[libvirt] [PATCH 3/7] security: Expose SetChardevLabel function in security drivers

Martin Kletzander mkletzan at redhat.com
Thu Aug 13 15:47:41 UTC 2015


Functions labelling character devices can be used in the future for
labelling additional character devices that are not present in the
definition itself.

Signed-off-by: Martin Kletzander <mkletzan at redhat.com>
---
 src/libvirt_private.syms        |  1 +
 src/security/security_dac.c     |  2 ++
 src/security/security_driver.h  |  7 ++++++-
 src/security/security_manager.c | 19 +++++++++++++++++++
 src/security/security_manager.h |  5 +++++
 src/security/security_selinux.c |  2 ++
 src/security/security_stack.c   | 21 +++++++++++++++++++++
 7 files changed, 56 insertions(+), 1 deletion(-)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 45f42f502035..b1c03f00050b 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1044,6 +1044,7 @@ virSecurityManagerRestoreHostdevLabel;
 virSecurityManagerRestoreImageLabel;
 virSecurityManagerRestoreSavedStateLabel;
 virSecurityManagerSetAllLabel;
+virSecurityManagerSetChardevLabel;
 virSecurityManagerSetChildProcessLabel;
 virSecurityManagerSetDaemonSocketLabel;
 virSecurityManagerSetDiskLabel;
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index bed23c30ae8c..ea34d40fac51 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1441,4 +1441,6 @@ virSecurityDriver virSecurityDriverDAC = {
     .domainGetSecurityMountOptions      = virSecurityDACGetMountOptions,

     .getBaseLabel                       = virSecurityDACGetBaseLabel,
+
+    .domainSetChardevLabel              = virSecurityDACSetChardevLabel,
 };
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index f0dca09177e5..08aa3e1f8747 100644
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -118,7 +118,10 @@ typedef int (*virSecurityDomainSetImageLabel) (virSecurityManagerPtr mgr,
 typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManagerPtr mgr,
                                                    virDomainDefPtr def,
                                                    virStorageSourcePtr src);
-
+typedef int (*virSecurityDomainSetChardevLabel) (virSecurityManagerPtr mgr,
+                                                 virDomainDefPtr def,
+                                                 virDomainChrDefPtr dev,
+                                                 virDomainChrSourceDefPtr src);

 struct _virSecurityDriver {
     size_t privateDataLen;
@@ -168,6 +171,8 @@ struct _virSecurityDriver {
     virSecurityDomainSetHugepages domainSetSecurityHugepages;

     virSecurityDriverGetBaseLabel getBaseLabel;
+
+    virSecurityDomainSetChardevLabel domainSetChardevLabel;
 };

 virSecurityDriverPtr virSecurityDriverLookup(const char *name,
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index b0cd9e856903..ec3479ae73a9 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -991,3 +991,22 @@ virSecurityManagerSetHugepages(virSecurityManagerPtr mgr,

     return 0;
 }
+
+
+int
+virSecurityManagerSetChardevLabel(virSecurityManagerPtr mgr,
+                                  virDomainDefPtr def,
+                                  virDomainChrDefPtr dev,
+                                  virDomainChrSourceDefPtr src)
+{
+    int ret;
+
+    if (!mgr->drv->domainSetChardevLabel)
+        return 0;
+
+    virObjectLock(mgr);
+    ret = mgr->drv->domainSetChardevLabel(mgr, def, dev, src);
+    virObjectUnlock(mgr);
+
+    return ret;
+}
diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index 13468db3997b..25ddd5fe79a0 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -150,4 +150,9 @@ int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
                                         virDomainDefPtr vm,
                                         virStorageSourcePtr src);

+int virSecurityManagerSetChardevLabel(virSecurityManagerPtr mgr,
+                                      virDomainDefPtr def,
+                                      virDomainChrDefPtr dev,
+                                      virDomainChrSourceDefPtr src);
+
 #endif /* VIR_SECURITY_MANAGER_H__ */
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index a37f8c140b07..7000701d0447 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2549,4 +2549,6 @@ virSecurityDriver virSecurityDriverSELinux = {

     .domainGetSecurityMountOptions      = virSecuritySELinuxGetSecurityMountOptions,
     .getBaseLabel                       = virSecuritySELinuxGetBaseLabel,
+
+    .domainSetChardevLabel              = virSecuritySELinuxSetSecurityChardevLabel,
 };
diff --git a/src/security/security_stack.c b/src/security/security_stack.c
index 1ded57b9604c..124d7806203c 100644
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -599,6 +599,25 @@ virSecurityStackRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
     return rc;
 }

+static int
+virSecurityStackSetChardevLabel(virSecurityManagerPtr mgr,
+                                virDomainDefPtr def,
+                                virDomainChrDefPtr dev,
+                                virDomainChrSourceDefPtr src)
+{
+    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+    virSecurityStackItemPtr item = priv->itemsHead;
+    int rc = 0;
+
+    for (; item; item = item->next) {
+        if (virSecurityManagerSetChardevLabel(item->securityManager,
+                                              def, dev, src) < 0)
+            rc = -1;
+    }
+
+    return rc;
+}
+
 virSecurityDriver virSecurityDriverStack = {
     .privateDataLen                     = sizeof(virSecurityStackData),
     .name                               = "stack",
@@ -648,4 +667,6 @@ virSecurityDriver virSecurityDriverStack = {
     .domainSetSecurityHugepages         = virSecurityStackSetHugepages,

     .getBaseLabel                       = virSecurityStackGetBaseLabel,
+
+    .domainSetChardevLabel              = virSecurityStackSetChardevLabel,
 };
-- 
2.5.0




More information about the libvir-list mailing list