git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Laine Stump <laine@laine.org>
	Fri, 1 Feb 2013 19:32:37 +0000 (14:32 -0500)
committer	Laine Stump <laine@laine.org>
	Wed, 13 Feb 2013 21:11:15 +0000 (16:11 -0500)
commit	6c3f3d0d89b4db87c3dcc2b41903ca30c1595965
tree	5316e322c3edebe411d7d770746dae7104633150	tree
parent	4a56e80fa56f1d15f23b33370a80abf03a20ef4c	commit \| diff

util: add security label setting to virCommand

virCommand gets two new APIs: virCommandSetSELinuxLabel() and
virCommandSetAppArmorProfile(), which both save a copy of a
null-terminated string in the virCommand. During virCommandRun, if the
string is non-NULL and we've been compiled with AppArmor and/or
SELinux security driver support, the appropriate security library
function is called for the child process, using the string that was
previously set. In the case of SELinux, setexeccon_raw() is called,
and for AppArmor, aa_change_profile() is called.

This functionality has been added so that users of virCommand can use
the upcoming virSecurityManagerSetChildProcessLabel() prior to running
a child process, rather than needing to setup a hook function to be
called (and in turn call virSecurityManagerSetProcessLabel()) *during*
the setup of the child process.

src/Makefile.am		diff \| blob \| blame \| history
src/libvirt_private.syms		diff \| blob \| blame \| history
src/util/vircommand.c		diff \| blob \| blame \| history
src/util/vircommand.h		diff \| blob \| blame \| history