security: add new internal function "virSecurityManagerGetBaseLabel"

virSecurityManagerGetBaseLabel queries the default settings used by
a security model.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano 2013-10-18 14:13:20 +02:00 committed by Eric Blake
parent 4387132f31
commit 64a68a4a09
9 changed files with 71 additions and 0 deletions

View File

@ -842,6 +842,7 @@ virSecurityDriverLookup;
# security/security_manager.h
virSecurityManagerClearSocketLabel;
virSecurityManagerGenLabel;
virSecurityManagerGetBaseLabel;
virSecurityManagerGetDOI;
virSecurityManagerGetModel;
virSecurityManagerGetMountOptions;

View File

@ -931,6 +931,12 @@ AppArmorGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
return opts;
}
static const char *
AppArmorGetBaseLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
int virtType ATTRIBUTE_UNUSED)
{
return NULL;
}
virSecurityDriver virAppArmorSecurityDriver = {
.privateDataLen = 0,
@ -972,4 +978,6 @@ virSecurityDriver virAppArmorSecurityDriver = {
.domainSetSecurityTapFDLabel = AppArmorSetFDLabel,
.domainGetSecurityMountOptions = AppArmorGetMountOptions,
.getBaseLabel = AppArmoryGetBaseLabel,
};

View File

@ -1174,6 +1174,14 @@ virSecurityDACGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
return NULL;
}
static const char *
virSecurityDACGetBaseLabel(virSecurityManagerPtr mgr,
int virt ATTRIBUTE_UNUSED)
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
return priv->baselabel;
}
virSecurityDriver virSecurityDriverDAC = {
.privateDataLen = sizeof(virSecurityDACData),
.name = SECURITY_DAC_NAME,
@ -1216,4 +1224,6 @@ virSecurityDriver virSecurityDriverDAC = {
.domainSetSecurityTapFDLabel = virSecurityDACSetTapFDLabel,
.domainGetSecurityMountOptions = virSecurityDACGetMountOptions,
.getBaseLabel = virSecurityDACGetBaseLabel,
};

View File

@ -46,6 +46,8 @@ typedef int (*virSecurityDriverClose) (virSecurityManagerPtr mgr);
typedef const char *(*virSecurityDriverGetModel) (virSecurityManagerPtr mgr);
typedef const char *(*virSecurityDriverGetDOI) (virSecurityManagerPtr mgr);
typedef const char *(*virSecurityDriverGetBaseLabel) (virSecurityManagerPtr mgr,
int virtType);
typedef int (*virSecurityDriverPreFork) (virSecurityManagerPtr mgr);
@ -154,6 +156,8 @@ struct _virSecurityDriver {
virSecurityDomainGetMountOptions domainGetSecurityMountOptions;
virSecurityDomainSetHugepages domainSetSecurityHugepages;
virSecurityDriverGetBaseLabel getBaseLabel;
};
virSecurityDriverPtr virSecurityDriverLookup(const char *name,

View File

@ -275,6 +275,21 @@ virSecurityManagerGetModel(virSecurityManagerPtr mgr)
return NULL;
}
/* return NULL if a base label is not present */
const char *
virSecurityManagerGetBaseLabel(virSecurityManagerPtr mgr, int virtType)
{
if (mgr->drv->getBaseLabel) {
const char *ret;
virObjectLock(mgr);
ret = mgr->drv->getBaseLabel(mgr, virtType);
virObjectUnlock(mgr);
return ret;
}
return NULL;
}
bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr)
{
return mgr->allowDiskFormatProbing;

View File

@ -55,6 +55,8 @@ void *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr);
const char *virSecurityManagerGetDriver(virSecurityManagerPtr mgr);
const char *virSecurityManagerGetDOI(virSecurityManagerPtr mgr);
const char *virSecurityManagerGetModel(virSecurityManagerPtr mgr);
const char *virSecurityManagerGetBaseLabel(virSecurityManagerPtr mgr, int virtType);
bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr);
bool virSecurityManagerGetDefaultConfined(virSecurityManagerPtr mgr);
bool virSecurityManagerGetRequireConfined(virSecurityManagerPtr mgr);

View File

@ -186,6 +186,14 @@ static char *virSecurityDomainGetMountOptionsNop(virSecurityManagerPtr mgr ATTRI
return opts;
}
static const char *
virSecurityGetBaseLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
int virtType ATTRIBUTE_UNUSED)
{
return NULL;
}
virSecurityDriver virSecurityDriverNop = {
.privateDataLen = 0,
.name = "none",
@ -226,4 +234,6 @@ virSecurityDriver virSecurityDriverNop = {
.domainSetSecurityTapFDLabel = virSecurityDomainSetFDLabelNop,
.domainGetSecurityMountOptions = virSecurityDomainGetMountOptionsNop,
.getBaseLabel = virSecurityGetBaseLabel,
};

View File

@ -1830,6 +1830,17 @@ virSecuritySELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def,
}
static const char *
virSecuritySELinuxGetBaseLabel(virSecurityManagerPtr mgr, int virtType)
{
virSecuritySELinuxDataPtr priv = virSecurityManagerGetPrivateData(mgr);
if (virtType == VIR_DOMAIN_VIRT_QEMU && priv->alt_domain_context)
return priv->alt_domain_context;
else
return priv->domain_context;
}
static int
virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
@ -2477,4 +2488,5 @@ virSecurityDriver virSecurityDriverSELinux = {
.domainSetSecurityTapFDLabel = virSecuritySELinuxSetTapFDLabel,
.domainGetSecurityMountOptions = virSecuritySELinuxGetSecurityMountOptions,
.getBaseLabel = virSecuritySELinuxGetBaseLabel,
};

View File

@ -555,6 +555,13 @@ virSecurityStackGetNested(virSecurityManagerPtr mgr)
return list;
}
static const char *
virSecurityStackGetBaseLabel(virSecurityManagerPtr mgr, int virtType)
{
return virSecurityManagerGetBaseLabel(virSecurityStackGetPrimary(mgr),
virtType);
}
virSecurityDriver virSecurityDriverStack = {
.privateDataLen = sizeof(virSecurityStackData),
.name = "stack",
@ -599,4 +606,6 @@ virSecurityDriver virSecurityDriverStack = {
.domainGetSecurityMountOptions = virSecurityStackGetMountOptions,
.domainSetSecurityHugepages = virSecurityStackSetHugepages,
.getBaseLabel = virSecurityStackGetBaseLabel,
};