mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-03-07 17:28:15 +00:00
security_dac: Label host side of NVDIMM
When domain is being started up, we ought to relabel the host side of NVDIMM so qemu has access to it. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
parent
e433546bef
commit
ea416faf74
@ -1386,6 +1386,30 @@ virSecurityDACRestoreInputLabel(virSecurityManagerPtr mgr,
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
virSecurityDACRestoreMemoryLabel(virSecurityManagerPtr mgr,
|
||||
virDomainDefPtr def ATTRIBUTE_UNUSED,
|
||||
virDomainMemoryDefPtr mem)
|
||||
{
|
||||
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
||||
int ret = -1;
|
||||
|
||||
switch ((virDomainMemoryModel) mem->model) {
|
||||
case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
|
||||
ret = virSecurityDACRestoreFileLabel(priv, mem->nvdimmPath);
|
||||
break;
|
||||
|
||||
case VIR_DOMAIN_MEMORY_MODEL_DIMM:
|
||||
case VIR_DOMAIN_MEMORY_MODEL_LAST:
|
||||
case VIR_DOMAIN_MEMORY_MODEL_NONE:
|
||||
ret = 0;
|
||||
break;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
virSecurityDACRestoreAllLabel(virSecurityManagerPtr mgr,
|
||||
virDomainDefPtr def,
|
||||
@ -1425,6 +1449,13 @@ virSecurityDACRestoreAllLabel(virSecurityManagerPtr mgr,
|
||||
rc = -1;
|
||||
}
|
||||
|
||||
for (i = 0; i < def->nmems; i++) {
|
||||
if (virSecurityDACRestoreMemoryLabel(mgr,
|
||||
def,
|
||||
def->mems[i]) < 0)
|
||||
rc = -1;
|
||||
}
|
||||
|
||||
if (virDomainChrDefForeach(def,
|
||||
false,
|
||||
virSecurityDACRestoreChardevCallback,
|
||||
@ -1457,6 +1488,41 @@ virSecurityDACSetChardevCallback(virDomainDefPtr def,
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
virSecurityDACSetMemoryLabel(virSecurityManagerPtr mgr,
|
||||
virDomainDefPtr def,
|
||||
virDomainMemoryDefPtr mem)
|
||||
|
||||
{
|
||||
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
||||
virSecurityLabelDefPtr seclabel;
|
||||
int ret = -1;
|
||||
uid_t user;
|
||||
gid_t group;
|
||||
|
||||
switch ((virDomainMemoryModel) mem->model) {
|
||||
case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
|
||||
seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
|
||||
if (seclabel && !seclabel->relabel)
|
||||
return 0;
|
||||
|
||||
if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < 0)
|
||||
return -1;
|
||||
|
||||
ret = virSecurityDACSetOwnership(priv, NULL, mem->nvdimmPath, user, group);
|
||||
break;
|
||||
|
||||
case VIR_DOMAIN_MEMORY_MODEL_DIMM:
|
||||
case VIR_DOMAIN_MEMORY_MODEL_LAST:
|
||||
case VIR_DOMAIN_MEMORY_MODEL_NONE:
|
||||
ret = 0;
|
||||
break;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
virSecurityDACSetAllLabel(virSecurityManagerPtr mgr,
|
||||
virDomainDefPtr def,
|
||||
@ -1496,6 +1562,13 @@ virSecurityDACSetAllLabel(virSecurityManagerPtr mgr,
|
||||
return -1;
|
||||
}
|
||||
|
||||
for (i = 0; i < def->nmems; i++) {
|
||||
if (virSecurityDACSetMemoryLabel(mgr,
|
||||
def,
|
||||
def->mems[i]) < 0)
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (virDomainChrDefForeach(def,
|
||||
true,
|
||||
virSecurityDACSetChardevCallback,
|
||||
|
Loading…
x
Reference in New Issue
Block a user