From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 30 Jun 2020 06:26:04 +0000 (+0200)
Subject: security_selinux: Implement virSecurityManager{Set,Restore}SavedStateLabel
X-Git-Tag: v6.6.0-rc1~164
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d665b1ef3b9468c1cb79567a43b71f9057b3b78d;p=thirdparty%2Flibvirt.git

security_selinux: Implement virSecurityManager{Set,Restore}SavedStateLabel

These APIs are are basically
virSecuritySELinuxDomainSetPathLabelRO() and
virSecuritySELinuxDomainRestorePathLabel().

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
---

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index f8c1a0a2f1..6b0581e4d9 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2501,6 +2501,38 @@ virSecuritySELinuxRestoreHostdevLabel(virSecurityManagerPtr mgr,
 }
 
 
+static int
+virSecuritySELinuxSetSavedStateLabel(virSecurityManagerPtr mgr,
+                                     virDomainDefPtr def,
+                                     const char *savefile)
+{
+    virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
+    virSecurityLabelDefPtr secdef;
+
+    secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+
+    if (!savefile || !secdef || !secdef->relabel || data->skipAllLabel)
+        return 0;
+
+    return virSecuritySELinuxSetFilecon(mgr, savefile, data->content_context, false);
+}
+
+
+static int
+virSecuritySELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr,
+                                         virDomainDefPtr def,
+                                         const char *savefile)
+{
+    virSecurityLabelDefPtr secdef;
+
+    secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+    if (!secdef || !secdef->relabel)
+        return 0;
+
+    return virSecuritySELinuxRestoreFileLabel(mgr, savefile, true);
+}
+
+
 static int
 virSecuritySELinuxSetChardevLabel(virSecurityManagerPtr mgr,
                                   virDomainDefPtr def,
@@ -3616,6 +3648,9 @@ virSecurityDriver virSecurityDriverSELinux = {
     .domainSetSecurityHostdevLabel      = virSecuritySELinuxSetHostdevLabel,
     .domainRestoreSecurityHostdevLabel  = virSecuritySELinuxRestoreHostdevLabel,
 
+    .domainSetSavedStateLabel           = virSecuritySELinuxSetSavedStateLabel,
+    .domainRestoreSavedStateLabel       = virSecuritySELinuxRestoreSavedStateLabel,
+
     .domainSetSecurityImageFDLabel      = virSecuritySELinuxSetImageFDLabel,
     .domainSetSecurityTapFDLabel        = virSecuritySELinuxSetTapFDLabel,