security: Pass @migrated to virSecurityManagerSetAllLabel

In upcoming commits, virSecurityManagerSetAllLabel() will perform
rollback in case of failure by calling
virSecurityManagerRestoreAllLabel(). But in order to do that, the
former needs to have @migrated argument so that it can be passed
to the latter.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>

diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c
index 318b4c16532501eaa697f1d991095f3502490558..bf01d517664178878fa180e4cfa1392bcd5d9a66 100644 (file)
--- a/src/lxc/lxc_process.c
+++ b/src/lxc/lxc_process.c
@@ -1346,7 +1346,7 @@ int virLXCProcessStart(virConnectPtr conn,
 
     VIR_DEBUG("Setting domain security labels");
     if (virSecurityManagerSetAllLabel(driver->securityManager,
-                                      vm->def, NULL, false) < 0)
+                                      vm->def, NULL, false, false) < 0)
         goto cleanup;
 
     VIR_DEBUG("Setting up consoles");

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index c6fac01adaf57cf8eef954ffd52a969cc1fc31b9..4135418c01500684c7efbe16d6a8dac4790d79b1 100644 (file)
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -6939,7 +6939,8 @@ qemuProcessLaunch(virConnectPtr conn,
     VIR_DEBUG("Setting domain security labels");
     if (qemuSecuritySetAllLabel(driver,
                                 vm,
-                                incoming ? incoming->path : NULL) < 0)
+                                incoming ? incoming->path : NULL,
+                                incoming != NULL) < 0)
         goto cleanup;
 
     /* Security manager labeled all devices, therefore

diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index 63808c2d174f446ab27bcc635c47ab5c287fc9c3..2aa2b5b9c653e6fb9333c99d2738814779a8277f 100644 (file)
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -32,7 +32,8 @@ VIR_LOG_INIT("qemu.qemu_process");
 int
 qemuSecuritySetAllLabel(virQEMUDriverPtr driver,
                         virDomainObjPtr vm,
-                        const char *stdin_path)
+                        const char *stdin_path,
+                        bool migrated)
 {
     int ret = -1;
     qemuDomainObjPrivatePtr priv = vm->privateData;
@@ -47,7 +48,8 @@ qemuSecuritySetAllLabel(virQEMUDriverPtr driver,
     if (virSecurityManagerSetAllLabel(driver->securityManager,
                                       vm->def,
                                       stdin_path,
-                                      priv->chardevStdioLogd) < 0)
+                                      priv->chardevStdioLogd,
+                                      migrated) < 0)
         goto cleanup;
 
     if (virSecurityManagerTransactionCommit(driver->securityManager,

diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
index c8a4bd8220bc5c110be3f686e31ec3bd6a0d4c89..a8c648ece1b272a80882e5fcdac16f455b9aa2e0 100644 (file)
--- a/src/qemu/qemu_security.h
+++ b/src/qemu/qemu_security.h
@@ -26,7 +26,8 @@
 
 int qemuSecuritySetAllLabel(virQEMUDriverPtr driver,
                             virDomainObjPtr vm,
-                            const char *stdin_path);
+                            const char *stdin_path,
+                            bool migrated);
 
 void qemuSecurityRestoreAllLabel(virQEMUDriverPtr driver,
                                  virDomainObjPtr vm,

diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 77eee9410c4bf2162a6c5db65fee404cf7ea819b..699590ee00b78d6b3119a8cc5b37f370fde69acd 100644 (file)
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -488,7 +488,8 @@ static int
 AppArmorSetSecurityAllLabel(virSecurityManagerPtr mgr,
                             virDomainDefPtr def,
                             const char *stdin_path,
-                            bool chardevStdioLogd ATTRIBUTE_UNUSED)
+                            bool chardevStdioLogd ATTRIBUTE_UNUSED,
+                            bool migrated ATTRIBUTE_UNUSED)
 {
     virSecurityLabelDefPtr secdef = virDomainDefGetSecurityLabelDef(def,
                                                     SECURITY_APPARMOR_NAME);

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index d6d0a8299b966b13990ac561f6820759b0c35fa5..4270d5409f180a6b0070f9c2b3905f4aac6a3137 100644 (file)
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -2053,7 +2053,8 @@ static int
 virSecurityDACSetAllLabel(virSecurityManagerPtr mgr,
                           virDomainDefPtr def,
                           const char *stdin_path ATTRIBUTE_UNUSED,
-                          bool chardevStdioLogd)
+                          bool chardevStdioLogd,
+                          bool migrated ATTRIBUTE_UNUSED)
 {
     virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
     virSecurityLabelDefPtr secdef;

diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index b4ffed29ec914027ad5c5cedfe117f9ff48c3e32..33539558138d828c39d6af1de2c3de30cc4b30a4 100644 (file)
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -83,7 +83,8 @@ typedef int (*virSecurityDomainReleaseLabel) (virSecurityManagerPtr mgr,
 typedef int (*virSecurityDomainSetAllLabel) (virSecurityManagerPtr mgr,
                                              virDomainDefPtr sec,
                                              const char *stdin_path,
-                                             bool chardevStdioLogd);
+                                             bool chardevStdioLogd,
+                                             bool migrated);
 typedef int (*virSecurityDomainRestoreAllLabel) (virSecurityManagerPtr mgr,
                                                  virDomainDefPtr def,
                                                  bool migrated,

diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 7f187c9068b61b254800b00bb739acd6f1a5293c..bb083ba9c80d1fc75ade2211e9d4a501e0c8ab50 100644 (file)
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -852,13 +852,15 @@ int
 virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr,
                               virDomainDefPtr vm,
                               const char *stdin_path,
-                              bool chardevStdioLogd)
+                              bool chardevStdioLogd,
+                              bool migrated)
 {
     if (mgr->drv->domainSetSecurityAllLabel) {
         int ret;
         virObjectLock(mgr);
         ret = mgr->drv->domainSetSecurityAllLabel(mgr, vm, stdin_path,
-                                                  chardevStdioLogd);
+                                                  chardevStdioLogd,
+                                                  migrated);
         virObjectUnlock(mgr);
         return ret;
     }

diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index 0d2375b2637f0ca7f4b65e783e5ca30eda1d9c17..1d4928fae374f87513b025c611a79fde129f3b6a 100644 (file)
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -121,7 +121,8 @@ int virSecurityManagerCheckAllLabel(virSecurityManagerPtr mgr,
 int virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr,
                                   virDomainDefPtr sec,
                                   const char *stdin_path,
-                                  bool chardevStdioLogd);
+                                  bool chardevStdioLogd,
+                                  bool migrated);
 int virSecurityManagerRestoreAllLabel(virSecurityManagerPtr mgr,
                                       virDomainDefPtr def,
                                       bool migrated,

diff --git a/src/security/security_nop.c b/src/security/security_nop.c
index 966b9d41a158a4d8b4ba390e3aab2d369096585c..96cdac03d896d2430da3575de6687e68ededddee 100644 (file)
--- a/src/security/security_nop.c
+++ b/src/security/security_nop.c
@@ -136,7 +136,8 @@ static int
 virSecurityDomainSetAllLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
                                 virDomainDefPtr sec ATTRIBUTE_UNUSED,
                                 const char *stdin_path ATTRIBUTE_UNUSED,
-                                bool chardevStdioLogd ATTRIBUTE_UNUSED)
+                                bool chardevStdioLogd ATTRIBUTE_UNUSED,
+                                bool migrated ATTRIBUTE_UNUSED)
 {
     return 0;
 }

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 6e6b758497b70e72e5f786aef13686e0145da2d7..ac8b7ae26494f1f8870d19b1dfa3b2f0f3970a55 100644 (file)
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -3133,7 +3133,8 @@ static int
 virSecuritySELinuxSetAllLabel(virSecurityManagerPtr mgr,
                               virDomainDefPtr def,
                               const char *stdin_path,
-                              bool chardevStdioLogd)
+                              bool chardevStdioLogd,
+                              bool migrated ATTRIBUTE_UNUSED)
 {
     size_t i;
     virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);

diff --git a/src/security/security_stack.c b/src/security/security_stack.c
index d445c0773e6aad5c4f6704dab4d6bfd7a9b69c98..dd055075cbad1fb46d34bf2f54b6fcfd9ba63ed8 100644 (file)
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -316,7 +316,8 @@ static int
 virSecurityStackSetAllLabel(virSecurityManagerPtr mgr,
                             virDomainDefPtr vm,
                             const char *stdin_path,
-                            bool chardevStdioLogd)
+                            bool chardevStdioLogd,
+                            bool migrated)
 {
     virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
     virSecurityStackItemPtr item = priv->itemsHead;
@@ -324,7 +325,8 @@ virSecurityStackSetAllLabel(virSecurityManagerPtr mgr,
 
     for (; item; item = item->next) {
         if (virSecurityManagerSetAllLabel(item->securityManager, vm,
-                                          stdin_path, chardevStdioLogd) < 0)
+                                          stdin_path, chardevStdioLogd,
+                                          migrated) < 0)
             rc = -1;
     }
 

diff --git a/tests/qemusecuritytest.c b/tests/qemusecuritytest.c
index 2d88979168d158ca1f415c2acb81ba0e106e67a5..9efc15c10527f389cb2709c5df8b96491e8baa5f 100644 (file)
--- a/tests/qemusecuritytest.c
+++ b/tests/qemusecuritytest.c
@@ -116,7 +116,7 @@ testDomain(const void *opaque)
     if (setenv(ENVVAR, "1", 0) < 0)
         return -1;
 
-    if (qemuSecuritySetAllLabel(data->driver, vm, NULL) < 0)
+    if (qemuSecuritySetAllLabel(data->driver, vm, NULL, false) < 0)
         goto cleanup;
 
     qemuSecurityRestoreAllLabel(data->driver, vm, false);

diff --git a/tests/securityselinuxlabeltest.c b/tests/securityselinuxlabeltest.c
index 8c3cb29c418b26448abaae53fbdf9ead1abe64a5..6f9b5c0e70dac454e5c4dadbf37baed371db1458 100644 (file)
--- a/tests/securityselinuxlabeltest.c
+++ b/tests/securityselinuxlabeltest.c
@@ -310,7 +310,7 @@ testSELinuxLabeling(const void *opaque)
     if (!(def = testSELinuxLoadDef(testname)))
         goto cleanup;
 
-    if (virSecurityManagerSetAllLabel(mgr, def, NULL, false) < 0)
+    if (virSecurityManagerSetAllLabel(mgr, def, NULL, false, false) < 0)
         goto cleanup;
 
     if (testSELinuxCheckLabels(files, nfiles) < 0)