qemu: security: Add 'backingChain' flag to qemuSecurity[Set|Restore]ImageLabel

author Peter Krempa <pkrempa@redhat.com>

Wed, 23 Jan 2019 12:37:00 +0000 (13:37 +0100)

committer Peter Krempa <pkrempa@redhat.com>

Wed, 30 Jan 2019 16:20:38 +0000 (17:20 +0100)
author Peter Krempa <pkrempa@redhat.com>
Wed, 23 Jan 2019 12:37:00 +0000 (13:37 +0100)
committer Peter Krempa <pkrempa@redhat.com>
Wed, 30 Jan 2019 16:20:38 +0000 (17:20 +0100)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c

index bbf3802628da6a7f29ede5b39bbffaad6ebb6565..d6bf8b4b6e0c58b56f3eaeee571c40200efe1ee5 100644 (file)
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -9174,7 +9174,7 @@ qemuDomainDiskChainElementRevoke(virQEMUDriverPtr driver,
          VIR_WARN("Failed to teardown cgroup for disk path %s",
                   NULLSTR(elem->path));
  
-    if (qemuSecurityRestoreImageLabel(driver, vm, elem) < 0)
+    if (qemuSecurityRestoreImageLabel(driver, vm, elem, false) < 0)
          VIR_WARN("Unable to restore security label on %s", NULLSTR(elem->path));
  
      if (qemuDomainNamespaceTeardownDisk(vm, elem) < 0)
@@ -9225,7 +9225,7 @@ qemuDomainDiskChainElementPrepare(virQEMUDriverPtr driver,
      if (qemuSetupImageCgroup(vm, elem) < 0)
          goto cleanup;
  
-    if (qemuSecuritySetImageLabel(driver, vm, elem) < 0)
+    if (qemuSecuritySetImageLabel(driver, vm, elem, false) < 0)
          goto cleanup;
  
      ret = 0;
diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c

index 90d1293e522185965d13a4463d9c1de6f1470402..2bc21b55a4e37b73cad2b4cc0e6080670ddb1cb2 100644 (file)
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -157,11 +157,16 @@ qemuSecurityRestoreDiskLabel(virQEMUDriverPtr driver,
  int
  qemuSecuritySetImageLabel(virQEMUDriverPtr driver,
                            virDomainObjPtr vm,
-                          virStorageSourcePtr src)
+                          virStorageSourcePtr src,
+                          bool backingChain)
  {
      qemuDomainObjPrivatePtr priv = vm->privateData;
      pid_t pid = -1;
      int ret = -1;
+    virSecurityDomainImageLabelFlags labelFlags = 0;
+
+    if (backingChain)
+        labelFlags |= VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN;
  
      if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
          pid = vm->pid;
@@ -170,7 +175,7 @@ qemuSecuritySetImageLabel(virQEMUDriverPtr driver,
          goto cleanup;
  
      if (virSecurityManagerSetImageLabel(driver->securityManager,
-                                        vm->def, src, 0) < 0)
+                                        vm->def, src, labelFlags) < 0)
          goto cleanup;
  
      if (virSecurityManagerTransactionCommit(driver->securityManager,
@@ -187,11 +192,16 @@ qemuSecuritySetImageLabel(virQEMUDriverPtr driver,
  int
  qemuSecurityRestoreImageLabel(virQEMUDriverPtr driver,
                                virDomainObjPtr vm,
-                              virStorageSourcePtr src)
+                              virStorageSourcePtr src,
+                              bool backingChain)
  {
      qemuDomainObjPrivatePtr priv = vm->privateData;
      pid_t pid = -1;
      int ret = -1;
+    virSecurityDomainImageLabelFlags labelFlags = 0;
+
+    if (backingChain)
+        labelFlags |= VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN;
  
      if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
          pid = vm->pid;
@@ -200,7 +210,7 @@ qemuSecurityRestoreImageLabel(virQEMUDriverPtr driver,
          goto cleanup;
  
      if (virSecurityManagerRestoreImageLabel(driver->securityManager,
-                                            vm->def, src, 0) < 0)
+                                            vm->def, src, labelFlags) < 0)
          goto cleanup;
  
      if (virSecurityManagerTransactionCommit(driver->securityManager,
diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h

index 5b4fe6eb8f165f8e49c94ea0c16c31e20e13abdc..2a916f51692b99942f927a9fab49969d4bc9dbbb 100644 (file)
--- a/src/qemu/qemu_security.h
+++ b/src/qemu/qemu_security.h
@@ -44,11 +44,13 @@ int qemuSecurityRestoreDiskLabel(virQEMUDriverPtr driver,
  
  int qemuSecuritySetImageLabel(virQEMUDriverPtr driver,
                                virDomainObjPtr vm,
-                              virStorageSourcePtr src);
+                              virStorageSourcePtr src,
+                              bool backingChain);
  
  int qemuSecurityRestoreImageLabel(virQEMUDriverPtr driver,
                                    virDomainObjPtr vm,
-                                  virStorageSourcePtr src);
+                                  virStorageSourcePtr src,
+                                  bool backingChain);
  
  int qemuSecuritySetHostdevLabel(virQEMUDriverPtr driver,
                                  virDomainObjPtr vm,
author	Peter Krempa <pkrempa@redhat.com>
	Wed, 23 Jan 2019 12:37:00 +0000 (13:37 +0100)
committer	Peter Krempa <pkrempa@redhat.com>
	Wed, 30 Jan 2019 16:20:38 +0000 (17:20 +0100)
src/qemu/qemu_domain.c		patch \| blob \| blame \| history
src/qemu/qemu_security.c		patch \| blob \| blame \| history
src/qemu/qemu_security.h		patch \| blob \| blame \| history