virSecurityManagerCheckAllLabel;
virSecurityManagerClearSocketLabel;
virSecurityManagerDomainSetPathLabel;
+virSecurityManagerDomainSetPathLabelRO;
virSecurityManagerGenLabel;
virSecurityManagerGetBaseLabel;
virSecurityManagerGetDOI;
virDomainDefPtr def,
const char *path,
bool allowSubtree);
+typedef int (*virSecurityDomainSetPathLabelRO) (virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ const char *path);
typedef int (*virSecurityDomainSetChardevLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
virDomainChrSourceDefPtr dev_source,
virSecurityDriverGetBaseLabel getBaseLabel;
virSecurityDomainSetPathLabel domainSetPathLabel;
+ virSecurityDomainSetPathLabelRO domainSetPathLabelRO;
virSecurityDomainSetChardevLabel domainSetSecurityChardevLabel;
virSecurityDomainRestoreChardevLabel domainRestoreSecurityChardevLabel;
}
+/**
+ * virSecurityManagerDomainSetPathLabelRO:
+ * @mgr: security manager object
+ * @vm: domain definition object
+ * @path: path to label
+ *
+ * This function relabels given @path for read only access, which
+ * is in contrast with virSecurityManagerDomainSetPathLabel() which
+ * gives read write access.
+ *
+ * Returns: 0 on success, -1 on error.
+ */
+int
+virSecurityManagerDomainSetPathLabelRO(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ const char *path)
+{
+ if (mgr->drv->domainSetPathLabelRO) {
+ int ret;
+ virObjectLock(mgr);
+ ret = mgr->drv->domainSetPathLabelRO(mgr, vm, path);
+ virObjectUnlock(mgr);
+ return ret;
+ }
+
+ return 0;
+}
+
+
/**
* virSecurityManagerSetMemoryLabel:
* @mgr: security manager object
const char *path,
bool allowSubtree);
+int virSecurityManagerDomainSetPathLabelRO(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ const char *path);
+
int virSecurityManagerSetChardevLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
virDomainChrSourceDefPtr dev_source,
return rc;
}
+
+static int
+virSecurityStackDomainSetPathLabelRO(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ const char *path)
+{
+ virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+ virSecurityStackItemPtr item = priv->itemsHead;
+ int rc = 0;
+
+ for (; item; item = item->next) {
+ if (virSecurityManagerDomainSetPathLabelRO(item->securityManager,
+ vm, path) < 0)
+ rc = -1;
+ }
+
+ return rc;
+}
+
+
static int
virSecurityStackDomainSetChardevLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
.getBaseLabel = virSecurityStackGetBaseLabel,
.domainSetPathLabel = virSecurityStackDomainSetPathLabel,
+ .domainSetPathLabelRO = virSecurityStackDomainSetPathLabelRO,
.domainSetSecurityChardevLabel = virSecurityStackDomainSetChardevLabel,
.domainRestoreSecurityChardevLabel = virSecurityStackDomainRestoreChardevLabel,
projects / thirdparty / libvirt.git / commitdiff
