[libvirt] [PATCHv4 16/29] security: selinux: Implement per-image seclabel restore

Peter Krempa pkrempa at redhat.com
Mon Jun 30 15:20:26 UTC 2014 

Refactor the existing code to allow re-using it for the per-image label
restore too.
---
 src/security/security_selinux.c | 59 ++++++++++++++++++++++++-----------------
 1 file changed, 34 insertions(+), 25 deletions(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 7740e69..87077ac 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1123,18 +1123,20 @@ virSecuritySELinuxRestoreSecurityTPMFileLabelInt(virSecurityManagerPtr mgr,
 static int
 virSecuritySELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr,
                                                virDomainDefPtr def,
-                                               virDomainDiskDefPtr disk,
+                                               virStorageSourcePtr src,
                                                bool migrated)
 {
     virSecurityLabelDefPtr seclabel;
     virSecurityDeviceLabelDefPtr disk_seclabel;
-    const char *src = virDomainDiskGetSource(disk);
+
+    if (!src->path || !virStorageSourceIsLocalStorage(src))
+        return 0;

     seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
     if (seclabel == NULL)
         return 0;

-    disk_seclabel = virStorageSourceGetSecurityLabelDef(disk->src,
+    disk_seclabel = virStorageSourceGetSecurityLabelDef(src,
                                                         SECURITY_SELINUX_NAME);
     if (seclabel->norelabel || (disk_seclabel && disk_seclabel->norelabel))
         return 0;
@@ -1144,40 +1146,35 @@ virSecuritySELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr,
      * be tracked in domain XML, at which point labelskip should be a
      * per-file attribute instead of a disk attribute.  */
     if (disk_seclabel && disk_seclabel->labelskip &&
-        !disk->src->backingStore)
+        !src->backingStore)
         return 0;

-    /* Don't restore labels on readoly/shared disks, because
-     * other VMs may still be accessing these
-     * Alternatively we could iterate over all running
-     * domains and try to figure out if it is in use, but
-     * this would not work for clustered filesystems, since
-     * we can't see running VMs using the file on other nodes
-     * Safest bet is thus to skip the restore step.
+    /* Don't restore labels on readoly/shared disks, because other VMs may
+     * still be accessing these Alternatively we could iterate over all running
+     * domains and try to figure out if it is in use, but this would not work
+     * for clustered filesystems, since we can't see running VMs using the file
+     * on other nodes Safest bet is thus to skip the restore step.
      */
-    if (disk->src->readonly || disk->src->shared)
+    if (src->readonly || src->shared)
         return 0;

-    if (!src || virDomainDiskGetType(disk) == VIR_STORAGE_TYPE_NETWORK)
-        return 0;

-    /* If we have a shared FS & doing migrated, we must not
-     * change ownership, because that kills access on the
-     * destination host which is sub-optimal for the guest
-     * VM's I/O attempts :-)
+    /* If we have a shared FS & doing migrated, we must not change ownership,
+     * because that kills access on the destination host which is sub-optimal
+     * for the guest VM's I/O attempts :-)
      */
     if (migrated) {
-        int rc = virFileIsSharedFS(src);
+        int rc = virFileIsSharedFS(src->path);
         if (rc < 0)
             return -1;
         if (rc == 1) {
             VIR_DEBUG("Skipping image label restore on %s because FS is shared",
-                      src);
+                      src->path);
             return 0;
         }
     }

-    return virSecuritySELinuxRestoreSecurityFileLabel(mgr, src);
+    return virSecuritySELinuxRestoreSecurityFileLabel(mgr, src->path);
 }


@@ -1186,7 +1183,17 @@ virSecuritySELinuxRestoreSecurityDiskLabel(virSecurityManagerPtr mgr,
                                            virDomainDefPtr def,
                                            virDomainDiskDefPtr disk)
 {
-    return virSecuritySELinuxRestoreSecurityImageLabelInt(mgr, def, disk, false);
+    return virSecuritySELinuxRestoreSecurityImageLabelInt(mgr, def, disk->src,
+                                                          false);
+}
+
+
+static int
+virSecuritySELinuxRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
+                                            virDomainDefPtr def,
+                                            virStorageSourcePtr src)
+{
+    return virSecuritySELinuxRestoreSecurityImageLabelInt(mgr, def, src, false);
 }


@@ -1867,9 +1874,9 @@ virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
             rc = -1;
     }
     for (i = 0; i < def->ndisks; i++) {
-        if (virSecuritySELinuxRestoreSecurityImageLabelInt(mgr,
-                                                           def,
-                                                           def->disks[i],
+        virDomainDiskDefPtr disk = def->disks[i];
+
+        if (virSecuritySELinuxRestoreSecurityImageLabelInt(mgr, def, disk->src,
                                                            migrated) < 0)
             rc = -1;
     }
@@ -2429,6 +2436,8 @@ virSecurityDriver virSecurityDriverSELinux = {
     .domainSetSecurityDiskLabel         = virSecuritySELinuxSetSecurityDiskLabel,
     .domainRestoreSecurityDiskLabel     = virSecuritySELinuxRestoreSecurityDiskLabel,

+    .domainRestoreSecurityImageLabel    = virSecuritySELinuxRestoreSecurityImageLabel,
+
     .domainSetSecurityDaemonSocketLabel = virSecuritySELinuxSetSecurityDaemonSocketLabel,
     .domainSetSecuritySocketLabel       = virSecuritySELinuxSetSecuritySocketLabel,
     .domainClearSecuritySocketLabel     = virSecuritySELinuxClearSecuritySocketLabel,
-- 
1.9.3

More information about the libvir-list mailing list