security: update hostdev labelling functions for VFIO

author Laine Stump <laine@laine.org>

Thu, 25 Apr 2013 10:37:21 +0000 (06:37 -0400)

committer Laine Stump <laine@laine.org>

Fri, 26 Apr 2013 01:28:43 +0000 (21:28 -0400)
author Laine Stump <laine@laine.org>
Thu, 25 Apr 2013 10:37:21 +0000 (06:37 -0400)
committer Laine Stump <laine@laine.org>
Fri, 26 Apr 2013 01:28:43 +0000 (21:28 -0400)
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c

index 122edd4df11252fb5d4e0feb55c9baa329c142b2..0aff794a9a917e37a7b850326c18183a2a9a0f24 100644 (file)
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -831,7 +831,17 @@ AppArmorSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
          if (!pci)
              goto done;
  
-        ret = virPCIDeviceFileIterate(pci, AppArmorSetSecurityPCILabel, ptr);
+        if (dev->source.subsys.u.pci.backend
+            == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_TYPE_VFIO) {
+            char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci);
+
+            if (!vfioGroupDev)
+                goto done;
+            ret = AppArmorSetSecurityPCILabel(pci, vfioGroupDev, ptr);
+            VIR_FREE(vfioGroupDev);
+        } else {
+            ret = virPCIDeviceFileIterate(pci, AppArmorSetSecurityPCILabel, ptr);
+        }
          virPCIDeviceFree(pci);
          break;
      }
diff --git a/src/security/security_dac.c b/src/security/security_dac.c

index 8576081b2d850e225db289cf3253019b6ef8fb71..5e00112d1026f8e093cdd696769fce239afe951c 100644 (file)
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -516,8 +516,19 @@ virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
          if (!pci)
              goto done;
  
-        ret = virPCIDeviceFileIterate(pci, virSecurityDACSetSecurityPCILabel,
-                                      params);
+        if (dev->source.subsys.u.pci.backend
+            == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_TYPE_VFIO) {
+            char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci);
+
+            if (!vfioGroupDev)
+                goto done;
+            ret = virSecurityDACSetSecurityPCILabel(pci, vfioGroupDev, params);
+            VIR_FREE(vfioGroupDev);
+        } else {
+            ret = virPCIDeviceFileIterate(pci, virSecurityDACSetSecurityPCILabel,
+                                          params);
+        }
+
          virPCIDeviceFree(pci);
  
          break;
@@ -596,7 +607,17 @@ virSecurityDACRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
          if (!pci)
              goto done;
  
-        ret = virPCIDeviceFileIterate(pci, virSecurityDACRestoreSecurityPCILabel, mgr);
+        if (dev->source.subsys.u.pci.backend
+            == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_TYPE_VFIO) {
+            char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci);
+
+            if (!vfioGroupDev)
+                goto done;
+            ret = virSecurityDACRestoreSecurityPCILabel(pci, vfioGroupDev, mgr);
+            VIR_FREE(vfioGroupDev);
+        } else {
+            ret = virPCIDeviceFileIterate(pci, virSecurityDACRestoreSecurityPCILabel, mgr);
+        }
          virPCIDeviceFree(pci);
  
          break;
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c

index a8b74eebcc99f7c4bcab88b129dc4180641709d0..a5b54cb8211f0c9cbe05241a38709cd4849841b3 100644 (file)
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1342,7 +1342,17 @@ virSecuritySELinuxSetSecurityHostdevSubsysLabel(virDomainDefPtr def,
          if (!pci)
              goto done;
  
-        ret = virPCIDeviceFileIterate(pci, virSecuritySELinuxSetSecurityPCILabel, def);
+        if (dev->source.subsys.u.pci.backend
+            == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_TYPE_VFIO) {
+            char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci);
+
+            if (!vfioGroupDev)
+                goto done;
+            ret = virSecuritySELinuxSetSecurityPCILabel(pci, vfioGroupDev, def);
+            VIR_FREE(vfioGroupDev);
+        } else {
+            ret = virPCIDeviceFileIterate(pci, virSecuritySELinuxSetSecurityPCILabel, def);
+        }
          virPCIDeviceFree(pci);
  
          break;
@@ -1504,7 +1514,17 @@ virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(virSecurityManagerPtr mgr,
          if (!pci)
              goto done;
  
-        ret = virPCIDeviceFileIterate(pci, virSecuritySELinuxRestoreSecurityPCILabel, mgr);
+        if (dev->source.subsys.u.pci.backend
+            == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_TYPE_VFIO) {
+            char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci);
+
+            if (!vfioGroupDev)
+                goto done;
+            ret = virSecuritySELinuxRestoreSecurityPCILabel(pci, vfioGroupDev, mgr);
+            VIR_FREE(vfioGroupDev);
+        } else {
+            ret = virPCIDeviceFileIterate(pci, virSecuritySELinuxRestoreSecurityPCILabel, mgr);
+        }
          virPCIDeviceFree(pci);
  
          break;
author	Laine Stump <laine@laine.org>
	Thu, 25 Apr 2013 10:37:21 +0000 (06:37 -0400)
committer	Laine Stump <laine@laine.org>
	Fri, 26 Apr 2013 01:28:43 +0000 (21:28 -0400)
src/security/security_apparmor.c		patch \| blob \| blame \| history
src/security/security_dac.c		patch \| blob \| blame \| history
src/security/security_selinux.c		patch \| blob \| blame \| history