[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] 4/10 AppArmor driver updates



Jamie,

This patch was ACKed but somehow never pushed. Is it still
okay to push it as is?


On Mon, 2010-04-05 at 16:15 -0500, Jamie Strandboge wrote:

> 4_qemu_driver_stdin_path.patch: adjust args to qemudStartVMDaemon() to
> also specify path to stdin_fd, so this can be passed to the AppArmor
> driver via *SetSecurityAllLabel(). This updates all calls to
> qemudStartVMDaemon() as well as setting up the non-AppArmor security
> driver *SetSecurityAllLabel() declarations for the above. This is
> required for 5_apparmor-fix-save-restore.patch since AppArmor resolves
> the passed file descriptor to the pathname given to open().


-- 
Jamie Strandboge             | http://www.canonical.com

diff -Naur libvirt.orig/src/qemu/qemu_driver.c libvirt/src/qemu/qemu_driver.c
--- libvirt.orig/src/qemu/qemu_driver.c	2010-04-05 13:07:44.000000000 -0500
+++ libvirt/src/qemu/qemu_driver.c	2010-04-05 14:16:20.000000000 -0500
@@ -148,7 +148,8 @@
                               struct qemud_driver *driver,
                               virDomainObjPtr vm,
                               const char *migrateFrom,
-                              int stdin_fd);
+                              int stdin_fd,
+                              const char *stdin_path);
 
 static void qemudShutdownVMDaemon(struct qemud_driver *driver,
                                   virDomainObjPtr vm);
@@ -629,7 +630,7 @@
         int ret;
 
         virResetLastError();
-        ret = qemudStartVMDaemon(data->conn, data->driver, vm, NULL, -1);
+        ret = qemudStartVMDaemon(data->conn, data->driver, vm, NULL, -1, NULL);
         if (ret < 0) {
             virErrorPtr err = virGetLastError();
             VIR_ERROR(_("Failed to autostart VM '%s': %s"),
@@ -3145,7 +3146,8 @@
                               struct qemud_driver *driver,
                               virDomainObjPtr vm,
                               const char *migrateFrom,
-                              int stdin_fd) {
+                              int stdin_fd,
+                              const char *stdin_path) {
     const char **argv = NULL, **tmp;
     const char **progenv = NULL;
     int i, ret;
@@ -3193,7 +3195,7 @@
     DEBUG0("Generating setting domain security labels (if required)");
     if (driver->securityDriver &&
         driver->securityDriver->domainSetSecurityAllLabel &&
-        driver->securityDriver->domainSetSecurityAllLabel(vm) < 0)
+        driver->securityDriver->domainSetSecurityAllLabel(vm, stdin_path) < 0)
         goto cleanup;
 
     /* Ensure no historical cgroup for this VM is lying around bogus
@@ -4054,7 +4056,7 @@
     if (qemuDomainObjBeginJobWithDriver(driver, vm) < 0)
         goto cleanup; /* XXXX free the 'vm' we created ? */
 
-    if (qemudStartVMDaemon(conn, driver, vm, NULL, -1) < 0) {
+    if (qemudStartVMDaemon(conn, driver, vm, NULL, -1, NULL) < 0) {
         if (qemuDomainObjEndJob(vm) > 0)
             virDomainRemoveInactive(&driver->domains,
                                     vm);
@@ -5909,7 +5911,7 @@
         }
     }
     /* Set the migration source and start it up. */
-    ret = qemudStartVMDaemon(conn, driver, vm, "stdio", fd);
+    ret = qemudStartVMDaemon(conn, driver, vm, "stdio", fd, path);
     if (intermediate_pid != -1) {
         /* Wait for intermediate process to exit */
         while (waitpid(intermediate_pid, &childstat, 0) == -1 &&
@@ -6334,7 +6336,7 @@
         virDomainObjLock(vm);
     }
 
-    ret = qemudStartVMDaemon(dom->conn, driver, vm, NULL, -1);
+    ret = qemudStartVMDaemon(dom->conn, driver, vm, NULL, -1, NULL);
     if (ret != -1)
         event = virDomainEventNewFromObj(vm,
                                          VIR_DOMAIN_EVENT_STARTED,
@@ -9400,7 +9402,7 @@
     /* Start the QEMU daemon, with the same command-line arguments plus
      * -incoming unix:/path/to/file or exec:nc -U /path/to/file
      */
-    internalret = qemudStartVMDaemon(dconn, driver, vm, migrateFrom, -1);
+    internalret = qemudStartVMDaemon(dconn, driver, vm, migrateFrom, -1, NULL);
     VIR_FREE(migrateFrom);
     if (internalret < 0) {
         /* Note that we don't set an error here because qemudStartVMDaemon
@@ -9605,7 +9607,7 @@
      * -incoming tcp:0.0.0.0:port
      */
     snprintf (migrateFrom, sizeof (migrateFrom), "tcp:0.0.0.0:%d", this_port);
-    if (qemudStartVMDaemon (dconn, driver, vm, migrateFrom, -1) < 0) {
+    if (qemudStartVMDaemon (dconn, driver, vm, migrateFrom, -1, NULL) < 0) {
         /* Note that we don't set an error here because qemudStartVMDaemon
          * should have already done that.
          */
@@ -11027,7 +11029,7 @@
                 goto cleanup;
 
             rc = qemudStartVMDaemon(snapshot->domain->conn, driver, vm, NULL,
-                                    -1);
+                                    -1, NULL);
             if (qemuDomainSnapshotSetInactive(vm, driver->snapshotDir) < 0)
                 goto cleanup;
             if (rc < 0)
diff -Naur libvirt.orig/src/qemu/qemu_security_dac.c libvirt/src/qemu/qemu_security_dac.c
--- libvirt.orig/src/qemu/qemu_security_dac.c	2010-03-24 11:44:19.000000000 -0500
+++ libvirt/src/qemu/qemu_security_dac.c	2010-04-05 14:14:43.000000000 -0500
@@ -346,7 +346,7 @@
 
 
 static int
-qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm)
+qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path ATTRIBUTE_UNUSED)
 {
     int i;
 
diff -Naur libvirt.orig/src/qemu/qemu_security_stacked.c libvirt/src/qemu/qemu_security_stacked.c
--- libvirt.orig/src/qemu/qemu_security_stacked.c	2010-03-03 07:07:33.000000000 -0600
+++ libvirt/src/qemu/qemu_security_stacked.c	2010-04-05 14:14:43.000000000 -0500
@@ -196,18 +196,18 @@
 
 
 static int
-qemuSecurityStackedSetSecurityAllLabel(virDomainObjPtr vm)
+qemuSecurityStackedSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path)
 {
     int rc = 0;
 
     if (driver->securitySecondaryDriver &&
         driver->securitySecondaryDriver->domainSetSecurityAllLabel &&
-        driver->securitySecondaryDriver->domainSetSecurityAllLabel(vm) < 0)
+        driver->securitySecondaryDriver->domainSetSecurityAllLabel(vm, stdin_path) < 0)
         rc = -1;
 
     if (driver->securityPrimaryDriver &&
         driver->securityPrimaryDriver->domainSetSecurityAllLabel &&
-        driver->securityPrimaryDriver->domainSetSecurityAllLabel(vm) < 0)
+        driver->securityPrimaryDriver->domainSetSecurityAllLabel(vm, stdin_path) < 0)
         rc = -1;
 
     return rc;
diff -Naur libvirt.orig/src/security/security_driver.h libvirt/src/security/security_driver.h
--- libvirt.orig/src/security/security_driver.h	2010-03-24 11:44:19.000000000 -0500
+++ libvirt/src/security/security_driver.h	2010-04-05 14:14:43.000000000 -0500
@@ -45,7 +45,8 @@
 typedef int (*virSecurityDomainGenLabel) (virDomainObjPtr sec);
 typedef int (*virSecurityDomainReserveLabel) (virDomainObjPtr sec);
 typedef int (*virSecurityDomainReleaseLabel) (virDomainObjPtr sec);
-typedef int (*virSecurityDomainSetAllLabel) (virDomainObjPtr sec);
+typedef int (*virSecurityDomainSetAllLabel) (virDomainObjPtr sec,
+                                             const char *stdin_path);
 typedef int (*virSecurityDomainRestoreAllLabel) (virDomainObjPtr vm);
 typedef int (*virSecurityDomainGetProcessLabel) (virDomainObjPtr vm,
                                                  virSecurityLabelPtr sec);
diff -Naur libvirt.orig/src/security/security_selinux.c libvirt/src/security/security_selinux.c
--- libvirt.orig/src/security/security_selinux.c	2010-04-05 13:07:44.000000000 -0500
+++ libvirt/src/security/security_selinux.c	2010-04-05 14:14:43.000000000 -0500
@@ -722,7 +722,7 @@
 }
 
 static int
-SELinuxSetSecurityAllLabel(virDomainObjPtr vm)
+SELinuxSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path ATTRIBUTE_UNUSED)
 {
     const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
     int i;


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]