security: AppArmor: Implement per-image seclabel restore

Refactor the existing code to allow re-using it for the per-image label
restore too.

diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index b4cbc6141cd7afa9cf7b862c524adf9a92a718cd..391bf60fccf6bcac1d8f8ed4711de29196606036 100644 (file)
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -684,16 +684,24 @@ AppArmorClearSecuritySocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
 
 /* Called when hotplugging */
 static int
-AppArmorRestoreSecurityDiskLabel(virSecurityManagerPtr mgr,
-                                 virDomainDefPtr def,
-                                 virDomainDiskDefPtr disk)
+AppArmorRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
+                                  virDomainDefPtr def,
+                                  virStorageSourcePtr src)
 {
-    if (virDomainDiskGetType(disk) == VIR_STORAGE_TYPE_NETWORK)
+    if (!virStorageSourceIsLocalStorage(src))
         return 0;
 
     return reload_profile(mgr, def, NULL, false);
 }
 
+static int
+AppArmorRestoreSecurityDiskLabel(virSecurityManagerPtr mgr,
+                                 virDomainDefPtr def,
+                                 virDomainDiskDefPtr disk)
+{
+    return AppArmorRestoreSecurityImageLabel(mgr, def, disk->src);
+}
+
 /* Called when hotplugging */
 static int
 AppArmorSetSecurityDiskLabel(virSecurityManagerPtr mgr,
@@ -975,6 +983,8 @@ virSecurityDriver virAppArmorSecurityDriver = {
     .domainSetSecurityDiskLabel         = AppArmorSetSecurityDiskLabel,
     .domainRestoreSecurityDiskLabel     = AppArmorRestoreSecurityDiskLabel,
 
+    .domainRestoreSecurityImageLabel    = AppArmorRestoreSecurityImageLabel,
+
     .domainSetSecurityDaemonSocketLabel = AppArmorSetSecurityDaemonSocketLabel,
     .domainSetSecuritySocketLabel       = AppArmorSetSecuritySocketLabel,
     .domainClearSecuritySocketLabel     = AppArmorClearSecuritySocketLabel,