[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Libguestfs] [PATCH v2 2/5] New internal API: internal_set_libvirt_selinux_norelabel_disks.



From: "Richard W.M. Jones" <rjones redhat com>

If set, this causes <seclabel model=selinux relabel=no> to be added to
the disk element in the libvirt XML.

It has no effect *except* on the libvirt attach method when SELinux
and sVirt is being used.
---
 generator/actions.ml   | 11 +++++++++++
 src/guestfs-internal.h |  1 +
 src/launch-libvirt.c   | 30 ++++++++++++++++++++++++++++++
 3 files changed, 42 insertions(+)

diff --git a/generator/actions.ml b/generator/actions.ml
index 59e667d..f685e92 100644
--- a/generator/actions.ml
+++ b/generator/actions.ml
@@ -2706,6 +2706,17 @@ reality, two labels: the process label and the image label)
 used by the appliance when the libvirt attach method is selected
 (it is ignored by other attach methods)." };
 
+  { defaults with
+    name = "internal_set_libvirt_selinux_norelabel_disks";
+    style = RErr, [Bool "norelabeldisks"], [];
+    blocking = false;
+    visibility = VInternal;
+    shortdesc = "tell libvirt attach method not to relabel disks";
+    longdesc = "\
+This internal function adds E<lt>seclabel model=selinux relabel=noE<gt>
+to all application disks.  It is only used by the libvirt attach method
+and is ignored by other attach methods." };
+
 ]
 
 (* daemon_functions are any functions which cause some action
diff --git a/src/guestfs-internal.h b/src/guestfs-internal.h
index 78e2bf5..c25b893 100644
--- a/src/guestfs-internal.h
+++ b/src/guestfs-internal.h
@@ -324,6 +324,7 @@ struct guestfs_h
 #endif
   char *virt_selinux_label;
   char *virt_selinux_imagelabel;
+  bool virt_selinux_norelabel_disks;
 };
 
 /* Per-filesystem data stored for inspect_os. */
diff --git a/src/launch-libvirt.c b/src/launch-libvirt.c
index 68d875e..318847a 100644
--- a/src/launch-libvirt.c
+++ b/src/launch-libvirt.c
@@ -651,6 +651,7 @@ static int construct_libvirt_xml_lifecycle (guestfs_h *g, const struct libvirt_x
 static int construct_libvirt_xml_devices (guestfs_h *g, const struct libvirt_xml_params *params, xmlTextWriterPtr xo);
 static int construct_libvirt_xml_qemu_cmdline (guestfs_h *g, const struct libvirt_xml_params *params, xmlTextWriterPtr xo);
 static int construct_libvirt_xml_disk (guestfs_h *g, xmlTextWriterPtr xo, struct drive *drv, size_t drv_index);
+static int construct_libvirt_xml_disk_source_seclabel (guestfs_h *g, xmlTextWriterPtr xo);
 static int construct_libvirt_xml_appliance (guestfs_h *g, const struct libvirt_xml_params *params, xmlTextWriterPtr xo);
 
 /* Note this macro is rather specialized: It assumes that any local
@@ -1035,6 +1036,8 @@ construct_libvirt_xml_disk (guestfs_h *g,
     XMLERROR (-1,
               xmlTextWriterWriteAttribute (xo, BAD_CAST "file",
                                            BAD_CAST drv_priv->path));
+    if (construct_libvirt_xml_disk_source_seclabel (g, xo) == -1)
+      return -1;
     XMLERROR (-1, xmlTextWriterEndElement (xo));
   }
   else {
@@ -1046,6 +1049,8 @@ construct_libvirt_xml_disk (guestfs_h *g,
     XMLERROR (-1,
               xmlTextWriterWriteAttribute (xo, BAD_CAST "dev",
                                            BAD_CAST drv_priv->path));
+    if (construct_libvirt_xml_disk_source_seclabel (g, xo) == -1)
+      return -1;
     XMLERROR (-1, xmlTextWriterEndElement (xo));
   }
 
@@ -1131,6 +1136,24 @@ construct_libvirt_xml_disk (guestfs_h *g,
 }
 
 static int
+construct_libvirt_xml_disk_source_seclabel (guestfs_h *g,
+                                            xmlTextWriterPtr xo)
+{
+  if (g->virt_selinux_norelabel_disks) {
+    XMLERROR (-1, xmlTextWriterStartElement (xo, BAD_CAST "seclabel"));
+    XMLERROR (-1,
+              xmlTextWriterWriteAttribute (xo, BAD_CAST "model",
+                                           BAD_CAST "selinux"));
+    XMLERROR (-1,
+              xmlTextWriterWriteAttribute (xo, BAD_CAST "relabel",
+                                           BAD_CAST "no"));
+    XMLERROR (-1, xmlTextWriterEndElement (xo));
+  }
+
+  return 0;
+}
+
+static int
 construct_libvirt_xml_appliance (guestfs_h *g,
                                  const struct libvirt_xml_params *params,
                                  xmlTextWriterPtr xo)
@@ -1639,3 +1662,10 @@ guestfs__internal_set_libvirt_selinux_label (guestfs_h *g, const char *label,
   g->virt_selinux_imagelabel = safe_strdup (g, imagelabel);
   return 0;
 }
+
+int
+guestfs__internal_set_libvirt_selinux_norelabel_disks (guestfs_h *g, int flag)
+{
+  g->virt_selinux_norelabel_disks = flag;
+  return 0;
+}
-- 
1.8.1.2


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]