security: add new internal function "virSecurityManagerGetBaseLabel"

author Giuseppe Scrivano <gscrivan@redhat.com>

Fri, 18 Oct 2013 12:13:20 +0000 (14:13 +0200)

committer Eric Blake <eblake@redhat.com>

Tue, 29 Oct 2013 12:57:07 +0000 (06:57 -0600)
author Giuseppe Scrivano <gscrivan@redhat.com>
Fri, 18 Oct 2013 12:13:20 +0000 (14:13 +0200)
committer Eric Blake <eblake@redhat.com>
Tue, 29 Oct 2013 12:57:07 +0000 (06:57 -0600)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms

index f1f817c906b9d39c57565d4dd69aa38d5a61dc73..092f79749c468028a39a0e1c5437ad834c5298df 100644 (file)
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -842,6 +842,7 @@ virSecurityDriverLookup;
  # security/security_manager.h
  virSecurityManagerClearSocketLabel;
  virSecurityManagerGenLabel;
+virSecurityManagerGetBaseLabel;
  virSecurityManagerGetDOI;
  virSecurityManagerGetModel;
  virSecurityManagerGetMountOptions;
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c

index 30e4c3fbac980100759801c0f400c955b7976bb9..776a470b9304fb2479bb61a9db6cf2eddea492da 100644 (file)
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -931,6 +931,12 @@ AppArmorGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
      return opts;
  }
  
+static const char *
+AppArmorGetBaseLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+                     int virtType ATTRIBUTE_UNUSED)
+{
+    return NULL;
+}
  
  virSecurityDriver virAppArmorSecurityDriver = {
      .privateDataLen                     = 0,
@@ -972,4 +978,6 @@ virSecurityDriver virAppArmorSecurityDriver = {
      .domainSetSecurityTapFDLabel        = AppArmorSetFDLabel,
  
      .domainGetSecurityMountOptions      = AppArmorGetMountOptions,
+
+    .getBaseLabel                       = AppArmoryGetBaseLabel,
  };
diff --git a/src/security/security_dac.c b/src/security/security_dac.c

index f16251cd4ef2f1cae9bb99febfd7201a3a0f0819..019c789ffdcdb6c63aff934bf9091a46fd9a97bc 100644 (file)
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1174,6 +1174,14 @@ virSecurityDACGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
      return NULL;
  }
  
+static const char *
+virSecurityDACGetBaseLabel(virSecurityManagerPtr mgr,
+                           int virt ATTRIBUTE_UNUSED)
+{
+    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+    return priv->baselabel;
+}
+
  virSecurityDriver virSecurityDriverDAC = {
      .privateDataLen                     = sizeof(virSecurityDACData),
      .name                               = SECURITY_DAC_NAME,
@@ -1216,4 +1224,6 @@ virSecurityDriver virSecurityDriverDAC = {
      .domainSetSecurityTapFDLabel        = virSecurityDACSetTapFDLabel,
  
      .domainGetSecurityMountOptions      = virSecurityDACGetMountOptions,
+
+    .getBaseLabel                       = virSecurityDACGetBaseLabel,
  };
diff --git a/src/security/security_driver.h b/src/security/security_driver.h

index 87355589556d9b34cf55fc51dab31418f4b0caf6..ced1b9220aae4247d871750924b4028df18e2c97 100644 (file)
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -46,6 +46,8 @@ typedef int (*virSecurityDriverClose) (virSecurityManagerPtr mgr);
  
  typedef const char *(*virSecurityDriverGetModel) (virSecurityManagerPtr mgr);
  typedef const char *(*virSecurityDriverGetDOI) (virSecurityManagerPtr mgr);
+typedef const char *(*virSecurityDriverGetBaseLabel) (virSecurityManagerPtr mgr,
+                                                      int virtType);
  
  typedef int (*virSecurityDriverPreFork) (virSecurityManagerPtr mgr);
  
@@ -154,6 +156,8 @@ struct _virSecurityDriver {
  
      virSecurityDomainGetMountOptions domainGetSecurityMountOptions;
      virSecurityDomainSetHugepages domainSetSecurityHugepages;
+
+    virSecurityDriverGetBaseLabel getBaseLabel;
  };
  
  virSecurityDriverPtr virSecurityDriverLookup(const char *name,
diff --git a/src/security/security_manager.c b/src/security/security_manager.c

index 0e783ee5af199ed1b9318a09e7a2ea67908d32ce..5b76ad8eefa92de56f42f8e016af1fb1385e5db7 100644 (file)
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -275,6 +275,21 @@ virSecurityManagerGetModel(virSecurityManagerPtr mgr)
      return NULL;
  }
  
+/* return NULL if a base label is not present */
+const char *
+virSecurityManagerGetBaseLabel(virSecurityManagerPtr mgr, int virtType)
+{
+    if (mgr->drv->getBaseLabel) {
+        const char *ret;
+        virObjectLock(mgr);
+        ret = mgr->drv->getBaseLabel(mgr, virtType);
+        virObjectUnlock(mgr);
+        return ret;
+    }
+
+    return NULL;
+}
+
  bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr)
  {
      return mgr->allowDiskFormatProbing;
diff --git a/src/security/security_manager.h b/src/security/security_manager.h

index 92528306135667e130ceeee35a376fdf32cea809..81d3160a8b3199d2a6ec16b5f348056e604cca64 100644 (file)
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -55,6 +55,8 @@ void *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr);
  const char *virSecurityManagerGetDriver(virSecurityManagerPtr mgr);
  const char *virSecurityManagerGetDOI(virSecurityManagerPtr mgr);
  const char *virSecurityManagerGetModel(virSecurityManagerPtr mgr);
+const char *virSecurityManagerGetBaseLabel(virSecurityManagerPtr mgr, int virtType);
+
  bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr);
  bool virSecurityManagerGetDefaultConfined(virSecurityManagerPtr mgr);
  bool virSecurityManagerGetRequireConfined(virSecurityManagerPtr mgr);
diff --git a/src/security/security_nop.c b/src/security/security_nop.c

index 233404c1dd21e0a82383dce42a62d963013cd3f4..73e1ac167e3e0292f370fa8053d6ca52df96b058 100644 (file)
--- a/src/security/security_nop.c
+++ b/src/security/security_nop.c
@@ -186,6 +186,14 @@ static char *virSecurityDomainGetMountOptionsNop(virSecurityManagerPtr mgr ATTRI
      return opts;
  }
  
+static const char *
+virSecurityGetBaseLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+                        int virtType ATTRIBUTE_UNUSED)
+{
+    return NULL;
+}
+
+
  virSecurityDriver virSecurityDriverNop = {
      .privateDataLen                     = 0,
      .name                               = "none",
@@ -226,4 +234,6 @@ virSecurityDriver virSecurityDriverNop = {
      .domainSetSecurityTapFDLabel        = virSecurityDomainSetFDLabelNop,
  
      .domainGetSecurityMountOptions      = virSecurityDomainGetMountOptionsNop,
+
+    .getBaseLabel                       = virSecurityGetBaseLabel,
  };
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c

index 6c0b0bb3419f4df9f99c34f55892c9648f0532c4..310e30060b78c2fd375d65789a9d74428df3d82c 100644 (file)
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1830,6 +1830,17 @@ virSecuritySELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def,
  }
  
  
+static const char *
+virSecuritySELinuxGetBaseLabel(virSecurityManagerPtr mgr, int virtType)
+{
+    virSecuritySELinuxDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+    if (virtType == VIR_DOMAIN_VIRT_QEMU && priv->alt_domain_context)
+        return priv->alt_domain_context;
+    else
+        return priv->domain_context;
+}
+
+
  static int
  virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
                                            virDomainDefPtr def,
@@ -2477,4 +2488,5 @@ virSecurityDriver virSecurityDriverSELinux = {
      .domainSetSecurityTapFDLabel        = virSecuritySELinuxSetTapFDLabel,
  
      .domainGetSecurityMountOptions      = virSecuritySELinuxGetSecurityMountOptions,
+    .getBaseLabel                       = virSecuritySELinuxGetBaseLabel,
  };
diff --git a/src/security/security_stack.c b/src/security/security_stack.c

index 0a0dc92241e9d963bc0e46794f0669a832b78ade..ff0f06b1bfcb8cc12241a14df9b46787fff40893 100644 (file)
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -555,6 +555,13 @@ virSecurityStackGetNested(virSecurityManagerPtr mgr)
      return list;
  }
  
+static const char *
+virSecurityStackGetBaseLabel(virSecurityManagerPtr mgr, int virtType)
+{
+    return virSecurityManagerGetBaseLabel(virSecurityStackGetPrimary(mgr),
+                                          virtType);
+}
+
  virSecurityDriver virSecurityDriverStack = {
      .privateDataLen                     = sizeof(virSecurityStackData),
      .name                               = "stack",
@@ -599,4 +606,6 @@ virSecurityDriver virSecurityDriverStack = {
      .domainGetSecurityMountOptions      = virSecurityStackGetMountOptions,
  
      .domainSetSecurityHugepages         = virSecurityStackSetHugepages,
+
+    .getBaseLabel                       = virSecurityStackGetBaseLabel,
  };
author	Giuseppe Scrivano <gscrivan@redhat.com>
	Fri, 18 Oct 2013 12:13:20 +0000 (14:13 +0200)
committer	Eric Blake <eblake@redhat.com>
	Tue, 29 Oct 2013 12:57:07 +0000 (06:57 -0600)
src/libvirt_private.syms		patch \| blob \| blame \| history
src/security/security_apparmor.c		patch \| blob \| blame \| history
src/security/security_dac.c		patch \| blob \| blame \| history
src/security/security_driver.h		patch \| blob \| blame \| history
src/security/security_manager.c		patch \| blob \| blame \| history
src/security/security_manager.h		patch \| blob \| blame \| history
src/security/security_nop.c		patch \| blob \| blame \| history
src/security/security_selinux.c		patch \| blob \| blame \| history
src/security/security_stack.c		patch \| blob \| blame \| history