security: Relabel virtio-pmem

Just like with NVDIMM model, we have to relabel the path to
virtio-pmem so that QEMU can access it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>

diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 1d828ce0d84fa444cc82f2c8f7519f9e1d6bbee7..29f0956d22cd67f1ca934289578082bfacce427a 100644 (file)
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -683,6 +683,7 @@ AppArmorSetMemoryLabel(virSecurityManagerPtr mgr,
 {
     switch (mem->model) {
     case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+    case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
         if (!virFileExists(mem->nvdimmPath)) {
             virReportError(VIR_ERR_INTERNAL_ERROR,
                            _("%s: \'%s\' does not exist"),
@@ -690,7 +691,6 @@ AppArmorSetMemoryLabel(virSecurityManagerPtr mgr,
             return -1;
         }
         return reload_profile(mgr, def, mem->nvdimmPath, true);
-    case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
     case VIR_DOMAIN_MEMORY_MODEL_NONE:
     case VIR_DOMAIN_MEMORY_MODEL_DIMM:
     case VIR_DOMAIN_MEMORY_MODEL_LAST:

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 0acdc2a52d06b340632f43f3bc4e15c5284d7388..71d58758c41676f0288e5524b9fef60b846458f4 100644 (file)
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1889,10 +1889,10 @@ virSecurityDACRestoreMemoryLabel(virSecurityManagerPtr mgr,
 
     switch (mem->model) {
     case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+    case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
         ret = virSecurityDACRestoreFileLabel(mgr, mem->nvdimmPath);
         break;
 
-    case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
     case VIR_DOMAIN_MEMORY_MODEL_DIMM:
     case VIR_DOMAIN_MEMORY_MODEL_LAST:
     case VIR_DOMAIN_MEMORY_MODEL_NONE:
@@ -2063,6 +2063,7 @@ virSecurityDACSetMemoryLabel(virSecurityManagerPtr mgr,
 
     switch (mem->model) {
     case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+    case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
         seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
         if (seclabel && !seclabel->relabel)
             return 0;
@@ -2075,7 +2076,6 @@ virSecurityDACSetMemoryLabel(virSecurityManagerPtr mgr,
                                          user, group, true);
         break;
 
-    case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
     case VIR_DOMAIN_MEMORY_MODEL_DIMM:
     case VIR_DOMAIN_MEMORY_MODEL_LAST:
     case VIR_DOMAIN_MEMORY_MODEL_NONE:

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index bbffbccb17b4d5b38e11acf2aebed23e8f7aa345..3563dbfb86a57ab41528ddcdb5b4b7b943d6a65a 100644 (file)
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1572,6 +1572,7 @@ virSecuritySELinuxSetMemoryLabel(virSecurityManagerPtr mgr,
 
     switch (mem->model) {
     case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+    case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
         seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
         if (!seclabel || !seclabel->relabel)
             return 0;
@@ -1581,7 +1582,6 @@ virSecuritySELinuxSetMemoryLabel(virSecurityManagerPtr mgr,
             return -1;
         break;
 
-    case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
     case VIR_DOMAIN_MEMORY_MODEL_NONE:
     case VIR_DOMAIN_MEMORY_MODEL_DIMM:
     case VIR_DOMAIN_MEMORY_MODEL_LAST:
@@ -1602,6 +1602,7 @@ virSecuritySELinuxRestoreMemoryLabel(virSecurityManagerPtr mgr,
 
     switch (mem->model) {
     case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+    case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
         seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
         if (!seclabel || !seclabel->relabel)
             return 0;
@@ -1609,7 +1610,6 @@ virSecuritySELinuxRestoreMemoryLabel(virSecurityManagerPtr mgr,
         ret = virSecuritySELinuxRestoreFileLabel(mgr, mem->nvdimmPath, true);
         break;
 
-    case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
     case VIR_DOMAIN_MEMORY_MODEL_DIMM:
     case VIR_DOMAIN_MEMORY_MODEL_NONE:
     case VIR_DOMAIN_MEMORY_MODEL_LAST: