{ echo '$(ME): new API should use "unsigned int flags"' 1>&2; \
exit 1; } || :
@prohibit=' flags ATTRIBUTE_UNUSED' \
+ exclude='virSecurityDomainImageLabelFlags' \
halt='flags should be checked with virCheckFlags' \
$(_sc_search_regexp)
@prohibit='^[^@]*([^d] (int|long long)|[^dg] long) flags[;,)]' \
goto cleanup;
if (virSecurityManagerSetImageLabel(driver->securityManager,
- vm->def,
- src) < 0)
+ vm->def, src, 0) < 0)
goto cleanup;
if (virSecurityManagerTransactionCommit(driver->securityManager,
goto cleanup;
if (virSecurityManagerRestoreImageLabel(driver->securityManager,
- vm->def,
- src) < 0)
+ vm->def, src, 0) < 0)
goto cleanup;
if (virSecurityManagerTransactionCommit(driver->securityManager,
static int
AppArmorRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
- virStorageSourcePtr src)
+ virStorageSourcePtr src,
+ virSecurityDomainImageLabelFlags flags ATTRIBUTE_UNUSED)
{
if (!virStorageSourceIsLocalStorage(src))
return 0;
return reload_profile(mgr, def, NULL, false);
}
-static int
-AppArmorRestoreSecurityDiskLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def,
- virDomainDiskDefPtr disk)
-{
- return AppArmorRestoreSecurityImageLabel(mgr, def, disk->src);
-}
/* Called when hotplugging */
static int
static int
AppArmorSetSecurityImageLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
- virStorageSourcePtr src)
+ virStorageSourcePtr src,
+ virSecurityDomainImageLabelFlags flags ATTRIBUTE_UNUSED)
{
int rc = -1;
char *profile_name = NULL;
return rc;
}
-static int
-AppArmorSetSecurityDiskLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def,
- virDomainDiskDefPtr disk)
-{
- return AppArmorSetSecurityImageLabel(mgr, def, disk->src);
-}
-
static int
AppArmorSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr def)
.domainSecurityVerify = AppArmorSecurityVerify,
- .domainSetSecurityDiskLabel = AppArmorSetSecurityDiskLabel,
- .domainRestoreSecurityDiskLabel = AppArmorRestoreSecurityDiskLabel,
-
.domainSetSecurityImageLabel = AppArmorSetSecurityImageLabel,
.domainRestoreSecurityImageLabel = AppArmorRestoreSecurityImageLabel,
static int
virSecurityDACSetImageLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
- virStorageSourcePtr src)
+ virStorageSourcePtr src,
+ virSecurityDomainImageLabelFlags flags)
{
- return virSecurityDACSetImageLabelInternal(mgr, def, src, NULL);
-}
-
-static int
-virSecurityDACSetDiskLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def,
- virDomainDiskDefPtr disk)
+ virStorageSourcePtr n;
-{
- virStorageSourcePtr next;
-
- for (next = disk->src; virStorageSourceIsBacking(next); next = next->backingStore) {
- if (virSecurityDACSetImageLabelInternal(mgr, def, next, disk->src) < 0)
+ for (n = src; virStorageSourceIsBacking(n); n = n->backingStore) {
+ if (virSecurityDACSetImageLabelInternal(mgr, def, n, src) < 0)
return -1;
+
+ if (!(flags & VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN))
+ break;
}
return 0;
static int
virSecurityDACRestoreImageLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
- virStorageSourcePtr src)
+ virStorageSourcePtr src,
+ virSecurityDomainImageLabelFlags flags ATTRIBUTE_UNUSED)
{
return virSecurityDACRestoreImageLabelInt(mgr, def, src, false);
}
-static int
-virSecurityDACRestoreDiskLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def,
- virDomainDiskDefPtr disk)
-{
- return virSecurityDACRestoreImageLabelInt(mgr, def, disk->src, false);
-}
-
-
static int
virSecurityDACSetHostdevLabelHelper(const char *file,
void *opaque)
/* XXX fixme - we need to recursively label the entire tree :-( */
if (virDomainDiskGetType(def->disks[i]) == VIR_STORAGE_TYPE_DIR)
continue;
- if (virSecurityDACSetDiskLabel(mgr,
- def,
- def->disks[i]) < 0)
+ if (virSecurityDACSetImageLabel(mgr, def, def->disks[i]->src,
+ VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN) < 0)
return -1;
}
.domainSecurityVerify = virSecurityDACVerify,
- .domainSetSecurityDiskLabel = virSecurityDACSetDiskLabel,
- .domainRestoreSecurityDiskLabel = virSecurityDACRestoreDiskLabel,
-
.domainSetSecurityImageLabel = virSecurityDACSetImageLabel,
.domainRestoreSecurityImageLabel = virSecurityDACRestoreImageLabel,
bool lock);
typedef void (*virSecurityDriverTransactionAbort) (virSecurityManagerPtr mgr);
-typedef int (*virSecurityDomainRestoreDiskLabel) (virSecurityManagerPtr mgr,
- virDomainDefPtr def,
- virDomainDiskDefPtr disk);
typedef int (*virSecurityDomainSetDaemonSocketLabel)(virSecurityManagerPtr mgr,
virDomainDefPtr vm);
typedef int (*virSecurityDomainSetSocketLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def);
typedef int (*virSecurityDomainClearSocketLabel)(virSecurityManagerPtr mgr,
virDomainDefPtr def);
-typedef int (*virSecurityDomainSetDiskLabel) (virSecurityManagerPtr mgr,
- virDomainDefPtr def,
- virDomainDiskDefPtr disk);
typedef int (*virSecurityDomainRestoreHostdevLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
virDomainHostdevDefPtr dev,
typedef int (*virSecurityDomainSetHugepages) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
const char *path);
+
typedef int (*virSecurityDomainSetImageLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
- virStorageSourcePtr src);
+ virStorageSourcePtr src,
+ virSecurityDomainImageLabelFlags flags);
typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
- virStorageSourcePtr src);
+ virStorageSourcePtr src,
+ virSecurityDomainImageLabelFlags flags);
typedef int (*virSecurityDomainSetMemoryLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
virDomainMemoryDefPtr mem);
virSecurityDomainSecurityVerify domainSecurityVerify;
- virSecurityDomainSetDiskLabel domainSetSecurityDiskLabel;
- virSecurityDomainRestoreDiskLabel domainRestoreSecurityDiskLabel;
-
virSecurityDomainSetImageLabel domainSetSecurityImageLabel;
virSecurityDomainRestoreImageLabel domainRestoreSecurityImageLabel;
virDomainDefPtr vm,
virDomainDiskDefPtr disk)
{
- if (mgr->drv->domainRestoreSecurityDiskLabel) {
+ if (mgr->drv->domainRestoreSecurityImageLabel) {
int ret;
virObjectLock(mgr);
- ret = mgr->drv->domainRestoreSecurityDiskLabel(mgr, vm, disk);
+ ret = mgr->drv->domainRestoreSecurityImageLabel(mgr, vm, disk->src,
+ VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN);
virObjectUnlock(mgr);
return ret;
}
* @mgr: security manager object
* @vm: domain definition object
* @src: disk source definition to operate on
+ * @flags: bitwise or of 'virSecurityDomainImageLabelFlags'
*
- * Removes security label from a single storage image.
+ * Removes security label from @src according to @flags.
*
* Returns: 0 on success, -1 on error.
*/
int
virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
- virStorageSourcePtr src)
+ virStorageSourcePtr src,
+ virSecurityDomainImageLabelFlags flags)
{
if (mgr->drv->domainRestoreSecurityImageLabel) {
int ret;
virObjectLock(mgr);
- ret = mgr->drv->domainRestoreSecurityImageLabel(mgr, vm, src);
+ ret = mgr->drv->domainRestoreSecurityImageLabel(mgr, vm, src, flags);
virObjectUnlock(mgr);
return ret;
}
virDomainDefPtr vm,
virDomainDiskDefPtr disk)
{
- if (mgr->drv->domainSetSecurityDiskLabel) {
+ if (mgr->drv->domainSetSecurityImageLabel) {
int ret;
virObjectLock(mgr);
- ret = mgr->drv->domainSetSecurityDiskLabel(mgr, vm, disk);
+ ret = mgr->drv->domainSetSecurityImageLabel(mgr, vm, disk->src,
+ VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN);
virObjectUnlock(mgr);
return ret;
}
* @mgr: security manager object
* @vm: domain definition object
* @src: disk source definition to operate on
+ * @flags: bitwise or of 'virSecurityDomainImageLabelFlags'
*
- * Labels a single storage image with the configured security label.
+ * Labels a storage image with the configured security label according to @flags.
*
* Returns: 0 on success, -1 on error.
*/
int
virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
- virStorageSourcePtr src)
+ virStorageSourcePtr src,
+ virSecurityDomainImageLabelFlags flags)
{
if (mgr->drv->domainSetSecurityImageLabel) {
int ret;
virObjectLock(mgr);
- ret = mgr->drv->domainSetSecurityImageLabel(mgr, vm, src);
+ ret = mgr->drv->domainSetSecurityImageLabel(mgr, vm, src, flags);
virObjectUnlock(mgr);
return ret;
}
virDomainDefPtr vm);
virSecurityManagerPtr* virSecurityManagerGetNested(virSecurityManagerPtr mgr);
+typedef enum {
+ VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN = 1 << 0,
+} virSecurityDomainImageLabelFlags;
+
int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
- virStorageSourcePtr src);
+ virStorageSourcePtr src,
+ virSecurityDomainImageLabelFlags flags);
int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
- virStorageSourcePtr src);
+ virStorageSourcePtr src,
+ virSecurityDomainImageLabelFlags flags);
int virSecurityManagerSetMemoryLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
return "0";
}
-static int
-virSecurityDomainRestoreDiskLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainDefPtr vm ATTRIBUTE_UNUSED,
- virDomainDiskDefPtr disk ATTRIBUTE_UNUSED)
-{
- return 0;
-}
-
static int
virSecurityDomainSetDaemonSocketLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr vm ATTRIBUTE_UNUSED)
return 0;
}
-static int
-virSecurityDomainSetDiskLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainDefPtr vm ATTRIBUTE_UNUSED,
- virDomainDiskDefPtr disk ATTRIBUTE_UNUSED)
-{
- return 0;
-}
-
static int
virSecurityDomainRestoreHostdevLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr vm ATTRIBUTE_UNUSED,
static int
virSecurityDomainRestoreImageLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr def ATTRIBUTE_UNUSED,
- virStorageSourcePtr src ATTRIBUTE_UNUSED)
+ virStorageSourcePtr src ATTRIBUTE_UNUSED,
+ virSecurityDomainImageLabelFlags flags ATTRIBUTE_UNUSED)
{
return 0;
}
static int
virSecurityDomainSetImageLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr def ATTRIBUTE_UNUSED,
- virStorageSourcePtr src ATTRIBUTE_UNUSED)
+ virStorageSourcePtr src ATTRIBUTE_UNUSED,
+ virSecurityDomainImageLabelFlags flags ATTRIBUTE_UNUSED)
{
return 0;
}
.domainSecurityVerify = virSecurityDomainVerifyNop,
- .domainSetSecurityDiskLabel = virSecurityDomainSetDiskLabelNop,
- .domainRestoreSecurityDiskLabel = virSecurityDomainRestoreDiskLabelNop,
-
.domainSetSecurityImageLabel = virSecurityDomainSetImageLabelNop,
.domainRestoreSecurityImageLabel = virSecurityDomainRestoreImageLabelNop,
}
-static int
-virSecuritySELinuxRestoreDiskLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def,
- virDomainDiskDefPtr disk)
-{
- return virSecuritySELinuxRestoreImageLabelInt(mgr, def, disk->src,
- false);
-}
-
-
static int
virSecuritySELinuxRestoreImageLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
- virStorageSourcePtr src)
+ virStorageSourcePtr src,
+ virSecurityDomainImageLabelFlags flags ATTRIBUTE_UNUSED)
{
return virSecuritySELinuxRestoreImageLabelInt(mgr, def, src, false);
}
static int
virSecuritySELinuxSetImageLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
- virStorageSourcePtr src)
-{
- return virSecuritySELinuxSetImageLabelInternal(mgr, def, src, NULL);
-}
-
-
-static int
-virSecuritySELinuxSetDiskLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def,
- virDomainDiskDefPtr disk)
-
+ virStorageSourcePtr src,
+ virSecurityDomainImageLabelFlags flags)
{
- virStorageSourcePtr next;
+ virStorageSourcePtr n;
- for (next = disk->src; virStorageSourceIsBacking(next); next = next->backingStore) {
- if (virSecuritySELinuxSetImageLabelInternal(mgr, def, next, disk->src) < 0)
+ for (n = src; virStorageSourceIsBacking(n); n = n->backingStore) {
+ if (virSecuritySELinuxSetImageLabelInternal(mgr, def, n, src) < 0)
return -1;
+
+ if (!(flags & VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN))
+ break;
}
return 0;
}
+
static int
virSecuritySELinuxSetHostdevLabelHelper(const char *file, void *opaque)
{
def->disks[i]->dst);
continue;
}
- if (virSecuritySELinuxSetDiskLabel(mgr,
- def, def->disks[i]) < 0)
+ if (virSecuritySELinuxSetImageLabel(mgr, def, def->disks[i]->src,
+ VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN) < 0)
return -1;
}
/* XXX fixme process def->fss if relabel == true */
.domainSecurityVerify = virSecuritySELinuxVerify,
- .domainSetSecurityDiskLabel = virSecuritySELinuxSetDiskLabel,
- .domainRestoreSecurityDiskLabel = virSecuritySELinuxRestoreDiskLabel,
-
.domainSetSecurityImageLabel = virSecuritySELinuxSetImageLabel,
.domainRestoreSecurityImageLabel = virSecuritySELinuxRestoreImageLabel,
}
-static int
-virSecurityStackSetDiskLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr vm,
- virDomainDiskDefPtr disk)
-{
- virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
- virSecurityStackItemPtr item = priv->itemsHead;
- int rc = 0;
-
- for (; item; item = item->next) {
- if (virSecurityManagerSetDiskLabel(item->securityManager, vm, disk) < 0)
- rc = -1;
- }
-
- return rc;
-}
-
-
-static int
-virSecurityStackRestoreDiskLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr vm,
- virDomainDiskDefPtr disk)
-{
- virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
- virSecurityStackItemPtr item = priv->itemsHead;
- int rc = 0;
-
- for (; item; item = item->next) {
- if (virSecurityManagerRestoreDiskLabel(item->securityManager, vm, disk) < 0)
- rc = -1;
- }
-
- return rc;
-}
-
-
static int
virSecurityStackSetHostdevLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
static int
virSecurityStackSetImageLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
- virStorageSourcePtr src)
+ virStorageSourcePtr src,
+ virSecurityDomainImageLabelFlags flags)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
virSecurityStackItemPtr item = priv->itemsHead;
int rc = 0;
for (; item; item = item->next) {
- if (virSecurityManagerSetImageLabel(item->securityManager, vm, src) < 0)
+ if (virSecurityManagerSetImageLabel(item->securityManager, vm, src,
+ flags) < 0)
rc = -1;
}
static int
virSecurityStackRestoreImageLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
- virStorageSourcePtr src)
+ virStorageSourcePtr src,
+ virSecurityDomainImageLabelFlags flags)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
virSecurityStackItemPtr item = priv->itemsHead;
for (; item; item = item->next) {
if (virSecurityManagerRestoreImageLabel(item->securityManager,
- vm, src) < 0)
+ vm, src, flags) < 0)
rc = -1;
}
.domainSecurityVerify = virSecurityStackVerify,
- .domainSetSecurityDiskLabel = virSecurityStackSetDiskLabel,
- .domainRestoreSecurityDiskLabel = virSecurityStackRestoreDiskLabel,
-
.domainSetSecurityImageLabel = virSecurityStackSetImageLabel,
.domainRestoreSecurityImageLabel = virSecurityStackRestoreImageLabel,
projects / thirdparty / libvirt.git / commitdiff
