virSecurityManagerRestoreAllLabel;
virSecurityManagerRestoreDiskLabel;
virSecurityManagerRestoreHostdevLabel;
+virSecurityManagerRestoreImageLabel;
virSecurityManagerRestoreSavedStateLabel;
virSecurityManagerSetAllLabel;
virSecurityManagerSetChildProcessLabel;
virSecurityManagerSetHostdevLabel;
virSecurityManagerSetHugepages;
virSecurityManagerSetImageFDLabel;
+virSecurityManagerSetImageLabel;
virSecurityManagerSetProcessLabel;
virSecurityManagerSetSavedStateLabel;
virSecurityManagerSetSocketLabel;
typedef int (*virSecurityDomainSetHugepages) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
const char *path);
+typedef int (*virSecurityDomainSetImageLabel) (virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virStorageSourcePtr src);
+typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virStorageSourcePtr src);
+
struct _virSecurityDriver {
size_t privateDataLen;
virSecurityDomainSetDiskLabel domainSetSecurityDiskLabel;
virSecurityDomainRestoreDiskLabel domainRestoreSecurityDiskLabel;
+ virSecurityDomainSetImageLabel domainSetSecurityImageLabel;
+ virSecurityDomainRestoreImageLabel domainRestoreSecurityImageLabel;
+
virSecurityDomainSetDaemonSocketLabel domainSetSecurityDaemonSocketLabel;
virSecurityDomainSetSocketLabel domainSetSecuritySocketLabel;
virSecurityDomainClearSocketLabel domainClearSecuritySocketLabel;
}
+/**
+ * virSecurityManagerRestoreImageLabel:
+ * @mgr: security manager object
+ * @vm: domain definition object
+ * @src: disk source definition to operate on
+ *
+ * Removes security label from a single storage image.
+ *
+ * Returns: 0 on success, -1 on error.
+ */
+int
+virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ virStorageSourcePtr src)
+{
+ if (mgr->drv->domainRestoreSecurityImageLabel) {
+ int ret;
+ virObjectLock(mgr);
+ ret = mgr->drv->domainRestoreSecurityImageLabel(mgr, vm, src);
+ virObjectUnlock(mgr);
+ return ret;
+ }
+
+ virReportUnsupportedError();
+ return -1;
+}
+
+
int
virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm)
}
+/**
+ * virSecurityManagerSetImageLabel:
+ * @mgr: security manager object
+ * @vm: domain definition object
+ * @src: disk source definition to operate on
+ *
+ * Labels a single storage image with the configured security label.
+ *
+ * Returns: 0 on success, -1 on error.
+ */
+int
+virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ virStorageSourcePtr src)
+{
+ if (mgr->drv->domainSetSecurityImageLabel) {
+ int ret;
+ virObjectLock(mgr);
+ ret = mgr->drv->domainSetSecurityImageLabel(mgr, vm, src);
+ virObjectUnlock(mgr);
+ return ret;
+ }
+
+ virReportUnsupportedError();
+ return -1;
+}
+
+
int
virSecurityManagerRestoreHostdevLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
virDomainDefPtr sec,
const char *hugepages_path);
+int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ virStorageSourcePtr src);
+int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ virStorageSourcePtr src);
+
#endif /* VIR_SECURITY_MANAGER_H__ */
return NULL;
}
+static int
+virSecurityDomainRestoreImageLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
+ virStorageSourcePtr src ATTRIBUTE_UNUSED)
+{
+ return 0;
+}
+
+static int
+virSecurityDomainSetImageLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
+ virStorageSourcePtr src ATTRIBUTE_UNUSED)
+{
+ return 0;
+}
+
virSecurityDriver virSecurityDriverNop = {
.privateDataLen = 0,
.domainSetSecurityDiskLabel = virSecurityDomainSetDiskLabelNop,
.domainRestoreSecurityDiskLabel = virSecurityDomainRestoreDiskLabelNop,
+ .domainSetSecurityImageLabel = virSecurityDomainSetImageLabelNop,
+ .domainRestoreSecurityImageLabel = virSecurityDomainRestoreImageLabelNop,
+
.domainSetSecurityDaemonSocketLabel = virSecurityDomainSetDaemonSocketLabelNop,
.domainSetSecuritySocketLabel = virSecurityDomainSetSocketLabelNop,
.domainClearSecuritySocketLabel = virSecurityDomainClearSocketLabelNop,
virtType);
}
+static int
+virSecurityStackSetSecurityImageLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ virStorageSourcePtr src)
+{
+ virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+ virSecurityStackItemPtr item = priv->itemsHead;
+ int rc = 0;
+
+ for (; item; item = item->next) {
+ if (virSecurityManagerSetImageLabel(item->securityManager, vm, src) < 0)
+ rc = -1;
+ }
+
+ return rc;
+}
+
+static int
+virSecurityStackRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ virStorageSourcePtr src)
+{
+ virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+ virSecurityStackItemPtr item = priv->itemsHead;
+ int rc = 0;
+
+ for (; item; item = item->next) {
+ if (virSecurityManagerRestoreImageLabel(item->securityManager,
+ vm, src) < 0)
+ rc = -1;
+ }
+
+ return rc;
+}
+
virSecurityDriver virSecurityDriverStack = {
.privateDataLen = sizeof(virSecurityStackData),
.name = "stack",
.domainSetSecurityDiskLabel = virSecurityStackSetSecurityDiskLabel,
.domainRestoreSecurityDiskLabel = virSecurityStackRestoreSecurityDiskLabel,
+ .domainSetSecurityImageLabel = virSecurityStackSetSecurityImageLabel,
+ .domainRestoreSecurityImageLabel = virSecurityStackRestoreSecurityImageLabel,
+
.domainSetSecurityDaemonSocketLabel = virSecurityStackSetDaemonSocketLabel,
.domainSetSecuritySocketLabel = virSecurityStackSetSocketLabel,
.domainClearSecuritySocketLabel = virSecurityStackClearSocketLabel,
projects / people / liuw / libxenctrl-split / libvirt.git / commitdiff