security_selinux: Implement virSecurityManagerMoveImageMetadata

author Michal Privoznik <mprivozn@redhat.com>

Thu, 21 Mar 2019 15:21:27 +0000 (16:21 +0100)

committer Michal Privoznik <mprivozn@redhat.com>

Wed, 3 Jul 2019 06:36:04 +0000 (08:36 +0200)
author Michal Privoznik <mprivozn@redhat.com>
Thu, 21 Mar 2019 15:21:27 +0000 (16:21 +0100)
committer Michal Privoznik <mprivozn@redhat.com>
Wed, 3 Jul 2019 06:36:04 +0000 (08:36 +0200)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c

index cb460048965184aa50c06834415239996f7773c3..ea20373a900dd6d2a7939f6636bcbed91a897279 100644 (file)
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1926,6 +1926,62 @@ virSecuritySELinuxSetImageLabel(virSecurityManagerPtr mgr,
  }
  
  
+struct virSecuritySELinuxMoveImageMetadataData {
+    virSecurityManagerPtr mgr;
+    const char *src;
+    const char *dst;
+};
+
+
+static int
+virSecuritySELinuxMoveImageMetadataHelper(pid_t pid ATTRIBUTE_UNUSED,
+                                          void *opaque)
+{
+    struct virSecuritySELinuxMoveImageMetadataData *data = opaque;
+    const char *paths[2] = { data->src, data->dst };
+    virSecurityManagerMetadataLockStatePtr state;
+    int ret;
+
+    if (!(state = virSecurityManagerMetadataLock(data->mgr, paths, ARRAY_CARDINALITY(paths))))
+        return -1;
+
+    ret = virSecurityMoveRememberedLabel(SECURITY_SELINUX_NAME, data->src, data->dst);
+    virSecurityManagerMetadataUnlock(data->mgr, &state);
+    return ret;
+}
+
+
+static int
+virSecuritySELinuxMoveImageMetadata(virSecurityManagerPtr mgr,
+                                    pid_t pid,
+                                    virStorageSourcePtr src,
+                                    virStorageSourcePtr dst)
+{
+    struct virSecuritySELinuxMoveImageMetadataData data = { .mgr = mgr, 0 };
+    int rc;
+
+    if (src && virStorageSourceIsLocalStorage(src))
+        data.src = src->path;
+
+    if (dst && virStorageSourceIsLocalStorage(dst))
+        data.dst = dst->path;
+
+    if (!data.src)
+        return 0;
+
+    if (pid == -1) {
+        rc = virProcessRunInFork(virSecuritySELinuxMoveImageMetadataHelper,
+                                 &data);
+    } else {
+        rc = virProcessRunInMountNamespace(pid,
+                                           virSecuritySELinuxMoveImageMetadataHelper,
+                                           &data);
+    }
+
+    return rc;
+}
+
+
  static int
  virSecuritySELinuxSetHostdevLabelHelper(const char *file, void *opaque)
  {
@@ -3475,6 +3531,7 @@ virSecurityDriver virSecurityDriverSELinux = {
  
      .domainSetSecurityImageLabel        = virSecuritySELinuxSetImageLabel,
      .domainRestoreSecurityImageLabel    = virSecuritySELinuxRestoreImageLabel,
+    .domainMoveImageMetadata            = virSecuritySELinuxMoveImageMetadata,
  
      .domainSetSecurityMemoryLabel       = virSecuritySELinuxSetMemoryLabel,
      .domainRestoreSecurityMemoryLabel   = virSecuritySELinuxRestoreMemoryLabel,
author	Michal Privoznik <mprivozn@redhat.com>
	Thu, 21 Mar 2019 15:21:27 +0000 (16:21 +0100)
committer	Michal Privoznik <mprivozn@redhat.com>
	Wed, 3 Jul 2019 06:36:04 +0000 (08:36 +0200)