mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-03-07 17:28:15 +00:00
Allow passing a vroot into security manager hostdev labelling
When LXC labels USB devices during hotplug, it is running in host context, so it needs to pass in a vroot path to the container root. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange
parent
89c5a9d0e8
commit
df5928ea56
@ -290,7 +290,8 @@ int qemuSetupCgroup(virQEMUDriverPtr driver,
|
|||||||
continue;
|
continue;
|
||||||
|
|
||||||
if ((usb = usbGetDevice(hostdev->source.subsys.u.usb.bus,
|
if ((usb = usbGetDevice(hostdev->source.subsys.u.usb.bus,
|
||||||
hostdev->source.subsys.u.usb.device)) == NULL)
|
hostdev->source.subsys.u.usb.device,
|
||||||
|
NULL)) == NULL)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
if (usbDeviceFileIterate(usb, qemuSetupHostUsbDeviceCgroup,
|
if (usbDeviceFileIterate(usb, qemuSetupHostUsbDeviceCgroup,
|
||||||
|
|||||||
@ -179,7 +179,8 @@ qemuUpdateActiveUsbHostdevs(virQEMUDriverPtr driver,
|
|||||||
continue;
|
continue;
|
||||||
|
|
||||||
usb = usbGetDevice(hostdev->source.subsys.u.usb.bus,
|
usb = usbGetDevice(hostdev->source.subsys.u.usb.bus,
|
||||||
hostdev->source.subsys.u.usb.device);
|
hostdev->source.subsys.u.usb.device,
|
||||||
|
NULL);
|
||||||
if (!usb) {
|
if (!usb) {
|
||||||
VIR_WARN("Unable to reattach USB device %03d.%03d on domain %s",
|
VIR_WARN("Unable to reattach USB device %03d.%03d on domain %s",
|
||||||
hostdev->source.subsys.u.usb.bus,
|
hostdev->source.subsys.u.usb.bus,
|
||||||
@ -653,6 +654,7 @@ qemuFindHostdevUSBDevice(virDomainHostdevDefPtr hostdev,
|
|||||||
|
|
||||||
if (vendor && bus) {
|
if (vendor && bus) {
|
||||||
rc = usbFindDevice(vendor, product, bus, device,
|
rc = usbFindDevice(vendor, product, bus, device,
|
||||||
|
NULL,
|
||||||
autoAddress ? false : mandatory,
|
autoAddress ? false : mandatory,
|
||||||
usb);
|
usb);
|
||||||
if (rc < 0) {
|
if (rc < 0) {
|
||||||
@ -673,7 +675,7 @@ qemuFindHostdevUSBDevice(virDomainHostdevDefPtr hostdev,
|
|||||||
if (vendor) {
|
if (vendor) {
|
||||||
usbDeviceList *devs;
|
usbDeviceList *devs;
|
||||||
|
|
||||||
rc = usbFindDeviceByVendor(vendor, product, mandatory, &devs);
|
rc = usbFindDeviceByVendor(vendor, product, NULL, mandatory, &devs);
|
||||||
if (rc < 0)
|
if (rc < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
@ -713,7 +715,7 @@ qemuFindHostdevUSBDevice(virDomainHostdevDefPtr hostdev,
|
|||||||
bus, device);
|
bus, device);
|
||||||
}
|
}
|
||||||
} else if (!vendor && bus) {
|
} else if (!vendor && bus) {
|
||||||
if (usbFindDeviceByBus(bus, device, mandatory, usb) < 0)
|
if (usbFindDeviceByBus(bus, device, NULL, mandatory, usb) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -934,7 +936,8 @@ qemuDomainReAttachHostUsbDevices(virQEMUDriverPtr driver,
|
|||||||
continue;
|
continue;
|
||||||
|
|
||||||
usb = usbGetDevice(hostdev->source.subsys.u.usb.bus,
|
usb = usbGetDevice(hostdev->source.subsys.u.usb.bus,
|
||||||
hostdev->source.subsys.u.usb.device);
|
hostdev->source.subsys.u.usb.device,
|
||||||
|
NULL);
|
||||||
|
|
||||||
if (!usb) {
|
if (!usb) {
|
||||||
VIR_WARN("Unable to reattach USB device %03d.%03d on domain %s",
|
VIR_WARN("Unable to reattach USB device %03d.%03d on domain %s",
|
||||||
|
|||||||
@ -1105,7 +1105,8 @@ int qemuDomainAttachHostUsbDevice(virQEMUDriverPtr driver,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ((usb = usbGetDevice(hostdev->source.subsys.u.usb.bus,
|
if ((usb = usbGetDevice(hostdev->source.subsys.u.usb.bus,
|
||||||
hostdev->source.subsys.u.usb.device)) == NULL)
|
hostdev->source.subsys.u.usb.device,
|
||||||
|
NULL)) == NULL)
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
data.vm = vm;
|
data.vm = vm;
|
||||||
@ -1173,7 +1174,7 @@ int qemuDomainAttachHostDevice(virQEMUDriverPtr driver,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (virSecurityManagerSetHostdevLabel(driver->securityManager,
|
if (virSecurityManagerSetHostdevLabel(driver->securityManager,
|
||||||
vm->def, hostdev) < 0)
|
vm->def, hostdev, NULL) < 0)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
switch (hostdev->source.subsys.type) {
|
switch (hostdev->source.subsys.type) {
|
||||||
@ -1201,7 +1202,7 @@ int qemuDomainAttachHostDevice(virQEMUDriverPtr driver,
|
|||||||
|
|
||||||
error:
|
error:
|
||||||
if (virSecurityManagerRestoreHostdevLabel(driver->securityManager,
|
if (virSecurityManagerRestoreHostdevLabel(driver->securityManager,
|
||||||
vm->def, hostdev) < 0)
|
vm->def, hostdev, NULL) < 0)
|
||||||
VIR_WARN("Unable to restore host device labelling on hotplug fail");
|
VIR_WARN("Unable to restore host device labelling on hotplug fail");
|
||||||
|
|
||||||
cleanup:
|
cleanup:
|
||||||
@ -2394,7 +2395,7 @@ qemuDomainDetachHostUsbDevice(virQEMUDriverPtr driver,
|
|||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
usb = usbGetDevice(subsys->u.usb.bus, subsys->u.usb.device);
|
usb = usbGetDevice(subsys->u.usb.bus, subsys->u.usb.device, NULL);
|
||||||
if (usb) {
|
if (usb) {
|
||||||
usbDeviceListDel(driver->activeUsbHostdevs, usb);
|
usbDeviceListDel(driver->activeUsbHostdevs, usb);
|
||||||
usbFreeDevice(usb);
|
usbFreeDevice(usb);
|
||||||
@ -2445,7 +2446,7 @@ int qemuDomainDetachThisHostDevice(virQEMUDriverPtr driver,
|
|||||||
|
|
||||||
if (!ret) {
|
if (!ret) {
|
||||||
if (virSecurityManagerRestoreHostdevLabel(driver->securityManager,
|
if (virSecurityManagerRestoreHostdevLabel(driver->securityManager,
|
||||||
vm->def, detach) < 0) {
|
vm->def, detach, NULL) < 0) {
|
||||||
VIR_WARN("Failed to restore host device labelling");
|
VIR_WARN("Failed to restore host device labelling");
|
||||||
}
|
}
|
||||||
virDomainHostdevRemove(vm->def, idx);
|
virDomainHostdevRemove(vm->def, idx);
|
||||||
|
|||||||
@ -742,8 +742,8 @@ AppArmorReserveSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
|||||||
static int
|
static int
|
||||||
AppArmorSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
|
AppArmorSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr def,
|
virDomainDefPtr def,
|
||||||
virDomainHostdevDefPtr dev)
|
virDomainHostdevDefPtr dev,
|
||||||
|
const char *vroot)
|
||||||
{
|
{
|
||||||
struct SDPDOP *ptr;
|
struct SDPDOP *ptr;
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
@ -770,7 +770,8 @@ AppArmorSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
|
|||||||
switch (dev->source.subsys.type) {
|
switch (dev->source.subsys.type) {
|
||||||
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: {
|
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: {
|
||||||
usbDevice *usb = usbGetDevice(dev->source.subsys.u.usb.bus,
|
usbDevice *usb = usbGetDevice(dev->source.subsys.u.usb.bus,
|
||||||
dev->source.subsys.u.usb.device);
|
dev->source.subsys.u.usb.device,
|
||||||
|
vroot);
|
||||||
|
|
||||||
if (!usb)
|
if (!usb)
|
||||||
goto done;
|
goto done;
|
||||||
@ -808,7 +809,8 @@ done:
|
|||||||
static int
|
static int
|
||||||
AppArmorRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
|
AppArmorRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr def,
|
virDomainDefPtr def,
|
||||||
virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED)
|
virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED,
|
||||||
|
const char *vroot ATTRIBUTE_UNUSED)
|
||||||
|
|
||||||
{
|
{
|
||||||
const virSecurityLabelDefPtr secdef =
|
const virSecurityLabelDefPtr secdef =
|
||||||
|
|||||||
@ -474,7 +474,8 @@ virSecurityDACSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
|
|||||||
static int
|
static int
|
||||||
virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
|
virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr def,
|
virDomainDefPtr def,
|
||||||
virDomainHostdevDefPtr dev)
|
virDomainHostdevDefPtr dev,
|
||||||
|
const char *vroot)
|
||||||
{
|
{
|
||||||
void *params[] = {mgr, def};
|
void *params[] = {mgr, def};
|
||||||
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
||||||
@ -494,7 +495,8 @@ virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
usb = usbGetDevice(dev->source.subsys.u.usb.bus,
|
usb = usbGetDevice(dev->source.subsys.u.usb.bus,
|
||||||
dev->source.subsys.u.usb.device);
|
dev->source.subsys.u.usb.device,
|
||||||
|
vroot);
|
||||||
if (!usb)
|
if (!usb)
|
||||||
goto done;
|
goto done;
|
||||||
|
|
||||||
@ -550,8 +552,9 @@ virSecurityDACRestoreSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
|
|||||||
|
|
||||||
static int
|
static int
|
||||||
virSecurityDACRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
|
virSecurityDACRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr def ATTRIBUTE_UNUSED,
|
virDomainDefPtr def ATTRIBUTE_UNUSED,
|
||||||
virDomainHostdevDefPtr dev)
|
virDomainHostdevDefPtr dev,
|
||||||
|
const char *vroot)
|
||||||
|
|
||||||
{
|
{
|
||||||
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
||||||
@ -571,7 +574,8 @@ virSecurityDACRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
usb = usbGetDevice(dev->source.subsys.u.usb.bus,
|
usb = usbGetDevice(dev->source.subsys.u.usb.bus,
|
||||||
dev->source.subsys.u.usb.device);
|
dev->source.subsys.u.usb.device,
|
||||||
|
vroot);
|
||||||
if (!usb)
|
if (!usb)
|
||||||
goto done;
|
goto done;
|
||||||
|
|
||||||
@ -728,7 +732,8 @@ virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
|
|||||||
for (i = 0 ; i < def->nhostdevs ; i++) {
|
for (i = 0 ; i < def->nhostdevs ; i++) {
|
||||||
if (virSecurityDACRestoreSecurityHostdevLabel(mgr,
|
if (virSecurityDACRestoreSecurityHostdevLabel(mgr,
|
||||||
def,
|
def,
|
||||||
def->hostdevs[i]) < 0)
|
def->hostdevs[i],
|
||||||
|
NULL) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
}
|
}
|
||||||
for (i = 0 ; i < def->ndisks ; i++) {
|
for (i = 0 ; i < def->ndisks ; i++) {
|
||||||
@ -793,7 +798,8 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr,
|
|||||||
for (i = 0 ; i < def->nhostdevs ; i++) {
|
for (i = 0 ; i < def->nhostdevs ; i++) {
|
||||||
if (virSecurityDACSetSecurityHostdevLabel(mgr,
|
if (virSecurityDACSetSecurityHostdevLabel(mgr,
|
||||||
def,
|
def,
|
||||||
def->hostdevs[i]) < 0)
|
def->hostdevs[i],
|
||||||
|
NULL) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -61,10 +61,12 @@ typedef int (*virSecurityDomainSetImageLabel) (virSecurityManagerPtr mgr,
|
|||||||
virDomainDiskDefPtr disk);
|
virDomainDiskDefPtr disk);
|
||||||
typedef int (*virSecurityDomainRestoreHostdevLabel) (virSecurityManagerPtr mgr,
|
typedef int (*virSecurityDomainRestoreHostdevLabel) (virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr def,
|
virDomainDefPtr def,
|
||||||
virDomainHostdevDefPtr dev);
|
virDomainHostdevDefPtr dev,
|
||||||
|
const char *vroot);
|
||||||
typedef int (*virSecurityDomainSetHostdevLabel) (virSecurityManagerPtr mgr,
|
typedef int (*virSecurityDomainSetHostdevLabel) (virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr def,
|
virDomainDefPtr def,
|
||||||
virDomainHostdevDefPtr dev);
|
virDomainHostdevDefPtr dev,
|
||||||
|
const char *vroot);
|
||||||
typedef int (*virSecurityDomainSetSavedStateLabel) (virSecurityManagerPtr mgr,
|
typedef int (*virSecurityDomainSetSavedStateLabel) (virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr def,
|
virDomainDefPtr def,
|
||||||
const char *savefile);
|
const char *savefile);
|
||||||
|
|||||||
@ -275,10 +275,11 @@ int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr,
|
|||||||
|
|
||||||
int virSecurityManagerRestoreHostdevLabel(virSecurityManagerPtr mgr,
|
int virSecurityManagerRestoreHostdevLabel(virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr vm,
|
virDomainDefPtr vm,
|
||||||
virDomainHostdevDefPtr dev)
|
virDomainHostdevDefPtr dev,
|
||||||
|
const char *vroot)
|
||||||
{
|
{
|
||||||
if (mgr->drv->domainRestoreSecurityHostdevLabel)
|
if (mgr->drv->domainRestoreSecurityHostdevLabel)
|
||||||
return mgr->drv->domainRestoreSecurityHostdevLabel(mgr, vm, dev);
|
return mgr->drv->domainRestoreSecurityHostdevLabel(mgr, vm, dev, vroot);
|
||||||
|
|
||||||
virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
|
virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
|
||||||
return -1;
|
return -1;
|
||||||
@ -286,10 +287,11 @@ int virSecurityManagerRestoreHostdevLabel(virSecurityManagerPtr mgr,
|
|||||||
|
|
||||||
int virSecurityManagerSetHostdevLabel(virSecurityManagerPtr mgr,
|
int virSecurityManagerSetHostdevLabel(virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr vm,
|
virDomainDefPtr vm,
|
||||||
virDomainHostdevDefPtr dev)
|
virDomainHostdevDefPtr dev,
|
||||||
|
const char *vroot)
|
||||||
{
|
{
|
||||||
if (mgr->drv->domainSetSecurityHostdevLabel)
|
if (mgr->drv->domainSetSecurityHostdevLabel)
|
||||||
return mgr->drv->domainSetSecurityHostdevLabel(mgr, vm, dev);
|
return mgr->drv->domainSetSecurityHostdevLabel(mgr, vm, dev, vroot);
|
||||||
|
|
||||||
virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
|
virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
|
||||||
return -1;
|
return -1;
|
||||||
|
|||||||
@ -71,10 +71,12 @@ int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr,
|
|||||||
virDomainDiskDefPtr disk);
|
virDomainDiskDefPtr disk);
|
||||||
int virSecurityManagerRestoreHostdevLabel(virSecurityManagerPtr mgr,
|
int virSecurityManagerRestoreHostdevLabel(virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr def,
|
virDomainDefPtr def,
|
||||||
virDomainHostdevDefPtr dev);
|
virDomainHostdevDefPtr dev,
|
||||||
|
const char *vroot);
|
||||||
int virSecurityManagerSetHostdevLabel(virSecurityManagerPtr mgr,
|
int virSecurityManagerSetHostdevLabel(virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr def,
|
virDomainDefPtr def,
|
||||||
virDomainHostdevDefPtr dev);
|
virDomainHostdevDefPtr dev,
|
||||||
|
const char *vroot);
|
||||||
int virSecurityManagerSetSavedStateLabel(virSecurityManagerPtr mgr,
|
int virSecurityManagerSetSavedStateLabel(virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr def,
|
virDomainDefPtr def,
|
||||||
const char *savefile);
|
const char *savefile);
|
||||||
|
|||||||
@ -84,14 +84,16 @@ static int virSecurityDomainSetImageLabelNop(virSecurityManagerPtr mgr ATTRIBUTE
|
|||||||
|
|
||||||
static int virSecurityDomainRestoreHostdevLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
static int virSecurityDomainRestoreHostdevLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||||
virDomainDefPtr vm ATTRIBUTE_UNUSED,
|
virDomainDefPtr vm ATTRIBUTE_UNUSED,
|
||||||
virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED)
|
virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED,
|
||||||
|
const char *vroot ATTRIBUTE_UNUSED)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int virSecurityDomainSetHostdevLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
static int virSecurityDomainSetHostdevLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||||
virDomainDefPtr vm ATTRIBUTE_UNUSED,
|
virDomainDefPtr vm ATTRIBUTE_UNUSED,
|
||||||
virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED)
|
virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED,
|
||||||
|
const char *vroot ATTRIBUTE_UNUSED)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1161,7 +1161,8 @@ virSecuritySELinuxSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
|
|||||||
static int
|
static int
|
||||||
virSecuritySELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
virSecuritySELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||||
virDomainDefPtr def,
|
virDomainDefPtr def,
|
||||||
virDomainHostdevDefPtr dev)
|
virDomainHostdevDefPtr dev,
|
||||||
|
const char *vroot)
|
||||||
|
|
||||||
{
|
{
|
||||||
virSecurityLabelDefPtr secdef;
|
virSecurityLabelDefPtr secdef;
|
||||||
@ -1185,7 +1186,8 @@ virSecuritySELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UN
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
usb = usbGetDevice(dev->source.subsys.u.usb.bus,
|
usb = usbGetDevice(dev->source.subsys.u.usb.bus,
|
||||||
dev->source.subsys.u.usb.device);
|
dev->source.subsys.u.usb.device,
|
||||||
|
vroot);
|
||||||
if (!usb)
|
if (!usb)
|
||||||
goto done;
|
goto done;
|
||||||
|
|
||||||
@ -1238,7 +1240,8 @@ virSecuritySELinuxRestoreSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
|
|||||||
static int
|
static int
|
||||||
virSecuritySELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
virSecuritySELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||||
virDomainDefPtr def,
|
virDomainDefPtr def,
|
||||||
virDomainHostdevDefPtr dev)
|
virDomainHostdevDefPtr dev,
|
||||||
|
const char *vroot)
|
||||||
|
|
||||||
{
|
{
|
||||||
virSecurityLabelDefPtr secdef;
|
virSecurityLabelDefPtr secdef;
|
||||||
@ -1262,7 +1265,8 @@ virSecuritySELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUT
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
usb = usbGetDevice(dev->source.subsys.u.usb.bus,
|
usb = usbGetDevice(dev->source.subsys.u.usb.bus,
|
||||||
dev->source.subsys.u.usb.device);
|
dev->source.subsys.u.usb.device,
|
||||||
|
vroot);
|
||||||
if (!usb)
|
if (!usb)
|
||||||
goto done;
|
goto done;
|
||||||
|
|
||||||
@ -1504,7 +1508,8 @@ virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
|
|||||||
for (i = 0 ; i < def->nhostdevs ; i++) {
|
for (i = 0 ; i < def->nhostdevs ; i++) {
|
||||||
if (virSecuritySELinuxRestoreSecurityHostdevLabel(mgr,
|
if (virSecuritySELinuxRestoreSecurityHostdevLabel(mgr,
|
||||||
def,
|
def,
|
||||||
def->hostdevs[i]) < 0)
|
def->hostdevs[i],
|
||||||
|
NULL) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
}
|
}
|
||||||
for (i = 0 ; i < def->ndisks ; i++) {
|
for (i = 0 ; i < def->ndisks ; i++) {
|
||||||
@ -1874,8 +1879,9 @@ virSecuritySELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
|
|||||||
|
|
||||||
for (i = 0 ; i < def->nhostdevs ; i++) {
|
for (i = 0 ; i < def->nhostdevs ; i++) {
|
||||||
if (virSecuritySELinuxSetSecurityHostdevLabel(mgr,
|
if (virSecuritySELinuxSetSecurityHostdevLabel(mgr,
|
||||||
def,
|
def,
|
||||||
def->hostdevs[i]) < 0)
|
def->hostdevs[i],
|
||||||
|
NULL) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -236,7 +236,8 @@ virSecurityStackRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
|
|||||||
static int
|
static int
|
||||||
virSecurityStackSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
|
virSecurityStackSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr vm,
|
virDomainDefPtr vm,
|
||||||
virDomainHostdevDefPtr dev)
|
virDomainHostdevDefPtr dev,
|
||||||
|
const char *vroot)
|
||||||
|
|
||||||
{
|
{
|
||||||
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
||||||
@ -244,7 +245,10 @@ virSecurityStackSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
|
|||||||
int rc = 0;
|
int rc = 0;
|
||||||
|
|
||||||
for (; item; item = item->next) {
|
for (; item; item = item->next) {
|
||||||
if (virSecurityManagerSetHostdevLabel(item->securityManager, vm, dev) < 0)
|
if (virSecurityManagerSetHostdevLabel(item->securityManager,
|
||||||
|
vm,
|
||||||
|
dev,
|
||||||
|
vroot) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -255,14 +259,18 @@ virSecurityStackSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
|
|||||||
static int
|
static int
|
||||||
virSecurityStackRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
|
virSecurityStackRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
|
||||||
virDomainDefPtr vm,
|
virDomainDefPtr vm,
|
||||||
virDomainHostdevDefPtr dev)
|
virDomainHostdevDefPtr dev,
|
||||||
|
const char *vroot)
|
||||||
{
|
{
|
||||||
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
||||||
virSecurityStackItemPtr item = priv->itemsHead;
|
virSecurityStackItemPtr item = priv->itemsHead;
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
|
|
||||||
for (; item; item = item->next) {
|
for (; item; item = item->next) {
|
||||||
if (virSecurityManagerRestoreHostdevLabel(item->securityManager, vm, dev) < 0)
|
if (virSecurityManagerRestoreHostdevLabel(item->securityManager,
|
||||||
|
vm,
|
||||||
|
dev,
|
||||||
|
vroot) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -101,6 +101,7 @@ usbDeviceSearch(unsigned int vendor,
|
|||||||
unsigned int product,
|
unsigned int product,
|
||||||
unsigned int bus,
|
unsigned int bus,
|
||||||
unsigned int devno,
|
unsigned int devno,
|
||||||
|
const char *vroot,
|
||||||
unsigned int flags)
|
unsigned int flags)
|
||||||
{
|
{
|
||||||
DIR *dir = NULL;
|
DIR *dir = NULL;
|
||||||
@ -160,7 +161,7 @@ usbDeviceSearch(unsigned int vendor,
|
|||||||
found = true;
|
found = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
usb = usbGetDevice(found_bus, found_devno);
|
usb = usbGetDevice(found_bus, found_devno, vroot);
|
||||||
if (!usb)
|
if (!usb)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
@ -189,6 +190,7 @@ cleanup:
|
|||||||
int
|
int
|
||||||
usbFindDeviceByVendor(unsigned int vendor,
|
usbFindDeviceByVendor(unsigned int vendor,
|
||||||
unsigned product,
|
unsigned product,
|
||||||
|
const char *vroot,
|
||||||
bool mandatory,
|
bool mandatory,
|
||||||
usbDeviceList **devices)
|
usbDeviceList **devices)
|
||||||
{
|
{
|
||||||
@ -196,6 +198,7 @@ usbFindDeviceByVendor(unsigned int vendor,
|
|||||||
int count;
|
int count;
|
||||||
|
|
||||||
if (!(list = usbDeviceSearch(vendor, product, 0 , 0,
|
if (!(list = usbDeviceSearch(vendor, product, 0 , 0,
|
||||||
|
vroot,
|
||||||
USB_DEVICE_FIND_BY_VENDOR)))
|
USB_DEVICE_FIND_BY_VENDOR)))
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
@ -226,12 +229,14 @@ usbFindDeviceByVendor(unsigned int vendor,
|
|||||||
int
|
int
|
||||||
usbFindDeviceByBus(unsigned int bus,
|
usbFindDeviceByBus(unsigned int bus,
|
||||||
unsigned devno,
|
unsigned devno,
|
||||||
|
const char *vroot,
|
||||||
bool mandatory,
|
bool mandatory,
|
||||||
usbDevice **usb)
|
usbDevice **usb)
|
||||||
{
|
{
|
||||||
usbDeviceList *list;
|
usbDeviceList *list;
|
||||||
|
|
||||||
if (!(list = usbDeviceSearch(0, 0, bus, devno,
|
if (!(list = usbDeviceSearch(0, 0, bus, devno,
|
||||||
|
vroot,
|
||||||
USB_DEVICE_FIND_BY_BUS)))
|
USB_DEVICE_FIND_BY_BUS)))
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
@ -265,13 +270,15 @@ usbFindDevice(unsigned int vendor,
|
|||||||
unsigned int product,
|
unsigned int product,
|
||||||
unsigned int bus,
|
unsigned int bus,
|
||||||
unsigned int devno,
|
unsigned int devno,
|
||||||
|
const char *vroot,
|
||||||
bool mandatory,
|
bool mandatory,
|
||||||
usbDevice **usb)
|
usbDevice **usb)
|
||||||
{
|
{
|
||||||
usbDeviceList *list;
|
usbDeviceList *list;
|
||||||
|
|
||||||
unsigned int flags = USB_DEVICE_FIND_BY_VENDOR|USB_DEVICE_FIND_BY_BUS;
|
unsigned int flags = USB_DEVICE_FIND_BY_VENDOR|USB_DEVICE_FIND_BY_BUS;
|
||||||
if (!(list = usbDeviceSearch(vendor, product, bus, devno, flags)))
|
if (!(list = usbDeviceSearch(vendor, product, bus, devno,
|
||||||
|
vroot, flags)))
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
if (list->count == 0) {
|
if (list->count == 0) {
|
||||||
@ -301,7 +308,8 @@ usbFindDevice(unsigned int vendor,
|
|||||||
|
|
||||||
usbDevice *
|
usbDevice *
|
||||||
usbGetDevice(unsigned int bus,
|
usbGetDevice(unsigned int bus,
|
||||||
unsigned int devno)
|
unsigned int devno,
|
||||||
|
const char *vroot)
|
||||||
{
|
{
|
||||||
usbDevice *dev;
|
usbDevice *dev;
|
||||||
|
|
||||||
@ -321,7 +329,8 @@ usbGetDevice(unsigned int bus,
|
|||||||
usbFreeDevice(dev);
|
usbFreeDevice(dev);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
if (virAsprintf(&dev->path, USB_DEVFS "%03d/%03d",
|
if (virAsprintf(&dev->path, "%s" USB_DEVFS "%03d/%03d",
|
||||||
|
vroot ? vroot : "",
|
||||||
dev->bus, dev->dev) < 0) {
|
dev->bus, dev->dev) < 0) {
|
||||||
virReportOOMError();
|
virReportOOMError();
|
||||||
usbFreeDevice(dev);
|
usbFreeDevice(dev);
|
||||||
|
|||||||
@ -29,15 +29,18 @@ typedef struct _usbDevice usbDevice;
|
|||||||
typedef struct _usbDeviceList usbDeviceList;
|
typedef struct _usbDeviceList usbDeviceList;
|
||||||
|
|
||||||
usbDevice *usbGetDevice(unsigned int bus,
|
usbDevice *usbGetDevice(unsigned int bus,
|
||||||
unsigned int devno);
|
unsigned int devno,
|
||||||
|
const char *vroot);
|
||||||
|
|
||||||
int usbFindDeviceByBus(unsigned int bus,
|
int usbFindDeviceByBus(unsigned int bus,
|
||||||
unsigned int devno,
|
unsigned int devno,
|
||||||
|
const char *vroot,
|
||||||
bool mandatory,
|
bool mandatory,
|
||||||
usbDevice **usb);
|
usbDevice **usb);
|
||||||
|
|
||||||
int usbFindDeviceByVendor(unsigned int vendor,
|
int usbFindDeviceByVendor(unsigned int vendor,
|
||||||
unsigned int product,
|
unsigned int product,
|
||||||
|
const char *vroot,
|
||||||
bool mandatory,
|
bool mandatory,
|
||||||
usbDeviceList **devices);
|
usbDeviceList **devices);
|
||||||
|
|
||||||
@ -45,6 +48,7 @@ int usbFindDevice(unsigned int vendor,
|
|||||||
unsigned int product,
|
unsigned int product,
|
||||||
unsigned int bus,
|
unsigned int bus,
|
||||||
unsigned int devno,
|
unsigned int devno,
|
||||||
|
const char *vroot,
|
||||||
bool mandatory,
|
bool mandatory,
|
||||||
usbDevice **usb);
|
usbDevice **usb);
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user