurityDriver = {
|
|||||||
.domainSetSecurityTapFDLabel = AppArmorSetFDLabel,
|
.domainSetSecurityTapFDLabel = AppArmorSetFDLabel,
|
||||||
|
|
||||||
.domainGetSecurityMountOptions = AppArmorGetMountOptions,
|
.domainGetSecurityMountOptions = AppArmorGetMountOptions,
|
||||||
|
|
||||||
|
.getBaseLabel = AppArmoryGetBaseLabel,
|
||||||
};
|
};
|
||||||
|
|||||||
@ -1174,6 +1174,14 @@ virSecurityDACGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static const char *
|
||||||
|
virSecurityDACGetBaseLabel(virSecurityManagerPtr mgr,
|
||||||
|
int virt ATTRIBUTE_UNUSED)
|
||||||
|
{
|
||||||
|
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
||||||
|
return priv->baselabel;
|
||||||
|
}
|
||||||
|
|
||||||
virSecurityDriver virSecurityDriverDAC = {
|
virSecurityDriver virSecurityDriverDAC = {
|
||||||
.privateDataLen = sizeof(virSecurityDACData),
|
.privateDataLen = sizeof(virSecurityDACData),
|
||||||
.name = SECURITY_DAC_NAME,
|
.name = SECURITY_DAC_NAME,
|
||||||
@ -1216,4 +1224,6 @@ virSecurityDriver virSecurityDriverDAC = {
|
|||||||
.domainSetSecurityTapFDLabel = virSecurityDACSetTapFDLabel,
|
.domainSetSecurityTapFDLabel = virSecurityDACSetTapFDLabel,
|
||||||
|
|
||||||
.domainGetSecurityMountOptions = virSecurityDACGetMountOptions,
|
.domainGetSecurityMountOptions = virSecurityDACGetMountOptions,
|
||||||
|
|
||||||
|
.getBaseLabel = virSecurityDACGetBaseLabel,
|
||||||
};
|
};
|
||||||
|
|||||||
@ -46,6 +46,8 @@ typedef int (*virSecurityDriverClose) (virSecurityManagerPtr mgr);
|
|||||||
|
|
||||||
typedef const char *(*virSecurityDriverGetModel) (virSecurityManagerPtr mgr);
|
typedef const char *(*virSecurityDriverGetModel) (virSecurityManagerPtr mgr);
|
||||||
typedef const char *(*virSecurityDriverGetDOI) (virSecurityManagerPtr mgr);
|
typedef const char *(*virSecurityDriverGetDOI) (virSecurityManagerPtr mgr);
|
||||||
|
typedef const char *(*virSecurityDriverGetBaseLabel) (virSecurityManagerPtr mgr,
|
||||||
|
int virtType);
|
||||||
|
|
||||||
typedef int (*virSecurityDriverPreFork) (virSecurityManagerPtr mgr);
|
typedef int (*virSecurityDriverPreFork) (virSecurityManagerPtr mgr);
|
||||||
|
|
||||||
@ -154,6 +156,8 @@ struct _virSecurityDriver {
|
|||||||
|
|
||||||
virSecurityDomainGetMountOptions domainGetSecurityMountOptions;
|
virSecurityDomainGetMountOptions domainGetSecurityMountOptions;
|
||||||
virSecurityDomainSetHugepages domainSetSecurityHugepages;
|
virSecurityDomainSetHugepages domainSetSecurityHugepages;
|
||||||
|
|
||||||
|
virSecurityDriverGetBaseLabel getBaseLabel;
|
||||||
};
|
};
|
||||||
|
|
||||||
virSecurityDriverPtr virSecurityDriverLookup(const char *name,
|
virSecurityDriverPtr virSecurityDriverLookup(const char *name,
|
||||||
|
|||||||
@ -275,6 +275,21 @@ virSecurityManagerGetModel(virSecurityManagerPtr mgr)
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* return NULL if a base label is not present */
|
||||||
|
const char *
|
||||||
|
virSecurityManagerGetBaseLabel(virSecurityManagerPtr mgr, int virtType)
|
||||||
|
{
|
||||||
|
if (mgr->drv->getBaseLabel) {
|
||||||
|
const char *ret;
|
||||||
|
virObjectLock(mgr);
|
||||||
|
ret = mgr->drv->getBaseLabel(mgr, virtType);
|
||||||
|
virObjectUnlock(mgr);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr)
|
bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr)
|
||||||
{
|
{
|
||||||
return mgr->allowDiskFormatProbing;
|
return mgr->allowDiskFormatProbing;
|
||||||
|
|||||||
@ -55,6 +55,8 @@ void *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr);
|
|||||||
const char *virSecurityManagerGetDriver(virSecurityManagerPtr mgr);
|
const char *virSecurityManagerGetDriver(virSecurityManagerPtr mgr);
|
||||||
const char *virSecurityManagerGetDOI(virSecurityManagerPtr mgr);
|
const char *virSecurityManagerGetDOI(virSecurityManagerPtr mgr);
|
||||||
const char *virSecurityManagerGetModel(virSecurityManagerPtr mgr);
|
const char *virSecurityManagerGetModel(virSecurityManagerPtr mgr);
|
||||||
|
const char *virSecurityManagerGetBaseLabel(virSecurityManagerPtr mgr, int virtType);
|
||||||
|
|
||||||
bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr);
|
bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr);
|
||||||
bool virSecurityManagerGetDefaultConfined(virSecurityManagerPtr mgr);
|
bool virSecurityManagerGetDefaultConfined(virSecurityManagerPtr mgr);
|
||||||
bool virSecurityManagerGetRequireConfined(virSecurityManagerPtr mgr);
|
bool virSecurityManagerGetRequireConfined(virSecurityManagerPtr mgr);
|
||||||
|
|||||||
@ -186,6 +186,14 @@ static char *virSecurityDomainGetMountOptionsNop(virSecurityManagerPtr mgr ATTRI
|
|||||||
return opts;
|
return opts;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static const char *
|
||||||
|
virSecurityGetBaseLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||||
|
int virtType ATTRIBUTE_UNUSED)
|
||||||
|
{
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
virSecurityDriver virSecurityDriverNop = {
|
virSecurityDriver virSecurityDriverNop = {
|
||||||
.privateDataLen = 0,
|
.privateDataLen = 0,
|
||||||
.name = "none",
|
.name = "none",
|
||||||
@ -226,4 +234,6 @@ virSecurityDriver virSecurityDriverNop = {
|
|||||||
.domainSetSecurityTapFDLabel = virSecurityDomainSetFDLabelNop,
|
.domainSetSecurityTapFDLabel = virSecurityDomainSetFDLabelNop,
|
||||||
|
|
||||||
.domainGetSecurityMountOptions = virSecurityDomainGetMountOptionsNop,
|
.domainGetSecurityMountOptions = virSecurityDomainGetMountOptionsNop,
|
||||||
|
|
||||||
|
.getBaseLabel = virSecurityGetBaseLabel,
|
||||||
};
|
};
|
||||||
|
|||||||
@ -1830,6 +1830,17 @@ virSecuritySELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static const char *
|
||||||
|
virSecuritySELinuxGetBaseLabel(virSecurityManagerPtr mgr, int virtType)
|
||||||
|
{
|
||||||
|
virSecuritySELinuxDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
||||||
|
if (virtType == VIR_DOMAIN_VIRT_QEMU && priv->alt_domain_context)
|
||||||
|
return priv->alt_domain_context;
|
||||||
|
else
|
||||||
|
return priv->domain_context;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
|
virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr def,
|
virDomainDefPtr def,
|
||||||
@ -2477,4 +2488,5 @@ virSecurityDriver virSecurityDriverSELinux = {
|
|||||||
.domainSetSecurityTapFDLabel = virSecuritySELinuxSetTapFDLabel,
|
.domainSetSecurityTapFDLabel = virSecuritySELinuxSetTapFDLabel,
|
||||||
|
|
||||||
.domainGetSecurityMountOptions = virSecuritySELinuxGetSecurityMountOptions,
|
.domainGetSecurityMountOptions = virSecuritySELinuxGetSecurityMountOptions,
|
||||||
|
.getBaseLabel = virSecuritySELinuxGetBaseLabel,
|
||||||
};
|
};
|
||||||
|
|||||||
@ -555,6 +555,13 @@ virSecurityStackGetNested(virSecurityManagerPtr mgr)
|
|||||||
return list;
|
return list;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static const char *
|
||||||
|
virSecurityStackGetBaseLabel(virSecurityManagerPtr mgr, int virtType)
|
||||||
|
{
|
||||||
|
return virSecurityManagerGetBaseLabel(virSecurityStackGetPrimary(mgr),
|
||||||
|
virtType);
|
||||||
|
}
|
||||||
|
|
||||||
virSecurityDriver virSecurityDriverStack = {
|
virSecurityDriver virSecurityDriverStack = {
|
||||||
.privateDataLen = sizeof(virSecurityStackData),
|
.privateDataLen = sizeof(virSecurityStackData),
|
||||||
.name = "stack",
|
.name = "stack",
|
||||||
@ -599,4 +606,6 @@ virSecurityDriver virSecurityDriverStack = {
|
|||||||
.domainGetSecurityMountOptions = virSecurityStackGetMountOptions,
|
.domainGetSecurityMountOptions = virSecurityStackGetMountOptions,
|
||||||
|
|
||||||
.domainSetSecurityHugepages = virSecurityStackSetHugepages,
|
.domainSetSecurityHugepages = virSecurityStackSetHugepages,
|
||||||
|
|
||||||
|
.getBaseLabel = virSecurityStackGetBaseLabel,
|
||||||
};
|
};
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user