security_selinux: Implement virSecurityManager{Set,Restore}SavedStateLabel

author Michal Privoznik <mprivozn@redhat.com>

Tue, 30 Jun 2020 06:26:04 +0000 (08:26 +0200)

committer Michal Privoznik <mprivozn@redhat.com>

Fri, 10 Jul 2020 12:17:01 +0000 (14:17 +0200)
author Michal Privoznik <mprivozn@redhat.com>
Tue, 30 Jun 2020 06:26:04 +0000 (08:26 +0200)
committer Michal Privoznik <mprivozn@redhat.com>
Fri, 10 Jul 2020 12:17:01 +0000 (14:17 +0200)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c

index f8c1a0a2f1a92666dae23dd86f0fdac5038512d9..6b0581e4d9cb74f9bca5e606f51845b2b289383f 100644 (file)
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2501,6 +2501,38 @@ virSecuritySELinuxRestoreHostdevLabel(virSecurityManagerPtr mgr,
  }
  
  
+static int
+virSecuritySELinuxSetSavedStateLabel(virSecurityManagerPtr mgr,
+                                     virDomainDefPtr def,
+                                     const char *savefile)
+{
+    virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
+    virSecurityLabelDefPtr secdef;
+
+    secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+
+    if (!savefile || !secdef || !secdef->relabel || data->skipAllLabel)
+        return 0;
+
+    return virSecuritySELinuxSetFilecon(mgr, savefile, data->content_context, false);
+}
+
+
+static int
+virSecuritySELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr,
+                                         virDomainDefPtr def,
+                                         const char *savefile)
+{
+    virSecurityLabelDefPtr secdef;
+
+    secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+    if (!secdef || !secdef->relabel)
+        return 0;
+
+    return virSecuritySELinuxRestoreFileLabel(mgr, savefile, true);
+}
+
+
  static int
  virSecuritySELinuxSetChardevLabel(virSecurityManagerPtr mgr,
                                    virDomainDefPtr def,
@@ -3616,6 +3648,9 @@ virSecurityDriver virSecurityDriverSELinux = {
      .domainSetSecurityHostdevLabel      = virSecuritySELinuxSetHostdevLabel,
      .domainRestoreSecurityHostdevLabel  = virSecuritySELinuxRestoreHostdevLabel,
  
+    .domainSetSavedStateLabel           = virSecuritySELinuxSetSavedStateLabel,
+    .domainRestoreSavedStateLabel       = virSecuritySELinuxRestoreSavedStateLabel,
+
      .domainSetSecurityImageFDLabel      = virSecuritySELinuxSetImageFDLabel,
      .domainSetSecurityTapFDLabel        = virSecuritySELinuxSetTapFDLabel,
author	Michal Privoznik <mprivozn@redhat.com>
	Tue, 30 Jun 2020 06:26:04 +0000 (08:26 +0200)
committer	Michal Privoznik <mprivozn@redhat.com>
	Fri, 10 Jul 2020 12:17:01 +0000 (14:17 +0200)