The new name is virSecurityManagerDomainRestorePathLabel().
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
# security/security_manager.h
virSecurityManagerCheckAllLabel;
virSecurityManagerClearSocketLabel;
+virSecurityManagerDomainRestorePathLabel;
virSecurityManagerDomainSetPathLabel;
virSecurityManagerDomainSetPathLabelRO;
virSecurityManagerGenLabel;
virSecurityManagerRestoreImageLabel;
virSecurityManagerRestoreInputLabel;
virSecurityManagerRestoreMemoryLabel;
-virSecurityManagerRestoreSavedStateLabel;
virSecurityManagerRestoreTPMLabels;
virSecurityManagerSetAllLabel;
virSecurityManagerSetChardevLabel;
if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
goto cleanup;
- if (virSecurityManagerRestoreSavedStateLabel(driver->securityManager,
+ if (virSecurityManagerDomainRestorePathLabel(driver->securityManager,
vm->def,
savefile) < 0)
goto cleanup;
}
static int
-AppArmorRestoreSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def,
- const char *savefile G_GNUC_UNUSED)
+AppArmorRestorePathLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ const char *path G_GNUC_UNUSED)
{
return reload_profile(mgr, def, NULL, false);
}
.domainSetSecurityHostdevLabel = AppArmorSetSecurityHostdevLabel,
.domainRestoreSecurityHostdevLabel = AppArmorRestoreSecurityHostdevLabel,
- .domainRestoreSavedStateLabel = AppArmorRestoreSavedStateLabel,
-
.domainSetPathLabel = AppArmorSetPathLabel,
+ .domainRestorePathLabel = AppArmorRestorePathLabel,
.domainSetSecurityChardevLabel = AppArmorSetChardevLabel,
.domainRestoreSecurityChardevLabel = AppArmorRestoreChardevLabel,
}
-static int
-virSecurityDACRestoreSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def G_GNUC_UNUSED,
- const char *savefile)
-{
- virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
-
- if (!priv->dynamicOwnership)
- return 0;
-
- return virSecurityDACRestoreFileLabel(mgr, savefile);
-}
-
-
static int
virSecurityDACSetProcessLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def)
return virSecurityDACSetOwnership(mgr, NULL, path, user, group, true);
}
+static int
+virSecurityDACDomainRestorePathLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def G_GNUC_UNUSED,
+ const char *path)
+{
+ return virSecurityDACRestoreFileLabel(mgr, path);
+}
+
+
virSecurityDriver virSecurityDriverDAC = {
.privateDataLen = sizeof(virSecurityDACData),
.name = SECURITY_DAC_NAME,
.domainSetSecurityHostdevLabel = virSecurityDACSetHostdevLabel,
.domainRestoreSecurityHostdevLabel = virSecurityDACRestoreHostdevLabel,
- .domainRestoreSavedStateLabel = virSecurityDACRestoreSavedStateLabel,
-
.domainSetSecurityImageFDLabel = virSecurityDACSetImageFDLabel,
.domainSetSecurityTapFDLabel = virSecurityDACSetTapFDLabel,
.getBaseLabel = virSecurityDACGetBaseLabel,
.domainSetPathLabel = virSecurityDACDomainSetPathLabel,
+ .domainRestorePathLabel = virSecurityDACDomainRestorePathLabel,
.domainSetSecurityChardevLabel = virSecurityDACSetChardevLabel,
.domainRestoreSecurityChardevLabel = virSecurityDACRestoreChardevLabel,
virDomainDefPtr def,
virDomainHostdevDefPtr dev,
const char *vroot);
-typedef int (*virSecurityDomainRestoreSavedStateLabel) (virSecurityManagerPtr mgr,
- virDomainDefPtr def,
- const char *savefile);
typedef int (*virSecurityDomainGenLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr sec);
typedef int (*virSecurityDomainReserveLabel) (virSecurityManagerPtr mgr,
typedef int (*virSecurityDomainSetPathLabelRO) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
const char *path);
+typedef int (*virSecurityDomainRestorePathLabel) (virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ const char *path);
typedef int (*virSecurityDomainSetChardevLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
virDomainChrSourceDefPtr dev_source,
virSecurityDomainSetHostdevLabel domainSetSecurityHostdevLabel;
virSecurityDomainRestoreHostdevLabel domainRestoreSecurityHostdevLabel;
- virSecurityDomainRestoreSavedStateLabel domainRestoreSavedStateLabel;
-
virSecurityDomainSetImageFDLabel domainSetSecurityImageFDLabel;
virSecurityDomainSetTapFDLabel domainSetSecurityTapFDLabel;
virSecurityDomainSetPathLabel domainSetPathLabel;
virSecurityDomainSetPathLabelRO domainSetPathLabelRO;
+ virSecurityDomainRestorePathLabel domainRestorePathLabel;
virSecurityDomainSetChardevLabel domainSetSecurityChardevLabel;
virSecurityDomainRestoreChardevLabel domainRestoreSecurityChardevLabel;
}
-int
-virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr vm,
- const char *savefile)
-{
- if (mgr->drv->domainRestoreSavedStateLabel) {
- int ret;
- virObjectLock(mgr);
- ret = mgr->drv->domainRestoreSavedStateLabel(mgr, vm, savefile);
- virObjectUnlock(mgr);
- return ret;
- }
-
- virReportUnsupportedError();
- return -1;
-}
-
-
int
virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm)
return 0;
}
+/**
+ * virSecurityManagerDomainRestorePathLabel:
+ * @mgr: security manager object
+ * @vm: domain definition object
+ * @path: path to restore labels one
+ *
+ * This function is a counterpart to virSecurityManagerDomainSetPathLabel() and
+ * virSecurityManagerDomainSetPathLabelRO() as it restores any labels set by them.
+ *
+ * Returns: 0 on success, -1 on error.
+ */
+int
+virSecurityManagerDomainRestorePathLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ const char *path)
+{
+ if (mgr->drv->domainRestorePathLabel) {
+ int ret;
+ virObjectLock(mgr);
+ ret = mgr->drv->domainRestorePathLabel(mgr, vm, path);
+ virObjectUnlock(mgr);
+ return ret;
+ }
+
+ return 0;
+}
+
+
/**
* virSecurityManagerSetMemoryLabel:
virDomainDefPtr def,
virDomainHostdevDefPtr dev,
const char *vroot);
-int virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def,
- const char *savefile);
int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
virDomainDefPtr sec);
int virSecurityManagerReserveLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
const char *path);
+int virSecurityManagerDomainRestorePathLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ const char *path);
+
+
int virSecurityManagerSetChardevLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
virDomainChrSourceDefPtr dev_source,
return 0;
}
-static int
-virSecurityDomainRestoreSavedStateLabelNop(virSecurityManagerPtr mgr G_GNUC_UNUSED,
- virDomainDefPtr vm G_GNUC_UNUSED,
- const char *savefile G_GNUC_UNUSED)
-{
- return 0;
-}
-
static int
virSecurityDomainGenLabelNop(virSecurityManagerPtr mgr G_GNUC_UNUSED,
virDomainDefPtr sec G_GNUC_UNUSED)
.domainSetSecurityHostdevLabel = virSecurityDomainSetHostdevLabelNop,
.domainRestoreSecurityHostdevLabel = virSecurityDomainRestoreHostdevLabelNop,
- .domainRestoreSavedStateLabel = virSecurityDomainRestoreSavedStateLabelNop,
-
.domainSetSecurityImageFDLabel = virSecurityDomainSetFDLabelNop,
.domainSetSecurityTapFDLabel = virSecurityDomainSetFDLabelNop,
}
-static int
-virSecuritySELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def,
- const char *savefile)
-{
- virSecurityLabelDefPtr secdef;
-
- secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
- if (!secdef || !secdef->relabel)
- return 0;
-
- return virSecuritySELinuxRestoreFileLabel(mgr, savefile, true);
-}
-
-
static int
virSecuritySELinuxVerify(virSecurityManagerPtr mgr G_GNUC_UNUSED,
virDomainDefPtr def)
return virSecuritySELinuxSetFilecon(mgr, path, data->content_context, false);
}
+static int
+virSecuritySELinuxDomainRestorePathLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ const char *path)
+{
+ virSecurityLabelDefPtr secdef;
+
+ secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+ if (!secdef || !secdef->relabel)
+ return 0;
+
+ return virSecuritySELinuxRestoreFileLabel(mgr, path, true);
+}
+
+
/*
* virSecuritySELinuxSetFileLabels:
*
.domainSetSecurityHostdevLabel = virSecuritySELinuxSetHostdevLabel,
.domainRestoreSecurityHostdevLabel = virSecuritySELinuxRestoreHostdevLabel,
- .domainRestoreSavedStateLabel = virSecuritySELinuxRestoreSavedStateLabel,
-
.domainSetSecurityImageFDLabel = virSecuritySELinuxSetImageFDLabel,
.domainSetSecurityTapFDLabel = virSecuritySELinuxSetTapFDLabel,
.domainSetPathLabel = virSecuritySELinuxDomainSetPathLabel,
.domainSetPathLabelRO = virSecuritySELinuxDomainSetPathLabelRO,
+ .domainRestorePathLabel = virSecuritySELinuxDomainRestorePathLabel,
.domainSetSecurityChardevLabel = virSecuritySELinuxSetChardevLabel,
.domainRestoreSecurityChardevLabel = virSecuritySELinuxRestoreChardevLabel,
}
-static int
-virSecurityStackRestoreSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr vm,
- const char *savefile)
-{
- virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
- virSecurityStackItemPtr item = priv->itemsHead;
- int rc = 0;
-
- for (; item; item = item->next) {
- if (virSecurityManagerRestoreSavedStateLabel(item->securityManager, vm, savefile) < 0)
- rc = -1;
- }
-
- return rc;
-}
-
-
static int
virSecurityStackSetProcessLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm)
}
+static int
+virSecurityStackDomainRestorePathLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ const char *path)
+{
+ virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+ virSecurityStackItemPtr item = priv->itemsHead;
+ int rc = 0;
+
+ for (; item; item = item->next) {
+ if (virSecurityManagerDomainRestorePathLabel(item->securityManager,
+ vm, path) < 0)
+ rc = -1;
+ }
+
+ return rc;
+}
+
+
static int
virSecurityStackDomainSetChardevLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
.domainSetSecurityHostdevLabel = virSecurityStackSetHostdevLabel,
.domainRestoreSecurityHostdevLabel = virSecurityStackRestoreHostdevLabel,
- .domainRestoreSavedStateLabel = virSecurityStackRestoreSavedStateLabel,
-
.domainSetSecurityImageFDLabel = virSecurityStackSetImageFDLabel,
.domainSetSecurityTapFDLabel = virSecurityStackSetTapFDLabel,
.domainSetPathLabel = virSecurityStackDomainSetPathLabel,
.domainSetPathLabelRO = virSecurityStackDomainSetPathLabelRO,
+ .domainRestorePathLabel = virSecurityStackDomainRestorePathLabel,
.domainSetSecurityChardevLabel = virSecurityStackDomainSetChardevLabel,
.domainRestoreSecurityChardevLabel = virSecurityStackDomainRestoreChardevLabel,
projects / libvirt.git / commitdiff