[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH v3 1/3] security: Rename SetSocketLabel APIs to SetDaemonSocketLabel



On Fri, Aug 26, 2011 at 10:23:46AM +0200, Jiri Denemark wrote:
> The APIs are designed to label a socket in a way that the libvirt daemon
> itself is able to access it (i.e., in SELinux the label is virtd_t based
> as opposed to svirt_* we use for labeling resources that need to be
> accessed by a vm). The new name reflects this.
> ---
> Notes:
>     Version 3:
>     - new patch
> 
>  src/libvirt_private.syms        |    2 +-
>  src/qemu/qemu_process.c         |    3 ++-
>  src/security/security_dac.c     |    6 +++---
>  src/security/security_driver.h  |    6 +++---
>  src/security/security_manager.c |    8 ++++----
>  src/security/security_manager.h |    4 ++--
>  src/security/security_nop.c     |    6 +++---
>  src/security/security_selinux.c |    6 +++---
>  src/security/security_stack.c   |   10 +++++-----
>  9 files changed, 26 insertions(+), 25 deletions(-)
> 
> diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
> index 0618b49..c3e33b4 100644
> --- a/src/libvirt_private.syms
> +++ b/src/libvirt_private.syms
> @@ -904,13 +904,13 @@ virSecurityManagerRestoreAllLabel;
>  virSecurityManagerRestoreHostdevLabel;
>  virSecurityManagerRestoreSavedStateLabel;
>  virSecurityManagerSetAllLabel;
> +virSecurityManagerSetDaemonSocketLabel;
>  virSecurityManagerSetImageFDLabel;
>  virSecurityManagerSetImageLabel;
>  virSecurityManagerSetHostdevLabel;
>  virSecurityManagerSetProcessFDLabel;
>  virSecurityManagerSetProcessLabel;
>  virSecurityManagerSetSavedStateLabel;
> -virSecurityManagerSetSocketLabel;
>  virSecurityManagerVerify;
>  
>  # sexpr.h
> diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
> index f691bbb..58b4d36 100644
> --- a/src/qemu/qemu_process.c
> +++ b/src/qemu/qemu_process.c
> @@ -821,7 +821,8 @@ qemuConnectMonitor(struct qemud_driver *driver, virDomainObjPtr vm)
>      qemuDomainObjPrivatePtr priv = vm->privateData;
>      int ret = -1;
>  
> -    if (virSecurityManagerSetSocketLabel(driver->securityManager, vm) < 0) {
> +    if (virSecurityManagerSetDaemonSocketLabel(driver->securityManager,
> +                                               vm) < 0) {
>          VIR_ERROR(_("Failed to set security context for monitor for %s"),
>                    vm->def->name);
>          goto error;
> diff --git a/src/security/security_dac.c b/src/security/security_dac.c
> index 58d57ec..6df4087 100644
> --- a/src/security/security_dac.c
> +++ b/src/security/security_dac.c
> @@ -667,8 +667,8 @@ virSecurityDACGetProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
>  }
>  
>  static int
> -virSecurityDACSetSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
> -                               virDomainObjPtr vm ATTRIBUTE_UNUSED)
> +virSecurityDACSetDaemonSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
> +                                   virDomainObjPtr vm ATTRIBUTE_UNUSED)
>  {
>      return 0;
>  }
> @@ -714,7 +714,7 @@ virSecurityDriver virSecurityDriverDAC = {
>      virSecurityDACSetSecurityImageLabel,
>      virSecurityDACRestoreSecurityImageLabel,
>  
> -    virSecurityDACSetSocketLabel,
> +    virSecurityDACSetDaemonSocketLabel,
>      virSecurityDACClearSocketLabel,
>  
>      virSecurityDACGenLabel,
> diff --git a/src/security/security_driver.h b/src/security/security_driver.h
> index 154f197..73c8f04 100644
> --- a/src/security/security_driver.h
> +++ b/src/security/security_driver.h
> @@ -41,8 +41,8 @@ typedef const char *(*virSecurityDriverGetDOI) (virSecurityManagerPtr mgr);
>  typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManagerPtr mgr,
>                                                     virDomainObjPtr vm,
>                                                     virDomainDiskDefPtr disk);
> -typedef int (*virSecurityDomainSetSocketLabel) (virSecurityManagerPtr mgr,
> -                                                virDomainObjPtr vm);
> +typedef int (*virSecurityDomainSetDaemonSocketLabel)(virSecurityManagerPtr mgr,
> +                                                     virDomainObjPtr vm);
>  typedef int (*virSecurityDomainClearSocketLabel)(virSecurityManagerPtr mgr,
>                                                  virDomainObjPtr vm);
>  typedef int (*virSecurityDomainSetImageLabel) (virSecurityManagerPtr mgr,
> @@ -101,7 +101,7 @@ struct _virSecurityDriver {
>      virSecurityDomainSetImageLabel domainSetSecurityImageLabel;
>      virSecurityDomainRestoreImageLabel domainRestoreSecurityImageLabel;
>  
> -    virSecurityDomainSetSocketLabel domainSetSecuritySocketLabel;
> +    virSecurityDomainSetDaemonSocketLabel domainSetSecurityDaemonSocketLabel;
>      virSecurityDomainClearSocketLabel domainClearSecuritySocketLabel;
>  
>      virSecurityDomainGenLabel domainGenSecurityLabel;
> diff --git a/src/security/security_manager.c b/src/security/security_manager.c
> index 6ae58dc..d30ebcf 100644
> --- a/src/security/security_manager.c
> +++ b/src/security/security_manager.c
> @@ -160,11 +160,11 @@ int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
>      return -1;
>  }
>  
> -int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr,
> -                                     virDomainObjPtr vm)
> +int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr,
> +                                           virDomainObjPtr vm)
>  {
> -    if (mgr->drv->domainSetSecuritySocketLabel)
> -        return mgr->drv->domainSetSecuritySocketLabel(mgr, vm);
> +    if (mgr->drv->domainSetSecurityDaemonSocketLabel)
> +        return mgr->drv->domainSetSecurityDaemonSocketLabel(mgr, vm);
>  
>      virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
>      return -1;
> diff --git a/src/security/security_manager.h b/src/security/security_manager.h
> index 8c3b8b2..8d614a7 100644
> --- a/src/security/security_manager.h
> +++ b/src/security/security_manager.h
> @@ -53,8 +53,8 @@ bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr);
>  int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
>                                          virDomainObjPtr vm,
>                                          virDomainDiskDefPtr disk);
> -int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr,
> -                                     virDomainObjPtr vm);
> +int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr,
> +                                           virDomainObjPtr vm);
>  int virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr,
>                                         virDomainObjPtr vm);
>  int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr,
> diff --git a/src/security/security_nop.c b/src/security/security_nop.c
> index 24d36fe..67d3ff6 100644
> --- a/src/security/security_nop.c
> +++ b/src/security/security_nop.c
> @@ -53,8 +53,8 @@ static int virSecurityDomainRestoreImageLabelNop(virSecurityManagerPtr mgr ATTRI
>      return 0;
>  }
>  
> -static int virSecurityDomainSetSocketLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
> -                                              virDomainObjPtr vm ATTRIBUTE_UNUSED)
> +static int virSecurityDomainSetDaemonSocketLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
> +                                                    virDomainObjPtr vm ATTRIBUTE_UNUSED)
>  {
>      return 0;
>  }
> @@ -171,7 +171,7 @@ virSecurityDriver virSecurityDriverNop = {
>      virSecurityDomainSetImageLabelNop,
>      virSecurityDomainRestoreImageLabelNop,
>  
> -    virSecurityDomainSetSocketLabelNop,
> +    virSecurityDomainSetDaemonSocketLabelNop,
>      virSecurityDomainClearSocketLabelNop,
>  
>      virSecurityDomainGenLabelNop,
> diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
> index 5e6145f..f87c9a5 100644
> --- a/src/security/security_selinux.c
> +++ b/src/security/security_selinux.c
> @@ -1066,8 +1066,8 @@ SELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr,
>  }
>  
>  static int
> -SELinuxSetSecuritySocketLabel(virSecurityManagerPtr mgr,
> -                               virDomainObjPtr vm)
> +SELinuxSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr,
> +                                    virDomainObjPtr vm)
>  {
>      /* TODO: verify DOI */
>      const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
> @@ -1312,7 +1312,7 @@ virSecurityDriver virSecurityDriverSELinux = {
>      SELinuxSetSecurityImageLabel,
>      SELinuxRestoreSecurityImageLabel,
>  
> -    SELinuxSetSecuritySocketLabel,
> +    SELinuxSetSecurityDaemonSocketLabel,
>      SELinuxClearSecuritySocketLabel,
>  
>      SELinuxGenSecurityLabel,
> diff --git a/src/security/security_stack.c b/src/security/security_stack.c
> index b63e4c8..404ff65 100644
> --- a/src/security/security_stack.c
> +++ b/src/security/security_stack.c
> @@ -339,15 +339,15 @@ virSecurityStackGetProcessLabel(virSecurityManagerPtr mgr,
>  
>  
>  static int
> -virSecurityStackSetSocketLabel(virSecurityManagerPtr mgr,
> -                               virDomainObjPtr vm)
> +virSecurityStackSetDaemonSocketLabel(virSecurityManagerPtr mgr,
> +                                     virDomainObjPtr vm)
>  {
>      virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
>      int rc = 0;
>  
> -    if (virSecurityManagerSetSocketLabel(priv->secondary, vm) < 0)
> +    if (virSecurityManagerSetDaemonSocketLabel(priv->secondary, vm) < 0)
>          rc = -1;
> -    if (virSecurityManagerSetSocketLabel(priv->primary, vm) < 0)
> +    if (virSecurityManagerSetDaemonSocketLabel(priv->primary, vm) < 0)
>          rc = -1;
>  
>      return rc;
> @@ -418,7 +418,7 @@ virSecurityDriver virSecurityDriverStack = {
>      virSecurityStackSetSecurityImageLabel,
>      virSecurityStackRestoreSecurityImageLabel,
>  
> -    virSecurityStackSetSocketLabel,
> +    virSecurityStackSetDaemonSocketLabel,
>      virSecurityStackClearSocketLabel,
>  
>      virSecurityStackGenLabel,

  ACK, this looks indeed as pure renaming,

Daniel

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel veillard com  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]