[libvirt] [PATCH 4/4] Remove use of virConnectPtr from security driver APIs
Daniel P. Berrange
berrange at redhat.com
Tue Feb 9 19:20:35 UTC 2010
The virConnectPtr is no longer required for error reporting since
that is recorded in a thread local. Remove use of virConnectPtr
from all APIs in security_driver.{h,c} and update all callers to
match
---
src/qemu/qemu_driver.c | 90 ++++++++++++++++------------------
src/qemu/qemu_security_dac.c | 43 +++++++----------
src/qemu/qemu_security_stacked.c | 99 ++++++++++++++++----------------------
src/security/security_apparmor.c | 69 ++++++++++++--------------
src/security/security_driver.c | 17 +++----
src/security/security_driver.h | 54 +++++++-------------
src/security/security_selinux.c | 73 +++++++++++----------------
7 files changed, 189 insertions(+), 256 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 7c5dfe4..4cc66be 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -118,8 +118,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
const char *migrateFrom,
int stdin_fd);
-static void qemudShutdownVMDaemon(virConnectPtr conn,
- struct qemud_driver *driver,
+static void qemudShutdownVMDaemon(struct qemud_driver *driver,
virDomainObjPtr vm);
static int qemudDomainGetMaxVcpus(virDomainPtr dom);
@@ -681,7 +680,7 @@ qemuHandleMonitorEOF(qemuMonitorPtr mon ATTRIBUTE_UNUSED,
VIR_DOMAIN_EVENT_STOPPED_FAILED :
VIR_DOMAIN_EVENT_STOPPED_SHUTDOWN);
- qemudShutdownVMDaemon(NULL, driver, vm);
+ qemudShutdownVMDaemon(driver, vm);
if (!vm->persistent)
virDomainRemoveInactive(&driver->domains, vm);
else
@@ -865,7 +864,7 @@ qemuReconnectDomain(void *payload, const char *name ATTRIBUTE_UNUSED, void *opaq
if (driver->securityDriver &&
driver->securityDriver->domainReserveSecurityLabel &&
- driver->securityDriver->domainReserveSecurityLabel(NULL, obj) < 0)
+ driver->securityDriver->domainReserveSecurityLabel(obj) < 0)
goto error;
if (obj->def->id >= driver->nextvmid)
@@ -878,7 +877,7 @@ error:
/* We can't get the monitor back, so must kill the VM
* to remove danger of it ending up running twice if
* user tries to start it again later */
- qemudShutdownVMDaemon(NULL, driver, obj);
+ qemudShutdownVMDaemon(driver, obj);
if (!obj->persistent)
virDomainRemoveInactive(&driver->domains, obj);
else
@@ -2468,7 +2467,7 @@ static int qemudSecurityHook(void *data) {
if (h->driver->securityDriver &&
h->driver->securityDriver->domainSetSecurityProcessLabel &&
- h->driver->securityDriver->domainSetSecurityProcessLabel(h->conn, h->driver->securityDriver, h->vm) < 0)
+ h->driver->securityDriver->domainSetSecurityProcessLabel(h->driver->securityDriver, h->vm) < 0)
return -1;
return 0;
@@ -2536,12 +2535,12 @@ static int qemudStartVMDaemon(virConnectPtr conn,
then generate a security label for isolation */
if (driver->securityDriver &&
driver->securityDriver->domainGenSecurityLabel &&
- driver->securityDriver->domainGenSecurityLabel(conn, vm) < 0)
+ driver->securityDriver->domainGenSecurityLabel(vm) < 0)
return -1;
if (driver->securityDriver &&
driver->securityDriver->domainSetSecurityAllLabel &&
- driver->securityDriver->domainSetSecurityAllLabel(conn, vm) < 0)
+ driver->securityDriver->domainSetSecurityAllLabel(vm) < 0)
goto cleanup;
/* Ensure no historical cgroup for this VM is lieing around bogus settings */
@@ -2767,10 +2766,10 @@ cleanup:
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityAllLabel)
- driver->securityDriver->domainRestoreSecurityAllLabel(conn, vm);
+ driver->securityDriver->domainRestoreSecurityAllLabel(vm);
if (driver->securityDriver &&
driver->securityDriver->domainReleaseSecurityLabel)
- driver->securityDriver->domainReleaseSecurityLabel(conn, vm);
+ driver->securityDriver->domainReleaseSecurityLabel(vm);
qemuRemoveCgroup(driver, vm, 0);
if ((vm->def->ngraphics == 1) &&
vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
@@ -2784,7 +2783,7 @@ cleanup:
abort:
/* We jump here if we failed to initialize the now running VM
* killing it off and pretend we never started it */
- qemudShutdownVMDaemon(conn, driver, vm);
+ qemudShutdownVMDaemon(driver, vm);
if (logfile != -1)
close(logfile);
@@ -2793,8 +2792,7 @@ abort:
}
-static void qemudShutdownVMDaemon(virConnectPtr conn,
- struct qemud_driver *driver,
+static void qemudShutdownVMDaemon(struct qemud_driver *driver,
virDomainObjPtr vm) {
int ret;
int retries = 0;
@@ -2851,10 +2849,10 @@ static void qemudShutdownVMDaemon(virConnectPtr conn,
/* Reset Security Labels */
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityAllLabel)
- driver->securityDriver->domainRestoreSecurityAllLabel(conn, vm);
+ driver->securityDriver->domainRestoreSecurityAllLabel(vm);
if (driver->securityDriver &&
driver->securityDriver->domainReleaseSecurityLabel)
- driver->securityDriver->domainReleaseSecurityLabel(conn, vm);
+ driver->securityDriver->domainReleaseSecurityLabel(vm);
/* Clear out dynamically assigned labels */
if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
@@ -3306,7 +3304,7 @@ static virDomainPtr qemudDomainCreate(virConnectPtr conn, const char *xml,
VIR_DOMAIN_XML_INACTIVE)))
goto cleanup;
- if (virSecurityDriverVerify(conn, def) < 0)
+ if (virSecurityDriverVerify(def) < 0)
goto cleanup;
if (virDomainObjIsDuplicate(&driver->domains, def, 1) < 0)
@@ -3535,7 +3533,7 @@ static int qemudDomainDestroy(virDomainPtr dom) {
goto endjob;
}
- qemudShutdownVMDaemon(dom->conn, driver, vm);
+ qemudShutdownVMDaemon(driver, vm);
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STOPPED,
VIR_DOMAIN_EVENT_STOPPED_DESTROYED);
@@ -3911,7 +3909,7 @@ static int qemudDomainSave(virDomainPtr dom,
if (driver->securityDriver &&
driver->securityDriver->domainSetSavedStateLabel &&
- driver->securityDriver->domainSetSavedStateLabel(dom->conn, vm, path) == -1)
+ driver->securityDriver->domainSetSavedStateLabel(vm, path) == -1)
goto endjob;
if (header.compressed == QEMUD_SAVE_FORMAT_RAW) {
@@ -3938,13 +3936,13 @@ static int qemudDomainSave(virDomainPtr dom,
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSavedStateLabel &&
- driver->securityDriver->domainRestoreSavedStateLabel(dom->conn, vm, path) == -1)
+ driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1)
goto endjob;
ret = 0;
/* Shut it down */
- qemudShutdownVMDaemon(dom->conn, driver, vm);
+ qemudShutdownVMDaemon(driver, vm);
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STOPPED,
VIR_DOMAIN_EVENT_STOPPED_SAVED);
@@ -4025,7 +4023,7 @@ static int qemudDomainCoreDump(virDomainPtr dom,
if (driver->securityDriver &&
driver->securityDriver->domainSetSavedStateLabel &&
- driver->securityDriver->domainSetSavedStateLabel(dom->conn, vm, path) == -1)
+ driver->securityDriver->domainSetSavedStateLabel(vm, path) == -1)
goto endjob;
/* Migrate will always stop the VM, so the resume condition is
@@ -4052,12 +4050,12 @@ static int qemudDomainCoreDump(virDomainPtr dom,
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSavedStateLabel &&
- driver->securityDriver->domainRestoreSavedStateLabel(dom->conn, vm, path) == -1)
+ driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1)
goto endjob;
endjob:
if ((ret == 0) && (flags & VIR_DUMP_CRASH)) {
- qemudShutdownVMDaemon(dom->conn, driver, vm);
+ qemudShutdownVMDaemon(driver, vm);
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STOPPED,
VIR_DOMAIN_EVENT_STOPPED_CRASHED);
@@ -4388,7 +4386,7 @@ static int qemudDomainGetSecurityLabel(virDomainPtr dom, virSecurityLabelPtr sec
*/
if (virDomainObjIsActive(vm)) {
if (driver->securityDriver && driver->securityDriver->domainGetSecurityProcessLabel) {
- if (driver->securityDriver->domainGetSecurityProcessLabel(dom->conn, vm, seclabel) == -1) {
+ if (driver->securityDriver->domainGetSecurityProcessLabel(vm, seclabel) == -1) {
qemuReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("Failed to get security label"));
goto cleanup;
@@ -5000,7 +4998,7 @@ static virDomainPtr qemudDomainDefine(virConnectPtr conn, const char *xml) {
VIR_DOMAIN_XML_INACTIVE)))
goto cleanup;
- if (virSecurityDriverVerify(conn, def) < 0)
+ if (virSecurityDriverVerify(def) < 0)
goto cleanup;
if ((dupVM = virDomainObjIsDuplicate(&driver->domains, def, 0)) < 0)
@@ -5095,8 +5093,7 @@ cleanup:
}
-static int qemudDomainChangeEjectableMedia(virConnectPtr conn,
- struct qemud_driver *driver,
+static int qemudDomainChangeEjectableMedia(struct qemud_driver *driver,
virDomainObjPtr vm,
virDomainDiskDefPtr disk)
{
@@ -5137,7 +5134,7 @@ static int qemudDomainChangeEjectableMedia(virConnectPtr conn,
if (driver->securityDriver &&
driver->securityDriver->domainSetSecurityImageLabel &&
- driver->securityDriver->domainSetSecurityImageLabel(conn, vm, disk) < 0)
+ driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0)
return -1;
qemuDomainObjPrivatePtr priv = vm->privateData;
@@ -5163,7 +5160,7 @@ static int qemudDomainChangeEjectableMedia(virConnectPtr conn,
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityImageLabel &&
- driver->securityDriver->domainRestoreSecurityImageLabel(conn, vm, origdisk) < 0)
+ driver->securityDriver->domainRestoreSecurityImageLabel(vm, origdisk) < 0)
VIR_WARN("Unable to restore security label on ejected image %s", origdisk->src);
VIR_FREE(origdisk->src);
@@ -5178,7 +5175,7 @@ static int qemudDomainChangeEjectableMedia(virConnectPtr conn,
error:
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityImageLabel &&
- driver->securityDriver->domainRestoreSecurityImageLabel(conn, vm, disk) < 0)
+ driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
VIR_WARN("Unable to restore security label on new media %s", disk->src);
return -1;
}
@@ -5205,7 +5202,7 @@ static int qemudDomainAttachPciDiskDevice(struct qemud_driver *driver,
if (driver->securityDriver &&
driver->securityDriver->domainSetSecurityImageLabel &&
- driver->securityDriver->domainSetSecurityImageLabel(NULL, vm, disk) < 0)
+ driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0)
return -1;
if (qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE) {
@@ -5266,7 +5263,7 @@ error:
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityImageLabel &&
- driver->securityDriver->domainRestoreSecurityImageLabel(NULL, vm, disk) < 0)
+ driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
VIR_WARN("Unable to restore security label on %s", disk->src);
return -1;
@@ -5398,7 +5395,7 @@ static int qemudDomainAttachSCSIDisk(struct qemud_driver *driver,
if (driver->securityDriver &&
driver->securityDriver->domainSetSecurityImageLabel &&
- driver->securityDriver->domainSetSecurityImageLabel(NULL, vm, disk) < 0)
+ driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0)
return -1;
/* We should have an address already, so make sure */
@@ -5475,7 +5472,7 @@ error:
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityImageLabel &&
- driver->securityDriver->domainRestoreSecurityImageLabel(NULL, vm, disk) < 0)
+ driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
VIR_WARN("Unable to restore security label on %s", disk->src);
return -1;
@@ -5502,7 +5499,7 @@ static int qemudDomainAttachUsbMassstorageDevice(struct qemud_driver *driver,
if (driver->securityDriver &&
driver->securityDriver->domainSetSecurityImageLabel &&
- driver->securityDriver->domainSetSecurityImageLabel(NULL, vm, disk) < 0)
+ driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0)
return -1;
if (!disk->src) {
@@ -5554,7 +5551,7 @@ error:
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityImageLabel &&
- driver->securityDriver->domainRestoreSecurityImageLabel(NULL, vm, disk) < 0)
+ driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
VIR_WARN("Unable to restore security label on %s", disk->src);
return -1;
@@ -5825,8 +5822,7 @@ error:
}
-static int qemudDomainAttachHostDevice(virConnectPtr conn,
- struct qemud_driver *driver,
+static int qemudDomainAttachHostDevice(struct qemud_driver *driver,
virDomainObjPtr vm,
virDomainHostdevDefPtr hostdev,
int qemuCmdFlags)
@@ -5840,7 +5836,7 @@ static int qemudDomainAttachHostDevice(virConnectPtr conn,
if (driver->securityDriver &&
driver->securityDriver->domainSetSecurityHostdevLabel &&
- driver->securityDriver->domainSetSecurityHostdevLabel(conn, vm, hostdev) < 0)
+ driver->securityDriver->domainSetSecurityHostdevLabel(vm, hostdev) < 0)
return -1;
switch (hostdev->source.subsys.type) {
@@ -5868,7 +5864,7 @@ static int qemudDomainAttachHostDevice(virConnectPtr conn,
error:
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityHostdevLabel &&
- driver->securityDriver->domainRestoreSecurityHostdevLabel(conn, vm, hostdev) < 0)
+ driver->securityDriver->domainRestoreSecurityHostdevLabel(vm, hostdev) < 0)
VIR_WARN0("Unable to restore host device labelling on hotplug fail");
return -1;
@@ -5936,7 +5932,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
switch (dev->data.disk->device) {
case VIR_DOMAIN_DISK_DEVICE_CDROM:
case VIR_DOMAIN_DISK_DEVICE_FLOPPY:
- ret = qemudDomainChangeEjectableMedia(dom->conn, driver, vm, dev->data.disk);
+ ret = qemudDomainChangeEjectableMedia(driver, vm, dev->data.disk);
if (ret == 0)
dev->data.disk = NULL;
break;
@@ -5991,7 +5987,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
if (ret == 0)
dev->data.net = NULL;
} else if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV) {
- ret = qemudDomainAttachHostDevice(dom->conn, driver, vm,
+ ret = qemudDomainAttachHostDevice(driver, vm,
dev->data.hostdev, qemuCmdFlags);
if (ret == 0)
dev->data.hostdev = NULL;
@@ -6085,7 +6081,7 @@ static int qemudDomainDetachPciDiskDevice(struct qemud_driver *driver,
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityImageLabel &&
- driver->securityDriver->domainRestoreSecurityImageLabel(NULL, vm, dev->data.disk) < 0)
+ driver->securityDriver->domainRestoreSecurityImageLabel(vm, dev->data.disk) < 0)
VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
ret = 0;
@@ -6357,7 +6353,7 @@ static int qemudDomainDetachHostDevice(struct qemud_driver *driver,
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityHostdevLabel &&
- driver->securityDriver->domainRestoreSecurityHostdevLabel(NULL, vm, dev->data.hostdev) < 0)
+ driver->securityDriver->domainRestoreSecurityHostdevLabel(vm, dev->data.hostdev) < 0)
VIR_WARN0("Failed to restore host device labelling");
return ret;
@@ -7506,7 +7502,7 @@ qemudDomainMigratePrepareTunnel(virConnectPtr dconn,
qemust = qemuStreamMigOpen(st, unixfile);
if (qemust == NULL) {
- qemudShutdownVMDaemon(NULL, driver, vm);
+ qemudShutdownVMDaemon(driver, vm);
if (!vm->persistent) {
if (qemuDomainObjEndJob(vm) > 0)
virDomainRemoveInactive(&driver->domains, vm);
@@ -8193,7 +8189,7 @@ qemudDomainMigratePerform (virDomainPtr dom,
}
/* Clean up the source domain. */
- qemudShutdownVMDaemon (dom->conn, driver, vm);
+ qemudShutdownVMDaemon(driver, vm);
paused = 0;
event = virDomainEventNewFromObj(vm,
@@ -8336,7 +8332,7 @@ qemudDomainMigrateFinish2 (virConnectPtr dconn,
}
virDomainSaveStatus(driver->caps, driver->stateDir, vm);
} else {
- qemudShutdownVMDaemon (dconn, driver, vm);
+ qemudShutdownVMDaemon(driver, vm);
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STOPPED,
VIR_DOMAIN_EVENT_STOPPED_FAILED);
diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c
index e753490..11f41b3 100644
--- a/src/qemu/qemu_security_dac.c
+++ b/src/qemu/qemu_security_dac.c
@@ -105,8 +105,7 @@ err:
static int
-qemuSecurityDACSetSecurityImageLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+qemuSecurityDACSetSecurityImageLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
virDomainDiskDefPtr disk)
{
@@ -149,8 +148,7 @@ qemuSecurityDACSetSecurityImageLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
static int
-qemuSecurityDACRestoreSecurityImageLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+qemuSecurityDACRestoreSecurityImageLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
virDomainDiskDefPtr disk)
{
if (!driver->privileged || !driver->dynamicOwnership)
@@ -195,8 +193,7 @@ qemuSecurityDACSetSecurityUSBLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
static int
-qemuSecurityDACSetSecurityHostdevLabel(virConnectPtr conn,
- virDomainObjPtr vm,
+qemuSecurityDACSetSecurityHostdevLabel(virDomainObjPtr vm,
virDomainHostdevDefPtr dev)
{
@@ -218,7 +215,7 @@ qemuSecurityDACSetSecurityHostdevLabel(virConnectPtr conn,
if (!usb)
goto done;
- ret = usbDeviceFileIterate(conn, usb, qemuSecurityDACSetSecurityUSBLabel, vm);
+ ret = usbDeviceFileIterate(NULL, usb, qemuSecurityDACSetSecurityUSBLabel, vm);
usbFreeDevice(usb);
break;
}
@@ -232,7 +229,7 @@ qemuSecurityDACSetSecurityHostdevLabel(virConnectPtr conn,
if (!pci)
goto done;
- ret = pciDeviceFileIterate(conn, pci, qemuSecurityDACSetSecurityPCILabel, vm);
+ ret = pciDeviceFileIterate(NULL, pci, qemuSecurityDACSetSecurityPCILabel, vm);
pciFreeDevice(pci);
break;
@@ -269,8 +266,7 @@ qemuSecurityDACRestoreSecurityUSBLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
static int
-qemuSecurityDACRestoreSecurityHostdevLabel(virConnectPtr conn,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+qemuSecurityDACRestoreSecurityHostdevLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
virDomainHostdevDefPtr dev)
{
@@ -292,7 +288,7 @@ qemuSecurityDACRestoreSecurityHostdevLabel(virConnectPtr conn,
if (!usb)
goto done;
- ret = usbDeviceFileIterate(conn, usb, qemuSecurityDACRestoreSecurityUSBLabel, NULL);
+ ret = usbDeviceFileIterate(NULL, usb, qemuSecurityDACRestoreSecurityUSBLabel, NULL);
usbFreeDevice(usb);
break;
@@ -307,7 +303,7 @@ qemuSecurityDACRestoreSecurityHostdevLabel(virConnectPtr conn,
if (!pci)
goto done;
- ret = pciDeviceFileIterate(conn, pci, qemuSecurityDACRestoreSecurityPCILabel, NULL);
+ ret = pciDeviceFileIterate(NULL, pci, qemuSecurityDACRestoreSecurityPCILabel, NULL);
pciFreeDevice(pci);
break;
@@ -324,8 +320,7 @@ done:
static int
-qemuSecurityDACRestoreSecurityAllLabel(virConnectPtr conn,
- virDomainObjPtr vm)
+qemuSecurityDACRestoreSecurityAllLabel(virDomainObjPtr vm)
{
int i;
int rc = 0;
@@ -336,12 +331,12 @@ qemuSecurityDACRestoreSecurityAllLabel(virConnectPtr conn,
VIR_DEBUG("Restoring security label on %s", vm->def->name);
for (i = 0 ; i < vm->def->nhostdevs ; i++) {
- if (qemuSecurityDACRestoreSecurityHostdevLabel(conn, vm,
+ if (qemuSecurityDACRestoreSecurityHostdevLabel(vm,
vm->def->hostdevs[i]) < 0)
rc = -1;
}
for (i = 0 ; i < vm->def->ndisks ; i++) {
- if (qemuSecurityDACRestoreSecurityImageLabel(conn, vm,
+ if (qemuSecurityDACRestoreSecurityImageLabel(vm,
vm->def->disks[i]) < 0)
rc = -1;
}
@@ -350,8 +345,7 @@ qemuSecurityDACRestoreSecurityAllLabel(virConnectPtr conn,
static int
-qemuSecurityDACSetSecurityAllLabel(virConnectPtr conn,
- virDomainObjPtr vm)
+qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm)
{
int i;
@@ -362,11 +356,11 @@ qemuSecurityDACSetSecurityAllLabel(virConnectPtr conn,
/* XXX fixme - we need to recursively label the entriy tree :-( */
if (vm->def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_DIR)
continue;
- if (qemuSecurityDACSetSecurityImageLabel(conn, vm, vm->def->disks[i]) < 0)
+ if (qemuSecurityDACSetSecurityImageLabel(vm, vm->def->disks[i]) < 0)
return -1;
}
for (i = 0 ; i < vm->def->nhostdevs ; i++) {
- if (qemuSecurityDACSetSecurityHostdevLabel(conn, vm, vm->def->hostdevs[i]) < 0)
+ if (qemuSecurityDACSetSecurityHostdevLabel(vm, vm->def->hostdevs[i]) < 0)
return -1;
}
@@ -375,8 +369,7 @@ qemuSecurityDACSetSecurityAllLabel(virConnectPtr conn,
static int
-qemuSecurityDACSetSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+qemuSecurityDACSetSavedStateLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
const char *savefile)
{
if (!driver->privileged || !driver->dynamicOwnership)
@@ -387,8 +380,7 @@ qemuSecurityDACSetSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
static int
-qemuSecurityDACRestoreSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+qemuSecurityDACRestoreSavedStateLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
const char *savefile)
{
if (!driver->privileged || !driver->dynamicOwnership)
@@ -399,8 +391,7 @@ qemuSecurityDACRestoreSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
static int
-qemuSecurityDACSetProcessLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+qemuSecurityDACSetProcessLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
virDomainObjPtr vm ATTRIBUTE_UNUSED)
{
DEBUG("Dropping privileges of VM to %d:%d", driver->user, driver->group);
diff --git a/src/qemu/qemu_security_stacked.c b/src/qemu/qemu_security_stacked.c
index deabe0a..c0258ce 100644
--- a/src/qemu/qemu_security_stacked.c
+++ b/src/qemu/qemu_security_stacked.c
@@ -38,19 +38,18 @@ void qemuSecurityStackedSetDriver(struct qemud_driver *newdriver)
static int
-qemuSecurityStackedVerify(virConnectPtr conn,
- virDomainDefPtr def)
+qemuSecurityStackedVerify(virDomainDefPtr def)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainSecurityVerify &&
- driver->securitySecondaryDriver->domainSecurityVerify(conn, def) < 0)
+ driver->securitySecondaryDriver->domainSecurityVerify(def) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainSecurityVerify &&
- driver->securityPrimaryDriver->domainSecurityVerify(conn, def) < 0)
+ driver->securityPrimaryDriver->domainSecurityVerify(def) < 0)
rc = -1;
return rc;
@@ -58,19 +57,18 @@ qemuSecurityStackedVerify(virConnectPtr conn,
static int
-qemuSecurityStackedGenLabel(virConnectPtr conn,
- virDomainObjPtr vm)
+qemuSecurityStackedGenLabel(virDomainObjPtr vm)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainGenSecurityLabel &&
- driver->securitySecondaryDriver->domainGenSecurityLabel(conn, vm) < 0)
+ driver->securitySecondaryDriver->domainGenSecurityLabel(vm) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainGenSecurityLabel &&
- driver->securityPrimaryDriver->domainGenSecurityLabel(conn, vm) < 0)
+ driver->securityPrimaryDriver->domainGenSecurityLabel(vm) < 0)
rc = -1;
return rc;
@@ -78,19 +76,18 @@ qemuSecurityStackedGenLabel(virConnectPtr conn,
static int
-qemuSecurityStackedReleaseLabel(virConnectPtr conn,
- virDomainObjPtr vm)
+qemuSecurityStackedReleaseLabel(virDomainObjPtr vm)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainReleaseSecurityLabel &&
- driver->securitySecondaryDriver->domainReleaseSecurityLabel(conn, vm) < 0)
+ driver->securitySecondaryDriver->domainReleaseSecurityLabel(vm) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainReleaseSecurityLabel &&
- driver->securityPrimaryDriver->domainReleaseSecurityLabel(conn, vm) < 0)
+ driver->securityPrimaryDriver->domainReleaseSecurityLabel(vm) < 0)
rc = -1;
return rc;
@@ -98,19 +95,18 @@ qemuSecurityStackedReleaseLabel(virConnectPtr conn,
static int
-qemuSecurityStackedReserveLabel(virConnectPtr conn,
- virDomainObjPtr vm)
+qemuSecurityStackedReserveLabel(virDomainObjPtr vm)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainReserveSecurityLabel &&
- driver->securitySecondaryDriver->domainReserveSecurityLabel(conn, vm) < 0)
+ driver->securitySecondaryDriver->domainReserveSecurityLabel(vm) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainReserveSecurityLabel &&
- driver->securityPrimaryDriver->domainReserveSecurityLabel(conn, vm) < 0)
+ driver->securityPrimaryDriver->domainReserveSecurityLabel(vm) < 0)
rc = -1;
return rc;
@@ -118,20 +114,19 @@ qemuSecurityStackedReserveLabel(virConnectPtr conn,
static int
-qemuSecurityStackedSetSecurityImageLabel(virConnectPtr conn,
- virDomainObjPtr vm,
+qemuSecurityStackedSetSecurityImageLabel(virDomainObjPtr vm,
virDomainDiskDefPtr disk)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainSetSecurityImageLabel &&
- driver->securitySecondaryDriver->domainSetSecurityImageLabel(conn, vm, disk) < 0)
+ driver->securitySecondaryDriver->domainSetSecurityImageLabel(vm, disk) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainSetSecurityImageLabel &&
- driver->securityPrimaryDriver->domainSetSecurityImageLabel(conn, vm, disk) < 0)
+ driver->securityPrimaryDriver->domainSetSecurityImageLabel(vm, disk) < 0)
rc = -1;
return rc;
@@ -139,20 +134,19 @@ qemuSecurityStackedSetSecurityImageLabel(virConnectPtr conn,
static int
-qemuSecurityStackedRestoreSecurityImageLabel(virConnectPtr conn,
- virDomainObjPtr vm,
+qemuSecurityStackedRestoreSecurityImageLabel(virDomainObjPtr vm,
virDomainDiskDefPtr disk)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainRestoreSecurityImageLabel &&
- driver->securitySecondaryDriver->domainRestoreSecurityImageLabel(conn, vm, disk) < 0)
+ driver->securitySecondaryDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainRestoreSecurityImageLabel &&
- driver->securityPrimaryDriver->domainRestoreSecurityImageLabel(conn, vm, disk) < 0)
+ driver->securityPrimaryDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
rc = -1;
return rc;
@@ -160,8 +154,7 @@ qemuSecurityStackedRestoreSecurityImageLabel(virConnectPtr conn,
static int
-qemuSecurityStackedSetSecurityHostdevLabel(virConnectPtr conn,
- virDomainObjPtr vm,
+qemuSecurityStackedSetSecurityHostdevLabel(virDomainObjPtr vm,
virDomainHostdevDefPtr dev)
{
@@ -169,12 +162,12 @@ qemuSecurityStackedSetSecurityHostdevLabel(virConnectPtr conn,
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainSetSecurityHostdevLabel &&
- driver->securitySecondaryDriver->domainSetSecurityHostdevLabel(conn, vm, dev) < 0)
+ driver->securitySecondaryDriver->domainSetSecurityHostdevLabel(vm, dev) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainSetSecurityHostdevLabel &&
- driver->securityPrimaryDriver->domainSetSecurityHostdevLabel(conn, vm, dev) < 0)
+ driver->securityPrimaryDriver->domainSetSecurityHostdevLabel(vm, dev) < 0)
rc = -1;
return rc;
@@ -182,8 +175,7 @@ qemuSecurityStackedSetSecurityHostdevLabel(virConnectPtr conn,
static int
-qemuSecurityStackedRestoreSecurityHostdevLabel(virConnectPtr conn,
- virDomainObjPtr vm,
+qemuSecurityStackedRestoreSecurityHostdevLabel(virDomainObjPtr vm,
virDomainHostdevDefPtr dev)
{
@@ -191,12 +183,12 @@ qemuSecurityStackedRestoreSecurityHostdevLabel(virConnectPtr conn,
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainRestoreSecurityHostdevLabel &&
- driver->securitySecondaryDriver->domainRestoreSecurityHostdevLabel(conn, vm, dev) < 0)
+ driver->securitySecondaryDriver->domainRestoreSecurityHostdevLabel(vm, dev) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainRestoreSecurityHostdevLabel &&
- driver->securityPrimaryDriver->domainRestoreSecurityHostdevLabel(conn, vm, dev) < 0)
+ driver->securityPrimaryDriver->domainRestoreSecurityHostdevLabel(vm, dev) < 0)
rc = -1;
return rc;
@@ -204,19 +196,18 @@ qemuSecurityStackedRestoreSecurityHostdevLabel(virConnectPtr conn,
static int
-qemuSecurityStackedSetSecurityAllLabel(virConnectPtr conn,
- virDomainObjPtr vm)
+qemuSecurityStackedSetSecurityAllLabel(virDomainObjPtr vm)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainSetSecurityAllLabel &&
- driver->securitySecondaryDriver->domainSetSecurityAllLabel(conn, vm) < 0)
+ driver->securitySecondaryDriver->domainSetSecurityAllLabel(vm) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainSetSecurityAllLabel &&
- driver->securityPrimaryDriver->domainSetSecurityAllLabel(conn, vm) < 0)
+ driver->securityPrimaryDriver->domainSetSecurityAllLabel(vm) < 0)
rc = -1;
return rc;
@@ -224,19 +215,18 @@ qemuSecurityStackedSetSecurityAllLabel(virConnectPtr conn,
static int
-qemuSecurityStackedRestoreSecurityAllLabel(virConnectPtr conn,
- virDomainObjPtr vm)
+qemuSecurityStackedRestoreSecurityAllLabel(virDomainObjPtr vm)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainRestoreSecurityAllLabel &&
- driver->securitySecondaryDriver->domainRestoreSecurityAllLabel(conn, vm) < 0)
+ driver->securitySecondaryDriver->domainRestoreSecurityAllLabel(vm) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainRestoreSecurityAllLabel &&
- driver->securityPrimaryDriver->domainRestoreSecurityAllLabel(conn, vm) < 0)
+ driver->securityPrimaryDriver->domainRestoreSecurityAllLabel(vm) < 0)
rc = -1;
return rc;
@@ -244,20 +234,19 @@ qemuSecurityStackedRestoreSecurityAllLabel(virConnectPtr conn,
static int
-qemuSecurityStackedSetSavedStateLabel(virConnectPtr conn,
- virDomainObjPtr vm,
+qemuSecurityStackedSetSavedStateLabel(virDomainObjPtr vm,
const char *savefile)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainSetSavedStateLabel &&
- driver->securitySecondaryDriver->domainSetSavedStateLabel(conn, vm, savefile) < 0)
+ driver->securitySecondaryDriver->domainSetSavedStateLabel(vm, savefile) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainSetSavedStateLabel &&
- driver->securityPrimaryDriver->domainSetSavedStateLabel(conn, vm, savefile) < 0)
+ driver->securityPrimaryDriver->domainSetSavedStateLabel(vm, savefile) < 0)
rc = -1;
return rc;
@@ -265,20 +254,19 @@ qemuSecurityStackedSetSavedStateLabel(virConnectPtr conn,
static int
-qemuSecurityStackedRestoreSavedStateLabel(virConnectPtr conn,
- virDomainObjPtr vm,
+qemuSecurityStackedRestoreSavedStateLabel(virDomainObjPtr vm,
const char *savefile)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainRestoreSavedStateLabel &&
- driver->securitySecondaryDriver->domainRestoreSavedStateLabel(conn, vm, savefile) < 0)
+ driver->securitySecondaryDriver->domainRestoreSavedStateLabel(vm, savefile) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainRestoreSavedStateLabel &&
- driver->securityPrimaryDriver->domainRestoreSavedStateLabel(conn, vm, savefile) < 0)
+ driver->securityPrimaryDriver->domainRestoreSavedStateLabel(vm, savefile) < 0)
rc = -1;
return rc;
@@ -286,23 +274,20 @@ qemuSecurityStackedRestoreSavedStateLabel(virConnectPtr conn,
static int
-qemuSecurityStackedSetProcessLabel(virConnectPtr conn,
- virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+qemuSecurityStackedSetProcessLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
virDomainObjPtr vm)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainSetSecurityProcessLabel &&
- driver->securitySecondaryDriver->domainSetSecurityProcessLabel(conn,
- driver->securitySecondaryDriver,
+ driver->securitySecondaryDriver->domainSetSecurityProcessLabel(driver->securitySecondaryDriver,
vm) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainSetSecurityProcessLabel &&
- driver->securityPrimaryDriver->domainSetSecurityProcessLabel(conn,
- driver->securityPrimaryDriver,
+ driver->securityPrimaryDriver->domainSetSecurityProcessLabel(driver->securityPrimaryDriver,
vm) < 0)
rc = -1;
@@ -310,16 +295,14 @@ qemuSecurityStackedSetProcessLabel(virConnectPtr conn,
}
static int
-qemuSecurityStackedGetProcessLabel(virConnectPtr conn,
- virDomainObjPtr vm,
+qemuSecurityStackedGetProcessLabel(virDomainObjPtr vm,
virSecurityLabelPtr seclabel)
{
int rc = 0;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainGetSecurityProcessLabel &&
- driver->securityPrimaryDriver->domainGetSecurityProcessLabel(conn,
- vm,
+ driver->securityPrimaryDriver->domainGetSecurityProcessLabel(vm,
seclabel) < 0)
rc = -1;
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 2d5f944..23f40f8 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -148,7 +148,7 @@ profile_status_file(const char *str)
* load (add) a profile. Will create one if necessary
*/
static int
-load_profile(virConnectPtr conn, const char *profile, virDomainObjPtr vm,
+load_profile(const char *profile, virDomainObjPtr vm,
virDomainDiskDefPtr disk)
{
int rc = -1, status, ret;
@@ -162,7 +162,7 @@ load_profile(virConnectPtr conn, const char *profile, virDomainObjPtr vm,
return rc;
}
- xml = virDomainDefFormat(conn, vm->def, VIR_DOMAIN_XML_SECURE);
+ xml = virDomainDefFormat(vm->def, VIR_DOMAIN_XML_SECURE);
if (!xml)
goto clean;
@@ -204,7 +204,7 @@ load_profile(virConnectPtr conn, const char *profile, virDomainObjPtr vm,
if (errno == EINTR)
goto rewait;
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("Unexpected exit status from virt-aa-helper "
"%d pid %lu"),
WEXITSTATUS(status), (unsigned long)child);
@@ -311,9 +311,9 @@ AppArmorSecurityDriverProbe(void)
* currently not used.
*/
static int
-AppArmorSecurityDriverOpen(virConnectPtr conn, virSecurityDriverPtr drv)
+AppArmorSecurityDriverOpen(virSecurityDriverPtr drv)
{
- virSecurityDriverSetDOI(conn, drv, SECURITY_APPARMOR_VOID_DOI);
+ virSecurityDriverSetDOI(drv, SECURITY_APPARMOR_VOID_DOI);
return 0;
}
@@ -323,7 +323,7 @@ AppArmorSecurityDriverOpen(virConnectPtr conn, virSecurityDriverPtr drv)
* called on shutdown.
*/
static int
-AppArmorGenSecurityLabel(virConnectPtr conn, virDomainObjPtr vm)
+AppArmorGenSecurityLabel(virDomainObjPtr vm)
{
int rc = -1;
char *profile_name = NULL;
@@ -333,7 +333,7 @@ AppArmorGenSecurityLabel(virConnectPtr conn, virDomainObjPtr vm)
if ((vm->def->seclabel.label) ||
(vm->def->seclabel.model) || (vm->def->seclabel.imagelabel)) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
"%s",
_("security label already defined for VM"));
return rc;
@@ -377,15 +377,15 @@ AppArmorGenSecurityLabel(virConnectPtr conn, virDomainObjPtr vm)
}
static int
-AppArmorSetSecurityAllLabel(virConnectPtr conn, virDomainObjPtr vm)
+AppArmorSetSecurityAllLabel(virDomainObjPtr vm)
{
if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC)
return 0;
/* if the profile is not already loaded, then load one */
if (profile_loaded(vm->def->seclabel.label) < 0) {
- if (load_profile(conn, vm->def->seclabel.label, vm, NULL) < 0) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ if (load_profile(vm->def->seclabel.label, vm, NULL) < 0) {
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot generate AppArmor profile "
"\'%s\'"), vm->def->seclabel.label);
return -1;
@@ -399,8 +399,7 @@ AppArmorSetSecurityAllLabel(virConnectPtr conn, virDomainObjPtr vm)
* running.
*/
static int
-AppArmorGetSecurityProcessLabel(virConnectPtr conn,
- virDomainObjPtr vm, virSecurityLabelPtr sec)
+AppArmorGetSecurityProcessLabel(virDomainObjPtr vm, virSecurityLabelPtr sec)
{
int rc = -1;
char *profile_name = NULL;
@@ -410,13 +409,13 @@ AppArmorGetSecurityProcessLabel(virConnectPtr conn,
if (virStrcpy(sec->label, profile_name,
VIR_SECURITY_LABEL_BUFLEN) == NULL) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("error copying profile name"));
goto clean;
}
if ((sec->enforcing = profile_status(profile_name, 1)) < 0) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("error calling profile_status()"));
goto clean;
}
@@ -432,7 +431,7 @@ AppArmorGetSecurityProcessLabel(virConnectPtr conn,
* more details. Currently called via qemudShutdownVMDaemon.
*/
static int
-AppArmorReleaseSecurityLabel(virConnectPtr conn ATTRIBUTE_UNUSED, virDomainObjPtr vm)
+AppArmorReleaseSecurityLabel(virDomainObjPtr vm)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
@@ -445,14 +444,14 @@ AppArmorReleaseSecurityLabel(virConnectPtr conn ATTRIBUTE_UNUSED, virDomainObjPt
static int
-AppArmorRestoreSecurityAllLabel(virConnectPtr conn, virDomainObjPtr vm)
+AppArmorRestoreSecurityAllLabel(virDomainObjPtr vm)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
int rc = 0;
if (secdef->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
if ((rc = remove_profile(secdef->label)) != 0) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("could not remove profile for \'%s\'"),
secdef->label);
}
@@ -464,8 +463,7 @@ AppArmorRestoreSecurityAllLabel(virConnectPtr conn, virDomainObjPtr vm)
* LOCAL_STATE_DIR/log/libvirt/qemu/<vm name>.log
*/
static int
-AppArmorSetSecurityProcessLabel(virConnectPtr conn,
- virSecurityDriverPtr drv, virDomainObjPtr vm)
+AppArmorSetSecurityProcessLabel(virSecurityDriverPtr drv, virDomainObjPtr vm)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
int rc = -1;
@@ -475,7 +473,7 @@ AppArmorSetSecurityProcessLabel(virConnectPtr conn,
return rc;
if (STRNEQ(drv->name, secdef->model)) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("security label driver mismatch: "
"\'%s\' model configured for domain, but "
"hypervisor driver is \'%s\'."),
@@ -485,7 +483,7 @@ AppArmorSetSecurityProcessLabel(virConnectPtr conn,
}
if (aa_change_profile(profile_name) < 0) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("error calling aa_change_profile()"));
goto clean;
}
@@ -500,8 +498,7 @@ AppArmorSetSecurityProcessLabel(virConnectPtr conn,
/* Called when hotplugging */
static int
-AppArmorRestoreSecurityImageLabel(virConnectPtr conn,
- virDomainObjPtr vm,
+AppArmorRestoreSecurityImageLabel(virDomainObjPtr vm,
virDomainDiskDefPtr disk ATTRIBUTE_UNUSED)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
@@ -516,8 +513,8 @@ AppArmorRestoreSecurityImageLabel(virConnectPtr conn,
/* Update the profile only if it is loaded */
if (profile_loaded(secdef->imagelabel) >= 0) {
- if (load_profile(conn, secdef->imagelabel, vm, NULL) < 0) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ if (load_profile(secdef->imagelabel, vm, NULL) < 0) {
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot update AppArmor profile "
"\'%s\'"),
secdef->imagelabel);
@@ -534,8 +531,7 @@ AppArmorRestoreSecurityImageLabel(virConnectPtr conn,
/* Called when hotplugging */
static int
-AppArmorSetSecurityImageLabel(virConnectPtr conn,
- virDomainObjPtr vm, virDomainDiskDefPtr disk)
+AppArmorSetSecurityImageLabel(virDomainObjPtr vm, virDomainDiskDefPtr disk)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
int rc = -1;
@@ -550,7 +546,7 @@ AppArmorSetSecurityImageLabel(virConnectPtr conn,
if (secdef->imagelabel) {
/* if the device doesn't exist, error out */
if (!virFileExists(disk->src)) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("\'%s\' does not exist"), disk->src);
return rc;
}
@@ -560,8 +556,8 @@ AppArmorSetSecurityImageLabel(virConnectPtr conn,
/* update the profile only if it is loaded */
if (profile_loaded(secdef->imagelabel) >= 0) {
- if (load_profile(conn, secdef->imagelabel, vm, disk) < 0) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ if (load_profile(secdef->imagelabel, vm, disk) < 0) {
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot update AppArmor profile "
"\'%s\'"),
secdef->imagelabel);
@@ -578,13 +574,13 @@ AppArmorSetSecurityImageLabel(virConnectPtr conn,
}
static int
-AppArmorSecurityVerify(virConnectPtr conn, virDomainDefPtr def)
+AppArmorSecurityVerify(virDomainDefPtr def)
{
const virSecurityLabelDefPtr secdef = &def->seclabel;
if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC) {
if (use_apparmor() < 0 || profile_status(secdef->label, 0) < 0) {
- virSecurityReportError(conn, VIR_ERR_XML_ERROR,
+ virSecurityReportError(VIR_ERR_XML_ERROR,
_("Invalid security label \'%s\'"),
secdef->label);
return -1;
@@ -594,16 +590,14 @@ AppArmorSecurityVerify(virConnectPtr conn, virDomainDefPtr def)
}
static int
-AppArmorReserveSecurityLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+AppArmorReserveSecurityLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED)
{
/* NOOP. Nothing to reserve with AppArmor */
return 0;
}
static int
-AppArmorSetSecurityHostdevLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+AppArmorSetSecurityHostdevLabel(virDomainObjPtr vm,
virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED)
{
@@ -617,8 +611,7 @@ AppArmorSetSecurityHostdevLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
}
static int
-AppArmorRestoreSecurityHostdevLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+AppArmorRestoreSecurityHostdevLabel(virDomainObjPtr vm,
virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED)
{
diff --git a/src/security/security_driver.c b/src/security/security_driver.c
index 4e6172d..27945a6 100644
--- a/src/security/security_driver.c
+++ b/src/security/security_driver.c
@@ -35,7 +35,7 @@ static virSecurityDriverPtr security_drivers[] = {
};
int
-virSecurityDriverVerify(virConnectPtr conn, virDomainDefPtr def)
+virSecurityDriverVerify(virDomainDefPtr def)
{
unsigned int i;
const virSecurityLabelDefPtr secdef = &def->seclabel;
@@ -46,10 +46,10 @@ virSecurityDriverVerify(virConnectPtr conn, virDomainDefPtr def)
for (i = 0; security_drivers[i] != NULL ; i++) {
if (STREQ(security_drivers[i]->name, secdef->model)) {
- return security_drivers[i]->domainSecurityVerify(conn, def);
+ return security_drivers[i]->domainSecurityVerify(def);
}
}
- virSecurityReportError(conn, VIR_ERR_XML_ERROR,
+ virSecurityReportError(VIR_ERR_XML_ERROR,
_("invalid security model '%s'"), secdef->model);
return -1;
}
@@ -72,7 +72,7 @@ virSecurityDriverStartup(virSecurityDriverPtr *drv,
switch (tmp->probe()) {
case SECURITY_DRIVER_ENABLE:
virSecurityDriverInit(tmp);
- if (tmp->open(NULL, tmp) == -1) {
+ if (tmp->open(tmp) == -1) {
return -1;
} else {
*drv = tmp;
@@ -91,7 +91,7 @@ virSecurityDriverStartup(virSecurityDriverPtr *drv,
}
void
-virSecurityReportError(virConnectPtr conn, int code, const char *fmt, ...)
+virSecurityReportError(int code, const char *fmt, ...)
{
va_list args;
char errorMessage[1024];
@@ -103,7 +103,7 @@ virSecurityReportError(virConnectPtr conn, int code, const char *fmt, ...)
} else
errorMessage[0] = '\0';
- virRaiseError(conn, NULL, NULL, VIR_FROM_SECURITY, code,
+ virRaiseError(NULL, NULL, NULL, VIR_FROM_SECURITY, code,
VIR_ERR_ERROR, NULL, NULL, NULL, -1, -1, "%s",
errorMessage);
}
@@ -118,12 +118,11 @@ virSecurityDriverInit(virSecurityDriverPtr drv)
}
int
-virSecurityDriverSetDOI(virConnectPtr conn,
- virSecurityDriverPtr drv,
+virSecurityDriverSetDOI(virSecurityDriverPtr drv,
const char *doi)
{
if (strlen(doi) >= VIR_SECURITY_DOI_BUFLEN) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("%s: DOI \'%s\' is "
"longer than the maximum allowed length of %d"),
__func__, doi, VIR_SECURITY_DOI_BUFLEN - 1);
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index 5d2446d..8860d81 100644
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -29,44 +29,29 @@ typedef enum {
typedef struct _virSecurityDriver virSecurityDriver;
typedef virSecurityDriver *virSecurityDriverPtr;
typedef virSecurityDriverStatus (*virSecurityDriverProbe) (void);
-typedef int (*virSecurityDriverOpen) (virConnectPtr conn,
- virSecurityDriverPtr drv);
-typedef int (*virSecurityDomainRestoreImageLabel) (virConnectPtr conn,
- virDomainObjPtr vm,
+typedef int (*virSecurityDriverOpen) (virSecurityDriverPtr drv);
+typedef int (*virSecurityDomainRestoreImageLabel) (virDomainObjPtr vm,
virDomainDiskDefPtr disk);
-typedef int (*virSecurityDomainSetImageLabel) (virConnectPtr conn,
- virDomainObjPtr vm,
+typedef int (*virSecurityDomainSetImageLabel) (virDomainObjPtr vm,
virDomainDiskDefPtr disk);
-typedef int (*virSecurityDomainRestoreHostdevLabel) (virConnectPtr conn,
- virDomainObjPtr vm,
+typedef int (*virSecurityDomainRestoreHostdevLabel) (virDomainObjPtr vm,
virDomainHostdevDefPtr dev);
-typedef int (*virSecurityDomainSetHostdevLabel) (virConnectPtr conn,
- virDomainObjPtr vm,
+typedef int (*virSecurityDomainSetHostdevLabel) (virDomainObjPtr vm,
virDomainHostdevDefPtr dev);
-typedef int (*virSecurityDomainSetSavedStateLabel) (virConnectPtr conn,
- virDomainObjPtr vm,
+typedef int (*virSecurityDomainSetSavedStateLabel) (virDomainObjPtr vm,
const char *savefile);
-typedef int (*virSecurityDomainRestoreSavedStateLabel) (virConnectPtr conn,
- virDomainObjPtr vm,
+typedef int (*virSecurityDomainRestoreSavedStateLabel) (virDomainObjPtr vm,
const char *savefile);
-typedef int (*virSecurityDomainGenLabel) (virConnectPtr conn,
- virDomainObjPtr sec);
-typedef int (*virSecurityDomainReserveLabel) (virConnectPtr conn,
- virDomainObjPtr sec);
-typedef int (*virSecurityDomainReleaseLabel) (virConnectPtr conn,
- virDomainObjPtr sec);
-typedef int (*virSecurityDomainSetAllLabel) (virConnectPtr conn,
- virDomainObjPtr sec);
-typedef int (*virSecurityDomainRestoreAllLabel) (virConnectPtr conn,
- virDomainObjPtr vm);
-typedef int (*virSecurityDomainGetProcessLabel) (virConnectPtr conn,
- virDomainObjPtr vm,
+typedef int (*virSecurityDomainGenLabel) (virDomainObjPtr sec);
+typedef int (*virSecurityDomainReserveLabel) (virDomainObjPtr sec);
+typedef int (*virSecurityDomainReleaseLabel) (virDomainObjPtr sec);
+typedef int (*virSecurityDomainSetAllLabel) (virDomainObjPtr sec);
+typedef int (*virSecurityDomainRestoreAllLabel) (virDomainObjPtr vm);
+typedef int (*virSecurityDomainGetProcessLabel) (virDomainObjPtr vm,
virSecurityLabelPtr sec);
-typedef int (*virSecurityDomainSetProcessLabel) (virConnectPtr conn,
- virSecurityDriverPtr drv,
+typedef int (*virSecurityDomainSetProcessLabel) (virSecurityDriverPtr drv,
virDomainObjPtr vm);
-typedef int (*virSecurityDomainSecurityVerify) (virConnectPtr conn,
- virDomainDefPtr def);
+typedef int (*virSecurityDomainSecurityVerify) (virDomainDefPtr def);
struct _virSecurityDriver {
const char *name;
@@ -101,16 +86,15 @@ int virSecurityDriverStartup(virSecurityDriverPtr *drv,
const char *name);
int
-virSecurityDriverVerify(virConnectPtr conn, virDomainDefPtr def);
+virSecurityDriverVerify(virDomainDefPtr def);
void
-virSecurityReportError(virConnectPtr conn, int code, const char *fmt, ...)
- ATTRIBUTE_FMT_PRINTF(3, 4);
+virSecurityReportError(int code, const char *fmt, ...)
+ ATTRIBUTE_FMT_PRINTF(2, 3);
/* Helpers */
void virSecurityDriverInit(virSecurityDriverPtr drv);
-int virSecurityDriverSetDOI(virConnectPtr conn,
- virSecurityDriverPtr drv,
+int virSecurityDriverSetDOI(virSecurityDriverPtr drv,
const char *doi);
const char *virSecurityDriverGetDOI(virSecurityDriverPtr drv);
const char *virSecurityDriverGetModel(virSecurityDriverPtr drv);
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index a97d3de..7507549 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -156,8 +156,7 @@ SELinuxInitialize(void)
}
static int
-SELinuxGenSecurityLabel(virConnectPtr conn,
- virDomainObjPtr vm)
+SELinuxGenSecurityLabel(virDomainObjPtr vm)
{
int rc = -1;
char mcs[1024];
@@ -171,7 +170,7 @@ SELinuxGenSecurityLabel(virConnectPtr conn,
if (vm->def->seclabel.label ||
vm->def->seclabel.model ||
vm->def->seclabel.imagelabel) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("security label already defined for VM"));
return rc;
}
@@ -192,13 +191,13 @@ SELinuxGenSecurityLabel(virConnectPtr conn,
vm->def->seclabel.label = SELinuxGenNewContext(default_domain_context, mcs);
if (! vm->def->seclabel.label) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot generate selinux context for %s"), mcs);
goto err;
}
vm->def->seclabel.imagelabel = SELinuxGenNewContext(default_image_context, mcs);
if (! vm->def->seclabel.imagelabel) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot generate selinux context for %s"), mcs);
goto err;
}
@@ -221,8 +220,7 @@ done:
}
static int
-SELinuxReserveSecurityLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainObjPtr vm)
+SELinuxReserveSecurityLabel(virDomainObjPtr vm)
{
security_context_t pctx;
context_t ctx = NULL;
@@ -266,19 +264,18 @@ SELinuxSecurityDriverProbe(void)
}
static int
-SELinuxSecurityDriverOpen(virConnectPtr conn, virSecurityDriverPtr drv)
+SELinuxSecurityDriverOpen(virSecurityDriverPtr drv)
{
/*
* Where will the DOI come from? SELinux configuration, or qemu
* configuration? For the moment, we'll just set it to "0".
*/
- virSecurityDriverSetDOI(conn, drv, SECURITY_SELINUX_VOID_DOI);
+ virSecurityDriverSetDOI(drv, SECURITY_SELINUX_VOID_DOI);
return SELinuxInitialize();
}
static int
-SELinuxGetSecurityProcessLabel(virConnectPtr conn,
- virDomainObjPtr vm,
+SELinuxGetSecurityProcessLabel(virDomainObjPtr vm,
virSecurityLabelPtr sec)
{
security_context_t ctx;
@@ -291,7 +288,7 @@ SELinuxGetSecurityProcessLabel(virConnectPtr conn,
}
if (strlen((char *) ctx) >= VIR_SECURITY_LABEL_BUFLEN) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("security label exceeds "
"maximum length: %d"),
VIR_SECURITY_LABEL_BUFLEN - 1);
@@ -380,8 +377,7 @@ err:
}
static int
-SELinuxRestoreSecurityImageLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+SELinuxRestoreSecurityImageLabel(virDomainObjPtr vm,
virDomainDiskDefPtr disk)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
@@ -407,8 +403,7 @@ SELinuxRestoreSecurityImageLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
}
static int
-SELinuxSetSecurityImageLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+SELinuxSetSecurityImageLabel(virDomainObjPtr vm,
virDomainDiskDefPtr disk)
{
@@ -482,8 +477,7 @@ SELinuxSetSecurityUSBLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
}
static int
-SELinuxSetSecurityHostdevLabel(virConnectPtr conn,
- virDomainObjPtr vm,
+SELinuxSetSecurityHostdevLabel(virDomainObjPtr vm,
virDomainHostdevDefPtr dev)
{
@@ -506,7 +500,7 @@ SELinuxSetSecurityHostdevLabel(virConnectPtr conn,
if (!usb)
goto done;
- ret = usbDeviceFileIterate(conn, usb, SELinuxSetSecurityUSBLabel, vm);
+ ret = usbDeviceFileIterate(NULL, usb, SELinuxSetSecurityUSBLabel, vm);
usbFreeDevice(usb);
break;
}
@@ -520,7 +514,7 @@ SELinuxSetSecurityHostdevLabel(virConnectPtr conn,
if (!pci)
goto done;
- ret = pciDeviceFileIterate(conn, pci, SELinuxSetSecurityPCILabel, vm);
+ ret = pciDeviceFileIterate(NULL, pci, SELinuxSetSecurityPCILabel, vm);
pciFreeDevice(pci);
break;
@@ -555,8 +549,7 @@ SELinuxRestoreSecurityUSBLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
}
static int
-SELinuxRestoreSecurityHostdevLabel(virConnectPtr conn,
- virDomainObjPtr vm,
+SELinuxRestoreSecurityHostdevLabel(virDomainObjPtr vm,
virDomainHostdevDefPtr dev)
{
@@ -579,7 +572,7 @@ SELinuxRestoreSecurityHostdevLabel(virConnectPtr conn,
if (!usb)
goto done;
- ret = usbDeviceFileIterate(conn, usb, SELinuxRestoreSecurityUSBLabel, NULL);
+ ret = usbDeviceFileIterate(NULL, usb, SELinuxRestoreSecurityUSBLabel, NULL);
usbFreeDevice(usb);
break;
@@ -594,7 +587,7 @@ SELinuxRestoreSecurityHostdevLabel(virConnectPtr conn,
if (!pci)
goto done;
- ret = pciDeviceFileIterate(conn, pci, SELinuxRestoreSecurityPCILabel, NULL);
+ ret = pciDeviceFileIterate(NULL, pci, SELinuxRestoreSecurityPCILabel, NULL);
pciFreeDevice(pci);
break;
@@ -610,8 +603,7 @@ done:
}
static int
-SELinuxRestoreSecurityAllLabel(virConnectPtr conn,
- virDomainObjPtr vm)
+SELinuxRestoreSecurityAllLabel(virDomainObjPtr vm)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
int i;
@@ -623,11 +615,11 @@ SELinuxRestoreSecurityAllLabel(virConnectPtr conn,
return 0;
for (i = 0 ; i < vm->def->nhostdevs ; i++) {
- if (SELinuxRestoreSecurityHostdevLabel(conn, vm, vm->def->hostdevs[i]) < 0)
+ if (SELinuxRestoreSecurityHostdevLabel(vm, vm->def->hostdevs[i]) < 0)
rc = -1;
}
for (i = 0 ; i < vm->def->ndisks ; i++) {
- if (SELinuxRestoreSecurityImageLabel(conn, vm,
+ if (SELinuxRestoreSecurityImageLabel(vm,
vm->def->disks[i]) < 0)
rc = -1;
}
@@ -636,8 +628,7 @@ SELinuxRestoreSecurityAllLabel(virConnectPtr conn,
}
static int
-SELinuxReleaseSecurityLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainObjPtr vm)
+SELinuxReleaseSecurityLabel(virDomainObjPtr vm)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
@@ -659,8 +650,7 @@ SELinuxReleaseSecurityLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
static int
-SELinuxSetSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+SELinuxSetSavedStateLabel(virDomainObjPtr vm,
const char *savefile)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
@@ -673,8 +663,7 @@ SELinuxSetSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
static int
-SELinuxRestoreSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+SELinuxRestoreSavedStateLabel(virDomainObjPtr vm,
const char *savefile)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
@@ -687,12 +676,12 @@ SELinuxRestoreSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
static int
-SELinuxSecurityVerify(virConnectPtr conn, virDomainDefPtr def)
+SELinuxSecurityVerify(virDomainDefPtr def)
{
const virSecurityLabelDefPtr secdef = &def->seclabel;
if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC) {
if (security_check_context(secdef->label) != 0) {
- virSecurityReportError(conn, VIR_ERR_XML_ERROR,
+ virSecurityReportError(VIR_ERR_XML_ERROR,
_("Invalid security label %s"), secdef->label);
return -1;
}
@@ -701,8 +690,7 @@ SELinuxSecurityVerify(virConnectPtr conn, virDomainDefPtr def)
}
static int
-SELinuxSetSecurityProcessLabel(virConnectPtr conn,
- virSecurityDriverPtr drv,
+SELinuxSetSecurityProcessLabel(virSecurityDriverPtr drv,
virDomainObjPtr vm)
{
/* TODO: verify DOI */
@@ -712,7 +700,7 @@ SELinuxSetSecurityProcessLabel(virConnectPtr conn,
return 0;
if (!STREQ(drv->name, secdef->model)) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("security label driver mismatch: "
"'%s' model configured for domain, but "
"hypervisor driver is '%s'."),
@@ -733,8 +721,7 @@ SELinuxSetSecurityProcessLabel(virConnectPtr conn,
}
static int
-SELinuxSetSecurityAllLabel(virConnectPtr conn,
- virDomainObjPtr vm)
+SELinuxSetSecurityAllLabel(virDomainObjPtr vm)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
int i;
@@ -749,11 +736,11 @@ SELinuxSetSecurityAllLabel(virConnectPtr conn,
vm->def->disks[i]->src, vm->def->disks[i]->dst);
continue;
}
- if (SELinuxSetSecurityImageLabel(conn, vm, vm->def->disks[i]) < 0)
+ if (SELinuxSetSecurityImageLabel(vm, vm->def->disks[i]) < 0)
return -1;
}
for (i = 0 ; i < vm->def->nhostdevs ; i++) {
- if (SELinuxSetSecurityHostdevLabel(conn, vm, vm->def->hostdevs[i]) < 0)
+ if (SELinuxSetSecurityHostdevLabel(vm, vm->def->hostdevs[i]) < 0)
return -1;
}
--
1.6.6
More information about the libvir-list
mailing list