#include "virlog.h"
#include "virstring.h"
#include "virscsi.h"
+#include "virmdev.h"
#define VIR_FROM_THIS VIR_FROM_SECURITY
virDomainHostdevSubsysPCIPtr pcisrc = &dev->source.subsys.u.pci;
virDomainHostdevSubsysSCSIPtr scsisrc = &dev->source.subsys.u.scsi;
virDomainHostdevSubsysSCSIVHostPtr hostsrc = &dev->source.subsys.u.scsi_host;
+ virDomainHostdevSubsysMediatedDevPtr mdevsrc = &dev->source.subsys.u.mdev;
if (!secdef || !secdef->relabel)
return 0;
break;
}
- case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV:
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV: {
+ char *vfiodev = NULL;
+ virMediatedDevicePtr mdev = virMediatedDeviceNew(mdevsrc->uuidstr,
+ mdevsrc->model);
+
+ if (!mdev)
+ goto done;
+
+ if (!(vfiodev = virMediatedDeviceGetIOMMUGroupDev(mdev))) {
+ virMediatedDeviceFree(mdev);
+ goto done;
+ }
+
+ ret = AppArmorSetSecurityHostdevLabelHelper(vfiodev, ptr);
+
+ VIR_FREE(vfiodev);
+ virMediatedDeviceFree(mdev);
break;
+ }
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
ret = 0;
#include "virfile.h"
#include "viralloc.h"
#include "virlog.h"
+#include "virmdev.h"
#include "virpci.h"
#include "virusb.h"
#include "virscsi.h"
virDomainHostdevSubsysPCIPtr pcisrc = &dev->source.subsys.u.pci;
virDomainHostdevSubsysSCSIPtr scsisrc = &dev->source.subsys.u.scsi;
virDomainHostdevSubsysSCSIVHostPtr hostsrc = &dev->source.subsys.u.scsi_host;
+ virDomainHostdevSubsysMediatedDevPtr mdevsrc = &dev->source.subsys.u.mdev;
int ret = -1;
if (!priv->dynamicOwnership)
break;
}
- case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV:
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV: {
+ char *vfiodev = NULL;
+ virMediatedDevicePtr mdev = virMediatedDeviceNew(mdevsrc->uuidstr,
+ mdevsrc->model);
+
+ if (!mdev)
+ goto done;
+
+ if (!(vfiodev = virMediatedDeviceGetIOMMUGroupDev(mdev))) {
+ virMediatedDeviceFree(mdev);
+ goto done;
+ }
+
+ ret = virSecurityDACSetHostdevLabelHelper(vfiodev, &cbdata);
+
+ VIR_FREE(vfiodev);
+ virMediatedDeviceFree(mdev);
+ break;
+ }
+
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
ret = 0;
break;
virDomainHostdevSubsysPCIPtr pcisrc = &dev->source.subsys.u.pci;
virDomainHostdevSubsysSCSIPtr scsisrc = &dev->source.subsys.u.scsi;
virDomainHostdevSubsysSCSIVHostPtr hostsrc = &dev->source.subsys.u.scsi_host;
+ virDomainHostdevSubsysMediatedDevPtr mdevsrc = &dev->source.subsys.u.mdev;
int ret = -1;
secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
break;
}
- case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV:
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV: {
+ char *vfiodev = NULL;
+ virMediatedDevicePtr mdev = virMediatedDeviceNew(mdevsrc->uuidstr,
+ mdevsrc->model);
+
+ if (!mdev)
+ goto done;
+
+ if (!(vfiodev = virMediatedDeviceGetIOMMUGroupDev(mdev))) {
+ virMediatedDeviceFree(mdev);
+ goto done;
+ }
+
+ ret = virSecurityDACRestoreFileLabel(virSecurityManagerGetPrivateData(mgr),
+ vfiodev);
+ VIR_FREE(vfiodev);
+ virMediatedDeviceFree(mdev);
+ break;
+ }
+
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
ret = 0;
break;
#include "virerror.h"
#include "viralloc.h"
#include "virlog.h"
+#include "virmdev.h"
#include "virpci.h"
#include "virusb.h"
#include "virscsi.h"
return virSecuritySELinuxSetHostdevLabelHelper(file, opaque);
}
+
static int
virSecuritySELinuxSetHostdevSubsysLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
virDomainHostdevSubsysPCIPtr pcisrc = &dev->source.subsys.u.pci;
virDomainHostdevSubsysSCSIPtr scsisrc = &dev->source.subsys.u.scsi;
virDomainHostdevSubsysSCSIVHostPtr hostsrc = &dev->source.subsys.u.scsi_host;
+ virDomainHostdevSubsysMediatedDevPtr mdevsrc = &dev->source.subsys.u.mdev;
virSecuritySELinuxCallbackData data = {.mgr = mgr, .def = def};
int ret = -1;
break;
}
- case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV:
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV: {
+ char *vfiodev = NULL;
+ virMediatedDevicePtr mdev = virMediatedDeviceNew(mdevsrc->uuidstr,
+ mdevsrc->model);
+
+ if (!mdev)
+ goto done;
+
+ if (!(vfiodev = virMediatedDeviceGetIOMMUGroupDev(mdev))) {
+ virMediatedDeviceFree(mdev);
+ goto done;
+ }
+
+ ret = virSecuritySELinuxSetHostdevLabelHelper(vfiodev, &data);
+
+ VIR_FREE(vfiodev);
+ virMediatedDeviceFree(mdev);
+ break;
+ }
+
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
ret = 0;
break;
return virSecuritySELinuxRestoreFileLabel(mgr, file);
}
+
static int
virSecuritySELinuxRestoreHostdevSubsysLabel(virSecurityManagerPtr mgr,
virDomainHostdevDefPtr dev,
virDomainHostdevSubsysPCIPtr pcisrc = &dev->source.subsys.u.pci;
virDomainHostdevSubsysSCSIPtr scsisrc = &dev->source.subsys.u.scsi;
virDomainHostdevSubsysSCSIVHostPtr hostsrc = &dev->source.subsys.u.scsi_host;
+ virDomainHostdevSubsysMediatedDevPtr mdevsrc = &dev->source.subsys.u.mdev;
int ret = -1;
/* Like virSecuritySELinuxRestoreImageLabelInt() for a networked
break;
}
- case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV:
+ case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV: {
+ char *vfiodev = NULL;
+ virMediatedDevicePtr mdev = virMediatedDeviceNew(mdevsrc->uuidstr,
+ mdevsrc->model);
+
+ if (!mdev)
+ goto done;
+
+ if (!(vfiodev = virMediatedDeviceGetIOMMUGroupDev(mdev))) {
+ virMediatedDeviceFree(mdev);
+ goto done;
+ }
+
+ ret = virSecuritySELinuxRestoreFileLabel(mgr, vfiodev);
+
+ VIR_FREE(vfiodev);
+ virMediatedDeviceFree(mdev);
+ break;
+ }
+
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST:
ret = 0;
break;
projects / libvirt.git / commitdiff