[libvirt] [PATCH 2/2] Set labelling for character devices in security drivers
Daniel P. Berrange
berrange at redhat.com
Fri Jun 25 13:53:49 UTC 2010
On Thu, Jun 24, 2010 at 06:36:36PM +0200, Matthias Bolte wrote:
> 2010/6/24 Daniel P. Berrange <berrange at redhat.com>:
> > When configuring serial, parallel, console or channel devices
> > with a file, dev or pipe backend type, it is neccessary to label
> > the file path in the security drivers. For char devices of type
> > file, it is neccessary to pre-create (touch) the file if it does
> > not already exist since QEMU won't be allowed todo so itself.
> > dev/pipe configs already require the admin to pre-create before
> > starting the guest.
>
> Two typos: s/neccessary/necessary
>
> > * src/qemu/qemu_security_dac.c: set file ownership for character
> > devices
> > * src/security/security_selinux.c: Set file labelling for character
>
> Another typo: s/labelling/labeling
>
> > devices
> > * src/qemu/qemu_driver.c: Add character devices to cgroup ACL
> > ---
> > src/qemu/qemu_driver.c | 59 +++++++++++++++++++
> > src/qemu/qemu_security_dac.c | 117 ++++++++++++++++++++++++++++++++++++++
> > src/security/security_selinux.c | 119 +++++++++++++++++++++++++++++++++++++++
> > src/util/cgroup.c | 2 +-
> > 4 files changed, 296 insertions(+), 1 deletions(-)
> >
> > diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> > index a7b3f25..6274d4c 100644
> > --- a/src/qemu/qemu_driver.c
> > +++ b/src/qemu/qemu_driver.c
> > @@ -2950,6 +2950,28 @@ qemuPrepareHostDevices(struct qemud_driver *driver,
> > }
> >
> >
> > +static int
> > +qemuPrepareChardevDevice(virDomainDefPtr def ATTRIBUTE_UNUSED,
> > + virDomainChrDefPtr dev,
> > + void *opaque ATTRIBUTE_UNUSED)
> > +{
> > + int fd;
> > + if (dev->type != VIR_DOMAIN_CHR_TYPE_FILE)
> > + return 0;
> > +
> > + if ((fd = open(dev->data.file.path, O_CREAT | O_APPEND, S_IRUSR|S_IWUSR)) < 0) {
> > + virReportSystemError(errno,
> > + _("Unable to pre-create chardev file %s"),
>
> Maybe use '%s' here instead of plain %s.
Yep, added this and the others
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the libvir-list
mailing list