}
virSecurityManagerRestoreAllLabel(driver->securityManager,
- vm->def, false);
+ vm->def, false, false);
virSecurityManagerReleaseLabel(driver->securityManager, vm->def);
/* Clear out dynamically assigned labels */
if (vm->def->nseclabels &&
VIR_DEBUG("Setting domain security labels");
if (virSecurityManagerSetAllLabel(driver->securityManager,
- vm->def, NULL) < 0)
+ vm->def, NULL, false) < 0)
goto cleanup;
VIR_DEBUG("Setting up consoles");
virLXCProcessStop(driver, vm, VIR_DOMAIN_SHUTOFF_FAILED);
} else {
virSecurityManagerRestoreAllLabel(driver->securityManager,
- vm->def, false);
+ vm->def, false, false);
virSecurityManagerReleaseLabel(driver->securityManager, vm->def);
/* Clear out dynamically assigned labels */
if (vm->def->nseclabels &&
const char *stdin_path)
{
int ret = -1;
+ qemuDomainObjPrivatePtr priv = vm->privateData;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
virSecurityManagerTransactionStart(driver->securityManager) < 0)
if (virSecurityManagerSetAllLabel(driver->securityManager,
vm->def,
- stdin_path) < 0)
+ stdin_path,
+ priv->chardevStdioLogd) < 0)
goto cleanup;
if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
virDomainObjPtr vm,
bool migrated)
{
+ qemuDomainObjPrivatePtr priv = vm->privateData;
+
/* In contrast to qemuSecuritySetAllLabel, do not use
* secdriver transactions here. This function is called from
* qemuProcessStop() which is meant to do cleanup after qemu
* in entering the namespace then. */
virSecurityManagerRestoreAllLabel(driver->securityManager,
vm->def,
- migrated);
+ migrated,
+ priv->chardevStdioLogd);
}
static int
AppArmorSetSecurityAllLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def, const char *stdin_path)
+ virDomainDefPtr def,
+ const char *stdin_path,
+ bool chardevStdioLogd ATTRIBUTE_UNUSED)
{
virSecurityLabelDefPtr secdef = virDomainDefGetSecurityLabelDef(def,
SECURITY_APPARMOR_NAME);
static int
AppArmorRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr def,
- bool migrated ATTRIBUTE_UNUSED)
+ bool migrated ATTRIBUTE_UNUSED,
+ bool chardevStdioLogd ATTRIBUTE_UNUSED)
{
int rc = 0;
virSecurityLabelDefPtr secdef =
static int
virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
- virDomainChrSourceDefPtr dev_source)
+ virDomainChrSourceDefPtr dev_source,
+ bool chardevStdioLogd)
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
if (chr_seclabel && !chr_seclabel->relabel)
return 0;
+ if (!chr_seclabel && chardevStdioLogd)
+ return 0;
+
if (chr_seclabel && chr_seclabel->label) {
if (virParseOwnershipIds(chr_seclabel->label, &user, &group) < 0)
return -1;
static int
virSecurityDACRestoreChardevLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def ATTRIBUTE_UNUSED,
- virDomainChrSourceDefPtr dev_source)
+ virDomainChrSourceDefPtr dev_source,
+ bool chardevStdioLogd)
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
virSecurityDeviceLabelDefPtr chr_seclabel = NULL;
if (chr_seclabel && !chr_seclabel->relabel)
return 0;
+ if (!chr_seclabel && chardevStdioLogd)
+ return 0;
+
switch ((virDomainChrType) dev_source->type) {
case VIR_DOMAIN_CHR_TYPE_DEV:
case VIR_DOMAIN_CHR_TYPE_FILE:
}
+struct _virSecuritySELinuxChardevCallbackData {
+ virSecurityManagerPtr mgr;
+ bool chardevStdioLogd;
+};
+
+
static int
virSecurityDACRestoreChardevCallback(virDomainDefPtr def,
virDomainChrDefPtr dev ATTRIBUTE_UNUSED,
void *opaque)
{
- virSecurityManagerPtr mgr = opaque;
+ struct _virSecuritySELinuxChardevCallbackData *data = opaque;
- return virSecurityDACRestoreChardevLabel(mgr, def, dev->source);
+ return virSecurityDACRestoreChardevLabel(data->mgr, def, dev->source,
+ data->chardevStdioLogd);
}
switch (tpm->type) {
case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
ret = virSecurityDACSetChardevLabel(mgr, def,
- &tpm->data.passthrough.source);
+ &tpm->data.passthrough.source,
+ false);
break;
case VIR_DOMAIN_TPM_TYPE_LAST:
break;
switch (tpm->type) {
case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
ret = virSecurityDACRestoreChardevLabel(mgr, def,
- &tpm->data.passthrough.source);
+ &tpm->data.passthrough.source,
+ false);
break;
case VIR_DOMAIN_TPM_TYPE_LAST:
break;
static int
virSecurityDACRestoreAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
- bool migrated)
+ bool migrated,
+ bool chardevStdioLogd)
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
virSecurityLabelDefPtr secdef;
rc = -1;
}
+ struct _virSecuritySELinuxChardevCallbackData chardevData = {
+ .mgr = mgr,
+ .chardevStdioLogd = chardevStdioLogd,
+ };
+
if (virDomainChrDefForeach(def,
false,
virSecurityDACRestoreChardevCallback,
- mgr) < 0)
+ &chardevData) < 0)
rc = -1;
if (def->tpm) {
virDomainChrDefPtr dev ATTRIBUTE_UNUSED,
void *opaque)
{
- virSecurityManagerPtr mgr = opaque;
+ struct _virSecuritySELinuxChardevCallbackData *data = opaque;
- return virSecurityDACSetChardevLabel(mgr, def, dev->source);
+ return virSecurityDACSetChardevLabel(data->mgr, def, dev->source,
+ data->chardevStdioLogd);
}
static int
virSecurityDACSetAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
- const char *stdin_path ATTRIBUTE_UNUSED)
+ const char *stdin_path ATTRIBUTE_UNUSED,
+ bool chardevStdioLogd)
{
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
virSecurityLabelDefPtr secdef;
return -1;
}
+ struct _virSecuritySELinuxChardevCallbackData chardevData = {
+ .mgr = mgr,
+ .chardevStdioLogd = chardevStdioLogd,
+ };
+
if (virDomainChrDefForeach(def,
true,
virSecurityDACSetChardevCallback,
- mgr) < 0)
+ &chardevData) < 0)
return -1;
if (def->tpm) {
virDomainDefPtr sec);
typedef int (*virSecurityDomainSetAllLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr sec,
- const char *stdin_path);
+ const char *stdin_path,
+ bool chardevStdioLogd);
typedef int (*virSecurityDomainRestoreAllLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
- bool migrated);
+ bool migrated,
+ bool chardevStdioLogd);
typedef int (*virSecurityDomainGetProcessLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
pid_t pid,
int
virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
- const char *stdin_path)
+ const char *stdin_path,
+ bool chardevStdioLogd)
{
if (mgr->drv->domainSetSecurityAllLabel) {
int ret;
virObjectLock(mgr);
- ret = mgr->drv->domainSetSecurityAllLabel(mgr, vm, stdin_path);
+ ret = mgr->drv->domainSetSecurityAllLabel(mgr, vm, stdin_path,
+ chardevStdioLogd);
virObjectUnlock(mgr);
return ret;
}
int
virSecurityManagerRestoreAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
- bool migrated)
+ bool migrated,
+ bool chardevStdioLogd)
{
if (mgr->drv->domainRestoreSecurityAllLabel) {
int ret;
virObjectLock(mgr);
- ret = mgr->drv->domainRestoreSecurityAllLabel(mgr, vm, migrated);
+ ret = mgr->drv->domainRestoreSecurityAllLabel(mgr, vm, migrated,
+ chardevStdioLogd);
virObjectUnlock(mgr);
return ret;
}
virDomainDefPtr sec);
int virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr sec,
- const char *stdin_path);
+ const char *stdin_path,
+ bool chardevStdioLogd);
int virSecurityManagerRestoreAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
- bool migrated);
+ bool migrated,
+ bool chardevStdioLogd);
int virSecurityManagerGetProcessLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
pid_t pid,
static int
virSecurityDomainSetAllLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr sec ATTRIBUTE_UNUSED,
- const char *stdin_path ATTRIBUTE_UNUSED)
+ const char *stdin_path ATTRIBUTE_UNUSED,
+ bool chardevStdioLogd ATTRIBUTE_UNUSED)
{
return 0;
}
static int
virSecurityDomainRestoreAllLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr vm ATTRIBUTE_UNUSED,
- bool migrated ATTRIBUTE_UNUSED)
+ bool migrated ATTRIBUTE_UNUSED,
+ bool chardevStdioLogd ATTRIBUTE_UNUSED)
{
return 0;
}
static int
virSecuritySELinuxSetChardevLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
- virDomainChrSourceDefPtr dev_source)
+ virDomainChrSourceDefPtr dev_source,
+ bool chardevStdioLogd)
{
virSecurityLabelDefPtr seclabel;
if (chr_seclabel && !chr_seclabel->relabel)
return 0;
+ if (!chr_seclabel && chardevStdioLogd)
+ return 0;
+
if (chr_seclabel)
imagelabel = chr_seclabel->label;
if (!imagelabel)
static int
virSecuritySELinuxRestoreChardevLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
- virDomainChrSourceDefPtr dev_source)
+ virDomainChrSourceDefPtr dev_source,
+ bool chardevStdioLogd)
{
virSecurityLabelDefPtr seclabel;
if (chr_seclabel && !chr_seclabel->relabel)
return 0;
+ if (!chr_seclabel && chardevStdioLogd)
+ return 0;
+
switch (dev_source->type) {
case VIR_DOMAIN_CHR_TYPE_DEV:
case VIR_DOMAIN_CHR_TYPE_FILE:
}
+struct _virSecuritySELinuxChardevCallbackData {
+ virSecurityManagerPtr mgr;
+ bool chardevStdioLogd;
+};
+
+
static int
virSecuritySELinuxRestoreSecurityChardevCallback(virDomainDefPtr def,
virDomainChrDefPtr dev ATTRIBUTE_UNUSED,
void *opaque)
{
- virSecurityManagerPtr mgr = opaque;
+ struct _virSecuritySELinuxChardevCallbackData *data = opaque;
- return virSecuritySELinuxRestoreChardevLabel(mgr, def, dev->source);
+ return virSecuritySELinuxRestoreChardevLabel(data->mgr, def, dev->source,
+ data->chardevStdioLogd);
}
return virSecuritySELinuxRestoreFileLabel(mgr, database);
case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH:
- return virSecuritySELinuxRestoreChardevLabel(mgr, def, dev->data.passthru);
+ return virSecuritySELinuxRestoreChardevLabel(mgr, def,
+ dev->data.passthru, false);
default:
virReportError(VIR_ERR_INTERNAL_ERROR,
static int
virSecuritySELinuxRestoreAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
- bool migrated)
+ bool migrated,
+ bool chardevStdioLogd)
{
virSecurityLabelDefPtr secdef;
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
rc = -1;
}
+ struct _virSecuritySELinuxChardevCallbackData chardevData = {
+ .mgr = mgr,
+ .chardevStdioLogd = chardevStdioLogd
+ };
+
if (virDomainChrDefForeach(def,
false,
virSecuritySELinuxRestoreSecurityChardevCallback,
- mgr) < 0)
+ &chardevData) < 0)
rc = -1;
if (virDomainSmartcardDefForeach(def,
virDomainChrDefPtr dev ATTRIBUTE_UNUSED,
void *opaque)
{
- virSecurityManagerPtr mgr = opaque;
+ struct _virSecuritySELinuxChardevCallbackData *data = opaque;
- return virSecuritySELinuxSetChardevLabel(mgr, def, dev->source);
+ return virSecuritySELinuxSetChardevLabel(data->mgr, def, dev->source,
+ data->chardevStdioLogd);
}
case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH:
return virSecuritySELinuxSetChardevLabel(mgr, def,
- dev->data.passthru);
+ dev->data.passthru, false);
default:
virReportError(VIR_ERR_INTERNAL_ERROR,
static int
virSecuritySELinuxSetAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
- const char *stdin_path)
+ const char *stdin_path,
+ bool chardevStdioLogd)
{
size_t i;
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
return -1;
}
+ struct _virSecuritySELinuxChardevCallbackData chardevData = {
+ .mgr = mgr,
+ .chardevStdioLogd = chardevStdioLogd
+ };
+
if (virDomainChrDefForeach(def,
true,
virSecuritySELinuxSetSecurityChardevCallback,
- mgr) < 0)
+ &chardevData) < 0)
return -1;
if (virDomainSmartcardDefForeach(def,
static int
virSecurityStackSetAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
- const char *stdin_path)
+ const char *stdin_path,
+ bool chardevStdioLogd)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
virSecurityStackItemPtr item = priv->itemsHead;
int rc = 0;
for (; item; item = item->next) {
- if (virSecurityManagerSetAllLabel(item->securityManager, vm, stdin_path) < 0)
+ if (virSecurityManagerSetAllLabel(item->securityManager, vm,
+ stdin_path, chardevStdioLogd) < 0)
rc = -1;
}
static int
virSecurityStackRestoreAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
- bool migrated)
+ bool migrated,
+ bool chardevStdioLogd)
{
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
virSecurityStackItemPtr item = priv->itemsHead;
int rc = 0;
for (; item; item = item->next) {
- if (virSecurityManagerRestoreAllLabel(item->securityManager, vm, migrated) < 0)
+ if (virSecurityManagerRestoreAllLabel(item->securityManager, vm,
+ migrated, chardevStdioLogd) < 0)
rc = -1;
}
if (!(def = testSELinuxLoadDef(testname)))
goto cleanup;
- if (virSecurityManagerSetAllLabel(mgr, def, NULL) < 0)
+ if (virSecurityManagerSetAllLabel(mgr, def, NULL, false) < 0)
goto cleanup;
if (testSELinuxCheckLabels(files, nfiles) < 0)
projects / thirdparty / libvirt.git / commitdiff
