mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-08 07:15:46 +00:00
security: Rename virSecurityManagerSetImageLabel to *Disk*
I'm going to add functions that will deal with individual image files rather than whole disks. Rename the security function to make room for the new one.
This commit is contained in:
Peter Krempa
parent
7c6dae0418
commit
c8e4220515
@ -911,10 +911,10 @@ virSecurityManagerRestoreSavedStateLabel;
|
|||||||
virSecurityManagerSetAllLabel;
|
virSecurityManagerSetAllLabel;
|
||||||
virSecurityManagerSetChildProcessLabel;
|
virSecurityManagerSetChildProcessLabel;
|
||||||
virSecurityManagerSetDaemonSocketLabel;
|
virSecurityManagerSetDaemonSocketLabel;
|
||||||
|
virSecurityManagerSetDiskLabel;
|
||||||
virSecurityManagerSetHostdevLabel;
|
virSecurityManagerSetHostdevLabel;
|
||||||
virSecurityManagerSetHugepages;
|
virSecurityManagerSetHugepages;
|
||||||
virSecurityManagerSetImageFDLabel;
|
virSecurityManagerSetImageFDLabel;
|
||||||
virSecurityManagerSetImageLabel;
|
|
||||||
virSecurityManagerSetProcessLabel;
|
virSecurityManagerSetProcessLabel;
|
||||||
virSecurityManagerSetSavedStateLabel;
|
virSecurityManagerSetSavedStateLabel;
|
||||||
virSecurityManagerSetSocketLabel;
|
virSecurityManagerSetSocketLabel;
|
||||||
|
|||||||
@ -1727,7 +1727,7 @@ static int virLXCControllerSetupDisk(virLXCControllerPtr ctrl,
|
|||||||
/* Labelling normally operates on src, but we need
|
/* Labelling normally operates on src, but we need
|
||||||
* to actually label the dst here, so hack the config */
|
* to actually label the dst here, so hack the config */
|
||||||
def->src->path = dst;
|
def->src->path = dst;
|
||||||
if (virSecurityManagerSetImageLabel(securityDriver, ctrl->def, def) < 0)
|
if (virSecurityManagerSetDiskLabel(securityDriver, ctrl->def, def) < 0)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
|||||||
@ -3899,8 +3899,8 @@ lxcDomainAttachDeviceMknodHelper(pid_t pid ATTRIBUTE_UNUSED,
|
|||||||
virDomainDiskDefPtr def = data->def->data.disk;
|
virDomainDiskDefPtr def = data->def->data.disk;
|
||||||
char *tmpsrc = def->src->path;
|
char *tmpsrc = def->src->path;
|
||||||
def->src->path = data->file;
|
def->src->path = data->file;
|
||||||
if (virSecurityManagerSetImageLabel(data->driver->securityManager,
|
if (virSecurityManagerSetDiskLabel(data->driver->securityManager,
|
||||||
data->vm->def, def) < 0) {
|
data->vm->def, def) < 0) {
|
||||||
def->src->path = tmpsrc;
|
def->src->path = tmpsrc;
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -12098,8 +12098,8 @@ qemuDomainPrepareDiskChainElement(virQEMUDriverPtr driver,
|
|||||||
} else if (virDomainLockDiskAttach(driver->lockManager, cfg->uri,
|
} else if (virDomainLockDiskAttach(driver->lockManager, cfg->uri,
|
||||||
vm, disk) < 0 ||
|
vm, disk) < 0 ||
|
||||||
qemuSetupDiskCgroup(vm, disk) < 0 ||
|
qemuSetupDiskCgroup(vm, disk) < 0 ||
|
||||||
virSecurityManagerSetImageLabel(driver->securityManager,
|
virSecurityManagerSetDiskLabel(driver->securityManager,
|
||||||
vm->def, disk) < 0) {
|
vm->def, disk) < 0) {
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -14952,8 +14952,8 @@ qemuDomainBlockPivot(virConnectPtr conn,
|
|||||||
(virDomainLockDiskAttach(driver->lockManager, cfg->uri,
|
(virDomainLockDiskAttach(driver->lockManager, cfg->uri,
|
||||||
vm, disk) < 0 ||
|
vm, disk) < 0 ||
|
||||||
qemuSetupDiskCgroup(vm, disk) < 0 ||
|
qemuSetupDiskCgroup(vm, disk) < 0 ||
|
||||||
virSecurityManagerSetImageLabel(driver->securityManager, vm->def,
|
virSecurityManagerSetDiskLabel(driver->securityManager, vm->def,
|
||||||
disk) < 0)) {
|
disk) < 0)) {
|
||||||
disk->src->path = oldsrc;
|
disk->src->path = oldsrc;
|
||||||
disk->src->format = oldformat;
|
disk->src->format = oldformat;
|
||||||
disk->src->backingStore = oldchain;
|
disk->src->backingStore = oldchain;
|
||||||
|
|||||||
@ -91,8 +91,8 @@ int qemuDomainChangeEjectableMedia(virQEMUDriverPtr driver,
|
|||||||
vm, disk) < 0)
|
vm, disk) < 0)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
if (virSecurityManagerSetImageLabel(driver->securityManager,
|
if (virSecurityManagerSetDiskLabel(driver->securityManager,
|
||||||
vm->def, disk) < 0) {
|
vm->def, disk) < 0) {
|
||||||
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
|
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
|
||||||
VIR_WARN("Unable to release lock on %s",
|
VIR_WARN("Unable to release lock on %s",
|
||||||
virDomainDiskGetSource(disk));
|
virDomainDiskGetSource(disk));
|
||||||
@ -270,8 +270,8 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
|
|||||||
vm, disk) < 0)
|
vm, disk) < 0)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
if (virSecurityManagerSetImageLabel(driver->securityManager,
|
if (virSecurityManagerSetDiskLabel(driver->securityManager,
|
||||||
vm->def, disk) < 0) {
|
vm->def, disk) < 0) {
|
||||||
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
|
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
|
||||||
VIR_WARN("Unable to release lock on %s", src);
|
VIR_WARN("Unable to release lock on %s", src);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
@ -509,8 +509,8 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn,
|
|||||||
vm, disk) < 0)
|
vm, disk) < 0)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
if (virSecurityManagerSetImageLabel(driver->securityManager,
|
if (virSecurityManagerSetDiskLabel(driver->securityManager,
|
||||||
vm->def, disk) < 0) {
|
vm->def, disk) < 0) {
|
||||||
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
|
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
|
||||||
VIR_WARN("Unable to release lock on %s", src);
|
VIR_WARN("Unable to release lock on %s", src);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
@ -634,8 +634,8 @@ qemuDomainAttachUSBMassstorageDevice(virConnectPtr conn,
|
|||||||
vm, disk) < 0)
|
vm, disk) < 0)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
if (virSecurityManagerSetImageLabel(driver->securityManager,
|
if (virSecurityManagerSetDiskLabel(driver->securityManager,
|
||||||
vm->def, disk) < 0) {
|
vm->def, disk) < 0) {
|
||||||
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
|
if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0)
|
||||||
VIR_WARN("Unable to release lock on %s", src);
|
VIR_WARN("Unable to release lock on %s", src);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|||||||
@ -696,8 +696,8 @@ AppArmorRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
|
|||||||
|
|
||||||
/* Called when hotplugging */
|
/* Called when hotplugging */
|
||||||
static int
|
static int
|
||||||
AppArmorSetSecurityImageLabel(virSecurityManagerPtr mgr,
|
AppArmorSetSecurityDiskLabel(virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr def, virDomainDiskDefPtr disk)
|
virDomainDefPtr def, virDomainDiskDefPtr disk)
|
||||||
{
|
{
|
||||||
int rc = -1;
|
int rc = -1;
|
||||||
char *profile_name = NULL;
|
char *profile_name = NULL;
|
||||||
@ -972,7 +972,7 @@ virSecurityDriver virAppArmorSecurityDriver = {
|
|||||||
|
|
||||||
.domainSecurityVerify = AppArmorSecurityVerify,
|
.domainSecurityVerify = AppArmorSecurityVerify,
|
||||||
|
|
||||||
.domainSetSecurityImageLabel = AppArmorSetSecurityImageLabel,
|
.domainSetSecurityDiskLabel = AppArmorSetSecurityDiskLabel,
|
||||||
.domainRestoreSecurityImageLabel = AppArmorRestoreSecurityImageLabel,
|
.domainRestoreSecurityImageLabel = AppArmorRestoreSecurityImageLabel,
|
||||||
|
|
||||||
.domainSetSecurityDaemonSocketLabel = AppArmorSetSecurityDaemonSocketLabel,
|
.domainSetSecurityDaemonSocketLabel = AppArmorSetSecurityDaemonSocketLabel,
|
||||||
|
|||||||
@ -321,9 +321,9 @@ virSecurityDACSetSecurityFileLabel(virDomainDiskDefPtr disk,
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
virSecurityDACSetSecurityImageLabel(virSecurityManagerPtr mgr,
|
virSecurityDACSetSecurityDiskLabel(virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr def,
|
virDomainDefPtr def,
|
||||||
virDomainDiskDefPtr disk)
|
virDomainDiskDefPtr disk)
|
||||||
|
|
||||||
{
|
{
|
||||||
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
||||||
@ -967,9 +967,9 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr,
|
|||||||
/* XXX fixme - we need to recursively label the entire tree :-( */
|
/* XXX fixme - we need to recursively label the entire tree :-( */
|
||||||
if (virDomainDiskGetType(def->disks[i]) == VIR_STORAGE_TYPE_DIR)
|
if (virDomainDiskGetType(def->disks[i]) == VIR_STORAGE_TYPE_DIR)
|
||||||
continue;
|
continue;
|
||||||
if (virSecurityDACSetSecurityImageLabel(mgr,
|
if (virSecurityDACSetSecurityDiskLabel(mgr,
|
||||||
def,
|
def,
|
||||||
def->disks[i]) < 0)
|
def->disks[i]) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
for (i = 0; i < def->nhostdevs; i++) {
|
for (i = 0; i < def->nhostdevs; i++) {
|
||||||
@ -1273,7 +1273,7 @@ virSecurityDriver virSecurityDriverDAC = {
|
|||||||
|
|
||||||
.domainSecurityVerify = virSecurityDACVerify,
|
.domainSecurityVerify = virSecurityDACVerify,
|
||||||
|
|
||||||
.domainSetSecurityImageLabel = virSecurityDACSetSecurityImageLabel,
|
.domainSetSecurityDiskLabel = virSecurityDACSetSecurityDiskLabel,
|
||||||
.domainRestoreSecurityImageLabel = virSecurityDACRestoreSecurityImageLabel,
|
.domainRestoreSecurityImageLabel = virSecurityDACRestoreSecurityImageLabel,
|
||||||
|
|
||||||
.domainSetSecurityDaemonSocketLabel = virSecurityDACSetDaemonSocketLabel,
|
.domainSetSecurityDaemonSocketLabel = virSecurityDACSetDaemonSocketLabel,
|
||||||
|
|||||||
@ -60,9 +60,9 @@ typedef int (*virSecurityDomainSetSocketLabel) (virSecurityManagerPtr mgr,
|
|||||||
virDomainDefPtr def);
|
virDomainDefPtr def);
|
||||||
typedef int (*virSecurityDomainClearSocketLabel)(virSecurityManagerPtr mgr,
|
typedef int (*virSecurityDomainClearSocketLabel)(virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr def);
|
virDomainDefPtr def);
|
||||||
typedef int (*virSecurityDomainSetImageLabel) (virSecurityManagerPtr mgr,
|
typedef int (*virSecurityDomainSetDiskLabel) (virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr def,
|
virDomainDefPtr def,
|
||||||
virDomainDiskDefPtr disk);
|
virDomainDiskDefPtr disk);
|
||||||
typedef int (*virSecurityDomainRestoreHostdevLabel) (virSecurityManagerPtr mgr,
|
typedef int (*virSecurityDomainRestoreHostdevLabel) (virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr def,
|
virDomainDefPtr def,
|
||||||
virDomainHostdevDefPtr dev,
|
virDomainHostdevDefPtr dev,
|
||||||
@ -127,7 +127,7 @@ struct _virSecurityDriver {
|
|||||||
|
|
||||||
virSecurityDomainSecurityVerify domainSecurityVerify;
|
virSecurityDomainSecurityVerify domainSecurityVerify;
|
||||||
|
|
||||||
virSecurityDomainSetImageLabel domainSetSecurityImageLabel;
|
virSecurityDomainSetDiskLabel domainSetSecurityDiskLabel;
|
||||||
virSecurityDomainRestoreImageLabel domainRestoreSecurityImageLabel;
|
virSecurityDomainRestoreImageLabel domainRestoreSecurityImageLabel;
|
||||||
|
|
||||||
virSecurityDomainSetDaemonSocketLabel domainSetSecurityDaemonSocketLabel;
|
virSecurityDomainSetDaemonSocketLabel domainSetSecurityDaemonSocketLabel;
|
||||||
|
|||||||
@ -367,14 +367,14 @@ int virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr,
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr,
|
int virSecurityManagerSetDiskLabel(virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr vm,
|
virDomainDefPtr vm,
|
||||||
virDomainDiskDefPtr disk)
|
virDomainDiskDefPtr disk)
|
||||||
{
|
{
|
||||||
if (mgr->drv->domainSetSecurityImageLabel) {
|
if (mgr->drv->domainSetSecurityDiskLabel) {
|
||||||
int ret;
|
int ret;
|
||||||
virObjectLock(mgr);
|
virObjectLock(mgr);
|
||||||
ret = mgr->drv->domainSetSecurityImageLabel(mgr, vm, disk);
|
ret = mgr->drv->domainSetSecurityDiskLabel(mgr, vm, disk);
|
||||||
virObjectUnlock(mgr);
|
virObjectUnlock(mgr);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -70,9 +70,9 @@ int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr,
|
|||||||
virDomainDefPtr def);
|
virDomainDefPtr def);
|
||||||
int virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr,
|
int virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr def);
|
virDomainDefPtr def);
|
||||||
int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr,
|
int virSecurityManagerSetDiskLabel(virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr def,
|
virDomainDefPtr def,
|
||||||
virDomainDiskDefPtr disk);
|
virDomainDiskDefPtr disk);
|
||||||
int virSecurityManagerRestoreHostdevLabel(virSecurityManagerPtr mgr,
|
int virSecurityManagerRestoreHostdevLabel(virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr def,
|
virDomainDefPtr def,
|
||||||
virDomainHostdevDefPtr dev,
|
virDomainHostdevDefPtr dev,
|
||||||
|
|||||||
@ -75,9 +75,9 @@ static int virSecurityDomainClearSocketLabelNop(virSecurityManagerPtr mgr ATTRIB
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int virSecurityDomainSetImageLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
static int virSecurityDomainSetDiskLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||||
virDomainDefPtr vm ATTRIBUTE_UNUSED,
|
virDomainDefPtr vm ATTRIBUTE_UNUSED,
|
||||||
virDomainDiskDefPtr disk ATTRIBUTE_UNUSED)
|
virDomainDiskDefPtr disk ATTRIBUTE_UNUSED)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -206,7 +206,7 @@ virSecurityDriver virSecurityDriverNop = {
|
|||||||
|
|
||||||
.domainSecurityVerify = virSecurityDomainVerifyNop,
|
.domainSecurityVerify = virSecurityDomainVerifyNop,
|
||||||
|
|
||||||
.domainSetSecurityImageLabel = virSecurityDomainSetImageLabelNop,
|
.domainSetSecurityDiskLabel = virSecurityDomainSetDiskLabelNop,
|
||||||
.domainRestoreSecurityImageLabel = virSecurityDomainRestoreImageLabelNop,
|
.domainRestoreSecurityImageLabel = virSecurityDomainRestoreImageLabelNop,
|
||||||
|
|
||||||
.domainSetSecurityDaemonSocketLabel = virSecurityDomainSetDaemonSocketLabelNop,
|
.domainSetSecurityDaemonSocketLabel = virSecurityDomainSetDaemonSocketLabelNop,
|
||||||
|
|||||||
@ -1243,9 +1243,9 @@ virSecuritySELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
virSecuritySELinuxSetSecurityImageLabel(virSecurityManagerPtr mgr,
|
virSecuritySELinuxSetSecurityDiskLabel(virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr def,
|
virDomainDefPtr def,
|
||||||
virDomainDiskDefPtr disk)
|
virDomainDiskDefPtr disk)
|
||||||
|
|
||||||
{
|
{
|
||||||
virSecuritySELinuxCallbackData cbdata;
|
virSecuritySELinuxCallbackData cbdata;
|
||||||
@ -2240,7 +2240,7 @@ virSecuritySELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
|
|||||||
def->disks[i]->dst);
|
def->disks[i]->dst);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if (virSecuritySELinuxSetSecurityImageLabel(mgr,
|
if (virSecuritySELinuxSetSecurityDiskLabel(mgr,
|
||||||
def, def->disks[i]) < 0)
|
def, def->disks[i]) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@ -2426,7 +2426,7 @@ virSecurityDriver virSecurityDriverSELinux = {
|
|||||||
|
|
||||||
.domainSecurityVerify = virSecuritySELinuxSecurityVerify,
|
.domainSecurityVerify = virSecuritySELinuxSecurityVerify,
|
||||||
|
|
||||||
.domainSetSecurityImageLabel = virSecuritySELinuxSetSecurityImageLabel,
|
.domainSetSecurityDiskLabel = virSecuritySELinuxSetSecurityDiskLabel,
|
||||||
.domainRestoreSecurityImageLabel = virSecuritySELinuxRestoreSecurityImageLabel,
|
.domainRestoreSecurityImageLabel = virSecuritySELinuxRestoreSecurityImageLabel,
|
||||||
|
|
||||||
.domainSetSecurityDaemonSocketLabel = virSecuritySELinuxSetSecurityDaemonSocketLabel,
|
.domainSetSecurityDaemonSocketLabel = virSecuritySELinuxSetSecurityDaemonSocketLabel,
|
||||||
|
|||||||
@ -222,16 +222,16 @@ virSecurityStackReserveLabel(virSecurityManagerPtr mgr,
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
virSecurityStackSetSecurityImageLabel(virSecurityManagerPtr mgr,
|
virSecurityStackSetSecurityDiskLabel(virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr vm,
|
virDomainDefPtr vm,
|
||||||
virDomainDiskDefPtr disk)
|
virDomainDiskDefPtr disk)
|
||||||
{
|
{
|
||||||
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
||||||
virSecurityStackItemPtr item = priv->itemsHead;
|
virSecurityStackItemPtr item = priv->itemsHead;
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
|
|
||||||
for (; item; item = item->next) {
|
for (; item; item = item->next) {
|
||||||
if (virSecurityManagerSetImageLabel(item->securityManager, vm, disk) < 0)
|
if (virSecurityManagerSetDiskLabel(item->securityManager, vm, disk) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -578,7 +578,7 @@ virSecurityDriver virSecurityDriverStack = {
|
|||||||
|
|
||||||
.domainSecurityVerify = virSecurityStackVerify,
|
.domainSecurityVerify = virSecurityStackVerify,
|
||||||
|
|
||||||
.domainSetSecurityImageLabel = virSecurityStackSetSecurityImageLabel,
|
.domainSetSecurityDiskLabel = virSecurityStackSetSecurityDiskLabel,
|
||||||
.domainRestoreSecurityImageLabel = virSecurityStackRestoreSecurityImageLabel,
|
.domainRestoreSecurityImageLabel = virSecurityStackRestoreSecurityImageLabel,
|
||||||
|
|
||||||
.domainSetSecurityDaemonSocketLabel = virSecurityStackSetDaemonSocketLabel,
|
.domainSetSecurityDaemonSocketLabel = virSecurityStackSetDaemonSocketLabel,
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user