const virStorageSource *src;
uid_t uid;
gid_t gid;
+ bool remember; /* Whether owner remembering should be done for @path/@src */
bool restore; /* Whether current operation is 'set' or 'restore' */
};
const virStorageSource *src,
uid_t uid,
gid_t gid,
+ bool remember,
bool restore)
{
int ret = -1;
item->src = src;
item->uid = uid;
item->gid = gid;
+ item->remember = remember;
item->restore = restore;
if (VIR_APPEND_ELEMENT(list->items, list->nItems, item) < 0)
* @src: disk source to chown
* @uid: user ID
* @gid: group ID
+ * @remember: if the original owner should be recorded/recalled
* @restore: if current operation is set or restore
*
* Appends an entry onto transaction list.
+ * The @remember should be true if caller wishes to record/recall
+ * the original owner of @path/@src.
* The @restore should be true if the operation is restoring
* seclabel and false otherwise.
*
const virStorageSource *src,
uid_t uid,
gid_t gid,
+ bool remember,
bool restore)
{
virSecurityDACChownListPtr list = virThreadLocalGet(&chownList);
if (!list)
return 0;
- if (virSecurityDACChownListAppend(list, path, src, uid, gid, restore) < 0)
+ if (virSecurityDACChownListAppend(list, path, src,
+ uid, gid, remember, restore) < 0)
return -1;
return 1;
for (i = 0; i < list->nItems; i++) {
virSecurityDACChownItemPtr item = list->items[i];
+ const bool remember = item->remember && list->lock;
if (!item->restore) {
rv = virSecurityDACSetOwnership(list->manager,
item->path,
item->uid,
item->gid,
- list->lock);
+ remember);
} else {
rv = virSecurityDACRestoreFileLabelInternal(list->manager,
item->src,
item->path,
- list->lock);
+ remember);
}
if (rv < 0)
for (; rv < 0 && i > 0; i--) {
virSecurityDACChownItemPtr item = list->items[i - 1];
+ const bool remember = item->remember && list->lock;
if (!item->restore) {
virSecurityDACRestoreFileLabelInternal(list->manager,
item->src,
item->path,
- list->lock);
+ remember);
} else {
VIR_WARN("Ignoring failed restore attempt on %s",
NULLSTR(item->src ? item->src->path : item->path));
/* Be aware that this function might run in a separate process.
* Therefore, any driver state changes would be thrown away. */
- if ((rc = virSecurityDACTransactionAppend(path, src, uid, gid, false)) < 0)
+ if ((rc = virSecurityDACTransactionAppend(path, src,
+ uid, gid, remember, false)) < 0)
return -1;
else if (rc > 0)
return 0;
/* Be aware that this function might run in a separate process.
* Therefore, any driver state changes would be thrown away. */
- if ((rv = virSecurityDACTransactionAppend(path, src, uid, gid, true)) < 0)
+ if ((rv = virSecurityDACTransactionAppend(path, src, uid, gid, recall, true)) < 0)
return -1;
else if (rv > 0)
return 0;
virSecurityDACRestoreFileLabel(virSecurityManagerPtr mgr,
const char *path)
{
- return virSecurityDACRestoreFileLabelInternal(mgr, NULL, path, false);
+ return virSecurityDACRestoreFileLabelInternal(mgr, NULL, path, true);
}
return -1;
}
- return virSecurityDACSetOwnership(mgr, src, NULL, user, group, false);
+ return virSecurityDACSetOwnership(mgr, src, NULL, user, group, true);
}
}
}
- return virSecurityDACRestoreFileLabelInternal(mgr, src, NULL, false);
+ return virSecurityDACRestoreFileLabelInternal(mgr, src, NULL, true);
}
if (virSecurityDACGetIds(secdef, priv, &user, &group, NULL, NULL) < 0)
return -1;
- return virSecurityDACSetOwnership(mgr, NULL, file, user, group, false);
+ return virSecurityDACSetOwnership(mgr, NULL, file, user, group, true);
}
case VIR_DOMAIN_CHR_TYPE_FILE:
ret = virSecurityDACSetOwnership(mgr, NULL,
dev_source->data.file.path,
- user, group, false);
+ user, group, true);
break;
case VIR_DOMAIN_CHR_TYPE_PIPE:
virAsprintf(&out, "%s.out", dev_source->data.file.path) < 0)
goto done;
if (virFileExists(in) && virFileExists(out)) {
- if (virSecurityDACSetOwnership(mgr, NULL, in, user, group, false) < 0 ||
- virSecurityDACSetOwnership(mgr, NULL, out, user, group, false) < 0)
+ if (virSecurityDACSetOwnership(mgr, NULL, in, user, group, true) < 0 ||
+ virSecurityDACSetOwnership(mgr, NULL, out, user, group, true) < 0)
goto done;
} else if (virSecurityDACSetOwnership(mgr, NULL,
dev_source->data.file.path,
- user, group, false) < 0) {
+ user, group, true) < 0) {
goto done;
}
ret = 0;
* and passed via FD */
if (virSecurityDACSetOwnership(mgr, NULL,
dev_source->data.nix.path,
- user, group, false) < 0)
+ user, group, true) < 0)
goto done;
}
ret = 0;
if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < 0)
return -1;
- if (virSecurityDACSetOwnership(mgr, NULL, rendernode, user, group, false) < 0)
+ if (virSecurityDACSetOwnership(mgr, NULL, rendernode, user, group, true) < 0)
return -1;
return 0;
ret = virSecurityDACSetOwnership(mgr, NULL,
input->source.evdev,
- user, group, false);
+ user, group, true);
break;
case VIR_DOMAIN_INPUT_TYPE_MOUSE:
ret = virSecurityDACSetOwnership(mgr, NULL,
mem->nvdimmPath,
- user, group, false);
+ user, group, true);
break;
case VIR_DOMAIN_MEMORY_MODEL_DIMM:
return -1;
if (virSecurityDACSetOwnership(mgr, NULL, DEV_SEV,
- user, group, false) < 0)
+ user, group, true) < 0)
return -1;
return 0;
if (def->os.loader && def->os.loader->nvram &&
virSecurityDACSetOwnership(mgr, NULL,
def->os.loader->nvram,
- user, group, false) < 0)
+ user, group, true) < 0)
return -1;
if (def->os.kernel &&
virSecurityDACSetOwnership(mgr, NULL,
def->os.kernel,
- user, group, false) < 0)
+ user, group, true) < 0)
return -1;
if (def->os.initrd &&
virSecurityDACSetOwnership(mgr, NULL,
def->os.initrd,
- user, group, false) < 0)
+ user, group, true) < 0)
return -1;
if (def->os.dtb &&
virSecurityDACSetOwnership(mgr, NULL,
def->os.dtb,
- user, group, false) < 0)
+ user, group, true) < 0)
return -1;
if (def->os.slic_table &&
virSecurityDACSetOwnership(mgr, NULL,
def->os.slic_table,
- user, group, false) < 0)
+ user, group, true) < 0)
return -1;
return 0;
if (virSecurityDACGetImageIds(secdef, priv, &user, &group) < 0)
return -1;
- return virSecurityDACSetOwnership(mgr, NULL, savefile, user, group, false);
+ return virSecurityDACSetOwnership(mgr, NULL, savefile, user, group, true);
}
if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < 0)
return -1;
- return virSecurityDACSetOwnership(mgr, NULL, path, user, group, false);
+ return virSecurityDACSetOwnership(mgr, NULL, path, user, group, true);
}
virSecurityDriver virSecurityDriverDAC = {
projects / thirdparty / libvirt.git / commitdiff
