mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-30 09:53:10 +00:00
security_selinux: Label host side of NVDIMM
When domain is being started up, we ought to relabel the host side of NVDIMM so qemu has access to it. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
parent
ea416faf74
commit
cde8e31938
@ -1381,6 +1381,62 @@ virSecuritySELinuxRestoreInputLabel(virSecurityManagerPtr mgr,
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
virSecuritySELinuxSetMemoryLabel(virSecurityManagerPtr mgr,
|
||||
virDomainDefPtr def,
|
||||
virDomainMemoryDefPtr mem)
|
||||
{
|
||||
virSecurityLabelDefPtr seclabel;
|
||||
|
||||
switch ((virDomainMemoryModel) mem->model) {
|
||||
case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
|
||||
seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
|
||||
if (!seclabel || !seclabel->relabel)
|
||||
return 0;
|
||||
|
||||
if (virSecuritySELinuxSetFilecon(mgr, mem->nvdimmPath,
|
||||
seclabel->imagelabel) < 0)
|
||||
return -1;
|
||||
break;
|
||||
|
||||
case VIR_DOMAIN_MEMORY_MODEL_NONE:
|
||||
case VIR_DOMAIN_MEMORY_MODEL_DIMM:
|
||||
case VIR_DOMAIN_MEMORY_MODEL_LAST:
|
||||
break;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
virSecuritySELinuxRestoreMemoryLabel(virSecurityManagerPtr mgr,
|
||||
virDomainDefPtr def,
|
||||
virDomainMemoryDefPtr mem)
|
||||
{
|
||||
int ret = -1;
|
||||
virSecurityLabelDefPtr seclabel;
|
||||
|
||||
switch ((virDomainMemoryModel) mem->model) {
|
||||
case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
|
||||
seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
|
||||
if (!seclabel || !seclabel->relabel)
|
||||
return 0;
|
||||
|
||||
ret = virSecuritySELinuxRestoreFileLabel(mgr, mem->nvdimmPath);
|
||||
break;
|
||||
|
||||
case VIR_DOMAIN_MEMORY_MODEL_DIMM:
|
||||
case VIR_DOMAIN_MEMORY_MODEL_NONE:
|
||||
case VIR_DOMAIN_MEMORY_MODEL_LAST:
|
||||
ret = 0;
|
||||
break;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
virSecuritySELinuxSetTPMFileLabel(virSecurityManagerPtr mgr,
|
||||
virDomainDefPtr def,
|
||||
@ -2325,6 +2381,11 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManagerPtr mgr,
|
||||
rc = -1;
|
||||
}
|
||||
|
||||
for (i = 0; i < def->nmems; i++) {
|
||||
if (virSecuritySELinuxRestoreMemoryLabel(mgr, def, def->mems[i]) < 0)
|
||||
return -1;
|
||||
}
|
||||
|
||||
for (i = 0; i < def->ndisks; i++) {
|
||||
virDomainDiskDefPtr disk = def->disks[i];
|
||||
|
||||
@ -2711,6 +2772,11 @@ virSecuritySELinuxSetAllLabel(virSecurityManagerPtr mgr,
|
||||
return -1;
|
||||
}
|
||||
|
||||
for (i = 0; i < def->nmems; i++) {
|
||||
if (virSecuritySELinuxSetMemoryLabel(mgr, def, def->mems[i]) < 0)
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (def->tpm) {
|
||||
if (virSecuritySELinuxSetTPMFileLabel(mgr, def, def->tpm) < 0)
|
||||
return -1;
|
||||
|
Loading…
Reference in New Issue
Block a user