External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-03 11:35:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

security: DAC: Introduce callback to perform image chown

Browse Source 
To integrate the security driver with the storage driver we need to
pass a callback for a function that will chown storage volumes.

Introduce and document the callback prototype.
This commit is contained in:
Peter Krempa 2014-07-10 14:17:24 +02:00
parent 9f28599d51
commit 7490a6d272
5 changed files with 35 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/qemu/qemu_driver.c
View File

@ -374,7 +374,8 @@ qemuSecurityInit(virQEMUDriverPtr driver)
cfg->allowDiskFormatProbing,
cfg->securityDefaultConfined,
cfg->securityRequireConfined,
cfg->dynamicOwnership)))
cfg->dynamicOwnership,
NULL)))
goto error;
if (!stack) {
if (!(stack = virSecurityManagerNewStack(mgr)))

9
src/security/security_dac.c
View File

@ -51,6 +51,7 @@ struct _virSecurityDACData {
int ngroups;
bool dynamicOwnership;
char *baselabel;
virSecurityManagerDACChownCallback chownCallback;
};
typedef struct _virSecurityDACCallbackData virSecurityDACCallbackData;
@ -87,6 +88,14 @@ virSecurityDACSetDynamicOwnership(virSecurityManagerPtr mgr,
priv->dynamicOwnership = dynamicOwnership;
}
void
virSecurityDACSetChownCallback(virSecurityManagerPtr mgr,
virSecurityManagerDACChownCallback chownCallback)
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
priv->chownCallback = chownCallback;
}
/* returns 1 if label isn't found, 0 on success, -1 on error */
static int
ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)

3
src/security/security_dac.h
View File

@ -32,4 +32,7 @@ int virSecurityDACSetUserAndGroup(virSecurityManagerPtr mgr,
void virSecurityDACSetDynamicOwnership(virSecurityManagerPtr mgr,
bool dynamic);
void virSecurityDACSetChownCallback(virSecurityManagerPtr mgr,
virSecurityManagerDACChownCallback chownCallback);
#endif /* __VIR_SECURITY_DAC */

4
src/security/security_manager.c
View File

@ -152,7 +152,8 @@ virSecurityManagerNewDAC(const char *virtDriver,
bool allowDiskFormatProbing,
bool defaultConfined,
bool requireConfined,
bool dynamicOwnership)
bool dynamicOwnership,
virSecurityManagerDACChownCallback chownCallback)
{
virSecurityManagerPtr mgr =
virSecurityManagerNewDriver(&virSecurityDriverDAC,
@ -170,6 +171,7 @@ virSecurityManagerNewDAC(const char *virtDriver,
}
virSecurityDACSetDynamicOwnership(mgr, dynamicOwnership);
virSecurityDACSetChownCallback(mgr, chownCallback);
return mgr;
}

19
src/security/security_manager.h
View File

@ -25,6 +25,7 @@
# include "domain_conf.h"
# include "vircommand.h"
# include "virstoragefile.h"
typedef struct _virSecurityManager virSecurityManager;
typedef virSecurityManager *virSecurityManagerPtr;
@ -39,13 +40,29 @@ virSecurityManagerPtr virSecurityManagerNewStack(virSecurityManagerPtr primary);
int virSecurityManagerStackAddNested(virSecurityManagerPtr stack,
virSecurityManagerPtr nested);
/**
* virSecurityManagerDACChownCallback:
* @src: Storage file to chown
* @uid: target uid
* @gid: target gid
*
* A function callback to chown image files described by the disk source struct
* @src. The callback shall return 0 on success, -1 on error and errno set (no
* libvirt error reported) OR -2 and a libvirt error reported. */
typedef int
(*virSecurityManagerDACChownCallback)(virStorageSourcePtr src,
uid_t uid,
gid_t gid);
virSecurityManagerPtr virSecurityManagerNewDAC(const char *virtDriver,
uid_t user,
gid_t group,
bool allowDiskFormatProbing,
bool defaultConfined,
bool requireConfined,
bool dynamicOwnership);
bool dynamicOwnership,
virSecurityManagerDACChownCallback chownCallback);
int virSecurityManagerPreFork(virSecurityManagerPtr mgr);
void virSecurityManagerPostFork(virSecurityManagerPtr mgr);