External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-07 17:28:15 +00:00
Code

security_dac: Implement virSecurityManagerMoveImageMetadata

Browse Source 
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Michal Privoznik 2019-03-21 15:45:29 +01:00
parent d73f3f5836
commit a379b86cd2
1 changed files with 62 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
src/security/security_dac.c
View File

@ -1015,6 +1015,67 @@ virSecurityDACRestoreImageLabel(virSecurityManagerPtr mgr,
} }
struct virSecurityDACMoveImageMetadataData {
virSecurityManagerPtr mgr;
const char *src;
const char *dst;
};
static int
virSecurityDACMoveImageMetadataHelper(pid_t pid ATTRIBUTE_UNUSED,
void *opaque)
{
struct virSecurityDACMoveImageMetadataData *data = opaque;
const char *paths[2] = { data->src, data->dst };
virSecurityManagerMetadataLockStatePtr state;
int ret;
if (!(state = virSecurityManagerMetadataLock(data->mgr, paths, ARRAY_CARDINALITY(paths))))
return -1;
ret = virSecurityMoveRememberedLabel(SECURITY_DAC_NAME, data->src, data->dst);
virSecurityManagerMetadataUnlock(data->mgr, &state);
return ret;
}
static int
virSecurityDACMoveImageMetadata(virSecurityManagerPtr mgr,
pid_t pid,
virStorageSourcePtr src,
virStorageSourcePtr dst)
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
struct virSecurityDACMoveImageMetadataData data = { .mgr = mgr, 0 };
int rc;
/* If dynamicOwnership is turned off, or owner remembering is
* not enabled there's nothing for us to do. */
if (!priv->dynamicOwnership)
return 0;
if (src && virStorageSourceIsLocalStorage(src))
data.src = src->path;
if (dst && virStorageSourceIsLocalStorage(dst))
data.dst = dst->path;
if (!data.src)
return 0;
if (pid == -1) {
rc = virProcessRunInFork(virSecurityDACMoveImageMetadataHelper, &data);
} else {
rc = virProcessRunInMountNamespace(pid,
virSecurityDACMoveImageMetadataHelper,
&data);
}
return rc;
}
static int static int
virSecurityDACSetHostdevLabelHelper(const char *file, virSecurityDACSetHostdevLabelHelper(const char *file,
void *opaque) void *opaque)
@ -2384,6 +2445,7 @@ virSecurityDriver virSecurityDriverDAC = {
.domainSetSecurityImageLabel = virSecurityDACSetImageLabel, .domainSetSecurityImageLabel = virSecurityDACSetImageLabel,
.domainRestoreSecurityImageLabel = virSecurityDACRestoreImageLabel, .domainRestoreSecurityImageLabel = virSecurityDACRestoreImageLabel,
.domainMoveImageMetadata = virSecurityDACMoveImageMetadata,
.domainSetSecurityMemoryLabel = virSecurityDACSetMemoryLabel, .domainSetSecurityMemoryLabel = virSecurityDACSetMemoryLabel,
.domainRestoreSecurityMemoryLabel = virSecurityDACRestoreMemoryLabel, .domainRestoreSecurityMemoryLabel = virSecurityDACRestoreMemoryLabel,