[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 07/23] Refactor SELinux security driver hostdev labelling



On 2012年12月01日 04:26, Daniel P. Berrange wrote:
From: "Daniel P. Berrange"<berrange redhat com>

Prepare to support different types of hostdevs by refactoring
the current SELinux security driver code

Signed-off-by: Daniel P. Berrange<berrange redhat com>
---
  src/security/security_selinux.c | 89 +++++++++++++++++++++++++++--------------
  1 file changed, 59 insertions(+), 30 deletions(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 9070ff9..ad13490 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1118,26 +1118,15 @@ virSecuritySELinuxSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
      return virSecuritySELinuxSetFilecon(file, secdef->imagelabel);
  }

+
  static int
-virSecuritySELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
-                                          virDomainDefPtr def,
-                                          virDomainHostdevDefPtr dev,
-                                          const char *vroot)
+virSecuritySELinuxSetSecurityHostdevSubsysLabel(virDomainDefPtr def,
+                                                virDomainHostdevDefPtr dev,
+                                                const char *vroot)

  {
-    virSecurityLabelDefPtr secdef;
      int ret = -1;

-    secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
-    if (secdef == NULL)
-        return -1;
-
-    if (secdef->norelabel)
-        return 0;
-
-    if (dev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
-        return 0;
-
      switch (dev->source.subsys.type) {
      case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: {
          usbDevice *usb;
@@ -1182,6 +1171,32 @@ done:


  static int
+virSecuritySELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+                                          virDomainDefPtr def,
+                                          virDomainHostdevDefPtr dev,
+                                          const char *vroot)
+
+{
+    virSecurityLabelDefPtr secdef;
+
+    secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+    if (secdef == NULL)
+        return -1;
+
+    if (secdef->norelabel)
+        return 0;
+
+    switch (dev->mode) {
+    case VIR_DOMAIN_HOSTDEV_MODE_SUBSYS:
+        return virSecuritySELinuxSetSecurityHostdevSubsysLabel(def, dev, vroot);
+
+    default:
+        return 0;
+    }
+}
+
+
+static int
  virSecuritySELinuxRestoreSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED,
                                            const char *file,
                                            void *opaque ATTRIBUTE_UNUSED)
@@ -1197,26 +1212,14 @@ virSecuritySELinuxRestoreSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
      return virSecuritySELinuxRestoreSecurityFileLabel(file);
  }

+
  static int
-virSecuritySELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
-                                              virDomainDefPtr def,
-                                              virDomainHostdevDefPtr dev,
-                                              const char *vroot)
+virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(virDomainHostdevDefPtr dev,
+                                                    const char *vroot)

  {
-    virSecurityLabelDefPtr secdef;
      int ret = -1;

-    secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
-    if (secdef == NULL)
-        return -1;
-
-    if (secdef->norelabel)
-        return 0;
-
-    if (dev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
-        return 0;
-
      switch (dev->source.subsys.type) {
      case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: {
          usbDevice *usb;
@@ -1262,6 +1265,32 @@ done:


  static int
+virSecuritySELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+                                              virDomainDefPtr def,
+                                              virDomainHostdevDefPtr dev,
+                                              const char *vroot)
+
+{
+    virSecurityLabelDefPtr secdef;
+
+    secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+    if (secdef == NULL)
+        return -1;
+
+    if (secdef->norelabel)
+        return 0;
+
+    switch (dev->mode) {
+    case VIR_DOMAIN_HOSTDEV_MODE_SUBSYS:
+        return virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(dev, vroot);
+
+    default:
+        return 0;
+    }
+}
+
+
+static int
  virSecuritySELinuxSetSecurityChardevLabel(virDomainDefPtr def,
                                            virDomainChrDefPtr dev,
                                            virDomainChrSourceDefPtr dev_source)

ACK


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]