const char *migrateFrom,
int stdin_fd);
-static void qemudShutdownVMDaemon(virConnectPtr conn,
- struct qemud_driver *driver,
+static void qemudShutdownVMDaemon(struct qemud_driver *driver,
virDomainObjPtr vm);
static int qemudDomainGetMaxVcpus(virDomainPtr dom);
VIR_DOMAIN_EVENT_STOPPED_FAILED :
VIR_DOMAIN_EVENT_STOPPED_SHUTDOWN);
- qemudShutdownVMDaemon(NULL, driver, vm);
+ qemudShutdownVMDaemon(driver, vm);
if (!vm->persistent)
virDomainRemoveInactive(&driver->domains, vm);
else
if (driver->securityDriver &&
driver->securityDriver->domainReserveSecurityLabel &&
- driver->securityDriver->domainReserveSecurityLabel(NULL, obj) < 0)
+ driver->securityDriver->domainReserveSecurityLabel(obj) < 0)
goto error;
if (obj->def->id >= driver->nextvmid)
/* We can't get the monitor back, so must kill the VM
* to remove danger of it ending up running twice if
* user tries to start it again later */
- qemudShutdownVMDaemon(NULL, driver, obj);
+ qemudShutdownVMDaemon(driver, obj);
if (!obj->persistent)
virDomainRemoveInactive(&driver->domains, obj);
else
if (h->driver->securityDriver &&
h->driver->securityDriver->domainSetSecurityProcessLabel &&
- h->driver->securityDriver->domainSetSecurityProcessLabel(h->conn, h->driver->securityDriver, h->vm) < 0)
+ h->driver->securityDriver->domainSetSecurityProcessLabel(h->driver->securityDriver, h->vm) < 0)
return -1;
return 0;
then generate a security label for isolation */
if (driver->securityDriver &&
driver->securityDriver->domainGenSecurityLabel &&
- driver->securityDriver->domainGenSecurityLabel(conn, vm) < 0)
+ driver->securityDriver->domainGenSecurityLabel(vm) < 0)
return -1;
if (driver->securityDriver &&
driver->securityDriver->domainSetSecurityAllLabel &&
- driver->securityDriver->domainSetSecurityAllLabel(conn, vm) < 0)
+ driver->securityDriver->domainSetSecurityAllLabel(vm) < 0)
goto cleanup;
/* Ensure no historical cgroup for this VM is lieing around bogus settings */
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityAllLabel)
- driver->securityDriver->domainRestoreSecurityAllLabel(conn, vm);
+ driver->securityDriver->domainRestoreSecurityAllLabel(vm);
if (driver->securityDriver &&
driver->securityDriver->domainReleaseSecurityLabel)
- driver->securityDriver->domainReleaseSecurityLabel(conn, vm);
+ driver->securityDriver->domainReleaseSecurityLabel(vm);
qemuRemoveCgroup(driver, vm, 0);
if ((vm->def->ngraphics == 1) &&
vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
abort:
/* We jump here if we failed to initialize the now running VM
* killing it off and pretend we never started it */
- qemudShutdownVMDaemon(conn, driver, vm);
+ qemudShutdownVMDaemon(driver, vm);
if (logfile != -1)
close(logfile);
}
-static void qemudShutdownVMDaemon(virConnectPtr conn,
- struct qemud_driver *driver,
+static void qemudShutdownVMDaemon(struct qemud_driver *driver,
virDomainObjPtr vm) {
int ret;
int retries = 0;
/* Reset Security Labels */
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityAllLabel)
- driver->securityDriver->domainRestoreSecurityAllLabel(conn, vm);
+ driver->securityDriver->domainRestoreSecurityAllLabel(vm);
if (driver->securityDriver &&
driver->securityDriver->domainReleaseSecurityLabel)
- driver->securityDriver->domainReleaseSecurityLabel(conn, vm);
+ driver->securityDriver->domainReleaseSecurityLabel(vm);
/* Clear out dynamically assigned labels */
if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
VIR_DOMAIN_XML_INACTIVE)))
goto cleanup;
- if (virSecurityDriverVerify(conn, def) < 0)
+ if (virSecurityDriverVerify(def) < 0)
goto cleanup;
if (virDomainObjIsDuplicate(&driver->domains, def, 1) < 0)
goto endjob;
}
- qemudShutdownVMDaemon(dom->conn, driver, vm);
+ qemudShutdownVMDaemon(driver, vm);
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STOPPED,
VIR_DOMAIN_EVENT_STOPPED_DESTROYED);
if (driver->securityDriver &&
driver->securityDriver->domainSetSavedStateLabel &&
- driver->securityDriver->domainSetSavedStateLabel(dom->conn, vm, path) == -1)
+ driver->securityDriver->domainSetSavedStateLabel(vm, path) == -1)
goto endjob;
if (header.compressed == QEMUD_SAVE_FORMAT_RAW) {
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSavedStateLabel &&
- driver->securityDriver->domainRestoreSavedStateLabel(dom->conn, vm, path) == -1)
+ driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1)
goto endjob;
ret = 0;
/* Shut it down */
- qemudShutdownVMDaemon(dom->conn, driver, vm);
+ qemudShutdownVMDaemon(driver, vm);
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STOPPED,
VIR_DOMAIN_EVENT_STOPPED_SAVED);
if (driver->securityDriver &&
driver->securityDriver->domainSetSavedStateLabel &&
- driver->securityDriver->domainSetSavedStateLabel(dom->conn, vm, path) == -1)
+ driver->securityDriver->domainSetSavedStateLabel(vm, path) == -1)
goto endjob;
/* Migrate will always stop the VM, so the resume condition is
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSavedStateLabel &&
- driver->securityDriver->domainRestoreSavedStateLabel(dom->conn, vm, path) == -1)
+ driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1)
goto endjob;
endjob:
if ((ret == 0) && (flags & VIR_DUMP_CRASH)) {
- qemudShutdownVMDaemon(dom->conn, driver, vm);
+ qemudShutdownVMDaemon(driver, vm);
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STOPPED,
VIR_DOMAIN_EVENT_STOPPED_CRASHED);
*/
if (virDomainObjIsActive(vm)) {
if (driver->securityDriver && driver->securityDriver->domainGetSecurityProcessLabel) {
- if (driver->securityDriver->domainGetSecurityProcessLabel(dom->conn, vm, seclabel) == -1) {
+ if (driver->securityDriver->domainGetSecurityProcessLabel(vm, seclabel) == -1) {
qemuReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("Failed to get security label"));
goto cleanup;
VIR_DOMAIN_XML_INACTIVE)))
goto cleanup;
- if (virSecurityDriverVerify(conn, def) < 0)
+ if (virSecurityDriverVerify(def) < 0)
goto cleanup;
if ((dupVM = virDomainObjIsDuplicate(&driver->domains, def, 0)) < 0)
}
-static int qemudDomainChangeEjectableMedia(virConnectPtr conn,
- struct qemud_driver *driver,
+static int qemudDomainChangeEjectableMedia(struct qemud_driver *driver,
virDomainObjPtr vm,
virDomainDiskDefPtr disk)
{
if (driver->securityDriver &&
driver->securityDriver->domainSetSecurityImageLabel &&
- driver->securityDriver->domainSetSecurityImageLabel(conn, vm, disk) < 0)
+ driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0)
return -1;
qemuDomainObjPrivatePtr priv = vm->privateData;
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityImageLabel &&
- driver->securityDriver->domainRestoreSecurityImageLabel(conn, vm, origdisk) < 0)
+ driver->securityDriver->domainRestoreSecurityImageLabel(vm, origdisk) < 0)
VIR_WARN("Unable to restore security label on ejected image %s", origdisk->src);
VIR_FREE(origdisk->src);
error:
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityImageLabel &&
- driver->securityDriver->domainRestoreSecurityImageLabel(conn, vm, disk) < 0)
+ driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
VIR_WARN("Unable to restore security label on new media %s", disk->src);
return -1;
}
if (driver->securityDriver &&
driver->securityDriver->domainSetSecurityImageLabel &&
- driver->securityDriver->domainSetSecurityImageLabel(NULL, vm, disk) < 0)
+ driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0)
return -1;
if (qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE) {
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityImageLabel &&
- driver->securityDriver->domainRestoreSecurityImageLabel(NULL, vm, disk) < 0)
+ driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
VIR_WARN("Unable to restore security label on %s", disk->src);
return -1;
if (driver->securityDriver &&
driver->securityDriver->domainSetSecurityImageLabel &&
- driver->securityDriver->domainSetSecurityImageLabel(NULL, vm, disk) < 0)
+ driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0)
return -1;
/* We should have an address already, so make sure */
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityImageLabel &&
- driver->securityDriver->domainRestoreSecurityImageLabel(NULL, vm, disk) < 0)
+ driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
VIR_WARN("Unable to restore security label on %s", disk->src);
return -1;
if (driver->securityDriver &&
driver->securityDriver->domainSetSecurityImageLabel &&
- driver->securityDriver->domainSetSecurityImageLabel(NULL, vm, disk) < 0)
+ driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0)
return -1;
if (!disk->src) {
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityImageLabel &&
- driver->securityDriver->domainRestoreSecurityImageLabel(NULL, vm, disk) < 0)
+ driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
VIR_WARN("Unable to restore security label on %s", disk->src);
return -1;
}
-static int qemudDomainAttachHostDevice(virConnectPtr conn,
- struct qemud_driver *driver,
+static int qemudDomainAttachHostDevice(struct qemud_driver *driver,
virDomainObjPtr vm,
virDomainHostdevDefPtr hostdev,
int qemuCmdFlags)
if (driver->securityDriver &&
driver->securityDriver->domainSetSecurityHostdevLabel &&
- driver->securityDriver->domainSetSecurityHostdevLabel(conn, vm, hostdev) < 0)
+ driver->securityDriver->domainSetSecurityHostdevLabel(vm, hostdev) < 0)
return -1;
switch (hostdev->source.subsys.type) {
error:
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityHostdevLabel &&
- driver->securityDriver->domainRestoreSecurityHostdevLabel(conn, vm, hostdev) < 0)
+ driver->securityDriver->domainRestoreSecurityHostdevLabel(vm, hostdev) < 0)
VIR_WARN0("Unable to restore host device labelling on hotplug fail");
return -1;
switch (dev->data.disk->device) {
case VIR_DOMAIN_DISK_DEVICE_CDROM:
case VIR_DOMAIN_DISK_DEVICE_FLOPPY:
- ret = qemudDomainChangeEjectableMedia(dom->conn, driver, vm, dev->data.disk);
+ ret = qemudDomainChangeEjectableMedia(driver, vm, dev->data.disk);
if (ret == 0)
dev->data.disk = NULL;
break;
if (ret == 0)
dev->data.net = NULL;
} else if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV) {
- ret = qemudDomainAttachHostDevice(dom->conn, driver, vm,
+ ret = qemudDomainAttachHostDevice(driver, vm,
dev->data.hostdev, qemuCmdFlags);
if (ret == 0)
dev->data.hostdev = NULL;
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityImageLabel &&
- driver->securityDriver->domainRestoreSecurityImageLabel(NULL, vm, dev->data.disk) < 0)
+ driver->securityDriver->domainRestoreSecurityImageLabel(vm, dev->data.disk) < 0)
VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
ret = 0;
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityHostdevLabel &&
- driver->securityDriver->domainRestoreSecurityHostdevLabel(NULL, vm, dev->data.hostdev) < 0)
+ driver->securityDriver->domainRestoreSecurityHostdevLabel(vm, dev->data.hostdev) < 0)
VIR_WARN0("Failed to restore host device labelling");
return ret;
qemust = qemuStreamMigOpen(st, unixfile);
if (qemust == NULL) {
- qemudShutdownVMDaemon(NULL, driver, vm);
+ qemudShutdownVMDaemon(driver, vm);
if (!vm->persistent) {
if (qemuDomainObjEndJob(vm) > 0)
virDomainRemoveInactive(&driver->domains, vm);
}
/* Clean up the source domain. */
- qemudShutdownVMDaemon (dom->conn, driver, vm);
+ qemudShutdownVMDaemon(driver, vm);
paused = 0;
event = virDomainEventNewFromObj(vm,
}
virDomainSaveStatus(driver->caps, driver->stateDir, vm);
} else {
- qemudShutdownVMDaemon (dconn, driver, vm);
+ qemudShutdownVMDaemon(driver, vm);
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STOPPED,
VIR_DOMAIN_EVENT_STOPPED_FAILED);
static int
-qemuSecurityDACSetSecurityImageLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+qemuSecurityDACSetSecurityImageLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
virDomainDiskDefPtr disk)
{
static int
-qemuSecurityDACRestoreSecurityImageLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+qemuSecurityDACRestoreSecurityImageLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
virDomainDiskDefPtr disk)
{
if (!driver->privileged || !driver->dynamicOwnership)
static int
-qemuSecurityDACSetSecurityHostdevLabel(virConnectPtr conn,
- virDomainObjPtr vm,
+qemuSecurityDACSetSecurityHostdevLabel(virDomainObjPtr vm,
virDomainHostdevDefPtr dev)
{
if (!usb)
goto done;
- ret = usbDeviceFileIterate(conn, usb, qemuSecurityDACSetSecurityUSBLabel, vm);
+ ret = usbDeviceFileIterate(NULL, usb, qemuSecurityDACSetSecurityUSBLabel, vm);
usbFreeDevice(usb);
break;
}
if (!pci)
goto done;
- ret = pciDeviceFileIterate(conn, pci, qemuSecurityDACSetSecurityPCILabel, vm);
+ ret = pciDeviceFileIterate(NULL, pci, qemuSecurityDACSetSecurityPCILabel, vm);
pciFreeDevice(pci);
break;
static int
-qemuSecurityDACRestoreSecurityHostdevLabel(virConnectPtr conn,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+qemuSecurityDACRestoreSecurityHostdevLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
virDomainHostdevDefPtr dev)
{
if (!usb)
goto done;
- ret = usbDeviceFileIterate(conn, usb, qemuSecurityDACRestoreSecurityUSBLabel, NULL);
+ ret = usbDeviceFileIterate(NULL, usb, qemuSecurityDACRestoreSecurityUSBLabel, NULL);
usbFreeDevice(usb);
break;
if (!pci)
goto done;
- ret = pciDeviceFileIterate(conn, pci, qemuSecurityDACRestoreSecurityPCILabel, NULL);
+ ret = pciDeviceFileIterate(NULL, pci, qemuSecurityDACRestoreSecurityPCILabel, NULL);
pciFreeDevice(pci);
break;
static int
-qemuSecurityDACRestoreSecurityAllLabel(virConnectPtr conn,
- virDomainObjPtr vm)
+qemuSecurityDACRestoreSecurityAllLabel(virDomainObjPtr vm)
{
int i;
int rc = 0;
VIR_DEBUG("Restoring security label on %s", vm->def->name);
for (i = 0 ; i < vm->def->nhostdevs ; i++) {
- if (qemuSecurityDACRestoreSecurityHostdevLabel(conn, vm,
+ if (qemuSecurityDACRestoreSecurityHostdevLabel(vm,
vm->def->hostdevs[i]) < 0)
rc = -1;
}
for (i = 0 ; i < vm->def->ndisks ; i++) {
- if (qemuSecurityDACRestoreSecurityImageLabel(conn, vm,
+ if (qemuSecurityDACRestoreSecurityImageLabel(vm,
vm->def->disks[i]) < 0)
rc = -1;
}
static int
-qemuSecurityDACSetSecurityAllLabel(virConnectPtr conn,
- virDomainObjPtr vm)
+qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm)
{
int i;
/* XXX fixme - we need to recursively label the entriy tree :-( */
if (vm->def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_DIR)
continue;
- if (qemuSecurityDACSetSecurityImageLabel(conn, vm, vm->def->disks[i]) < 0)
+ if (qemuSecurityDACSetSecurityImageLabel(vm, vm->def->disks[i]) < 0)
return -1;
}
for (i = 0 ; i < vm->def->nhostdevs ; i++) {
- if (qemuSecurityDACSetSecurityHostdevLabel(conn, vm, vm->def->hostdevs[i]) < 0)
+ if (qemuSecurityDACSetSecurityHostdevLabel(vm, vm->def->hostdevs[i]) < 0)
return -1;
}
static int
-qemuSecurityDACSetSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+qemuSecurityDACSetSavedStateLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
const char *savefile)
{
if (!driver->privileged || !driver->dynamicOwnership)
static int
-qemuSecurityDACRestoreSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
+qemuSecurityDACRestoreSavedStateLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
const char *savefile)
{
if (!driver->privileged || !driver->dynamicOwnership)
static int
-qemuSecurityDACSetProcessLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+qemuSecurityDACSetProcessLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
virDomainObjPtr vm ATTRIBUTE_UNUSED)
{
DEBUG("Dropping privileges of VM to %d:%d", driver->user, driver->group);
static int
-qemuSecurityStackedVerify(virConnectPtr conn,
- virDomainDefPtr def)
+qemuSecurityStackedVerify(virDomainDefPtr def)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainSecurityVerify &&
- driver->securitySecondaryDriver->domainSecurityVerify(conn, def) < 0)
+ driver->securitySecondaryDriver->domainSecurityVerify(def) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainSecurityVerify &&
- driver->securityPrimaryDriver->domainSecurityVerify(conn, def) < 0)
+ driver->securityPrimaryDriver->domainSecurityVerify(def) < 0)
rc = -1;
return rc;
static int
-qemuSecurityStackedGenLabel(virConnectPtr conn,
- virDomainObjPtr vm)
+qemuSecurityStackedGenLabel(virDomainObjPtr vm)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainGenSecurityLabel &&
- driver->securitySecondaryDriver->domainGenSecurityLabel(conn, vm) < 0)
+ driver->securitySecondaryDriver->domainGenSecurityLabel(vm) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainGenSecurityLabel &&
- driver->securityPrimaryDriver->domainGenSecurityLabel(conn, vm) < 0)
+ driver->securityPrimaryDriver->domainGenSecurityLabel(vm) < 0)
rc = -1;
return rc;
static int
-qemuSecurityStackedReleaseLabel(virConnectPtr conn,
- virDomainObjPtr vm)
+qemuSecurityStackedReleaseLabel(virDomainObjPtr vm)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainReleaseSecurityLabel &&
- driver->securitySecondaryDriver->domainReleaseSecurityLabel(conn, vm) < 0)
+ driver->securitySecondaryDriver->domainReleaseSecurityLabel(vm) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainReleaseSecurityLabel &&
- driver->securityPrimaryDriver->domainReleaseSecurityLabel(conn, vm) < 0)
+ driver->securityPrimaryDriver->domainReleaseSecurityLabel(vm) < 0)
rc = -1;
return rc;
static int
-qemuSecurityStackedReserveLabel(virConnectPtr conn,
- virDomainObjPtr vm)
+qemuSecurityStackedReserveLabel(virDomainObjPtr vm)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainReserveSecurityLabel &&
- driver->securitySecondaryDriver->domainReserveSecurityLabel(conn, vm) < 0)
+ driver->securitySecondaryDriver->domainReserveSecurityLabel(vm) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainReserveSecurityLabel &&
- driver->securityPrimaryDriver->domainReserveSecurityLabel(conn, vm) < 0)
+ driver->securityPrimaryDriver->domainReserveSecurityLabel(vm) < 0)
rc = -1;
return rc;
static int
-qemuSecurityStackedSetSecurityImageLabel(virConnectPtr conn,
- virDomainObjPtr vm,
+qemuSecurityStackedSetSecurityImageLabel(virDomainObjPtr vm,
virDomainDiskDefPtr disk)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainSetSecurityImageLabel &&
- driver->securitySecondaryDriver->domainSetSecurityImageLabel(conn, vm, disk) < 0)
+ driver->securitySecondaryDriver->domainSetSecurityImageLabel(vm, disk) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainSetSecurityImageLabel &&
- driver->securityPrimaryDriver->domainSetSecurityImageLabel(conn, vm, disk) < 0)
+ driver->securityPrimaryDriver->domainSetSecurityImageLabel(vm, disk) < 0)
rc = -1;
return rc;
static int
-qemuSecurityStackedRestoreSecurityImageLabel(virConnectPtr conn,
- virDomainObjPtr vm,
+qemuSecurityStackedRestoreSecurityImageLabel(virDomainObjPtr vm,
virDomainDiskDefPtr disk)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainRestoreSecurityImageLabel &&
- driver->securitySecondaryDriver->domainRestoreSecurityImageLabel(conn, vm, disk) < 0)
+ driver->securitySecondaryDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainRestoreSecurityImageLabel &&
- driver->securityPrimaryDriver->domainRestoreSecurityImageLabel(conn, vm, disk) < 0)
+ driver->securityPrimaryDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
rc = -1;
return rc;
static int
-qemuSecurityStackedSetSecurityHostdevLabel(virConnectPtr conn,
- virDomainObjPtr vm,
+qemuSecurityStackedSetSecurityHostdevLabel(virDomainObjPtr vm,
virDomainHostdevDefPtr dev)
{
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainSetSecurityHostdevLabel &&
- driver->securitySecondaryDriver->domainSetSecurityHostdevLabel(conn, vm, dev) < 0)
+ driver->securitySecondaryDriver->domainSetSecurityHostdevLabel(vm, dev) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainSetSecurityHostdevLabel &&
- driver->securityPrimaryDriver->domainSetSecurityHostdevLabel(conn, vm, dev) < 0)
+ driver->securityPrimaryDriver->domainSetSecurityHostdevLabel(vm, dev) < 0)
rc = -1;
return rc;
static int
-qemuSecurityStackedRestoreSecurityHostdevLabel(virConnectPtr conn,
- virDomainObjPtr vm,
+qemuSecurityStackedRestoreSecurityHostdevLabel(virDomainObjPtr vm,
virDomainHostdevDefPtr dev)
{
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainRestoreSecurityHostdevLabel &&
- driver->securitySecondaryDriver->domainRestoreSecurityHostdevLabel(conn, vm, dev) < 0)
+ driver->securitySecondaryDriver->domainRestoreSecurityHostdevLabel(vm, dev) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainRestoreSecurityHostdevLabel &&
- driver->securityPrimaryDriver->domainRestoreSecurityHostdevLabel(conn, vm, dev) < 0)
+ driver->securityPrimaryDriver->domainRestoreSecurityHostdevLabel(vm, dev) < 0)
rc = -1;
return rc;
static int
-qemuSecurityStackedSetSecurityAllLabel(virConnectPtr conn,
- virDomainObjPtr vm)
+qemuSecurityStackedSetSecurityAllLabel(virDomainObjPtr vm)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainSetSecurityAllLabel &&
- driver->securitySecondaryDriver->domainSetSecurityAllLabel(conn, vm) < 0)
+ driver->securitySecondaryDriver->domainSetSecurityAllLabel(vm) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainSetSecurityAllLabel &&
- driver->securityPrimaryDriver->domainSetSecurityAllLabel(conn, vm) < 0)
+ driver->securityPrimaryDriver->domainSetSecurityAllLabel(vm) < 0)
rc = -1;
return rc;
static int
-qemuSecurityStackedRestoreSecurityAllLabel(virConnectPtr conn,
- virDomainObjPtr vm)
+qemuSecurityStackedRestoreSecurityAllLabel(virDomainObjPtr vm)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainRestoreSecurityAllLabel &&
- driver->securitySecondaryDriver->domainRestoreSecurityAllLabel(conn, vm) < 0)
+ driver->securitySecondaryDriver->domainRestoreSecurityAllLabel(vm) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainRestoreSecurityAllLabel &&
- driver->securityPrimaryDriver->domainRestoreSecurityAllLabel(conn, vm) < 0)
+ driver->securityPrimaryDriver->domainRestoreSecurityAllLabel(vm) < 0)
rc = -1;
return rc;
static int
-qemuSecurityStackedSetSavedStateLabel(virConnectPtr conn,
- virDomainObjPtr vm,
+qemuSecurityStackedSetSavedStateLabel(virDomainObjPtr vm,
const char *savefile)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainSetSavedStateLabel &&
- driver->securitySecondaryDriver->domainSetSavedStateLabel(conn, vm, savefile) < 0)
+ driver->securitySecondaryDriver->domainSetSavedStateLabel(vm, savefile) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainSetSavedStateLabel &&
- driver->securityPrimaryDriver->domainSetSavedStateLabel(conn, vm, savefile) < 0)
+ driver->securityPrimaryDriver->domainSetSavedStateLabel(vm, savefile) < 0)
rc = -1;
return rc;
static int
-qemuSecurityStackedRestoreSavedStateLabel(virConnectPtr conn,
- virDomainObjPtr vm,
+qemuSecurityStackedRestoreSavedStateLabel(virDomainObjPtr vm,
const char *savefile)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainRestoreSavedStateLabel &&
- driver->securitySecondaryDriver->domainRestoreSavedStateLabel(conn, vm, savefile) < 0)
+ driver->securitySecondaryDriver->domainRestoreSavedStateLabel(vm, savefile) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainRestoreSavedStateLabel &&
- driver->securityPrimaryDriver->domainRestoreSavedStateLabel(conn, vm, savefile) < 0)
+ driver->securityPrimaryDriver->domainRestoreSavedStateLabel(vm, savefile) < 0)
rc = -1;
return rc;
static int
-qemuSecurityStackedSetProcessLabel(virConnectPtr conn,
- virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+qemuSecurityStackedSetProcessLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
virDomainObjPtr vm)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainSetSecurityProcessLabel &&
- driver->securitySecondaryDriver->domainSetSecurityProcessLabel(conn,
- driver->securitySecondaryDriver,
+ driver->securitySecondaryDriver->domainSetSecurityProcessLabel(driver->securitySecondaryDriver,
vm) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainSetSecurityProcessLabel &&
- driver->securityPrimaryDriver->domainSetSecurityProcessLabel(conn,
- driver->securityPrimaryDriver,
+ driver->securityPrimaryDriver->domainSetSecurityProcessLabel(driver->securityPrimaryDriver,
vm) < 0)
rc = -1;
}
static int
-qemuSecurityStackedGetProcessLabel(virConnectPtr conn,
- virDomainObjPtr vm,
+qemuSecurityStackedGetProcessLabel(virDomainObjPtr vm,
virSecurityLabelPtr seclabel)
{
int rc = 0;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainGetSecurityProcessLabel &&
- driver->securityPrimaryDriver->domainGetSecurityProcessLabel(conn,
- vm,
+ driver->securityPrimaryDriver->domainGetSecurityProcessLabel(vm,
seclabel) < 0)
rc = -1;
* load (add) a profile. Will create one if necessary
*/
static int
-load_profile(virConnectPtr conn, const char *profile, virDomainObjPtr vm,
+load_profile(const char *profile, virDomainObjPtr vm,
virDomainDiskDefPtr disk)
{
int rc = -1, status, ret;
return rc;
}
- xml = virDomainDefFormat(conn, vm->def, VIR_DOMAIN_XML_SECURE);
+ xml = virDomainDefFormat(vm->def, VIR_DOMAIN_XML_SECURE);
if (!xml)
goto clean;
if (errno == EINTR)
goto rewait;
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("Unexpected exit status from virt-aa-helper "
"%d pid %lu"),
WEXITSTATUS(status), (unsigned long)child);
* currently not used.
*/
static int
-AppArmorSecurityDriverOpen(virConnectPtr conn, virSecurityDriverPtr drv)
+AppArmorSecurityDriverOpen(virSecurityDriverPtr drv)
{
- virSecurityDriverSetDOI(conn, drv, SECURITY_APPARMOR_VOID_DOI);
+ virSecurityDriverSetDOI(drv, SECURITY_APPARMOR_VOID_DOI);
return 0;
}
* called on shutdown.
*/
static int
-AppArmorGenSecurityLabel(virConnectPtr conn, virDomainObjPtr vm)
+AppArmorGenSecurityLabel(virDomainObjPtr vm)
{
int rc = -1;
char *profile_name = NULL;
if ((vm->def->seclabel.label) ||
(vm->def->seclabel.model) || (vm->def->seclabel.imagelabel)) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
"%s",
_("security label already defined for VM"));
return rc;
}
static int
-AppArmorSetSecurityAllLabel(virConnectPtr conn, virDomainObjPtr vm)
+AppArmorSetSecurityAllLabel(virDomainObjPtr vm)
{
if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC)
return 0;
/* if the profile is not already loaded, then load one */
if (profile_loaded(vm->def->seclabel.label) < 0) {
- if (load_profile(conn, vm->def->seclabel.label, vm, NULL) < 0) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ if (load_profile(vm->def->seclabel.label, vm, NULL) < 0) {
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot generate AppArmor profile "
"\'%s\'"), vm->def->seclabel.label);
return -1;
* running.
*/
static int
-AppArmorGetSecurityProcessLabel(virConnectPtr conn,
- virDomainObjPtr vm, virSecurityLabelPtr sec)
+AppArmorGetSecurityProcessLabel(virDomainObjPtr vm, virSecurityLabelPtr sec)
{
int rc = -1;
char *profile_name = NULL;
if (virStrcpy(sec->label, profile_name,
VIR_SECURITY_LABEL_BUFLEN) == NULL) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("error copying profile name"));
goto clean;
}
if ((sec->enforcing = profile_status(profile_name, 1)) < 0) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("error calling profile_status()"));
goto clean;
}
* more details. Currently called via qemudShutdownVMDaemon.
*/
static int
-AppArmorReleaseSecurityLabel(virConnectPtr conn ATTRIBUTE_UNUSED, virDomainObjPtr vm)
+AppArmorReleaseSecurityLabel(virDomainObjPtr vm)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
static int
-AppArmorRestoreSecurityAllLabel(virConnectPtr conn, virDomainObjPtr vm)
+AppArmorRestoreSecurityAllLabel(virDomainObjPtr vm)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
int rc = 0;
if (secdef->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
if ((rc = remove_profile(secdef->label)) != 0) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("could not remove profile for \'%s\'"),
secdef->label);
}
* LOCAL_STATE_DIR/log/libvirt/qemu/<vm name>.log
*/
static int
-AppArmorSetSecurityProcessLabel(virConnectPtr conn,
- virSecurityDriverPtr drv, virDomainObjPtr vm)
+AppArmorSetSecurityProcessLabel(virSecurityDriverPtr drv, virDomainObjPtr vm)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
int rc = -1;
return rc;
if (STRNEQ(drv->name, secdef->model)) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("security label driver mismatch: "
"\'%s\' model configured for domain, but "
"hypervisor driver is \'%s\'."),
}
if (aa_change_profile(profile_name) < 0) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("error calling aa_change_profile()"));
goto clean;
}
/* Called when hotplugging */
static int
-AppArmorRestoreSecurityImageLabel(virConnectPtr conn,
- virDomainObjPtr vm,
+AppArmorRestoreSecurityImageLabel(virDomainObjPtr vm,
virDomainDiskDefPtr disk ATTRIBUTE_UNUSED)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
/* Update the profile only if it is loaded */
if (profile_loaded(secdef->imagelabel) >= 0) {
- if (load_profile(conn, secdef->imagelabel, vm, NULL) < 0) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ if (load_profile(secdef->imagelabel, vm, NULL) < 0) {
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot update AppArmor profile "
"\'%s\'"),
secdef->imagelabel);
/* Called when hotplugging */
static int
-AppArmorSetSecurityImageLabel(virConnectPtr conn,
- virDomainObjPtr vm, virDomainDiskDefPtr disk)
+AppArmorSetSecurityImageLabel(virDomainObjPtr vm, virDomainDiskDefPtr disk)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
int rc = -1;
if (secdef->imagelabel) {
/* if the device doesn't exist, error out */
if (!virFileExists(disk->src)) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("\'%s\' does not exist"), disk->src);
return rc;
}
/* update the profile only if it is loaded */
if (profile_loaded(secdef->imagelabel) >= 0) {
- if (load_profile(conn, secdef->imagelabel, vm, disk) < 0) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ if (load_profile(secdef->imagelabel, vm, disk) < 0) {
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot update AppArmor profile "
"\'%s\'"),
secdef->imagelabel);
}
static int
-AppArmorSecurityVerify(virConnectPtr conn, virDomainDefPtr def)
+AppArmorSecurityVerify(virDomainDefPtr def)
{
const virSecurityLabelDefPtr secdef = &def->seclabel;
if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC) {
if (use_apparmor() < 0 || profile_status(secdef->label, 0) < 0) {
- virSecurityReportError(conn, VIR_ERR_XML_ERROR,
+ virSecurityReportError(VIR_ERR_XML_ERROR,
_("Invalid security label \'%s\'"),
secdef->label);
return -1;
}
static int
-AppArmorReserveSecurityLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
+AppArmorReserveSecurityLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED)
{
/* NOOP. Nothing to reserve with AppArmor */
return 0;
}
static int
-AppArmorSetSecurityHostdevLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+AppArmorSetSecurityHostdevLabel(virDomainObjPtr vm,
virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED)
{
}
static int
-AppArmorRestoreSecurityHostdevLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+AppArmorRestoreSecurityHostdevLabel(virDomainObjPtr vm,
virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED)
{
};
int
-virSecurityDriverVerify(virConnectPtr conn, virDomainDefPtr def)
+virSecurityDriverVerify(virDomainDefPtr def)
{
unsigned int i;
const virSecurityLabelDefPtr secdef = &def->seclabel;
for (i = 0; security_drivers[i] != NULL ; i++) {
if (STREQ(security_drivers[i]->name, secdef->model)) {
- return security_drivers[i]->domainSecurityVerify(conn, def);
+ return security_drivers[i]->domainSecurityVerify(def);
}
}
- virSecurityReportError(conn, VIR_ERR_XML_ERROR,
+ virSecurityReportError(VIR_ERR_XML_ERROR,
_("invalid security model '%s'"), secdef->model);
return -1;
}
switch (tmp->probe()) {
case SECURITY_DRIVER_ENABLE:
virSecurityDriverInit(tmp);
- if (tmp->open(NULL, tmp) == -1) {
+ if (tmp->open(tmp) == -1) {
return -1;
} else {
*drv = tmp;
}
void
-virSecurityReportError(virConnectPtr conn, int code, const char *fmt, ...)
+virSecurityReportError(int code, const char *fmt, ...)
{
va_list args;
char errorMessage[1024];
} else
errorMessage[0] = '\0';
- virRaiseError(conn, NULL, NULL, VIR_FROM_SECURITY, code,
+ virRaiseError(NULL, NULL, NULL, VIR_FROM_SECURITY, code,
VIR_ERR_ERROR, NULL, NULL, NULL, -1, -1, "%s",
errorMessage);
}
}
int
-virSecurityDriverSetDOI(virConnectPtr conn,
- virSecurityDriverPtr drv,
+virSecurityDriverSetDOI(virSecurityDriverPtr drv,
const char *doi)
{
if (strlen(doi) >= VIR_SECURITY_DOI_BUFLEN) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("%s: DOI \'%s\' is "
"longer than the maximum allowed length of %d"),
__func__, doi, VIR_SECURITY_DOI_BUFLEN - 1);
typedef struct _virSecurityDriver virSecurityDriver;
typedef virSecurityDriver *virSecurityDriverPtr;
typedef virSecurityDriverStatus (*virSecurityDriverProbe) (void);
-typedef int (*virSecurityDriverOpen) (virConnectPtr conn,
- virSecurityDriverPtr drv);
-typedef int (*virSecurityDomainRestoreImageLabel) (virConnectPtr conn,
- virDomainObjPtr vm,
+typedef int (*virSecurityDriverOpen) (virSecurityDriverPtr drv);
+typedef int (*virSecurityDomainRestoreImageLabel) (virDomainObjPtr vm,
virDomainDiskDefPtr disk);
-typedef int (*virSecurityDomainSetImageLabel) (virConnectPtr conn,
- virDomainObjPtr vm,
+typedef int (*virSecurityDomainSetImageLabel) (virDomainObjPtr vm,
virDomainDiskDefPtr disk);
-typedef int (*virSecurityDomainRestoreHostdevLabel) (virConnectPtr conn,
- virDomainObjPtr vm,
+typedef int (*virSecurityDomainRestoreHostdevLabel) (virDomainObjPtr vm,
virDomainHostdevDefPtr dev);
-typedef int (*virSecurityDomainSetHostdevLabel) (virConnectPtr conn,
- virDomainObjPtr vm,
+typedef int (*virSecurityDomainSetHostdevLabel) (virDomainObjPtr vm,
virDomainHostdevDefPtr dev);
-typedef int (*virSecurityDomainSetSavedStateLabel) (virConnectPtr conn,
- virDomainObjPtr vm,
+typedef int (*virSecurityDomainSetSavedStateLabel) (virDomainObjPtr vm,
const char *savefile);
-typedef int (*virSecurityDomainRestoreSavedStateLabel) (virConnectPtr conn,
- virDomainObjPtr vm,
+typedef int (*virSecurityDomainRestoreSavedStateLabel) (virDomainObjPtr vm,
const char *savefile);
-typedef int (*virSecurityDomainGenLabel) (virConnectPtr conn,
- virDomainObjPtr sec);
-typedef int (*virSecurityDomainReserveLabel) (virConnectPtr conn,
- virDomainObjPtr sec);
-typedef int (*virSecurityDomainReleaseLabel) (virConnectPtr conn,
- virDomainObjPtr sec);
-typedef int (*virSecurityDomainSetAllLabel) (virConnectPtr conn,
- virDomainObjPtr sec);
-typedef int (*virSecurityDomainRestoreAllLabel) (virConnectPtr conn,
- virDomainObjPtr vm);
-typedef int (*virSecurityDomainGetProcessLabel) (virConnectPtr conn,
- virDomainObjPtr vm,
+typedef int (*virSecurityDomainGenLabel) (virDomainObjPtr sec);
+typedef int (*virSecurityDomainReserveLabel) (virDomainObjPtr sec);
+typedef int (*virSecurityDomainReleaseLabel) (virDomainObjPtr sec);
+typedef int (*virSecurityDomainSetAllLabel) (virDomainObjPtr sec);
+typedef int (*virSecurityDomainRestoreAllLabel) (virDomainObjPtr vm);
+typedef int (*virSecurityDomainGetProcessLabel) (virDomainObjPtr vm,
virSecurityLabelPtr sec);
-typedef int (*virSecurityDomainSetProcessLabel) (virConnectPtr conn,
- virSecurityDriverPtr drv,
+typedef int (*virSecurityDomainSetProcessLabel) (virSecurityDriverPtr drv,
virDomainObjPtr vm);
-typedef int (*virSecurityDomainSecurityVerify) (virConnectPtr conn,
- virDomainDefPtr def);
+typedef int (*virSecurityDomainSecurityVerify) (virDomainDefPtr def);
struct _virSecurityDriver {
const char *name;
const char *name);
int
-virSecurityDriverVerify(virConnectPtr conn, virDomainDefPtr def);
+virSecurityDriverVerify(virDomainDefPtr def);
void
-virSecurityReportError(virConnectPtr conn, int code, const char *fmt, ...)
- ATTRIBUTE_FMT_PRINTF(3, 4);
+virSecurityReportError(int code, const char *fmt, ...)
+ ATTRIBUTE_FMT_PRINTF(2, 3);
/* Helpers */
void virSecurityDriverInit(virSecurityDriverPtr drv);
-int virSecurityDriverSetDOI(virConnectPtr conn,
- virSecurityDriverPtr drv,
+int virSecurityDriverSetDOI(virSecurityDriverPtr drv,
const char *doi);
const char *virSecurityDriverGetDOI(virSecurityDriverPtr drv);
const char *virSecurityDriverGetModel(virSecurityDriverPtr drv);
}
static int
-SELinuxGenSecurityLabel(virConnectPtr conn,
- virDomainObjPtr vm)
+SELinuxGenSecurityLabel(virDomainObjPtr vm)
{
int rc = -1;
char mcs[1024];
if (vm->def->seclabel.label ||
vm->def->seclabel.model ||
vm->def->seclabel.imagelabel) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("security label already defined for VM"));
return rc;
}
vm->def->seclabel.label = SELinuxGenNewContext(default_domain_context, mcs);
if (! vm->def->seclabel.label) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot generate selinux context for %s"), mcs);
goto err;
}
vm->def->seclabel.imagelabel = SELinuxGenNewContext(default_image_context, mcs);
if (! vm->def->seclabel.imagelabel) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot generate selinux context for %s"), mcs);
goto err;
}
}
static int
-SELinuxReserveSecurityLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainObjPtr vm)
+SELinuxReserveSecurityLabel(virDomainObjPtr vm)
{
security_context_t pctx;
context_t ctx = NULL;
}
static int
-SELinuxSecurityDriverOpen(virConnectPtr conn, virSecurityDriverPtr drv)
+SELinuxSecurityDriverOpen(virSecurityDriverPtr drv)
{
/*
* Where will the DOI come from? SELinux configuration, or qemu
* configuration? For the moment, we'll just set it to "0".
*/
- virSecurityDriverSetDOI(conn, drv, SECURITY_SELINUX_VOID_DOI);
+ virSecurityDriverSetDOI(drv, SECURITY_SELINUX_VOID_DOI);
return SELinuxInitialize();
}
static int
-SELinuxGetSecurityProcessLabel(virConnectPtr conn,
- virDomainObjPtr vm,
+SELinuxGetSecurityProcessLabel(virDomainObjPtr vm,
virSecurityLabelPtr sec)
{
security_context_t ctx;
}
if (strlen((char *) ctx) >= VIR_SECURITY_LABEL_BUFLEN) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("security label exceeds "
"maximum length: %d"),
VIR_SECURITY_LABEL_BUFLEN - 1);
}
static int
-SELinuxRestoreSecurityImageLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+SELinuxRestoreSecurityImageLabel(virDomainObjPtr vm,
virDomainDiskDefPtr disk)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
}
static int
-SELinuxSetSecurityImageLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+SELinuxSetSecurityImageLabel(virDomainObjPtr vm,
virDomainDiskDefPtr disk)
{
}
static int
-SELinuxSetSecurityHostdevLabel(virConnectPtr conn,
- virDomainObjPtr vm,
+SELinuxSetSecurityHostdevLabel(virDomainObjPtr vm,
virDomainHostdevDefPtr dev)
{
if (!usb)
goto done;
- ret = usbDeviceFileIterate(conn, usb, SELinuxSetSecurityUSBLabel, vm);
+ ret = usbDeviceFileIterate(NULL, usb, SELinuxSetSecurityUSBLabel, vm);
usbFreeDevice(usb);
break;
}
if (!pci)
goto done;
- ret = pciDeviceFileIterate(conn, pci, SELinuxSetSecurityPCILabel, vm);
+ ret = pciDeviceFileIterate(NULL, pci, SELinuxSetSecurityPCILabel, vm);
pciFreeDevice(pci);
break;
}
static int
-SELinuxRestoreSecurityHostdevLabel(virConnectPtr conn,
- virDomainObjPtr vm,
+SELinuxRestoreSecurityHostdevLabel(virDomainObjPtr vm,
virDomainHostdevDefPtr dev)
{
if (!usb)
goto done;
- ret = usbDeviceFileIterate(conn, usb, SELinuxRestoreSecurityUSBLabel, NULL);
+ ret = usbDeviceFileIterate(NULL, usb, SELinuxRestoreSecurityUSBLabel, NULL);
usbFreeDevice(usb);
break;
if (!pci)
goto done;
- ret = pciDeviceFileIterate(conn, pci, SELinuxRestoreSecurityPCILabel, NULL);
+ ret = pciDeviceFileIterate(NULL, pci, SELinuxRestoreSecurityPCILabel, NULL);
pciFreeDevice(pci);
break;
}
static int
-SELinuxRestoreSecurityAllLabel(virConnectPtr conn,
- virDomainObjPtr vm)
+SELinuxRestoreSecurityAllLabel(virDomainObjPtr vm)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
int i;
return 0;
for (i = 0 ; i < vm->def->nhostdevs ; i++) {
- if (SELinuxRestoreSecurityHostdevLabel(conn, vm, vm->def->hostdevs[i]) < 0)
+ if (SELinuxRestoreSecurityHostdevLabel(vm, vm->def->hostdevs[i]) < 0)
rc = -1;
}
for (i = 0 ; i < vm->def->ndisks ; i++) {
- if (SELinuxRestoreSecurityImageLabel(conn, vm,
+ if (SELinuxRestoreSecurityImageLabel(vm,
vm->def->disks[i]) < 0)
rc = -1;
}
}
static int
-SELinuxReleaseSecurityLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainObjPtr vm)
+SELinuxReleaseSecurityLabel(virDomainObjPtr vm)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
static int
-SELinuxSetSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+SELinuxSetSavedStateLabel(virDomainObjPtr vm,
const char *savefile)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
static int
-SELinuxRestoreSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
+SELinuxRestoreSavedStateLabel(virDomainObjPtr vm,
const char *savefile)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
static int
-SELinuxSecurityVerify(virConnectPtr conn, virDomainDefPtr def)
+SELinuxSecurityVerify(virDomainDefPtr def)
{
const virSecurityLabelDefPtr secdef = &def->seclabel;
if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC) {
if (security_check_context(secdef->label) != 0) {
- virSecurityReportError(conn, VIR_ERR_XML_ERROR,
+ virSecurityReportError(VIR_ERR_XML_ERROR,
_("Invalid security label %s"), secdef->label);
return -1;
}
}
static int
-SELinuxSetSecurityProcessLabel(virConnectPtr conn,
- virSecurityDriverPtr drv,
+SELinuxSetSecurityProcessLabel(virSecurityDriverPtr drv,
virDomainObjPtr vm)
{
/* TODO: verify DOI */
return 0;
if (!STREQ(drv->name, secdef->model)) {
- virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("security label driver mismatch: "
"'%s' model configured for domain, but "
"hypervisor driver is '%s'."),
}
static int
-SELinuxSetSecurityAllLabel(virConnectPtr conn,
- virDomainObjPtr vm)
+SELinuxSetSecurityAllLabel(virDomainObjPtr vm)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
int i;
vm->def->disks[i]->src, vm->def->disks[i]->dst);
continue;
}
- if (SELinuxSetSecurityImageLabel(conn, vm, vm->def->disks[i]) < 0)
+ if (SELinuxSetSecurityImageLabel(vm, vm->def->disks[i]) < 0)
return -1;
}
for (i = 0 ; i < vm->def->nhostdevs ; i++) {
- if (SELinuxSetSecurityHostdevLabel(conn, vm, vm->def->hostdevs[i]) < 0)
+ if (SELinuxSetSecurityHostdevLabel(vm, vm->def->hostdevs[i]) < 0)
return -1;
}
projects / thirdparty / libvirt.git / commitdiff
