util/virprocess.c util/virprocess.h \
util/virrandom.h util/virrandom.c \
util/virscsi.c util/virscsi.h \
+ util/virseclabel.c util/virseclabel.h \
util/virsexpr.c util/virsexpr.h \
util/virsocketaddr.h util/virsocketaddr.c \
util/virstatslinux.c util/virstatslinux.h \
return;
}
-void
-virSecurityLabelDefFree(virSecurityLabelDefPtr def)
-{
- if (!def)
- return;
- VIR_FREE(def->model);
- VIR_FREE(def->label);
- VIR_FREE(def->imagelabel);
- VIR_FREE(def->baselabel);
- VIR_FREE(def);
-}
-
-
-void
-virSecurityDeviceLabelDefFree(virSecurityDeviceLabelDefPtr def)
-{
- if (!def)
- return;
- VIR_FREE(def->model);
- VIR_FREE(def->label);
- VIR_FREE(def);
-}
-
void virDomainGraphicsDefFree(virDomainGraphicsDefPtr def)
{
return NULL;
}
-virSecurityLabelDefPtr
-virDomainDefGenSecurityLabelDef(const char *model)
-{
- virSecurityLabelDefPtr seclabel = NULL;
-
- if (VIR_ALLOC(seclabel) < 0 ||
- VIR_STRDUP(seclabel->model, model) < 0) {
- virSecurityLabelDefFree(seclabel);
- seclabel = NULL;
- }
-
- return seclabel;
-}
-
-virSecurityDeviceLabelDefPtr
-virDomainDiskDefGenSecurityLabelDef(const char *model)
-{
- virSecurityDeviceLabelDefPtr seclabel = NULL;
-
- if (VIR_ALLOC(seclabel) < 0 ||
- VIR_STRDUP(seclabel->model, model) < 0) {
- virSecurityDeviceLabelDefFree(seclabel);
- seclabel = NULL;
- }
-
- return seclabel;
-}
-
typedef struct {
const char *devAlias;
# include "virbitmap.h"
# include "virstoragefile.h"
# include "virnuma.h"
+# include "virseclabel.h"
/* forward declarations of all device types, required by
* virDomainDeviceDef
int bootIndex;
};
-enum virDomainSeclabelType {
- VIR_DOMAIN_SECLABEL_DEFAULT,
- VIR_DOMAIN_SECLABEL_NONE,
- VIR_DOMAIN_SECLABEL_DYNAMIC,
- VIR_DOMAIN_SECLABEL_STATIC,
-
- VIR_DOMAIN_SECLABEL_LAST
-};
-
-/* Security configuration for domain */
-typedef struct _virSecurityLabelDef virSecurityLabelDef;
-typedef virSecurityLabelDef *virSecurityLabelDefPtr;
-struct _virSecurityLabelDef {
- char *model; /* name of security model */
- char *label; /* security label string */
- char *imagelabel; /* security image label string */
- char *baselabel; /* base name of label string */
- int type; /* virDomainSeclabelType */
- bool norelabel;
- bool implicit; /* true if seclabel is auto-added */
-};
-
-
-/* Security configuration for domain */
-typedef struct _virSecurityDeviceLabelDef virSecurityDeviceLabelDef;
-typedef virSecurityDeviceLabelDef *virSecurityDeviceLabelDefPtr;
-struct _virSecurityDeviceLabelDef {
- char *model;
- char *label; /* image label string */
- bool norelabel; /* true to skip label attempts */
- bool labelskip; /* live-only; true if skipping failed label attempt */
-};
-
typedef struct _virDomainHostdevOrigStates virDomainHostdevOrigStates;
typedef virDomainHostdevOrigStates *virDomainHostdevOrigStatesPtr;
virSecurityDeviceLabelDefPtr
virDomainChrDefGetSecurityLabelDef(virDomainChrDefPtr def, const char *model);
-virSecurityLabelDefPtr
-virDomainDefGenSecurityLabelDef(const char *model);
-
-virSecurityDeviceLabelDefPtr
-virDomainDiskDefGenSecurityLabelDef(const char *model);
-
-void virSecurityLabelDefFree(virSecurityLabelDefPtr def);
-void virSecurityDeviceLabelDefFree(virSecurityDeviceLabelDefPtr def);
-
typedef const char* (*virEventActionToStringFunc)(int type);
typedef int (*virEventActionFromStringFunc)(const char *type);
virDomainDefFormat;
virDomainDefFormatInternal;
virDomainDefFree;
-virDomainDefGenSecurityLabelDef;
virDomainDefGetDefaultEmulator;
virDomainDefGetSecurityLabelDef;
virDomainDefMaybeAddController;
virDomainDiskDefAssignAddress;
virDomainDiskDefForeachPath;
virDomainDiskDefFree;
-virDomainDiskDefGenSecurityLabelDef;
virDomainDiskDefGetSecurityLabelDef;
virDomainDiskDeviceTypeToString;
virDomainDiskDiscardTypeToString;
virDomainWatchdogModelTypeToString;
virDomainXMLOptionGetNamespace;
virDomainXMLOptionNew;
-virSecurityDeviceLabelDefFree;
-virSecurityLabelDefFree;
# conf/domain_event.h
virSCSIDeviceSetUsedBy;
+# util/virseclabel.h
+virSecurityDeviceLabelDefFree;
+virSecurityDeviceLabelDefNew;
+virSecurityLabelDefFree;
+virSecurityLabelDefNew;
+
+
# util/virsexpr.h
sexpr2string;
sexpr_append;
model = virSecurityManagerGetModel(sec_managers[i]);
seclabeldef = virDomainDefGetSecurityLabelDef(vm->def, model);
if (seclabeldef == NULL) {
- if (!(seclabeldef = virDomainDefGenSecurityLabelDef(model)))
+ if (!(seclabeldef = virSecurityLabelDefNew(model)))
goto error;
seclabelgen = true;
}
generated = false;
seclabel = virDomainDefGetSecurityLabelDef(vm, sec_managers[i]->drv->name);
if (!seclabel) {
- if (!(seclabel = virDomainDefGenSecurityLabelDef(sec_managers[i]->drv->name)))
+ if (!(seclabel = virSecurityLabelDefNew(sec_managers[i]->drv->name)))
goto cleanup;
generated = seclabel->implicit = true;
}
if (ret == 1 && !disk_seclabel) {
/* If we failed to set a label, but virt_use_nfs let us
* proceed anyway, then we don't need to relabel later. */
- disk_seclabel = virDomainDiskDefGenSecurityLabelDef(SECURITY_SELINUX_NAME);
+ disk_seclabel = virSecurityDeviceLabelDefNew(SECURITY_SELINUX_NAME);
if (!disk_seclabel)
return -1;
disk_seclabel->labelskip = true;
--- /dev/null
+/*
+ * virseclabel.c: security label utility functions
+ *
+ * Copyright (C) 2006-2014 Red Hat, Inc.
+ * Copyright (C) 2006-2008 Daniel P. Berrange
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include "internal.h"
+#include "viralloc.h"
+#include "virseclabel.h"
+#include "virstring.h"
+
+#define VIR_FROM_THIS VIR_FROM_NONE
+
+
+void
+virSecurityLabelDefFree(virSecurityLabelDefPtr def)
+{
+ if (!def)
+ return;
+ VIR_FREE(def->model);
+ VIR_FREE(def->label);
+ VIR_FREE(def->imagelabel);
+ VIR_FREE(def->baselabel);
+ VIR_FREE(def);
+}
+
+
+void
+virSecurityDeviceLabelDefFree(virSecurityDeviceLabelDefPtr def)
+{
+ if (!def)
+ return;
+ VIR_FREE(def->model);
+ VIR_FREE(def->label);
+ VIR_FREE(def);
+}
+
+
+virSecurityLabelDefPtr
+virSecurityLabelDefNew(const char *model)
+{
+ virSecurityLabelDefPtr seclabel = NULL;
+
+ if (VIR_ALLOC(seclabel) < 0 ||
+ VIR_STRDUP(seclabel->model, model) < 0) {
+ virSecurityLabelDefFree(seclabel);
+ seclabel = NULL;
+ }
+
+ return seclabel;
+}
+
+virSecurityDeviceLabelDefPtr
+virSecurityDeviceLabelDefNew(const char *model)
+{
+ virSecurityDeviceLabelDefPtr seclabel = NULL;
+
+ if (VIR_ALLOC(seclabel) < 0 ||
+ VIR_STRDUP(seclabel->model, model) < 0) {
+ virSecurityDeviceLabelDefFree(seclabel);
+ seclabel = NULL;
+ }
+
+ return seclabel;
+}
--- /dev/null
+/*
+ * virseclabel.h: security label utility functions
+ *
+ * Copyright (C) 2006-2014 Red Hat, Inc.
+ * Copyright (C) 2006-2008 Daniel P. Berrange
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __SECLABEL_H
+# define __SECLABEL_H
+
+enum virDomainSeclabelType {
+ VIR_DOMAIN_SECLABEL_DEFAULT,
+ VIR_DOMAIN_SECLABEL_NONE,
+ VIR_DOMAIN_SECLABEL_DYNAMIC,
+ VIR_DOMAIN_SECLABEL_STATIC,
+
+ VIR_DOMAIN_SECLABEL_LAST
+};
+
+/* Security configuration for domain */
+typedef struct _virSecurityLabelDef virSecurityLabelDef;
+typedef virSecurityLabelDef *virSecurityLabelDefPtr;
+struct _virSecurityLabelDef {
+ char *model; /* name of security model */
+ char *label; /* security label string */
+ char *imagelabel; /* security image label string */
+ char *baselabel; /* base name of label string */
+ int type; /* virDomainSeclabelType */
+ bool norelabel;
+ bool implicit; /* true if seclabel is auto-added */
+};
+
+
+/* Security configuration for domain */
+typedef struct _virSecurityDeviceLabelDef virSecurityDeviceLabelDef;
+typedef virSecurityDeviceLabelDef *virSecurityDeviceLabelDefPtr;
+struct _virSecurityDeviceLabelDef {
+ char *model;
+ char *label; /* image label string */
+ bool norelabel; /* true to skip label attempts */
+ bool labelskip; /* live-only; true if skipping failed label attempt */
+};
+
+virSecurityLabelDefPtr
+virSecurityLabelDefNew(const char *model);
+
+virSecurityDeviceLabelDefPtr
+virSecurityDeviceLabelDefNew(const char *model);
+
+void virSecurityLabelDefFree(virSecurityLabelDefPtr def);
+void virSecurityDeviceLabelDefFree(virSecurityDeviceLabelDefPtr def);
+
+#endif /* __SECLABEL_H */
projects / libvirt.git / commitdiff