[libvirt] [PATCH v3 1/3] security: Rename SetSocketLabel APIs to SetDaemonSocketLabel
Daniel Veillard
veillard at redhat.com
Fri Aug 26 08:55:55 UTC 2011
On Fri, Aug 26, 2011 at 10:23:46AM +0200, Jiri Denemark wrote:
> The APIs are designed to label a socket in a way that the libvirt daemon
> itself is able to access it (i.e., in SELinux the label is virtd_t based
> as opposed to svirt_* we use for labeling resources that need to be
> accessed by a vm). The new name reflects this.
> ---
> Notes:
> Version 3:
> - new patch
>
> src/libvirt_private.syms | 2 +-
> src/qemu/qemu_process.c | 3 ++-
> src/security/security_dac.c | 6 +++---
> src/security/security_driver.h | 6 +++---
> src/security/security_manager.c | 8 ++++----
> src/security/security_manager.h | 4 ++--
> src/security/security_nop.c | 6 +++---
> src/security/security_selinux.c | 6 +++---
> src/security/security_stack.c | 10 +++++-----
> 9 files changed, 26 insertions(+), 25 deletions(-)
>
> diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
> index 0618b49..c3e33b4 100644
> --- a/src/libvirt_private.syms
> +++ b/src/libvirt_private.syms
> @@ -904,13 +904,13 @@ virSecurityManagerRestoreAllLabel;
> virSecurityManagerRestoreHostdevLabel;
> virSecurityManagerRestoreSavedStateLabel;
> virSecurityManagerSetAllLabel;
> +virSecurityManagerSetDaemonSocketLabel;
> virSecurityManagerSetImageFDLabel;
> virSecurityManagerSetImageLabel;
> virSecurityManagerSetHostdevLabel;
> virSecurityManagerSetProcessFDLabel;
> virSecurityManagerSetProcessLabel;
> virSecurityManagerSetSavedStateLabel;
> -virSecurityManagerSetSocketLabel;
> virSecurityManagerVerify;
>
> # sexpr.h
> diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
> index f691bbb..58b4d36 100644
> --- a/src/qemu/qemu_process.c
> +++ b/src/qemu/qemu_process.c
> @@ -821,7 +821,8 @@ qemuConnectMonitor(struct qemud_driver *driver, virDomainObjPtr vm)
> qemuDomainObjPrivatePtr priv = vm->privateData;
> int ret = -1;
>
> - if (virSecurityManagerSetSocketLabel(driver->securityManager, vm) < 0) {
> + if (virSecurityManagerSetDaemonSocketLabel(driver->securityManager,
> + vm) < 0) {
> VIR_ERROR(_("Failed to set security context for monitor for %s"),
> vm->def->name);
> goto error;
> diff --git a/src/security/security_dac.c b/src/security/security_dac.c
> index 58d57ec..6df4087 100644
> --- a/src/security/security_dac.c
> +++ b/src/security/security_dac.c
> @@ -667,8 +667,8 @@ virSecurityDACGetProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
> }
>
> static int
> -virSecurityDACSetSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
> - virDomainObjPtr vm ATTRIBUTE_UNUSED)
> +virSecurityDACSetDaemonSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
> + virDomainObjPtr vm ATTRIBUTE_UNUSED)
> {
> return 0;
> }
> @@ -714,7 +714,7 @@ virSecurityDriver virSecurityDriverDAC = {
> virSecurityDACSetSecurityImageLabel,
> virSecurityDACRestoreSecurityImageLabel,
>
> - virSecurityDACSetSocketLabel,
> + virSecurityDACSetDaemonSocketLabel,
> virSecurityDACClearSocketLabel,
>
> virSecurityDACGenLabel,
> diff --git a/src/security/security_driver.h b/src/security/security_driver.h
> index 154f197..73c8f04 100644
> --- a/src/security/security_driver.h
> +++ b/src/security/security_driver.h
> @@ -41,8 +41,8 @@ typedef const char *(*virSecurityDriverGetDOI) (virSecurityManagerPtr mgr);
> typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManagerPtr mgr,
> virDomainObjPtr vm,
> virDomainDiskDefPtr disk);
> -typedef int (*virSecurityDomainSetSocketLabel) (virSecurityManagerPtr mgr,
> - virDomainObjPtr vm);
> +typedef int (*virSecurityDomainSetDaemonSocketLabel)(virSecurityManagerPtr mgr,
> + virDomainObjPtr vm);
> typedef int (*virSecurityDomainClearSocketLabel)(virSecurityManagerPtr mgr,
> virDomainObjPtr vm);
> typedef int (*virSecurityDomainSetImageLabel) (virSecurityManagerPtr mgr,
> @@ -101,7 +101,7 @@ struct _virSecurityDriver {
> virSecurityDomainSetImageLabel domainSetSecurityImageLabel;
> virSecurityDomainRestoreImageLabel domainRestoreSecurityImageLabel;
>
> - virSecurityDomainSetSocketLabel domainSetSecuritySocketLabel;
> + virSecurityDomainSetDaemonSocketLabel domainSetSecurityDaemonSocketLabel;
> virSecurityDomainClearSocketLabel domainClearSecuritySocketLabel;
>
> virSecurityDomainGenLabel domainGenSecurityLabel;
> diff --git a/src/security/security_manager.c b/src/security/security_manager.c
> index 6ae58dc..d30ebcf 100644
> --- a/src/security/security_manager.c
> +++ b/src/security/security_manager.c
> @@ -160,11 +160,11 @@ int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
> return -1;
> }
>
> -int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr,
> - virDomainObjPtr vm)
> +int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr,
> + virDomainObjPtr vm)
> {
> - if (mgr->drv->domainSetSecuritySocketLabel)
> - return mgr->drv->domainSetSecuritySocketLabel(mgr, vm);
> + if (mgr->drv->domainSetSecurityDaemonSocketLabel)
> + return mgr->drv->domainSetSecurityDaemonSocketLabel(mgr, vm);
>
> virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
> return -1;
> diff --git a/src/security/security_manager.h b/src/security/security_manager.h
> index 8c3b8b2..8d614a7 100644
> --- a/src/security/security_manager.h
> +++ b/src/security/security_manager.h
> @@ -53,8 +53,8 @@ bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr);
> int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
> virDomainObjPtr vm,
> virDomainDiskDefPtr disk);
> -int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr,
> - virDomainObjPtr vm);
> +int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr,
> + virDomainObjPtr vm);
> int virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr,
> virDomainObjPtr vm);
> int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr,
> diff --git a/src/security/security_nop.c b/src/security/security_nop.c
> index 24d36fe..67d3ff6 100644
> --- a/src/security/security_nop.c
> +++ b/src/security/security_nop.c
> @@ -53,8 +53,8 @@ static int virSecurityDomainRestoreImageLabelNop(virSecurityManagerPtr mgr ATTRI
> return 0;
> }
>
> -static int virSecurityDomainSetSocketLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
> - virDomainObjPtr vm ATTRIBUTE_UNUSED)
> +static int virSecurityDomainSetDaemonSocketLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
> + virDomainObjPtr vm ATTRIBUTE_UNUSED)
> {
> return 0;
> }
> @@ -171,7 +171,7 @@ virSecurityDriver virSecurityDriverNop = {
> virSecurityDomainSetImageLabelNop,
> virSecurityDomainRestoreImageLabelNop,
>
> - virSecurityDomainSetSocketLabelNop,
> + virSecurityDomainSetDaemonSocketLabelNop,
> virSecurityDomainClearSocketLabelNop,
>
> virSecurityDomainGenLabelNop,
> diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
> index 5e6145f..f87c9a5 100644
> --- a/src/security/security_selinux.c
> +++ b/src/security/security_selinux.c
> @@ -1066,8 +1066,8 @@ SELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr,
> }
>
> static int
> -SELinuxSetSecuritySocketLabel(virSecurityManagerPtr mgr,
> - virDomainObjPtr vm)
> +SELinuxSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr,
> + virDomainObjPtr vm)
> {
> /* TODO: verify DOI */
> const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
> @@ -1312,7 +1312,7 @@ virSecurityDriver virSecurityDriverSELinux = {
> SELinuxSetSecurityImageLabel,
> SELinuxRestoreSecurityImageLabel,
>
> - SELinuxSetSecuritySocketLabel,
> + SELinuxSetSecurityDaemonSocketLabel,
> SELinuxClearSecuritySocketLabel,
>
> SELinuxGenSecurityLabel,
> diff --git a/src/security/security_stack.c b/src/security/security_stack.c
> index b63e4c8..404ff65 100644
> --- a/src/security/security_stack.c
> +++ b/src/security/security_stack.c
> @@ -339,15 +339,15 @@ virSecurityStackGetProcessLabel(virSecurityManagerPtr mgr,
>
>
> static int
> -virSecurityStackSetSocketLabel(virSecurityManagerPtr mgr,
> - virDomainObjPtr vm)
> +virSecurityStackSetDaemonSocketLabel(virSecurityManagerPtr mgr,
> + virDomainObjPtr vm)
> {
> virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
> int rc = 0;
>
> - if (virSecurityManagerSetSocketLabel(priv->secondary, vm) < 0)
> + if (virSecurityManagerSetDaemonSocketLabel(priv->secondary, vm) < 0)
> rc = -1;
> - if (virSecurityManagerSetSocketLabel(priv->primary, vm) < 0)
> + if (virSecurityManagerSetDaemonSocketLabel(priv->primary, vm) < 0)
> rc = -1;
>
> return rc;
> @@ -418,7 +418,7 @@ virSecurityDriver virSecurityDriverStack = {
> virSecurityStackSetSecurityImageLabel,
> virSecurityStackRestoreSecurityImageLabel,
>
> - virSecurityStackSetSocketLabel,
> + virSecurityStackSetDaemonSocketLabel,
> virSecurityStackClearSocketLabel,
>
> virSecurityStackGenLabel,
ACK, this looks indeed as pure renaming,
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel at veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
More information about the libvir-list
mailing list