]> git.ipfire.org Git - thirdparty/libvirt.git/commit
projects / thirdparty / libvirt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 413c88e) | patch
Add a function to the security driver API that sets the label of an open fd.
authorLaine Stump <laine@laine.org>
Sun, 23 Jan 2011 21:02:42 +0000 (16:02 -0500)
committerLaine Stump <laine@laine.org>
Wed, 26 Jan 2011 14:03:11 +0000 (09:03 -0500)
commitd89608f994025aef9809bcb224e2d71f35fb85e9
treef2c687f96cba7da283fe545775da6c9227ae1169tree | snapshot
parent413c88e773be5f2f136e97cec85d19b3b50b6100commit | diff
Add a function to the security driver API that sets the label of an open fd.

A need was found to set the SELinux context label on an open fd (a
pipe, as a matter of fact). This patch adds a function to the security
driver API that will set the label on an open fd to secdef.label. For
all drivers other than the SELinux driver, it's a NOP. For the SElinux
driver, it calls fsetfilecon().

If the return is a failure, it only returns error up to the caller if
1) the desired label is different from the existing label, 2) the
destination fd is of a type that supports setting the selinux context,
and 3) selinux is in enforcing mode. Otherwise it will return
success. This follows the pattern of the existing function
SELinuxSetFilecon().
src/libvirt_private.syms diff | blob | blame | history
src/security/security_apparmor.c diff | blob | blame | history
src/security/security_dac.c diff | blob | blame | history
src/security/security_driver.h diff | blob | blame | history
src/security/security_manager.c diff | blob | blame | history
src/security/security_manager.h diff | blob | blame | history
src/security/security_nop.c diff | blob | blame | history
src/security/security_selinux.c diff | blob | blame | history
src/security/security_stack.c diff | blob | blame | history
Mirror of https://github.com/libvirt/libvirt.git