security: Rename SetSocketLabel APIs to SetDaemonSocketLabel

The APIs are designed to label a socket in a way that the libvirt daemon
itself is able to access it (i.e., in SELinux the label is virtd_t based
as opposed to svirt_* we use for labeling resources that need to be
accessed by a vm). The new name reflects this.

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 0618b4930ec3048a6fdb1b1bba200534cfafe7d3..c3e33b48475269667617768f84165533eba1818c 100644 (file)
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -904,13 +904,13 @@ virSecurityManagerRestoreAllLabel;
 virSecurityManagerRestoreHostdevLabel;
 virSecurityManagerRestoreSavedStateLabel;
 virSecurityManagerSetAllLabel;
+virSecurityManagerSetDaemonSocketLabel;
 virSecurityManagerSetImageFDLabel;
 virSecurityManagerSetImageLabel;
 virSecurityManagerSetHostdevLabel;
 virSecurityManagerSetProcessFDLabel;
 virSecurityManagerSetProcessLabel;
 virSecurityManagerSetSavedStateLabel;
-virSecurityManagerSetSocketLabel;
 virSecurityManagerVerify;
 
 # sexpr.h

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index f691bbb6ebe2aef35e3441a94524c30ce8229881..58b4d365216323630911a6c2771bedce5af77599 100644 (file)
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -821,7 +821,8 @@ qemuConnectMonitor(struct qemud_driver *driver, virDomainObjPtr vm)
     qemuDomainObjPrivatePtr priv = vm->privateData;
     int ret = -1;
 
-    if (virSecurityManagerSetSocketLabel(driver->securityManager, vm) < 0) {
+    if (virSecurityManagerSetDaemonSocketLabel(driver->securityManager,
+                                               vm) < 0) {
         VIR_ERROR(_("Failed to set security context for monitor for %s"),
                   vm->def->name);
         goto error;

diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 1d49ff6a2d670586b966038482ff03fb8e842d7a..0ad772699d5612538feba43dfd50c150de11efc7 100644 (file)
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -578,8 +578,8 @@ AppArmorSetSecurityProcessLabel(virSecurityManagerPtr mgr, virDomainObjPtr vm)
 }
 
 static int
-AppArmorSetSecuritySocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
-                               virDomainObjPtr vm ATTRIBUTE_UNUSED)
+AppArmorSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+                                     virDomainObjPtr vm ATTRIBUTE_UNUSED)
 {
     return 0;
 }
@@ -835,7 +835,7 @@ virSecurityDriver virAppArmorSecurityDriver = {
     AppArmorSetSecurityImageLabel,
     AppArmorRestoreSecurityImageLabel,
 
-    AppArmorSetSecuritySocketLabel,
+    AppArmorSetSecurityDaemonSocketLabel,
     AppArmorClearSecuritySocketLabel,
 
     AppArmorGenSecurityLabel,

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 58d57ec2126a74ca5cecd541517be847a6754b0c..6df4087151f2b90fbc05f68e583d5d78ebbce098 100644 (file)
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -667,8 +667,8 @@ virSecurityDACGetProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
 }
 
 static int
-virSecurityDACSetSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
-                               virDomainObjPtr vm ATTRIBUTE_UNUSED)
+virSecurityDACSetDaemonSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+                                   virDomainObjPtr vm ATTRIBUTE_UNUSED)
 {
     return 0;
 }
@@ -714,7 +714,7 @@ virSecurityDriver virSecurityDriverDAC = {
     virSecurityDACSetSecurityImageLabel,
     virSecurityDACRestoreSecurityImageLabel,
 
-    virSecurityDACSetSocketLabel,
+    virSecurityDACSetDaemonSocketLabel,
     virSecurityDACClearSocketLabel,
 
     virSecurityDACGenLabel,

diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index 154f197a46b7837d854ca8d7a94238bda30226de..73c8f0462424ca98e76a7b4983ec004f3d681bfc 100644 (file)
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -41,8 +41,8 @@ typedef const char *(*virSecurityDriverGetDOI) (virSecurityManagerPtr mgr);
 typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManagerPtr mgr,
                                                    virDomainObjPtr vm,
                                                    virDomainDiskDefPtr disk);
-typedef int (*virSecurityDomainSetSocketLabel) (virSecurityManagerPtr mgr,
-                                                virDomainObjPtr vm);
+typedef int (*virSecurityDomainSetDaemonSocketLabel)(virSecurityManagerPtr mgr,
+                                                     virDomainObjPtr vm);
 typedef int (*virSecurityDomainClearSocketLabel)(virSecurityManagerPtr mgr,
                                                 virDomainObjPtr vm);
 typedef int (*virSecurityDomainSetImageLabel) (virSecurityManagerPtr mgr,
@@ -101,7 +101,7 @@ struct _virSecurityDriver {
     virSecurityDomainSetImageLabel domainSetSecurityImageLabel;
     virSecurityDomainRestoreImageLabel domainRestoreSecurityImageLabel;
 
-    virSecurityDomainSetSocketLabel domainSetSecuritySocketLabel;
+    virSecurityDomainSetDaemonSocketLabel domainSetSecurityDaemonSocketLabel;
     virSecurityDomainClearSocketLabel domainClearSecuritySocketLabel;
 
     virSecurityDomainGenLabel domainGenSecurityLabel;

diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 6ae58dc816ef60907ca2c40117d617368dfd3755..d30ebcf309df666247485804e604f44077f68dce 100644 (file)
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -160,11 +160,11 @@ int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
     return -1;
 }
 
-int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr,
-                                     virDomainObjPtr vm)
+int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr,
+                                           virDomainObjPtr vm)
 {
-    if (mgr->drv->domainSetSecuritySocketLabel)
-        return mgr->drv->domainSetSecuritySocketLabel(mgr, vm);
+    if (mgr->drv->domainSetSecurityDaemonSocketLabel)
+        return mgr->drv->domainSetSecurityDaemonSocketLabel(mgr, vm);
 
     virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
     return -1;

diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index 8c3b8b2e5f3d6e5f89b064713fccac4842b57c28..8d614a78cb5b285084a6a7d870e92f81d2cfc46c 100644 (file)
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -53,8 +53,8 @@ bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr);
 int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
                                         virDomainObjPtr vm,
                                         virDomainDiskDefPtr disk);
-int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr,
-                                     virDomainObjPtr vm);
+int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr,
+                                           virDomainObjPtr vm);
 int virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr,
                                        virDomainObjPtr vm);
 int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr,

diff --git a/src/security/security_nop.c b/src/security/security_nop.c
index 24d36fe1f572043c06e7b63084b90a54d97e30c5..67d3ff6f927d01c0e5049f111c29b4ec7f2686da 100644 (file)
--- a/src/security/security_nop.c
+++ b/src/security/security_nop.c
@@ -53,8 +53,8 @@ static int virSecurityDomainRestoreImageLabelNop(virSecurityManagerPtr mgr ATTRI
     return 0;
 }
 
-static int virSecurityDomainSetSocketLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
-                                              virDomainObjPtr vm ATTRIBUTE_UNUSED)
+static int virSecurityDomainSetDaemonSocketLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+                                                    virDomainObjPtr vm ATTRIBUTE_UNUSED)
 {
     return 0;
 }
@@ -171,7 +171,7 @@ virSecurityDriver virSecurityDriverNop = {
     virSecurityDomainSetImageLabelNop,
     virSecurityDomainRestoreImageLabelNop,
 
-    virSecurityDomainSetSocketLabelNop,
+    virSecurityDomainSetDaemonSocketLabelNop,
     virSecurityDomainClearSocketLabelNop,
 
     virSecurityDomainGenLabelNop,

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 5e6145ff9529aebaff6dc556409acf175ddd0214..f87c9a5b08bd02e268bf2dd8f063cc35db233b41 100644 (file)
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1066,8 +1066,8 @@ SELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr,
 }
 
 static int
-SELinuxSetSecuritySocketLabel(virSecurityManagerPtr mgr,
-                               virDomainObjPtr vm)
+SELinuxSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr,
+                                    virDomainObjPtr vm)
 {
     /* TODO: verify DOI */
     const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
@@ -1312,7 +1312,7 @@ virSecurityDriver virSecurityDriverSELinux = {
     SELinuxSetSecurityImageLabel,
     SELinuxRestoreSecurityImageLabel,
 
-    SELinuxSetSecuritySocketLabel,
+    SELinuxSetSecurityDaemonSocketLabel,
     SELinuxClearSecuritySocketLabel,
 
     SELinuxGenSecurityLabel,

diff --git a/src/security/security_stack.c b/src/security/security_stack.c
index b63e4c8a3bb5ffeb439537e99949225c6a7f1494..404ff65d4dbfcb5e42e32cf63d54a0cd4b0af8fd 100644 (file)
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -339,15 +339,15 @@ virSecurityStackGetProcessLabel(virSecurityManagerPtr mgr,
 
 
 static int
-virSecurityStackSetSocketLabel(virSecurityManagerPtr mgr,
-                               virDomainObjPtr vm)
+virSecurityStackSetDaemonSocketLabel(virSecurityManagerPtr mgr,
+                                     virDomainObjPtr vm)
 {
     virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
     int rc = 0;
 
-    if (virSecurityManagerSetSocketLabel(priv->secondary, vm) < 0)
+    if (virSecurityManagerSetDaemonSocketLabel(priv->secondary, vm) < 0)
         rc = -1;
-    if (virSecurityManagerSetSocketLabel(priv->primary, vm) < 0)
+    if (virSecurityManagerSetDaemonSocketLabel(priv->primary, vm) < 0)
         rc = -1;
 
     return rc;
@@ -418,7 +418,7 @@ virSecurityDriver virSecurityDriverStack = {
     virSecurityStackSetSecurityImageLabel,
     virSecurityStackRestoreSecurityImageLabel,
 
-    virSecurityStackSetSocketLabel,
+    virSecurityStackSetDaemonSocketLabel,
     virSecurityStackClearSocketLabel,
 
     virSecurityStackGenLabel,