[libvirt] [PATCH v1 01/10] locking: Allow seclabel remembering

Daniel P. Berrange berrange at redhat.com
Fri Sep 19 15:41:50 UTC 2014


On Wed, Sep 10, 2014 at 03:26:07PM +0200, Michal Privoznik wrote:
> To keep original seclabel for files libvirt is touching we need a
> single point where the original seclabels can be stored. Instead
> of inventing a new one we can misuse virtlockd which already has
> nearly all the infrastructure we need. As nice feature, it keeps
> its internal state between virtlockd restarts. Again, it's
> something we are going to need, as we don't want to lose the
> original labels on the lock daemon restart.
> 
> In this commit two functions are introduced:
> 
> virLockManagerRememberSeclabel that takes three arguments:
> 
>     path, model and seclabel
> 
> where @path is unique identifier for the file we are about to
> label, @model and @seclabel then represents original seclabel.
> 
> virLockManagerRecallSeclabel then takes:
> 
>     path, model, *seclabel
> 
> and returns number of references held on @path. If the return
> value is zero, *seclabel contains the original label stored by
> first call of RememberSeclabel(). If a positive value is
> returned, other domains are still using the @path and the
> original label shall not be restored.

> +int virLockManagerRememberSeclabel(virLockManagerPtr lock,
> +                                   const char *path,
> +                                   const char *model,
> +                                   const char *seclabel)
> +{
> +    VIR_DEBUG("lock=%p path=%s model=%s seclabel=%s",
> +              lock, path, model, seclabel);
> +
> +    CHECK_MANAGER(drvRemember, -1);
> +
> +    return lock->driver->drvRemember(lock, path, model, seclabel);
> +}
> +
> +int virLockManagerRecallSeclabel(virLockManagerPtr lock,
> +                                 const char *path,
> +                                 const char *model,
> +                                 char **seclabel)
> +{
> +    VIR_DEBUG("lock=%p path=%s model=%s seclabel=%p",
> +              lock, path, model, seclabel);
> +
> +    CHECK_MANAGER(drvRecall, -1);

I thin kwe should do

  *seclabel = NULL;

to protect against drivers forgetting todo it

> +
> +    return lock->driver->drvRecall(lock, path, model, seclabel);
> +}

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|




More information about the libvir-list mailing list