External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-30 13:37:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemu: security: Add 'backingChain' flag to qemuSecurity[Set|Restore]ImageLabel

Browse Source 
The flag will control the VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN
flag of the security driver image labeling APIs.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
This commit is contained in:
Peter Krempa 2019-01-23 13:37:00 +01:00
parent 43479005ee
commit 81594afb05
3 changed files with 20 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/qemu/qemu_domain.c
View File

@ -9174,7 +9174,7 @@ qemuDomainDiskChainElementRevoke(virQEMUDriverPtr driver,
VIR_WARN("Failed to teardown cgroup for disk path %s",
NULLSTR(elem->path));
if (qemuSecurityRestoreImageLabel(driver, vm, elem) < 0)
if (qemuSecurityRestoreImageLabel(driver, vm, elem, false) < 0)
VIR_WARN("Unable to restore security label on %s", NULLSTR(elem->path));
if (qemuDomainNamespaceTeardownDisk(vm, elem) < 0)
@ -9225,7 +9225,7 @@ qemuDomainDiskChainElementPrepare(virQEMUDriverPtr driver,
if (qemuSetupImageCgroup(vm, elem) < 0)
goto cleanup;
if (qemuSecuritySetImageLabel(driver, vm, elem) < 0)
if (qemuSecuritySetImageLabel(driver, vm, elem, false) < 0)
goto cleanup;
ret = 0;

18
src/qemu/qemu_security.c
View File

@ -157,11 +157,16 @@ qemuSecurityRestoreDiskLabel(virQEMUDriverPtr driver,
int
qemuSecuritySetImageLabel(virQEMUDriverPtr driver,
virDomainObjPtr vm,
virStorageSourcePtr src)
virStorageSourcePtr src,
bool backingChain)
{
qemuDomainObjPrivatePtr priv = vm->privateData;
pid_t pid = -1;
int ret = -1;
virSecurityDomainImageLabelFlags labelFlags = 0;
if (backingChain)
labelFlags |= VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid;
@ -170,7 +175,7 @@ qemuSecuritySetImageLabel(virQEMUDriverPtr driver,
goto cleanup;
if (virSecurityManagerSetImageLabel(driver->securityManager,
vm->def, src, 0) < 0)
vm->def, src, labelFlags) < 0)
goto cleanup;
if (virSecurityManagerTransactionCommit(driver->securityManager,
@ -187,11 +192,16 @@ qemuSecuritySetImageLabel(virQEMUDriverPtr driver,
int
qemuSecurityRestoreImageLabel(virQEMUDriverPtr driver,
virDomainObjPtr vm,
virStorageSourcePtr src)
virStorageSourcePtr src,
bool backingChain)
{
qemuDomainObjPrivatePtr priv = vm->privateData;
pid_t pid = -1;
int ret = -1;
virSecurityDomainImageLabelFlags labelFlags = 0;
if (backingChain)
labelFlags |= VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
pid = vm->pid;
@ -200,7 +210,7 @@ qemuSecurityRestoreImageLabel(virQEMUDriverPtr driver,
goto cleanup;
if (virSecurityManagerRestoreImageLabel(driver->securityManager,
vm->def, src, 0) < 0)
vm->def, src, labelFlags) < 0)
goto cleanup;
if (virSecurityManagerTransactionCommit(driver->securityManager,

6
src/qemu/qemu_security.h
View File

@ -44,11 +44,13 @@ int qemuSecurityRestoreDiskLabel(virQEMUDriverPtr driver,
int qemuSecuritySetImageLabel(virQEMUDriverPtr driver,
virDomainObjPtr vm,
virStorageSourcePtr src);
virStorageSourcePtr src,
bool backingChain);
int qemuSecurityRestoreImageLabel(virQEMUDriverPtr driver,
virDomainObjPtr vm,
virStorageSourcePtr src);
virStorageSourcePtr src,
bool backingChain);
int qemuSecuritySetHostdevLabel(virQEMUDriverPtr driver,
virDomainObjPtr vm,