# include "security/security_manager.h"
# include "configmake.h"
+# define LXC_DRIVER_NAME "LXC"
+
# define LXC_CONFIG_DIR SYSCONFDIR "/libvirt/lxc"
# define LXC_STATE_DIR LOCALSTATEDIR "/run/libvirt/lxc"
# define LXC_LOG_DIR LOCALSTATEDIR "/log/libvirt/lxc"
break;
case 'S':
- if (!(securityDriver = virSecurityManagerNew(optarg, false, false, false))) {
+ if (!(securityDriver = virSecurityManagerNew(optarg,
+ LXC_DRIVER_NAME,
+ false, false, false))) {
fprintf(stderr, "Cannot create security manager '%s'",
optarg);
goto cleanup;
}
if (securityDriver == NULL) {
- if (!(securityDriver = virSecurityManagerNew("none", false, false, false))) {
+ if (!(securityDriver = virSecurityManagerNew("none",
+ LXC_DRIVER_NAME,
+ false, false, false))) {
fprintf(stderr, "%s: cannot initialize nop security manager", argv[0]);
goto cleanup;
}
static int
lxcSecurityInit(lxc_driver_t *driver)
{
+ VIR_INFO("lxcSecurityInit %s", driver->securityDriverName);
virSecurityManagerPtr mgr = virSecurityManagerNew(driver->securityDriverName,
+ LXC_DRIVER_NAME,
false,
driver->securityDefaultConfined,
driver->securityRequireConfined);
/* Function Tables */
static virDriver lxcDriver = {
.no = VIR_DRV_LXC,
- .name = "LXC",
+ .name = LXC_DRIVER_NAME,
.open = lxcOpen, /* 0.4.2 */
.close = lxcClose, /* 0.4.2 */
.version = lxcVersion, /* 0.4.6 */
};
static virStateDriver lxcStateDriver = {
- .name = "LXC",
+ .name = LXC_DRIVER_NAME,
.initialize = lxcStartup,
.cleanup = lxcShutdown,
.active = lxcActive,
#define VIR_FROM_THIS VIR_FROM_QEMU
+#define QEMU_DRIVER_NAME "QEMU"
+
#define QEMU_NB_MEM_PARAM 3
#define QEMU_NB_BLOCK_IO_TUNE_PARAM 6
qemuSecurityInit(struct qemud_driver *driver)
{
virSecurityManagerPtr mgr = virSecurityManagerNew(driver->securityDriverName,
+ QEMU_DRIVER_NAME,
driver->allowDiskFormatProbing,
driver->securityDefaultConfined,
driver->securityRequireConfined);
goto error;
if (driver->privileged) {
- virSecurityManagerPtr dac = virSecurityManagerNewDAC(driver->user,
+ virSecurityManagerPtr dac = virSecurityManagerNewDAC(QEMU_DRIVER_NAME,
+ driver->user,
driver->group,
driver->allowDiskFormatProbing,
driver->securityDefaultConfined,
static virDriver qemuDriver = {
.no = VIR_DRV_QEMU,
- .name = "QEMU",
+ .name = QEMU_DRIVER_NAME,
.open = qemudOpen, /* 0.2.0 */
.close = qemudClose, /* 0.2.0 */
.supports_feature = qemudSupportsFeature, /* 0.5.0 */
}
static virNWFilterCallbackDriver qemuCallbackDriver = {
- .name = "QEMU",
+ .name = QEMU_DRIVER_NAME,
.vmFilterRebuild = qemuVMFilterRebuild,
.vmDriverLock = qemuVMDriverLock,
.vmDriverUnlock = qemuVMDriverUnlock,
/* Called on libvirtd startup to see if AppArmor is available */
static int
-AppArmorSecurityManagerProbe(void)
+AppArmorSecurityManagerProbe(const char *virtDriver ATTRIBUTE_UNUSED)
{
char *template = NULL;
int rc = SECURITY_DRIVER_DISABLE;
}
static virSecurityDriverStatus
-virSecurityDACProbe(void)
+virSecurityDACProbe(const char *virtDriver ATTRIBUTE_UNUSED)
{
return SECURITY_DRIVER_ENABLE;
}
&virSecurityDriverNop, /* Must always be last, since it will always probe */
};
-virSecurityDriverPtr virSecurityDriverLookup(const char *name)
+virSecurityDriverPtr virSecurityDriverLookup(const char *name,
+ const char *virtDriver)
{
virSecurityDriverPtr drv = NULL;
int i;
STRNEQ(tmp->name, name))
continue;
- switch (tmp->probe()) {
+ switch (tmp->probe(virtDriver)) {
case SECURITY_DRIVER_ENABLE:
VIR_DEBUG("Probed name=%s", tmp->name);
drv = tmp;
typedef struct _virSecurityDriver virSecurityDriver;
typedef virSecurityDriver *virSecurityDriverPtr;
-typedef virSecurityDriverStatus (*virSecurityDriverProbe) (void);
+typedef virSecurityDriverStatus (*virSecurityDriverProbe) (const char *virtDriver);
typedef int (*virSecurityDriverOpen) (virSecurityManagerPtr mgr);
typedef int (*virSecurityDriverClose) (virSecurityManagerPtr mgr);
virSecurityDomainSetImageFDLabel domainSetSecurityImageFDLabel;
};
-virSecurityDriverPtr virSecurityDriverLookup(const char *name);
+virSecurityDriverPtr virSecurityDriverLookup(const char *name,
+ const char *virtDriver);
#endif /* __VIR_SECURITY_H__ */
bool allowDiskFormatProbing;
bool defaultConfined;
bool requireConfined;
+ const char *virtDriver;
};
static virSecurityManagerPtr virSecurityManagerNewDriver(virSecurityDriverPtr drv,
+ const char *virtDriver,
bool allowDiskFormatProbing,
bool defaultConfined,
bool requireConfined)
mgr->allowDiskFormatProbing = allowDiskFormatProbing;
mgr->defaultConfined = defaultConfined;
mgr->requireConfined = requireConfined;
+ mgr->virtDriver = virtDriver;
if (drv->open(mgr) < 0) {
virSecurityManagerFree(mgr);
{
virSecurityManagerPtr mgr =
virSecurityManagerNewDriver(&virSecurityDriverStack,
+ virSecurityManagerGetDriver(primary),
virSecurityManagerGetAllowDiskFormatProbing(primary),
virSecurityManagerGetDefaultConfined(primary),
virSecurityManagerGetRequireConfined(primary));
return mgr;
}
-virSecurityManagerPtr virSecurityManagerNewDAC(uid_t user,
+virSecurityManagerPtr virSecurityManagerNewDAC(const char *virtDriver,
+ uid_t user,
gid_t group,
bool allowDiskFormatProbing,
bool defaultConfined,
{
virSecurityManagerPtr mgr =
virSecurityManagerNewDriver(&virSecurityDriverDAC,
+ virtDriver,
allowDiskFormatProbing,
defaultConfined,
requireConfined);
}
virSecurityManagerPtr virSecurityManagerNew(const char *name,
+ const char *virtDriver,
bool allowDiskFormatProbing,
bool defaultConfined,
bool requireConfined)
{
- virSecurityDriverPtr drv = virSecurityDriverLookup(name);
+ virSecurityDriverPtr drv = virSecurityDriverLookup(name, virtDriver);
if (!drv)
return NULL;
}
return virSecurityManagerNewDriver(drv,
+ virtDriver,
allowDiskFormatProbing,
defaultConfined,
requireConfined);
VIR_FREE(mgr);
}
+const char *
+virSecurityManagerGetDriver(virSecurityManagerPtr mgr)
+{
+ return mgr->virtDriver;
+}
+
const char *
virSecurityManagerGetDOI(virSecurityManagerPtr mgr)
{
typedef virSecurityManager *virSecurityManagerPtr;
virSecurityManagerPtr virSecurityManagerNew(const char *name,
+ const char *virtDriver,
bool allowDiskFormatProbing,
bool defaultConfined,
bool requireConfined);
virSecurityManagerPtr virSecurityManagerNewStack(virSecurityManagerPtr primary,
virSecurityManagerPtr secondary);
-virSecurityManagerPtr virSecurityManagerNewDAC(uid_t user,
+virSecurityManagerPtr virSecurityManagerNewDAC(const char *virtDriver,
+ uid_t user,
gid_t group,
bool allowDiskFormatProbing,
bool defaultConfined,
void virSecurityManagerFree(virSecurityManagerPtr mgr);
+const char *virSecurityManagerGetDriver(virSecurityManagerPtr mgr);
const char *virSecurityManagerGetDOI(virSecurityManagerPtr mgr);
const char *virSecurityManagerGetModel(virSecurityManagerPtr mgr);
bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr);
#include "security_nop.h"
-static virSecurityDriverStatus virSecurityDriverProbeNop(void)
+static virSecurityDriverStatus virSecurityDriverProbeNop(const char *virtDriver ATTRIBUTE_UNUSED)
{
return SECURITY_DRIVER_ENABLE;
}
static int
-SELinuxSecurityDriverProbe(void)
+SELinuxSecurityDriverProbe(const char *virtDriver ATTRIBUTE_UNUSED)
{
return is_selinux_enabled() ? SECURITY_DRIVER_ENABLE : SECURITY_DRIVER_DISABLE;
}
}
static virSecurityDriverStatus
-virSecurityStackProbe(void)
+virSecurityStackProbe(const char *virtDriver ATTRIBUTE_UNUSED)
{
return SECURITY_DRIVER_ENABLE;
}
virSecurityManagerPtr mgr;
const char *doi, *model;
- mgr = virSecurityManagerNew(NULL, false, true, false);
+ mgr = virSecurityManagerNew(NULL, "QEMU", false, true, false);
if (mgr == NULL) {
fprintf (stderr, "Failed to start security driver");
exit (-1);
projects / libvirt.git / commitdiff