mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-11-03 20:01:16 +00:00
Pass security driver object into all security driver callbacks
The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
This commit is contained in:
Daniel P. Berrange
parent
a885334499
commit
f70e080962
@ -1282,7 +1282,8 @@ qemuReconnectDomain(void *payload, const char *name ATTRIBUTE_UNUSED, void *opaq
|
|||||||
|
|
||||||
if (driver->securityDriver &&
|
if (driver->securityDriver &&
|
||||||
driver->securityDriver->domainReserveSecurityLabel &&
|
driver->securityDriver->domainReserveSecurityLabel &&
|
||||||
driver->securityDriver->domainReserveSecurityLabel(obj) < 0)
|
driver->securityDriver->domainReserveSecurityLabel(driver->securityDriver,
|
||||||
|
obj) < 0)
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
if (obj->def->id >= driver->nextvmid)
|
if (obj->def->id >= driver->nextvmid)
|
||||||
@ -3405,13 +3406,15 @@ static int qemudStartVMDaemon(virConnectPtr conn,
|
|||||||
DEBUG0("Generating domain security label (if required)");
|
DEBUG0("Generating domain security label (if required)");
|
||||||
if (driver->securityDriver &&
|
if (driver->securityDriver &&
|
||||||
driver->securityDriver->domainGenSecurityLabel &&
|
driver->securityDriver->domainGenSecurityLabel &&
|
||||||
driver->securityDriver->domainGenSecurityLabel(vm) < 0)
|
driver->securityDriver->domainGenSecurityLabel(driver->securityDriver,
|
||||||
|
vm) < 0)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
DEBUG0("Generating setting domain security labels (if required)");
|
DEBUG0("Generating setting domain security labels (if required)");
|
||||||
if (driver->securityDriver &&
|
if (driver->securityDriver &&
|
||||||
driver->securityDriver->domainSetSecurityAllLabel &&
|
driver->securityDriver->domainSetSecurityAllLabel &&
|
||||||
driver->securityDriver->domainSetSecurityAllLabel(vm, stdin_path) < 0) {
|
driver->securityDriver->domainSetSecurityAllLabel(driver->securityDriver,
|
||||||
|
vm, stdin_path) < 0) {
|
||||||
if (stdin_path && virStorageFileIsSharedFS(stdin_path) != 1)
|
if (stdin_path && virStorageFileIsSharedFS(stdin_path) != 1)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
@ -3770,10 +3773,12 @@ static void qemudShutdownVMDaemon(struct qemud_driver *driver,
|
|||||||
/* Reset Security Labels */
|
/* Reset Security Labels */
|
||||||
if (driver->securityDriver &&
|
if (driver->securityDriver &&
|
||||||
driver->securityDriver->domainRestoreSecurityAllLabel)
|
driver->securityDriver->domainRestoreSecurityAllLabel)
|
||||||
driver->securityDriver->domainRestoreSecurityAllLabel(vm, migrated);
|
driver->securityDriver->domainRestoreSecurityAllLabel(driver->securityDriver,
|
||||||
|
vm, migrated);
|
||||||
if (driver->securityDriver &&
|
if (driver->securityDriver &&
|
||||||
driver->securityDriver->domainReleaseSecurityLabel)
|
driver->securityDriver->domainReleaseSecurityLabel)
|
||||||
driver->securityDriver->domainReleaseSecurityLabel(vm);
|
driver->securityDriver->domainReleaseSecurityLabel(driver->securityDriver,
|
||||||
|
vm);
|
||||||
|
|
||||||
/* Clear out dynamically assigned labels */
|
/* Clear out dynamically assigned labels */
|
||||||
if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
|
if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
|
||||||
@ -5175,7 +5180,8 @@ static int qemudDomainSaveFlag(virDomainPtr dom, const char *path,
|
|||||||
if ((!bypassSecurityDriver) &&
|
if ((!bypassSecurityDriver) &&
|
||||||
driver->securityDriver &&
|
driver->securityDriver &&
|
||||||
driver->securityDriver->domainSetSavedStateLabel &&
|
driver->securityDriver->domainSetSavedStateLabel &&
|
||||||
driver->securityDriver->domainSetSavedStateLabel(vm, path) == -1)
|
driver->securityDriver->domainSetSavedStateLabel(driver->securityDriver,
|
||||||
|
vm, path) == -1)
|
||||||
goto endjob;
|
goto endjob;
|
||||||
|
|
||||||
if (header.compressed == QEMUD_SAVE_FORMAT_RAW) {
|
if (header.compressed == QEMUD_SAVE_FORMAT_RAW) {
|
||||||
@ -5210,7 +5216,8 @@ static int qemudDomainSaveFlag(virDomainPtr dom, const char *path,
|
|||||||
if ((!bypassSecurityDriver) &&
|
if ((!bypassSecurityDriver) &&
|
||||||
driver->securityDriver &&
|
driver->securityDriver &&
|
||||||
driver->securityDriver->domainRestoreSavedStateLabel &&
|
driver->securityDriver->domainRestoreSavedStateLabel &&
|
||||||
driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1)
|
driver->securityDriver->domainRestoreSavedStateLabel(driver->securityDriver,
|
||||||
|
vm, path) == -1)
|
||||||
VIR_WARN("failed to restore save state label on %s", path);
|
VIR_WARN("failed to restore save state label on %s", path);
|
||||||
|
|
||||||
if (cgroup != NULL) {
|
if (cgroup != NULL) {
|
||||||
@ -5257,7 +5264,8 @@ endjob:
|
|||||||
if ((!bypassSecurityDriver) &&
|
if ((!bypassSecurityDriver) &&
|
||||||
driver->securityDriver &&
|
driver->securityDriver &&
|
||||||
driver->securityDriver->domainRestoreSavedStateLabel &&
|
driver->securityDriver->domainRestoreSavedStateLabel &&
|
||||||
driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1)
|
driver->securityDriver->domainRestoreSavedStateLabel(driver->securityDriver,
|
||||||
|
vm, path) == -1)
|
||||||
VIR_WARN("failed to restore save state label on %s", path);
|
VIR_WARN("failed to restore save state label on %s", path);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -5492,7 +5500,8 @@ static int qemudDomainCoreDump(virDomainPtr dom,
|
|||||||
|
|
||||||
if (driver->securityDriver &&
|
if (driver->securityDriver &&
|
||||||
driver->securityDriver->domainSetSavedStateLabel &&
|
driver->securityDriver->domainSetSavedStateLabel &&
|
||||||
driver->securityDriver->domainSetSavedStateLabel(vm, path) == -1)
|
driver->securityDriver->domainSetSavedStateLabel(driver->securityDriver,
|
||||||
|
vm, path) == -1)
|
||||||
goto endjob;
|
goto endjob;
|
||||||
|
|
||||||
/* Migrate will always stop the VM, so the resume condition is
|
/* Migrate will always stop the VM, so the resume condition is
|
||||||
@ -5535,7 +5544,8 @@ static int qemudDomainCoreDump(virDomainPtr dom,
|
|||||||
|
|
||||||
if (driver->securityDriver &&
|
if (driver->securityDriver &&
|
||||||
driver->securityDriver->domainRestoreSavedStateLabel &&
|
driver->securityDriver->domainRestoreSavedStateLabel &&
|
||||||
driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1)
|
driver->securityDriver->domainRestoreSavedStateLabel(driver->securityDriver,
|
||||||
|
vm, path) == -1)
|
||||||
goto endjob;
|
goto endjob;
|
||||||
|
|
||||||
endjob:
|
endjob:
|
||||||
@ -5918,12 +5928,13 @@ static int qemudDomainGetSecurityLabel(virDomainPtr dom, virSecurityLabelPtr sec
|
|||||||
* QEMU monitor hasn't seen SIGHUP/ERR on poll().
|
* QEMU monitor hasn't seen SIGHUP/ERR on poll().
|
||||||
*/
|
*/
|
||||||
if (virDomainObjIsActive(vm)) {
|
if (virDomainObjIsActive(vm)) {
|
||||||
if (driver->securityDriver && driver->securityDriver->domainGetSecurityProcessLabel) {
|
if (driver->securityDriver &&
|
||||||
if (driver->securityDriver->domainGetSecurityProcessLabel(vm, seclabel) == -1) {
|
driver->securityDriver->domainGetSecurityProcessLabel &&
|
||||||
qemuReportError(VIR_ERR_INTERNAL_ERROR,
|
driver->securityDriver->domainGetSecurityProcessLabel(driver->securityDriver,
|
||||||
"%s", _("Failed to get security label"));
|
vm, seclabel) < 0) {
|
||||||
goto cleanup;
|
qemuReportError(VIR_ERR_INTERNAL_ERROR,
|
||||||
}
|
"%s", _("Failed to get security label"));
|
||||||
|
goto cleanup;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -6329,7 +6340,8 @@ qemudDomainSaveImageStartVM(virConnectPtr conn,
|
|||||||
out:
|
out:
|
||||||
if (driver->securityDriver &&
|
if (driver->securityDriver &&
|
||||||
driver->securityDriver->domainRestoreSavedStateLabel &&
|
driver->securityDriver->domainRestoreSavedStateLabel &&
|
||||||
driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1)
|
driver->securityDriver->domainRestoreSavedStateLabel(driver->securityDriver,
|
||||||
|
vm, path) == -1)
|
||||||
VIR_WARN("failed to restore save state label on %s", path);
|
VIR_WARN("failed to restore save state label on %s", path);
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
@ -7043,7 +7055,8 @@ static int qemudDomainChangeEjectableMedia(struct qemud_driver *driver,
|
|||||||
|
|
||||||
if (driver->securityDriver &&
|
if (driver->securityDriver &&
|
||||||
driver->securityDriver->domainSetSecurityImageLabel &&
|
driver->securityDriver->domainSetSecurityImageLabel &&
|
||||||
driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0)
|
driver->securityDriver->domainSetSecurityImageLabel(driver->securityDriver,
|
||||||
|
vm, disk) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
if (!(driveAlias = qemuDeviceDriveHostAlias(origdisk, qemuCmdFlags)))
|
if (!(driveAlias = qemuDeviceDriveHostAlias(origdisk, qemuCmdFlags)))
|
||||||
@ -7072,7 +7085,8 @@ static int qemudDomainChangeEjectableMedia(struct qemud_driver *driver,
|
|||||||
|
|
||||||
if (driver->securityDriver &&
|
if (driver->securityDriver &&
|
||||||
driver->securityDriver->domainRestoreSecurityImageLabel &&
|
driver->securityDriver->domainRestoreSecurityImageLabel &&
|
||||||
driver->securityDriver->domainRestoreSecurityImageLabel(vm, origdisk) < 0)
|
driver->securityDriver->domainRestoreSecurityImageLabel(driver->securityDriver,
|
||||||
|
vm, origdisk) < 0)
|
||||||
VIR_WARN("Unable to restore security label on ejected image %s", origdisk->src);
|
VIR_WARN("Unable to restore security label on ejected image %s", origdisk->src);
|
||||||
|
|
||||||
VIR_FREE(origdisk->src);
|
VIR_FREE(origdisk->src);
|
||||||
@ -7090,7 +7104,8 @@ error:
|
|||||||
VIR_FREE(driveAlias);
|
VIR_FREE(driveAlias);
|
||||||
if (driver->securityDriver &&
|
if (driver->securityDriver &&
|
||||||
driver->securityDriver->domainRestoreSecurityImageLabel &&
|
driver->securityDriver->domainRestoreSecurityImageLabel &&
|
||||||
driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
|
driver->securityDriver->domainRestoreSecurityImageLabel(driver->securityDriver,
|
||||||
|
vm, disk) < 0)
|
||||||
VIR_WARN("Unable to restore security label on new media %s", disk->src);
|
VIR_WARN("Unable to restore security label on new media %s", disk->src);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@ -7117,7 +7132,8 @@ static int qemudDomainAttachPciDiskDevice(struct qemud_driver *driver,
|
|||||||
|
|
||||||
if (driver->securityDriver &&
|
if (driver->securityDriver &&
|
||||||
driver->securityDriver->domainSetSecurityImageLabel &&
|
driver->securityDriver->domainSetSecurityImageLabel &&
|
||||||
driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0)
|
driver->securityDriver->domainSetSecurityImageLabel(driver->securityDriver,
|
||||||
|
vm, disk) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
if (qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE) {
|
if (qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE) {
|
||||||
@ -7184,7 +7200,8 @@ error:
|
|||||||
|
|
||||||
if (driver->securityDriver &&
|
if (driver->securityDriver &&
|
||||||
driver->securityDriver->domainRestoreSecurityImageLabel &&
|
driver->securityDriver->domainRestoreSecurityImageLabel &&
|
||||||
driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
|
driver->securityDriver->domainRestoreSecurityImageLabel(driver->securityDriver,
|
||||||
|
vm, disk) < 0)
|
||||||
VIR_WARN("Unable to restore security label on %s", disk->src);
|
VIR_WARN("Unable to restore security label on %s", disk->src);
|
||||||
|
|
||||||
return -1;
|
return -1;
|
||||||
@ -7326,7 +7343,8 @@ static int qemudDomainAttachSCSIDisk(struct qemud_driver *driver,
|
|||||||
|
|
||||||
if (driver->securityDriver &&
|
if (driver->securityDriver &&
|
||||||
driver->securityDriver->domainSetSecurityImageLabel &&
|
driver->securityDriver->domainSetSecurityImageLabel &&
|
||||||
driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0)
|
driver->securityDriver->domainSetSecurityImageLabel(driver->securityDriver,
|
||||||
|
vm, disk) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
/* We should have an address already, so make sure */
|
/* We should have an address already, so make sure */
|
||||||
@ -7412,7 +7430,8 @@ error:
|
|||||||
|
|
||||||
if (driver->securityDriver &&
|
if (driver->securityDriver &&
|
||||||
driver->securityDriver->domainRestoreSecurityImageLabel &&
|
driver->securityDriver->domainRestoreSecurityImageLabel &&
|
||||||
driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
|
driver->securityDriver->domainRestoreSecurityImageLabel(driver->securityDriver,
|
||||||
|
vm, disk) < 0)
|
||||||
VIR_WARN("Unable to restore security label on %s", disk->src);
|
VIR_WARN("Unable to restore security label on %s", disk->src);
|
||||||
|
|
||||||
return -1;
|
return -1;
|
||||||
@ -7439,7 +7458,8 @@ static int qemudDomainAttachUsbMassstorageDevice(struct qemud_driver *driver,
|
|||||||
|
|
||||||
if (driver->securityDriver &&
|
if (driver->securityDriver &&
|
||||||
driver->securityDriver->domainSetSecurityImageLabel &&
|
driver->securityDriver->domainSetSecurityImageLabel &&
|
||||||
driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0)
|
driver->securityDriver->domainSetSecurityImageLabel(driver->securityDriver,
|
||||||
|
vm, disk) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
if (!disk->src) {
|
if (!disk->src) {
|
||||||
@ -7495,7 +7515,8 @@ error:
|
|||||||
|
|
||||||
if (driver->securityDriver &&
|
if (driver->securityDriver &&
|
||||||
driver->securityDriver->domainRestoreSecurityImageLabel &&
|
driver->securityDriver->domainRestoreSecurityImageLabel &&
|
||||||
driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
|
driver->securityDriver->domainRestoreSecurityImageLabel(driver->securityDriver,
|
||||||
|
vm, disk) < 0)
|
||||||
VIR_WARN("Unable to restore security label on %s", disk->src);
|
VIR_WARN("Unable to restore security label on %s", disk->src);
|
||||||
|
|
||||||
return -1;
|
return -1;
|
||||||
@ -7932,7 +7953,8 @@ static int qemudDomainAttachHostDevice(struct qemud_driver *driver,
|
|||||||
|
|
||||||
if (driver->securityDriver &&
|
if (driver->securityDriver &&
|
||||||
driver->securityDriver->domainSetSecurityHostdevLabel &&
|
driver->securityDriver->domainSetSecurityHostdevLabel &&
|
||||||
driver->securityDriver->domainSetSecurityHostdevLabel(vm, hostdev) < 0)
|
driver->securityDriver->domainSetSecurityHostdevLabel(driver->securityDriver,
|
||||||
|
vm, hostdev) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
switch (hostdev->source.subsys.type) {
|
switch (hostdev->source.subsys.type) {
|
||||||
@ -7960,7 +7982,8 @@ static int qemudDomainAttachHostDevice(struct qemud_driver *driver,
|
|||||||
error:
|
error:
|
||||||
if (driver->securityDriver &&
|
if (driver->securityDriver &&
|
||||||
driver->securityDriver->domainRestoreSecurityHostdevLabel &&
|
driver->securityDriver->domainRestoreSecurityHostdevLabel &&
|
||||||
driver->securityDriver->domainRestoreSecurityHostdevLabel(vm, hostdev) < 0)
|
driver->securityDriver->domainRestoreSecurityHostdevLabel(driver->securityDriver,
|
||||||
|
vm, hostdev) < 0)
|
||||||
VIR_WARN0("Unable to restore host device labelling on hotplug fail");
|
VIR_WARN0("Unable to restore host device labelling on hotplug fail");
|
||||||
|
|
||||||
return -1;
|
return -1;
|
||||||
@ -8405,7 +8428,8 @@ static int qemudDomainDetachPciDiskDevice(struct qemud_driver *driver,
|
|||||||
|
|
||||||
if (driver->securityDriver &&
|
if (driver->securityDriver &&
|
||||||
driver->securityDriver->domainRestoreSecurityImageLabel &&
|
driver->securityDriver->domainRestoreSecurityImageLabel &&
|
||||||
driver->securityDriver->domainRestoreSecurityImageLabel(vm, dev->data.disk) < 0)
|
driver->securityDriver->domainRestoreSecurityImageLabel(driver->securityDriver,
|
||||||
|
vm, dev->data.disk) < 0)
|
||||||
VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
|
VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
|
||||||
|
|
||||||
if (cgroup != NULL) {
|
if (cgroup != NULL) {
|
||||||
@ -8468,7 +8492,8 @@ static int qemudDomainDetachSCSIDiskDevice(struct qemud_driver *driver,
|
|||||||
|
|
||||||
if (driver->securityDriver &&
|
if (driver->securityDriver &&
|
||||||
driver->securityDriver->domainRestoreSecurityImageLabel &&
|
driver->securityDriver->domainRestoreSecurityImageLabel &&
|
||||||
driver->securityDriver->domainRestoreSecurityImageLabel(vm, dev->data.disk) < 0)
|
driver->securityDriver->domainRestoreSecurityImageLabel(driver->securityDriver,
|
||||||
|
vm, dev->data.disk) < 0)
|
||||||
VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
|
VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
|
||||||
|
|
||||||
if (cgroup != NULL) {
|
if (cgroup != NULL) {
|
||||||
@ -8893,7 +8918,8 @@ static int qemudDomainDetachHostDevice(struct qemud_driver *driver,
|
|||||||
|
|
||||||
if (driver->securityDriver &&
|
if (driver->securityDriver &&
|
||||||
driver->securityDriver->domainRestoreSecurityHostdevLabel &&
|
driver->securityDriver->domainRestoreSecurityHostdevLabel &&
|
||||||
driver->securityDriver->domainRestoreSecurityHostdevLabel(vm, dev->data.hostdev) < 0)
|
driver->securityDriver->domainRestoreSecurityHostdevLabel(driver->securityDriver,
|
||||||
|
vm, dev->data.hostdev) < 0)
|
||||||
VIR_WARN0("Failed to restore host device labelling");
|
VIR_WARN0("Failed to restore host device labelling");
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
|
|||||||
@ -108,7 +108,8 @@ qemuSecurityDACSetSecurityFileLabel(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
qemuSecurityDACSetSecurityImageLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
|
qemuSecurityDACSetSecurityImageLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm ATTRIBUTE_UNUSED,
|
||||||
virDomainDiskDefPtr disk)
|
virDomainDiskDefPtr disk)
|
||||||
|
|
||||||
{
|
{
|
||||||
@ -124,7 +125,8 @@ qemuSecurityDACSetSecurityImageLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
qemuSecurityDACRestoreSecurityImageLabelInt(virDomainObjPtr vm ATTRIBUTE_UNUSED,
|
qemuSecurityDACRestoreSecurityImageLabelInt(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm ATTRIBUTE_UNUSED,
|
||||||
virDomainDiskDefPtr disk,
|
virDomainDiskDefPtr disk,
|
||||||
int migrated)
|
int migrated)
|
||||||
{
|
{
|
||||||
@ -166,10 +168,11 @@ qemuSecurityDACRestoreSecurityImageLabelInt(virDomainObjPtr vm ATTRIBUTE_UNUSED,
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
qemuSecurityDACRestoreSecurityImageLabel(virDomainObjPtr vm,
|
qemuSecurityDACRestoreSecurityImageLabel(virSecurityDriverPtr drv,
|
||||||
|
virDomainObjPtr vm,
|
||||||
virDomainDiskDefPtr disk)
|
virDomainDiskDefPtr disk)
|
||||||
{
|
{
|
||||||
return qemuSecurityDACRestoreSecurityImageLabelInt(vm, disk, 0);
|
return qemuSecurityDACRestoreSecurityImageLabelInt(drv, vm, disk, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -192,7 +195,8 @@ qemuSecurityDACSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
qemuSecurityDACSetSecurityHostdevLabel(virDomainObjPtr vm,
|
qemuSecurityDACSetSecurityHostdevLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm,
|
||||||
virDomainHostdevDefPtr dev)
|
virDomainHostdevDefPtr dev)
|
||||||
|
|
||||||
{
|
{
|
||||||
@ -261,7 +265,8 @@ qemuSecurityDACRestoreSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
qemuSecurityDACRestoreSecurityHostdevLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
|
qemuSecurityDACRestoreSecurityHostdevLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm ATTRIBUTE_UNUSED,
|
||||||
virDomainHostdevDefPtr dev)
|
virDomainHostdevDefPtr dev)
|
||||||
|
|
||||||
{
|
{
|
||||||
@ -407,7 +412,8 @@ qemuSecurityDACRestoreChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
qemuSecurityDACRestoreSecurityAllLabel(virDomainObjPtr vm,
|
qemuSecurityDACRestoreSecurityAllLabel(virSecurityDriverPtr drv,
|
||||||
|
virDomainObjPtr vm,
|
||||||
int migrated)
|
int migrated)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
@ -420,12 +426,14 @@ qemuSecurityDACRestoreSecurityAllLabel(virDomainObjPtr vm,
|
|||||||
vm->def->name, migrated);
|
vm->def->name, migrated);
|
||||||
|
|
||||||
for (i = 0 ; i < vm->def->nhostdevs ; i++) {
|
for (i = 0 ; i < vm->def->nhostdevs ; i++) {
|
||||||
if (qemuSecurityDACRestoreSecurityHostdevLabel(vm,
|
if (qemuSecurityDACRestoreSecurityHostdevLabel(drv,
|
||||||
|
vm,
|
||||||
vm->def->hostdevs[i]) < 0)
|
vm->def->hostdevs[i]) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
}
|
}
|
||||||
for (i = 0 ; i < vm->def->ndisks ; i++) {
|
for (i = 0 ; i < vm->def->ndisks ; i++) {
|
||||||
if (qemuSecurityDACRestoreSecurityImageLabelInt(vm,
|
if (qemuSecurityDACRestoreSecurityImageLabelInt(drv,
|
||||||
|
vm,
|
||||||
vm->def->disks[i],
|
vm->def->disks[i],
|
||||||
migrated) < 0)
|
migrated) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
@ -461,7 +469,9 @@ qemuSecurityDACSetChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path ATTRIBUTE_UNUSED)
|
qemuSecurityDACSetSecurityAllLabel(virSecurityDriverPtr drv,
|
||||||
|
virDomainObjPtr vm,
|
||||||
|
const char *stdin_path ATTRIBUTE_UNUSED)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
@ -472,11 +482,15 @@ qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path AT
|
|||||||
/* XXX fixme - we need to recursively label the entriy tree :-( */
|
/* XXX fixme - we need to recursively label the entriy tree :-( */
|
||||||
if (vm->def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_DIR)
|
if (vm->def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_DIR)
|
||||||
continue;
|
continue;
|
||||||
if (qemuSecurityDACSetSecurityImageLabel(vm, vm->def->disks[i]) < 0)
|
if (qemuSecurityDACSetSecurityImageLabel(drv,
|
||||||
|
vm,
|
||||||
|
vm->def->disks[i]) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
for (i = 0 ; i < vm->def->nhostdevs ; i++) {
|
for (i = 0 ; i < vm->def->nhostdevs ; i++) {
|
||||||
if (qemuSecurityDACSetSecurityHostdevLabel(vm, vm->def->hostdevs[i]) < 0)
|
if (qemuSecurityDACSetSecurityHostdevLabel(drv,
|
||||||
|
vm,
|
||||||
|
vm->def->hostdevs[i]) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -503,7 +517,8 @@ qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path AT
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
qemuSecurityDACSetSavedStateLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
|
qemuSecurityDACSetSavedStateLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm ATTRIBUTE_UNUSED,
|
||||||
const char *savefile)
|
const char *savefile)
|
||||||
{
|
{
|
||||||
if (!driver->privileged)
|
if (!driver->privileged)
|
||||||
@ -514,7 +529,8 @@ qemuSecurityDACSetSavedStateLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
qemuSecurityDACRestoreSavedStateLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
|
qemuSecurityDACRestoreSavedStateLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm ATTRIBUTE_UNUSED,
|
||||||
const char *savefile)
|
const char *savefile)
|
||||||
{
|
{
|
||||||
if (!driver->privileged)
|
if (!driver->privileged)
|
||||||
|
|||||||
@ -57,18 +57,21 @@ qemuSecurityStackedVerify(virDomainDefPtr def)
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
qemuSecurityStackedGenLabel(virDomainObjPtr vm)
|
qemuSecurityStackedGenLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm)
|
||||||
{
|
{
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
|
|
||||||
if (driver->securitySecondaryDriver &&
|
if (driver->securitySecondaryDriver &&
|
||||||
driver->securitySecondaryDriver->domainGenSecurityLabel &&
|
driver->securitySecondaryDriver->domainGenSecurityLabel &&
|
||||||
driver->securitySecondaryDriver->domainGenSecurityLabel(vm) < 0)
|
driver->securitySecondaryDriver->domainGenSecurityLabel(driver->securitySecondaryDriver,
|
||||||
|
vm) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
|
|
||||||
if (driver->securityPrimaryDriver &&
|
if (driver->securityPrimaryDriver &&
|
||||||
driver->securityPrimaryDriver->domainGenSecurityLabel &&
|
driver->securityPrimaryDriver->domainGenSecurityLabel &&
|
||||||
driver->securityPrimaryDriver->domainGenSecurityLabel(vm) < 0)
|
driver->securityPrimaryDriver->domainGenSecurityLabel(driver->securityPrimaryDriver,
|
||||||
|
vm) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
|
|
||||||
return rc;
|
return rc;
|
||||||
@ -76,18 +79,21 @@ qemuSecurityStackedGenLabel(virDomainObjPtr vm)
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
qemuSecurityStackedReleaseLabel(virDomainObjPtr vm)
|
qemuSecurityStackedReleaseLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm)
|
||||||
{
|
{
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
|
|
||||||
if (driver->securitySecondaryDriver &&
|
if (driver->securitySecondaryDriver &&
|
||||||
driver->securitySecondaryDriver->domainReleaseSecurityLabel &&
|
driver->securitySecondaryDriver->domainReleaseSecurityLabel &&
|
||||||
driver->securitySecondaryDriver->domainReleaseSecurityLabel(vm) < 0)
|
driver->securitySecondaryDriver->domainReleaseSecurityLabel(driver->securitySecondaryDriver,
|
||||||
|
vm) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
|
|
||||||
if (driver->securityPrimaryDriver &&
|
if (driver->securityPrimaryDriver &&
|
||||||
driver->securityPrimaryDriver->domainReleaseSecurityLabel &&
|
driver->securityPrimaryDriver->domainReleaseSecurityLabel &&
|
||||||
driver->securityPrimaryDriver->domainReleaseSecurityLabel(vm) < 0)
|
driver->securityPrimaryDriver->domainReleaseSecurityLabel(driver->securityPrimaryDriver,
|
||||||
|
vm) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
|
|
||||||
return rc;
|
return rc;
|
||||||
@ -95,18 +101,21 @@ qemuSecurityStackedReleaseLabel(virDomainObjPtr vm)
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
qemuSecurityStackedReserveLabel(virDomainObjPtr vm)
|
qemuSecurityStackedReserveLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm)
|
||||||
{
|
{
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
|
|
||||||
if (driver->securitySecondaryDriver &&
|
if (driver->securitySecondaryDriver &&
|
||||||
driver->securitySecondaryDriver->domainReserveSecurityLabel &&
|
driver->securitySecondaryDriver->domainReserveSecurityLabel &&
|
||||||
driver->securitySecondaryDriver->domainReserveSecurityLabel(vm) < 0)
|
driver->securitySecondaryDriver->domainReserveSecurityLabel(driver->securitySecondaryDriver,
|
||||||
|
vm) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
|
|
||||||
if (driver->securityPrimaryDriver &&
|
if (driver->securityPrimaryDriver &&
|
||||||
driver->securityPrimaryDriver->domainReserveSecurityLabel &&
|
driver->securityPrimaryDriver->domainReserveSecurityLabel &&
|
||||||
driver->securityPrimaryDriver->domainReserveSecurityLabel(vm) < 0)
|
driver->securityPrimaryDriver->domainReserveSecurityLabel(driver->securityPrimaryDriver,
|
||||||
|
vm) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
|
|
||||||
return rc;
|
return rc;
|
||||||
@ -114,19 +123,22 @@ qemuSecurityStackedReserveLabel(virDomainObjPtr vm)
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
qemuSecurityStackedSetSecurityImageLabel(virDomainObjPtr vm,
|
qemuSecurityStackedSetSecurityImageLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm,
|
||||||
virDomainDiskDefPtr disk)
|
virDomainDiskDefPtr disk)
|
||||||
{
|
{
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
|
|
||||||
if (driver->securitySecondaryDriver &&
|
if (driver->securitySecondaryDriver &&
|
||||||
driver->securitySecondaryDriver->domainSetSecurityImageLabel &&
|
driver->securitySecondaryDriver->domainSetSecurityImageLabel &&
|
||||||
driver->securitySecondaryDriver->domainSetSecurityImageLabel(vm, disk) < 0)
|
driver->securitySecondaryDriver->domainSetSecurityImageLabel(driver->securitySecondaryDriver,
|
||||||
|
vm, disk) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
|
|
||||||
if (driver->securityPrimaryDriver &&
|
if (driver->securityPrimaryDriver &&
|
||||||
driver->securityPrimaryDriver->domainSetSecurityImageLabel &&
|
driver->securityPrimaryDriver->domainSetSecurityImageLabel &&
|
||||||
driver->securityPrimaryDriver->domainSetSecurityImageLabel(vm, disk) < 0)
|
driver->securityPrimaryDriver->domainSetSecurityImageLabel(driver->securityPrimaryDriver,
|
||||||
|
vm, disk) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
|
|
||||||
return rc;
|
return rc;
|
||||||
@ -134,19 +146,22 @@ qemuSecurityStackedSetSecurityImageLabel(virDomainObjPtr vm,
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
qemuSecurityStackedRestoreSecurityImageLabel(virDomainObjPtr vm,
|
qemuSecurityStackedRestoreSecurityImageLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm,
|
||||||
virDomainDiskDefPtr disk)
|
virDomainDiskDefPtr disk)
|
||||||
{
|
{
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
|
|
||||||
if (driver->securitySecondaryDriver &&
|
if (driver->securitySecondaryDriver &&
|
||||||
driver->securitySecondaryDriver->domainRestoreSecurityImageLabel &&
|
driver->securitySecondaryDriver->domainRestoreSecurityImageLabel &&
|
||||||
driver->securitySecondaryDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
|
driver->securitySecondaryDriver->domainRestoreSecurityImageLabel(driver->securitySecondaryDriver,
|
||||||
|
vm, disk) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
|
|
||||||
if (driver->securityPrimaryDriver &&
|
if (driver->securityPrimaryDriver &&
|
||||||
driver->securityPrimaryDriver->domainRestoreSecurityImageLabel &&
|
driver->securityPrimaryDriver->domainRestoreSecurityImageLabel &&
|
||||||
driver->securityPrimaryDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
|
driver->securityPrimaryDriver->domainRestoreSecurityImageLabel(driver->securityPrimaryDriver,
|
||||||
|
vm, disk) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
|
|
||||||
return rc;
|
return rc;
|
||||||
@ -154,7 +169,8 @@ qemuSecurityStackedRestoreSecurityImageLabel(virDomainObjPtr vm,
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
qemuSecurityStackedSetSecurityHostdevLabel(virDomainObjPtr vm,
|
qemuSecurityStackedSetSecurityHostdevLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm,
|
||||||
virDomainHostdevDefPtr dev)
|
virDomainHostdevDefPtr dev)
|
||||||
|
|
||||||
{
|
{
|
||||||
@ -162,12 +178,14 @@ qemuSecurityStackedSetSecurityHostdevLabel(virDomainObjPtr vm,
|
|||||||
|
|
||||||
if (driver->securitySecondaryDriver &&
|
if (driver->securitySecondaryDriver &&
|
||||||
driver->securitySecondaryDriver->domainSetSecurityHostdevLabel &&
|
driver->securitySecondaryDriver->domainSetSecurityHostdevLabel &&
|
||||||
driver->securitySecondaryDriver->domainSetSecurityHostdevLabel(vm, dev) < 0)
|
driver->securitySecondaryDriver->domainSetSecurityHostdevLabel(driver->securitySecondaryDriver,
|
||||||
|
vm, dev) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
|
|
||||||
if (driver->securityPrimaryDriver &&
|
if (driver->securityPrimaryDriver &&
|
||||||
driver->securityPrimaryDriver->domainSetSecurityHostdevLabel &&
|
driver->securityPrimaryDriver->domainSetSecurityHostdevLabel &&
|
||||||
driver->securityPrimaryDriver->domainSetSecurityHostdevLabel(vm, dev) < 0)
|
driver->securityPrimaryDriver->domainSetSecurityHostdevLabel(driver->securityPrimaryDriver,
|
||||||
|
vm, dev) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
|
|
||||||
return rc;
|
return rc;
|
||||||
@ -175,20 +193,22 @@ qemuSecurityStackedSetSecurityHostdevLabel(virDomainObjPtr vm,
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
qemuSecurityStackedRestoreSecurityHostdevLabel(virDomainObjPtr vm,
|
qemuSecurityStackedRestoreSecurityHostdevLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm,
|
||||||
virDomainHostdevDefPtr dev)
|
virDomainHostdevDefPtr dev)
|
||||||
|
|
||||||
{
|
{
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
|
|
||||||
if (driver->securitySecondaryDriver &&
|
if (driver->securitySecondaryDriver &&
|
||||||
driver->securitySecondaryDriver->domainRestoreSecurityHostdevLabel &&
|
driver->securitySecondaryDriver->domainRestoreSecurityHostdevLabel &&
|
||||||
driver->securitySecondaryDriver->domainRestoreSecurityHostdevLabel(vm, dev) < 0)
|
driver->securitySecondaryDriver->domainRestoreSecurityHostdevLabel(driver->securitySecondaryDriver,
|
||||||
|
vm, dev) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
|
|
||||||
if (driver->securityPrimaryDriver &&
|
if (driver->securityPrimaryDriver &&
|
||||||
driver->securityPrimaryDriver->domainRestoreSecurityHostdevLabel &&
|
driver->securityPrimaryDriver->domainRestoreSecurityHostdevLabel &&
|
||||||
driver->securityPrimaryDriver->domainRestoreSecurityHostdevLabel(vm, dev) < 0)
|
driver->securityPrimaryDriver->domainRestoreSecurityHostdevLabel(driver->securityPrimaryDriver,
|
||||||
|
vm, dev) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
|
|
||||||
return rc;
|
return rc;
|
||||||
@ -196,18 +216,22 @@ qemuSecurityStackedRestoreSecurityHostdevLabel(virDomainObjPtr vm,
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
qemuSecurityStackedSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path)
|
qemuSecurityStackedSetSecurityAllLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm,
|
||||||
|
const char *stdin_path)
|
||||||
{
|
{
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
|
|
||||||
if (driver->securitySecondaryDriver &&
|
if (driver->securitySecondaryDriver &&
|
||||||
driver->securitySecondaryDriver->domainSetSecurityAllLabel &&
|
driver->securitySecondaryDriver->domainSetSecurityAllLabel &&
|
||||||
driver->securitySecondaryDriver->domainSetSecurityAllLabel(vm, stdin_path) < 0)
|
driver->securitySecondaryDriver->domainSetSecurityAllLabel(driver->securitySecondaryDriver,
|
||||||
|
vm, stdin_path) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
|
|
||||||
if (driver->securityPrimaryDriver &&
|
if (driver->securityPrimaryDriver &&
|
||||||
driver->securityPrimaryDriver->domainSetSecurityAllLabel &&
|
driver->securityPrimaryDriver->domainSetSecurityAllLabel &&
|
||||||
driver->securityPrimaryDriver->domainSetSecurityAllLabel(vm, stdin_path) < 0)
|
driver->securityPrimaryDriver->domainSetSecurityAllLabel(driver->securityPrimaryDriver,
|
||||||
|
vm, stdin_path) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
|
|
||||||
return rc;
|
return rc;
|
||||||
@ -215,19 +239,22 @@ qemuSecurityStackedSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_pat
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
qemuSecurityStackedRestoreSecurityAllLabel(virDomainObjPtr vm,
|
qemuSecurityStackedRestoreSecurityAllLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm,
|
||||||
int migrated)
|
int migrated)
|
||||||
{
|
{
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
|
|
||||||
if (driver->securitySecondaryDriver &&
|
if (driver->securitySecondaryDriver &&
|
||||||
driver->securitySecondaryDriver->domainRestoreSecurityAllLabel &&
|
driver->securitySecondaryDriver->domainRestoreSecurityAllLabel &&
|
||||||
driver->securitySecondaryDriver->domainRestoreSecurityAllLabel(vm, migrated) < 0)
|
driver->securitySecondaryDriver->domainRestoreSecurityAllLabel(driver->securitySecondaryDriver,
|
||||||
|
vm, migrated) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
|
|
||||||
if (driver->securityPrimaryDriver &&
|
if (driver->securityPrimaryDriver &&
|
||||||
driver->securityPrimaryDriver->domainRestoreSecurityAllLabel &&
|
driver->securityPrimaryDriver->domainRestoreSecurityAllLabel &&
|
||||||
driver->securityPrimaryDriver->domainRestoreSecurityAllLabel(vm, migrated) < 0)
|
driver->securityPrimaryDriver->domainRestoreSecurityAllLabel(driver->securityPrimaryDriver,
|
||||||
|
vm, migrated) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
|
|
||||||
return rc;
|
return rc;
|
||||||
@ -235,19 +262,22 @@ qemuSecurityStackedRestoreSecurityAllLabel(virDomainObjPtr vm,
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
qemuSecurityStackedSetSavedStateLabel(virDomainObjPtr vm,
|
qemuSecurityStackedSetSavedStateLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm,
|
||||||
const char *savefile)
|
const char *savefile)
|
||||||
{
|
{
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
|
|
||||||
if (driver->securitySecondaryDriver &&
|
if (driver->securitySecondaryDriver &&
|
||||||
driver->securitySecondaryDriver->domainSetSavedStateLabel &&
|
driver->securitySecondaryDriver->domainSetSavedStateLabel &&
|
||||||
driver->securitySecondaryDriver->domainSetSavedStateLabel(vm, savefile) < 0)
|
driver->securitySecondaryDriver->domainSetSavedStateLabel(driver->securitySecondaryDriver,
|
||||||
|
vm, savefile) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
|
|
||||||
if (driver->securityPrimaryDriver &&
|
if (driver->securityPrimaryDriver &&
|
||||||
driver->securityPrimaryDriver->domainSetSavedStateLabel &&
|
driver->securityPrimaryDriver->domainSetSavedStateLabel &&
|
||||||
driver->securityPrimaryDriver->domainSetSavedStateLabel(vm, savefile) < 0)
|
driver->securityPrimaryDriver->domainSetSavedStateLabel(driver->securityPrimaryDriver,
|
||||||
|
vm, savefile) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
|
|
||||||
return rc;
|
return rc;
|
||||||
@ -255,19 +285,22 @@ qemuSecurityStackedSetSavedStateLabel(virDomainObjPtr vm,
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
qemuSecurityStackedRestoreSavedStateLabel(virDomainObjPtr vm,
|
qemuSecurityStackedRestoreSavedStateLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm,
|
||||||
const char *savefile)
|
const char *savefile)
|
||||||
{
|
{
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
|
|
||||||
if (driver->securitySecondaryDriver &&
|
if (driver->securitySecondaryDriver &&
|
||||||
driver->securitySecondaryDriver->domainRestoreSavedStateLabel &&
|
driver->securitySecondaryDriver->domainRestoreSavedStateLabel &&
|
||||||
driver->securitySecondaryDriver->domainRestoreSavedStateLabel(vm, savefile) < 0)
|
driver->securitySecondaryDriver->domainRestoreSavedStateLabel(driver->securitySecondaryDriver,
|
||||||
|
vm, savefile) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
|
|
||||||
if (driver->securityPrimaryDriver &&
|
if (driver->securityPrimaryDriver &&
|
||||||
driver->securityPrimaryDriver->domainRestoreSavedStateLabel &&
|
driver->securityPrimaryDriver->domainRestoreSavedStateLabel &&
|
||||||
driver->securityPrimaryDriver->domainRestoreSavedStateLabel(vm, savefile) < 0)
|
driver->securityPrimaryDriver->domainRestoreSavedStateLabel(driver->securityPrimaryDriver,
|
||||||
|
vm, savefile) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
|
|
||||||
return rc;
|
return rc;
|
||||||
@ -296,14 +329,16 @@ qemuSecurityStackedSetProcessLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
qemuSecurityStackedGetProcessLabel(virDomainObjPtr vm,
|
qemuSecurityStackedGetProcessLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm,
|
||||||
virSecurityLabelPtr seclabel)
|
virSecurityLabelPtr seclabel)
|
||||||
{
|
{
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
|
|
||||||
if (driver->securityPrimaryDriver &&
|
if (driver->securityPrimaryDriver &&
|
||||||
driver->securityPrimaryDriver->domainGetSecurityProcessLabel &&
|
driver->securityPrimaryDriver->domainGetSecurityProcessLabel &&
|
||||||
driver->securityPrimaryDriver->domainGetSecurityProcessLabel(vm,
|
driver->securityPrimaryDriver->domainGetSecurityProcessLabel(driver->securityPrimaryDriver,
|
||||||
|
vm,
|
||||||
seclabel) < 0)
|
seclabel) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
|
|
||||||
|
|||||||
@ -148,7 +148,8 @@ profile_status_file(const char *str)
|
|||||||
* load (add) a profile. Will create one if necessary
|
* load (add) a profile. Will create one if necessary
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
load_profile(const char *profile, virDomainObjPtr vm,
|
load_profile(virSecurityDriverPtr drv,
|
||||||
|
const char *profile, virDomainObjPtr vm,
|
||||||
const char *fn)
|
const char *fn)
|
||||||
{
|
{
|
||||||
int rc = -1, status, ret;
|
int rc = -1, status, ret;
|
||||||
@ -281,7 +282,8 @@ cleanup:
|
|||||||
* NULL.
|
* NULL.
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
reload_profile(virDomainObjPtr vm, const char *fn)
|
reload_profile(virSecurityDriverPtr drv,
|
||||||
|
virDomainObjPtr vm, const char *fn)
|
||||||
{
|
{
|
||||||
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
|
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
|
||||||
int rc = -1;
|
int rc = -1;
|
||||||
@ -295,7 +297,7 @@ reload_profile(virDomainObjPtr vm, const char *fn)
|
|||||||
|
|
||||||
/* Update the profile only if it is loaded */
|
/* Update the profile only if it is loaded */
|
||||||
if (profile_loaded(secdef->imagelabel) >= 0) {
|
if (profile_loaded(secdef->imagelabel) >= 0) {
|
||||||
if (load_profile(secdef->imagelabel, vm, fn) < 0) {
|
if (load_profile(drv, secdef->imagelabel, vm, fn) < 0) {
|
||||||
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
|
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
|
||||||
_("cannot update AppArmor profile "
|
_("cannot update AppArmor profile "
|
||||||
"\'%s\'"),
|
"\'%s\'"),
|
||||||
@ -357,7 +359,8 @@ AppArmorSecurityDriverOpen(virSecurityDriverPtr drv)
|
|||||||
* called on shutdown.
|
* called on shutdown.
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
AppArmorGenSecurityLabel(virDomainObjPtr vm)
|
AppArmorGenSecurityLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm)
|
||||||
{
|
{
|
||||||
int rc = -1;
|
int rc = -1;
|
||||||
char *profile_name = NULL;
|
char *profile_name = NULL;
|
||||||
@ -411,14 +414,15 @@ AppArmorGenSecurityLabel(virDomainObjPtr vm)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
AppArmorSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path)
|
AppArmorSetSecurityAllLabel(virSecurityDriverPtr drv,
|
||||||
|
virDomainObjPtr vm, const char *stdin_path)
|
||||||
{
|
{
|
||||||
if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC)
|
if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
/* if the profile is not already loaded, then load one */
|
/* if the profile is not already loaded, then load one */
|
||||||
if (profile_loaded(vm->def->seclabel.label) < 0) {
|
if (profile_loaded(vm->def->seclabel.label) < 0) {
|
||||||
if (load_profile(vm->def->seclabel.label, vm, stdin_path) < 0) {
|
if (load_profile(drv, vm->def->seclabel.label, vm, stdin_path) < 0) {
|
||||||
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
|
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
|
||||||
_("cannot generate AppArmor profile "
|
_("cannot generate AppArmor profile "
|
||||||
"\'%s\'"), vm->def->seclabel.label);
|
"\'%s\'"), vm->def->seclabel.label);
|
||||||
@ -433,7 +437,9 @@ AppArmorSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path)
|
|||||||
* running.
|
* running.
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
AppArmorGetSecurityProcessLabel(virDomainObjPtr vm, virSecurityLabelPtr sec)
|
AppArmorGetSecurityProcessLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm,
|
||||||
|
virSecurityLabelPtr sec)
|
||||||
{
|
{
|
||||||
int rc = -1;
|
int rc = -1;
|
||||||
char *profile_name = NULL;
|
char *profile_name = NULL;
|
||||||
@ -465,7 +471,8 @@ AppArmorGetSecurityProcessLabel(virDomainObjPtr vm, virSecurityLabelPtr sec)
|
|||||||
* more details. Currently called via qemudShutdownVMDaemon.
|
* more details. Currently called via qemudShutdownVMDaemon.
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
AppArmorReleaseSecurityLabel(virDomainObjPtr vm)
|
AppArmorReleaseSecurityLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm)
|
||||||
{
|
{
|
||||||
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
|
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
|
||||||
|
|
||||||
@ -478,7 +485,8 @@ AppArmorReleaseSecurityLabel(virDomainObjPtr vm)
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
AppArmorRestoreSecurityAllLabel(virDomainObjPtr vm,
|
AppArmorRestoreSecurityAllLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm,
|
||||||
int migrated ATTRIBUTE_UNUSED)
|
int migrated ATTRIBUTE_UNUSED)
|
||||||
{
|
{
|
||||||
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
|
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
|
||||||
@ -533,15 +541,17 @@ AppArmorSetSecurityProcessLabel(virSecurityDriverPtr drv, virDomainObjPtr vm)
|
|||||||
|
|
||||||
/* Called when hotplugging */
|
/* Called when hotplugging */
|
||||||
static int
|
static int
|
||||||
AppArmorRestoreSecurityImageLabel(virDomainObjPtr vm,
|
AppArmorRestoreSecurityImageLabel(virSecurityDriverPtr drv,
|
||||||
|
virDomainObjPtr vm,
|
||||||
virDomainDiskDefPtr disk ATTRIBUTE_UNUSED)
|
virDomainDiskDefPtr disk ATTRIBUTE_UNUSED)
|
||||||
{
|
{
|
||||||
return reload_profile(vm, NULL);
|
return reload_profile(drv, vm, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Called when hotplugging */
|
/* Called when hotplugging */
|
||||||
static int
|
static int
|
||||||
AppArmorSetSecurityImageLabel(virDomainObjPtr vm, virDomainDiskDefPtr disk)
|
AppArmorSetSecurityImageLabel(virSecurityDriverPtr drv,
|
||||||
|
virDomainObjPtr vm, virDomainDiskDefPtr disk)
|
||||||
{
|
{
|
||||||
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
|
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
|
||||||
int rc = -1;
|
int rc = -1;
|
||||||
@ -566,7 +576,7 @@ AppArmorSetSecurityImageLabel(virDomainObjPtr vm, virDomainDiskDefPtr disk)
|
|||||||
|
|
||||||
/* update the profile only if it is loaded */
|
/* update the profile only if it is loaded */
|
||||||
if (profile_loaded(secdef->imagelabel) >= 0) {
|
if (profile_loaded(secdef->imagelabel) >= 0) {
|
||||||
if (load_profile(secdef->imagelabel, vm, disk->src) < 0) {
|
if (load_profile(drv, secdef->imagelabel, vm, disk->src) < 0) {
|
||||||
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
|
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
|
||||||
_("cannot update AppArmor profile "
|
_("cannot update AppArmor profile "
|
||||||
"\'%s\'"),
|
"\'%s\'"),
|
||||||
@ -600,14 +610,16 @@ AppArmorSecurityVerify(virDomainDefPtr def)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
AppArmorReserveSecurityLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED)
|
AppArmorReserveSecurityLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm ATTRIBUTE_UNUSED)
|
||||||
{
|
{
|
||||||
/* NOOP. Nothing to reserve with AppArmor */
|
/* NOOP. Nothing to reserve with AppArmor */
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
AppArmorSetSecurityHostdevLabel(virDomainObjPtr vm,
|
AppArmorSetSecurityHostdevLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm,
|
||||||
virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED)
|
virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED)
|
||||||
|
|
||||||
{
|
{
|
||||||
@ -621,7 +633,8 @@ AppArmorSetSecurityHostdevLabel(virDomainObjPtr vm,
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
AppArmorRestoreSecurityHostdevLabel(virDomainObjPtr vm,
|
AppArmorRestoreSecurityHostdevLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm,
|
||||||
virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED)
|
virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED)
|
||||||
|
|
||||||
{
|
{
|
||||||
@ -634,18 +647,20 @@ AppArmorRestoreSecurityHostdevLabel(virDomainObjPtr vm,
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
AppArmorSetSavedStateLabel(virDomainObjPtr vm,
|
AppArmorSetSavedStateLabel(virSecurityDriverPtr drv,
|
||||||
const char *savefile)
|
virDomainObjPtr vm,
|
||||||
|
const char *savefile)
|
||||||
{
|
{
|
||||||
return reload_profile(vm, savefile);
|
return reload_profile(drv, vm, savefile);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
AppArmorRestoreSavedStateLabel(virDomainObjPtr vm,
|
AppArmorRestoreSavedStateLabel(virSecurityDriverPtr drv,
|
||||||
|
virDomainObjPtr vm,
|
||||||
const char *savefile ATTRIBUTE_UNUSED)
|
const char *savefile ATTRIBUTE_UNUSED)
|
||||||
{
|
{
|
||||||
return reload_profile(vm, NULL);
|
return reload_profile(drv, vm, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
virSecurityDriver virAppArmorSecurityDriver = {
|
virSecurityDriver virAppArmorSecurityDriver = {
|
||||||
|
|||||||
@ -28,32 +28,48 @@ typedef enum {
|
|||||||
|
|
||||||
typedef struct _virSecurityDriver virSecurityDriver;
|
typedef struct _virSecurityDriver virSecurityDriver;
|
||||||
typedef virSecurityDriver *virSecurityDriverPtr;
|
typedef virSecurityDriver *virSecurityDriverPtr;
|
||||||
|
|
||||||
|
typedef struct _virSecurityDriverState virSecurityDriverState;
|
||||||
|
typedef virSecurityDriverState *virSecurityDriverStatePtr;
|
||||||
|
|
||||||
typedef virSecurityDriverStatus (*virSecurityDriverProbe) (void);
|
typedef virSecurityDriverStatus (*virSecurityDriverProbe) (void);
|
||||||
typedef int (*virSecurityDriverOpen) (virSecurityDriverPtr drv);
|
typedef int (*virSecurityDriverOpen) (virSecurityDriverPtr drv);
|
||||||
typedef int (*virSecurityDomainRestoreImageLabel) (virDomainObjPtr vm,
|
typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityDriverPtr drv,
|
||||||
|
virDomainObjPtr vm,
|
||||||
virDomainDiskDefPtr disk);
|
virDomainDiskDefPtr disk);
|
||||||
typedef int (*virSecurityDomainSetSocketLabel) (virSecurityDriverPtr drv,
|
typedef int (*virSecurityDomainSetSocketLabel) (virSecurityDriverPtr drv,
|
||||||
virDomainObjPtr vm);
|
virDomainObjPtr vm);
|
||||||
typedef int (*virSecurityDomainClearSocketLabel)(virSecurityDriverPtr drv,
|
typedef int (*virSecurityDomainClearSocketLabel)(virSecurityDriverPtr drv,
|
||||||
virDomainObjPtr vm);
|
virDomainObjPtr vm);
|
||||||
typedef int (*virSecurityDomainSetImageLabel) (virDomainObjPtr vm,
|
typedef int (*virSecurityDomainSetImageLabel) (virSecurityDriverPtr drv,
|
||||||
|
virDomainObjPtr vm,
|
||||||
virDomainDiskDefPtr disk);
|
virDomainDiskDefPtr disk);
|
||||||
typedef int (*virSecurityDomainRestoreHostdevLabel) (virDomainObjPtr vm,
|
typedef int (*virSecurityDomainRestoreHostdevLabel) (virSecurityDriverPtr drv,
|
||||||
|
virDomainObjPtr vm,
|
||||||
virDomainHostdevDefPtr dev);
|
virDomainHostdevDefPtr dev);
|
||||||
typedef int (*virSecurityDomainSetHostdevLabel) (virDomainObjPtr vm,
|
typedef int (*virSecurityDomainSetHostdevLabel) (virSecurityDriverPtr drv,
|
||||||
|
virDomainObjPtr vm,
|
||||||
virDomainHostdevDefPtr dev);
|
virDomainHostdevDefPtr dev);
|
||||||
typedef int (*virSecurityDomainSetSavedStateLabel) (virDomainObjPtr vm,
|
typedef int (*virSecurityDomainSetSavedStateLabel) (virSecurityDriverPtr drv,
|
||||||
|
virDomainObjPtr vm,
|
||||||
const char *savefile);
|
const char *savefile);
|
||||||
typedef int (*virSecurityDomainRestoreSavedStateLabel) (virDomainObjPtr vm,
|
typedef int (*virSecurityDomainRestoreSavedStateLabel) (virSecurityDriverPtr drv,
|
||||||
|
virDomainObjPtr vm,
|
||||||
const char *savefile);
|
const char *savefile);
|
||||||
typedef int (*virSecurityDomainGenLabel) (virDomainObjPtr sec);
|
typedef int (*virSecurityDomainGenLabel) (virSecurityDriverPtr drv,
|
||||||
typedef int (*virSecurityDomainReserveLabel) (virDomainObjPtr sec);
|
virDomainObjPtr sec);
|
||||||
typedef int (*virSecurityDomainReleaseLabel) (virDomainObjPtr sec);
|
typedef int (*virSecurityDomainReserveLabel) (virSecurityDriverPtr drv,
|
||||||
typedef int (*virSecurityDomainSetAllLabel) (virDomainObjPtr sec,
|
virDomainObjPtr sec);
|
||||||
|
typedef int (*virSecurityDomainReleaseLabel) (virSecurityDriverPtr drv,
|
||||||
|
virDomainObjPtr sec);
|
||||||
|
typedef int (*virSecurityDomainSetAllLabel) (virSecurityDriverPtr drv,
|
||||||
|
virDomainObjPtr sec,
|
||||||
const char *stdin_path);
|
const char *stdin_path);
|
||||||
typedef int (*virSecurityDomainRestoreAllLabel) (virDomainObjPtr vm,
|
typedef int (*virSecurityDomainRestoreAllLabel) (virSecurityDriverPtr drv,
|
||||||
|
virDomainObjPtr vm,
|
||||||
int migrated);
|
int migrated);
|
||||||
typedef int (*virSecurityDomainGetProcessLabel) (virDomainObjPtr vm,
|
typedef int (*virSecurityDomainGetProcessLabel) (virSecurityDriverPtr drv,
|
||||||
|
virDomainObjPtr vm,
|
||||||
virSecurityLabelPtr sec);
|
virSecurityLabelPtr sec);
|
||||||
typedef int (*virSecurityDomainSetProcessLabel) (virSecurityDriverPtr drv,
|
typedef int (*virSecurityDomainSetProcessLabel) (virSecurityDriverPtr drv,
|
||||||
virDomainObjPtr vm);
|
virDomainObjPtr vm);
|
||||||
|
|||||||
@ -156,7 +156,8 @@ SELinuxInitialize(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
SELinuxGenSecurityLabel(virDomainObjPtr vm)
|
SELinuxGenSecurityLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm)
|
||||||
{
|
{
|
||||||
int rc = -1;
|
int rc = -1;
|
||||||
char mcs[1024];
|
char mcs[1024];
|
||||||
@ -220,7 +221,8 @@ done:
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
SELinuxReserveSecurityLabel(virDomainObjPtr vm)
|
SELinuxReserveSecurityLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm)
|
||||||
{
|
{
|
||||||
security_context_t pctx;
|
security_context_t pctx;
|
||||||
context_t ctx = NULL;
|
context_t ctx = NULL;
|
||||||
@ -275,7 +277,8 @@ SELinuxSecurityDriverOpen(virSecurityDriverPtr drv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
SELinuxGetSecurityProcessLabel(virDomainObjPtr vm,
|
SELinuxGetSecurityProcessLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm,
|
||||||
virSecurityLabelPtr sec)
|
virSecurityLabelPtr sec)
|
||||||
{
|
{
|
||||||
security_context_t ctx;
|
security_context_t ctx;
|
||||||
@ -387,7 +390,8 @@ err:
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
SELinuxRestoreSecurityImageLabelInt(virDomainObjPtr vm,
|
SELinuxRestoreSecurityImageLabelInt(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm,
|
||||||
virDomainDiskDefPtr disk,
|
virDomainDiskDefPtr disk,
|
||||||
int migrated)
|
int migrated)
|
||||||
{
|
{
|
||||||
@ -431,10 +435,11 @@ SELinuxRestoreSecurityImageLabelInt(virDomainObjPtr vm,
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
SELinuxRestoreSecurityImageLabel(virDomainObjPtr vm,
|
SELinuxRestoreSecurityImageLabel(virSecurityDriverPtr drv,
|
||||||
|
virDomainObjPtr vm,
|
||||||
virDomainDiskDefPtr disk)
|
virDomainDiskDefPtr disk)
|
||||||
{
|
{
|
||||||
return SELinuxRestoreSecurityImageLabelInt(vm, disk, 0);
|
return SELinuxRestoreSecurityImageLabelInt(drv, vm, disk, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -462,7 +467,8 @@ SELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
SELinuxSetSecurityImageLabel(virDomainObjPtr vm,
|
SELinuxSetSecurityImageLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm,
|
||||||
virDomainDiskDefPtr disk)
|
virDomainDiskDefPtr disk)
|
||||||
|
|
||||||
{
|
{
|
||||||
@ -500,7 +506,8 @@ SELinuxSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
SELinuxSetSecurityHostdevLabel(virDomainObjPtr vm,
|
SELinuxSetSecurityHostdevLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm,
|
||||||
virDomainHostdevDefPtr dev)
|
virDomainHostdevDefPtr dev)
|
||||||
|
|
||||||
{
|
{
|
||||||
@ -568,7 +575,8 @@ SELinuxRestoreSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
SELinuxRestoreSecurityHostdevLabel(virDomainObjPtr vm,
|
SELinuxRestoreSecurityHostdevLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm,
|
||||||
virDomainHostdevDefPtr dev)
|
virDomainHostdevDefPtr dev)
|
||||||
|
|
||||||
{
|
{
|
||||||
@ -715,7 +723,8 @@ SELinuxRestoreSecurityChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
SELinuxRestoreSecurityAllLabel(virDomainObjPtr vm,
|
SELinuxRestoreSecurityAllLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm,
|
||||||
int migrated ATTRIBUTE_UNUSED)
|
int migrated ATTRIBUTE_UNUSED)
|
||||||
{
|
{
|
||||||
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
|
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
|
||||||
@ -728,11 +737,14 @@ SELinuxRestoreSecurityAllLabel(virDomainObjPtr vm,
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
for (i = 0 ; i < vm->def->nhostdevs ; i++) {
|
for (i = 0 ; i < vm->def->nhostdevs ; i++) {
|
||||||
if (SELinuxRestoreSecurityHostdevLabel(vm, vm->def->hostdevs[i]) < 0)
|
if (SELinuxRestoreSecurityHostdevLabel(drv,
|
||||||
|
vm,
|
||||||
|
vm->def->hostdevs[i]) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
}
|
}
|
||||||
for (i = 0 ; i < vm->def->ndisks ; i++) {
|
for (i = 0 ; i < vm->def->ndisks ; i++) {
|
||||||
if (SELinuxRestoreSecurityImageLabelInt(vm,
|
if (SELinuxRestoreSecurityImageLabelInt(drv,
|
||||||
|
vm,
|
||||||
vm->def->disks[i],
|
vm->def->disks[i],
|
||||||
migrated) < 0)
|
migrated) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
@ -756,7 +768,8 @@ SELinuxRestoreSecurityAllLabel(virDomainObjPtr vm,
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
SELinuxReleaseSecurityLabel(virDomainObjPtr vm)
|
SELinuxReleaseSecurityLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm)
|
||||||
{
|
{
|
||||||
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
|
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
|
||||||
|
|
||||||
@ -779,7 +792,8 @@ SELinuxReleaseSecurityLabel(virDomainObjPtr vm)
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
SELinuxSetSavedStateLabel(virDomainObjPtr vm,
|
SELinuxSetSavedStateLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm,
|
||||||
const char *savefile)
|
const char *savefile)
|
||||||
{
|
{
|
||||||
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
|
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
|
||||||
@ -792,7 +806,8 @@ SELinuxSetSavedStateLabel(virDomainObjPtr vm,
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
SELinuxRestoreSavedStateLabel(virDomainObjPtr vm,
|
SELinuxRestoreSavedStateLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
|
||||||
|
virDomainObjPtr vm,
|
||||||
const char *savefile)
|
const char *savefile)
|
||||||
{
|
{
|
||||||
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
|
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
|
||||||
@ -963,7 +978,9 @@ SELinuxSetSecurityChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
SELinuxSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path)
|
SELinuxSetSecurityAllLabel(virSecurityDriverPtr drv,
|
||||||
|
virDomainObjPtr vm,
|
||||||
|
const char *stdin_path)
|
||||||
{
|
{
|
||||||
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
|
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
|
||||||
int i;
|
int i;
|
||||||
@ -978,11 +995,14 @@ SELinuxSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path)
|
|||||||
vm->def->disks[i]->src, vm->def->disks[i]->dst);
|
vm->def->disks[i]->src, vm->def->disks[i]->dst);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if (SELinuxSetSecurityImageLabel(vm, vm->def->disks[i]) < 0)
|
if (SELinuxSetSecurityImageLabel(drv,
|
||||||
|
vm, vm->def->disks[i]) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
for (i = 0 ; i < vm->def->nhostdevs ; i++) {
|
for (i = 0 ; i < vm->def->nhostdevs ; i++) {
|
||||||
if (SELinuxSetSecurityHostdevLabel(vm, vm->def->hostdevs[i]) < 0)
|
if (SELinuxSetSecurityHostdevLabel(drv,
|
||||||
|
vm,
|
||||||
|
vm->def->hostdevs[i]) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user