External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-03 11:35:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

security: DAC: Introduce callback to perform image chown

Browse Source 
To integrate the security driver with the storage driver we need to
pass a callback for a function that will chown storage volumes.

Introduce and document the callback prototype.
This commit is contained in:
Peter Krempa 2014-07-10 14:17:24 +02:00
parent 9f28599d51
commit 7490a6d272
5 changed files with 35 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/qemu/qemu_driver.c
View File

@ -374,7 +374,8 @@ qemuSecurityInit(virQEMUDriverPtr driver)
cfg->allowDiskFormatProbing, cfg->allowDiskFormatProbing,
cfg->securityDefaultConfined, cfg->securityDefaultConfined,
cfg->securityRequireConfined, cfg->securityRequireConfined,
cfg->dynamicOwnership))) cfg->dynamicOwnership,
NULL)))
goto error; goto error;
if (!stack) { if (!stack) {
if (!(stack = virSecurityManagerNewStack(mgr))) if (!(stack = virSecurityManagerNewStack(mgr)))

9
src/security/security_dac.c
View File

@ -51,6 +51,7 @@ struct _virSecurityDACData {
int ngroups; int ngroups;
bool dynamicOwnership; bool dynamicOwnership;
char *baselabel; char *baselabel;
virSecurityManagerDACChownCallback chownCallback;
}; };
typedef struct _virSecurityDACCallbackData virSecurityDACCallbackData; typedef struct _virSecurityDACCallbackData virSecurityDACCallbackData;
@ -87,6 +88,14 @@ virSecurityDACSetDynamicOwnership(virSecurityManagerPtr mgr,
priv->dynamicOwnership = dynamicOwnership; priv->dynamicOwnership = dynamicOwnership;
} }
void
virSecurityDACSetChownCallback(virSecurityManagerPtr mgr,
virSecurityManagerDACChownCallback chownCallback)
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
priv->chownCallback = chownCallback;
}
/* returns 1 if label isn't found, 0 on success, -1 on error */ /* returns 1 if label isn't found, 0 on success, -1 on error */
static int static int
ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)

3
src/security/security_dac.h
View File

@ -32,4 +32,7 @@ int virSecurityDACSetUserAndGroup(virSecurityManagerPtr mgr,
void virSecurityDACSetDynamicOwnership(virSecurityManagerPtr mgr, void virSecurityDACSetDynamicOwnership(virSecurityManagerPtr mgr,
bool dynamic); bool dynamic);
void virSecurityDACSetChownCallback(virSecurityManagerPtr mgr,
virSecurityManagerDACChownCallback chownCallback);
#endif /* __VIR_SECURITY_DAC */ #endif /* __VIR_SECURITY_DAC */

4
src/security/security_manager.c
View File

@ -152,7 +152,8 @@ virSecurityManagerNewDAC(const char *virtDriver,
bool allowDiskFormatProbing, bool allowDiskFormatProbing,
bool defaultConfined, bool defaultConfined,
bool requireConfined, bool requireConfined,
bool dynamicOwnership) bool dynamicOwnership,
virSecurityManagerDACChownCallback chownCallback)
{ {
virSecurityManagerPtr mgr = virSecurityManagerPtr mgr =
virSecurityManagerNewDriver(&virSecurityDriverDAC, virSecurityManagerNewDriver(&virSecurityDriverDAC,
@ -170,6 +171,7 @@ virSecurityManagerNewDAC(const char *virtDriver,
} }
virSecurityDACSetDynamicOwnership(mgr, dynamicOwnership); virSecurityDACSetDynamicOwnership(mgr, dynamicOwnership);
virSecurityDACSetChownCallback(mgr, chownCallback);
return mgr; return mgr;
} }

19
src/security/security_manager.h
View File

@ -25,6 +25,7 @@
# include "domain_conf.h" # include "domain_conf.h"
# include "vircommand.h" # include "vircommand.h"
# include "virstoragefile.h"
typedef struct _virSecurityManager virSecurityManager; typedef struct _virSecurityManager virSecurityManager;
typedef virSecurityManager *virSecurityManagerPtr; typedef virSecurityManager *virSecurityManagerPtr;
@ -39,13 +40,29 @@ virSecurityManagerPtr virSecurityManagerNewStack(virSecurityManagerPtr primary);
int virSecurityManagerStackAddNested(virSecurityManagerPtr stack, int virSecurityManagerStackAddNested(virSecurityManagerPtr stack,
virSecurityManagerPtr nested); virSecurityManagerPtr nested);
/**
* virSecurityManagerDACChownCallback:
* @src: Storage file to chown
* @uid: target uid
* @gid: target gid
*
* A function callback to chown image files described by the disk source struct
* @src. The callback shall return 0 on success, -1 on error and errno set (no
* libvirt error reported) OR -2 and a libvirt error reported. */
typedef int
(*virSecurityManagerDACChownCallback)(virStorageSourcePtr src,
uid_t uid,
gid_t gid);
virSecurityManagerPtr virSecurityManagerNewDAC(const char *virtDriver, virSecurityManagerPtr virSecurityManagerNewDAC(const char *virtDriver,
uid_t user, uid_t user,
gid_t group, gid_t group,
bool allowDiskFormatProbing, bool allowDiskFormatProbing,
bool defaultConfined, bool defaultConfined,
bool requireConfined, bool requireConfined,
bool dynamicOwnership); bool dynamicOwnership,
virSecurityManagerDACChownCallback chownCallback);
int virSecurityManagerPreFork(virSecurityManagerPtr mgr); int virSecurityManagerPreFork(virSecurityManagerPtr mgr);
void virSecurityManagerPostFork(virSecurityManagerPtr mgr); void virSecurityManagerPostFork(virSecurityManagerPtr mgr);