if (!(ctrl->securityManager = virSecurityManagerNew(securityDriver,
LXC_DRIVER_NAME,
- false, false, false)))
+ false, false, false, false)))
goto cleanup;
if (ctrl->def->seclabels) {
LXC_DRIVER_NAME,
false,
cfg->securityDefaultConfined,
- cfg->securityRequireConfined);
+ cfg->securityRequireConfined,
+ true);
if (!mgr)
goto error;
QEMU_DRIVER_NAME,
cfg->allowDiskFormatProbing,
cfg->securityDefaultConfined,
- cfg->securityRequireConfined)))
+ cfg->securityRequireConfined,
+ virQEMUDriverIsPrivileged(driver))))
goto error;
if (!stack) {
if (!(stack = virSecurityManagerNewStack(mgr)))
QEMU_DRIVER_NAME,
cfg->allowDiskFormatProbing,
cfg->securityDefaultConfined,
- cfg->securityRequireConfined)))
+ cfg->securityRequireConfined,
+ virQEMUDriverIsPrivileged(driver))))
goto error;
if (!(stack = virSecurityManagerNewStack(mgr)))
goto error;
cfg->allowDiskFormatProbing,
cfg->securityDefaultConfined,
cfg->securityRequireConfined,
+ virQEMUDriverIsPrivileged(driver),
cfg->dynamicOwnership,
qemuSecurityChownCallback)))
goto error;
bool allowDiskFormatProbing;
bool defaultConfined;
bool requireConfined;
+ bool privileged;
const char *virtDriver;
void *privateData;
};
const char *virtDriver,
bool allowDiskFormatProbing,
bool defaultConfined,
- bool requireConfined)
+ bool requireConfined,
+ bool privileged)
{
virSecurityManagerPtr mgr;
char *privateData;
return NULL;
VIR_DEBUG("drv=%p (%s) virtDriver=%s allowDiskFormatProbing=%d "
- "defaultConfined=%d requireConfined=%d",
+ "defaultConfined=%d requireConfined=%d privileged=%d",
drv, drv->name, virtDriver,
allowDiskFormatProbing, defaultConfined,
- requireConfined);
+ requireConfined, privileged);
if (VIR_ALLOC_N(privateData, drv->privateDataLen) < 0)
return NULL;
mgr->allowDiskFormatProbing = allowDiskFormatProbing;
mgr->defaultConfined = defaultConfined;
mgr->requireConfined = requireConfined;
+ mgr->privileged = privileged;
mgr->virtDriver = virtDriver;
mgr->privateData = privateData;
virSecurityManagerGetDriver(primary),
virSecurityManagerGetAllowDiskFormatProbing(primary),
virSecurityManagerGetDefaultConfined(primary),
- virSecurityManagerGetRequireConfined(primary));
+ virSecurityManagerGetRequireConfined(primary),
+ virSecurityManagerGetPrivileged(primary));
if (!mgr)
return NULL;
bool defaultConfined,
bool requireConfined,
bool dynamicOwnership,
+ bool privileged,
virSecurityManagerDACChownCallback chownCallback)
{
virSecurityManagerPtr mgr =
virtDriver,
allowDiskFormatProbing,
defaultConfined,
- requireConfined);
+ requireConfined,
+ privileged);
if (!mgr)
return NULL;
const char *virtDriver,
bool allowDiskFormatProbing,
bool defaultConfined,
- bool requireConfined)
+ bool requireConfined,
+ bool privileged)
{
virSecurityDriverPtr drv = virSecurityDriverLookup(name, virtDriver);
if (!drv)
virtDriver,
allowDiskFormatProbing,
defaultConfined,
- requireConfined);
+ requireConfined,
+ privileged);
}
}
+bool
+virSecurityManagerGetPrivileged(virSecurityManagerPtr mgr)
+{
+ return mgr->privileged;
+}
+
+
/**
* virSecurityManagerRestoreDiskLabel:
* @mgr: security manager object
const char *virtDriver,
bool allowDiskFormatProbing,
bool defaultConfined,
- bool requireConfined);
+ bool requireConfined,
+ bool privileged);
virSecurityManagerPtr virSecurityManagerNewStack(virSecurityManagerPtr primary);
int virSecurityManagerStackAddNested(virSecurityManagerPtr stack,
bool defaultConfined,
bool requireConfined,
bool dynamicOwnership,
+ bool privileged,
virSecurityManagerDACChownCallback chownCallback);
int virSecurityManagerPreFork(virSecurityManagerPtr mgr);
bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr);
bool virSecurityManagerGetDefaultConfined(virSecurityManagerPtr mgr);
bool virSecurityManagerGetRequireConfined(virSecurityManagerPtr mgr);
+bool virSecurityManagerGetPrivileged(virSecurityManagerPtr mgr);
int virSecurityManagerRestoreDiskLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
if (!driver.lockManager)
return EXIT_FAILURE;
- if (!(mgr = virSecurityManagerNew("none", "qemu", false, false, false)))
+ if (!(mgr = virSecurityManagerNew("none", "qemu", false, false, false, true)))
return EXIT_FAILURE;
if (!(driver.securityManager = virSecurityManagerNewStack(mgr)))
return EXIT_FAILURE;
if (virThreadInitialize() < 0)
return EXIT_FAILURE;
- mgr = virSecurityManagerNew(NULL, "QEMU", false, true, false);
+ mgr = virSecurityManagerNew(NULL, "QEMU", false, true, false, false);
if (mgr == NULL) {
fprintf(stderr, "Failed to start security driver");
return EXIT_FAILURE;
if (!rc)
return EXIT_AM_SKIP;
- if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false))) {
+ if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false, true))) {
virErrorPtr err = virGetLastError();
VIR_TEST_VERBOSE("Unable to initialize security driver: %s\n",
err->message);
int ret = 0;
virSecurityManagerPtr mgr;
- if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false))) {
+ if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false, true))) {
virErrorPtr err = virGetLastError();
fprintf(stderr, "Unable to initialize security driver: %s\n",
err->message);
projects / libvirt.git / commitdiff