[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Libguestfs] [PATCH 3/7] add_drive: Add selinuxnorelabel optional boolean.



From: "Richard W.M. Jones" <rjones redhat com>

If set, this causes <seclabel model=selinux relabel=no> to be added to
the disk element in the libvirt XML.

It has no effect *except* on the libvirt attach method when SELinux
and sVirt is being used.
---
 generator/actions.ml   |  8 +++++++-
 src/guestfs-internal.h |  1 +
 src/launch-libvirt.c   | 20 ++++++++++++++++++++
 src/launch.c           | 21 ++++++++++++++-------
 4 files changed, 42 insertions(+), 8 deletions(-)

diff --git a/generator/actions.ml b/generator/actions.ml
index 59e667d..ececa7b 100644
--- a/generator/actions.ml
+++ b/generator/actions.ml
@@ -1247,7 +1247,7 @@ not all belong to a single logical operating system
 
   { defaults with
     name = "add_drive";
-    style = RErr, [String "filename"], [OBool "readonly"; OString "format"; OString "iface"; OString "name"; OString "label"];
+    style = RErr, [String "filename"], [OBool "readonly"; OString "format"; OString "iface"; OString "name"; OString "label"; OBool "selinuxnorelabel"];
     once_had_no_optargs = true;
     blocking = false;
     fish_alias = ["add"];
@@ -1319,6 +1319,12 @@ the drive will also be named C</dev/disk/guestfs/I<label>>.
 
 See L<guestfs(3)/DISK LABELS>.
 
+=item C<selinuxnorelabel>
+
+If set, this option (only applicable when using the libvirt
+attach-method with SELinux and sVirt) causes libvirt to I<not>
+relabel the disk.
+
 =back" };
 
   { defaults with
diff --git a/src/guestfs-internal.h b/src/guestfs-internal.h
index 78e2bf5..9a468dc 100644
--- a/src/guestfs-internal.h
+++ b/src/guestfs-internal.h
@@ -119,6 +119,7 @@ struct drive {
   char *name;
   char *disk_label;
   bool use_cache_none;
+  int selinuxnorelabel;
 
   void *priv;                   /* Data used by attach method. */
   void (*free_priv) (void *);
diff --git a/src/launch-libvirt.c b/src/launch-libvirt.c
index 0a59cb6..45950e2 100644
--- a/src/launch-libvirt.c
+++ b/src/launch-libvirt.c
@@ -1035,6 +1035,16 @@ construct_libvirt_xml_disk (guestfs_h *g,
     XMLERROR (-1,
               xmlTextWriterWriteAttribute (xo, BAD_CAST "file",
                                            BAD_CAST drv_priv->path));
+    if (drv->selinuxnorelabel) {
+      XMLERROR (-1, xmlTextWriterStartElement (xo, BAD_CAST "seclabel"));
+      XMLERROR (-1,
+                xmlTextWriterWriteAttribute (xo, BAD_CAST "model",
+                                             BAD_CAST "selinux"));
+      XMLERROR (-1,
+                xmlTextWriterWriteAttribute (xo, BAD_CAST "relabel",
+                                             BAD_CAST "no"));
+      XMLERROR (-1, xmlTextWriterEndElement (xo));
+    }
     XMLERROR (-1, xmlTextWriterEndElement (xo));
   }
   else {
@@ -1046,6 +1056,16 @@ construct_libvirt_xml_disk (guestfs_h *g,
     XMLERROR (-1,
               xmlTextWriterWriteAttribute (xo, BAD_CAST "dev",
                                            BAD_CAST drv_priv->path));
+    if (drv->selinuxnorelabel) {
+      XMLERROR (-1, xmlTextWriterStartElement (xo, BAD_CAST "seclabel"));
+      XMLERROR (-1,
+                xmlTextWriterWriteAttribute (xo, BAD_CAST "model",
+                                             BAD_CAST "selinux"));
+      XMLERROR (-1,
+                xmlTextWriterWriteAttribute (xo, BAD_CAST "relabel",
+                                             BAD_CAST "no"));
+      XMLERROR (-1, xmlTextWriterEndElement (xo));
+    }
     XMLERROR (-1, xmlTextWriterEndElement (xo));
   }
 
diff --git a/src/launch.c b/src/launch.c
index 7c37667..518ecd7 100644
--- a/src/launch.c
+++ b/src/launch.c
@@ -88,7 +88,7 @@ static struct drive *
 create_drive_struct (guestfs_h *g, const char *path,
                      int readonly, const char *format,
                      const char *iface, const char *name,
-                     const char *disk_label,
+                     const char *disk_label, int selinuxnorelabel,
                      int use_cache_none)
 {
   struct drive *drv = safe_malloc (g, sizeof (struct drive));
@@ -100,6 +100,7 @@ create_drive_struct (guestfs_h *g, const char *path,
   drv->name = name ? safe_strdup (g, name) : NULL;
   drv->disk_label = disk_label ? safe_strdup (g, disk_label) : NULL;
   drv->use_cache_none = use_cache_none;
+  drv->selinuxnorelabel = selinuxnorelabel;
   drv->priv = drv->free_priv = NULL;
 
   return drv;
@@ -111,7 +112,7 @@ guestfs___add_dummy_appliance_drive (guestfs_h *g)
 {
   struct drive *drv;
 
-  drv = create_drive_struct (g, "", 0, NULL, NULL, NULL, NULL, 0);
+  drv = create_drive_struct (g, "", 0, NULL, NULL, NULL, NULL, 0, 0);
   add_drive_to_handle (g, drv);
 }
 
@@ -276,7 +277,8 @@ add_drive (guestfs_h *g, struct drive *drv)
  */
 static int
 add_null_drive (guestfs_h *g, int readonly, const char *format,
-                const char *iface, const char *name, const char *disk_label)
+                const char *iface, const char *name, const char *disk_label,
+                int selinuxnorelabel)
 {
   char *tmpfile = NULL;
   int fd = -1, r;
@@ -310,7 +312,8 @@ add_null_drive (guestfs_h *g, int readonly, const char *format,
     goto err;
   }
 
-  drv = create_drive_struct (g, tmpfile, readonly, format, iface, name, disk_label, 0);
+  drv = create_drive_struct (g, tmpfile, readonly, format, iface, name,
+                             disk_label, selinuxnorelabel, 0);
   r = add_drive (g, drv);
   free (tmpfile);
   if (r == -1) {
@@ -337,6 +340,7 @@ guestfs__add_drive_opts (guestfs_h *g, const char *filename,
   const char *name;
   const char *disk_label;
   int use_cache_none;
+  int selinuxnorelabel;
   struct drive *drv;
 
   if (strchr (filename, ':') != NULL) {
@@ -355,6 +359,8 @@ guestfs__add_drive_opts (guestfs_h *g, const char *filename,
          ? optargs->name : NULL;
   disk_label = optargs->bitmask & GUESTFS_ADD_DRIVE_OPTS_LABEL_BITMASK
          ? optargs->label : NULL;
+  selinuxnorelabel = optargs->bitmask & GUESTFS_ADD_DRIVE_OPTS_SELINUXNORELABEL_BITMASK
+         ? optargs->selinuxnorelabel : 0;
 
   if (format && !valid_format_iface (format)) {
     error (g, _("%s parameter is empty or contains disallowed characters"),
@@ -372,7 +378,8 @@ guestfs__add_drive_opts (guestfs_h *g, const char *filename,
   }
 
   if (STREQ (filename, "/dev/null"))
-    return add_null_drive (g, readonly, format, iface, name, disk_label);
+    return add_null_drive (g, readonly, format, iface, name, disk_label,
+                           selinuxnorelabel);
 
   /* For writable files, see if we can use cache=none.  This also
    * checks for the existence of the file.  For readonly we have
@@ -389,8 +396,8 @@ guestfs__add_drive_opts (guestfs_h *g, const char *filename,
     }
   }
 
-  drv = create_drive_struct (g, filename, readonly, format, iface, name, disk_label,
-                             use_cache_none);
+  drv = create_drive_struct (g, filename, readonly, format, iface, name,
+                             disk_label, selinuxnorelabel, use_cache_none);
   if (add_drive (g, drv) == -1) {
     free_drive_struct (drv);
     return -1;
-- 
1.8.1.2


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]