virSecurityManagerGetMountOptions;
virSecurityManagerGetNested;
virSecurityManagerGetProcessLabel;
+virSecurityManagerMoveImageMetadata;
virSecurityManagerNew;
virSecurityManagerNewDAC;
virSecurityManagerNewStack;
virDomainDefPtr def,
virStorageSourcePtr src,
virSecurityDomainImageLabelFlags flags);
+typedef int (*virSecurityDomainMoveImageMetadata) (virSecurityManagerPtr mgr,
+ pid_t pid,
+ virStorageSourcePtr src,
+ virStorageSourcePtr dst);
typedef int (*virSecurityDomainSetMemoryLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
virDomainMemoryDefPtr mem);
virSecurityDomainSetImageLabel domainSetSecurityImageLabel;
virSecurityDomainRestoreImageLabel domainRestoreSecurityImageLabel;
+ virSecurityDomainMoveImageMetadata domainMoveImageMetadata;
virSecurityDomainSetMemoryLabel domainSetSecurityMemoryLabel;
virSecurityDomainRestoreMemoryLabel domainRestoreSecurityMemoryLabel;
}
+/**
+ * virSecurityManagerMoveImageMetadata:
+ * @mgr: security manager
+ * @pid: domain's PID
+ * @src: source of metadata
+ * @dst: destination to move metadata to
+ *
+ * For given source @src, metadata is moved to destination @dst.
+ *
+ * If @dst is NULL then metadata is removed from @src and not
+ * stored anywhere.
+ *
+ * If @pid is not -1 enther the @pid mount namespace (usually
+ * @pid refers to a domain) and perform the move from there. If
+ * @pid is -1 then the move is performed from the caller's
+ * namespace.
+ *
+ * Returns: 0 on success,
+ * -1 otherwise.
+ */
+int
+virSecurityManagerMoveImageMetadata(virSecurityManagerPtr mgr,
+ pid_t pid,
+ virStorageSourcePtr src,
+ virStorageSourcePtr dst)
+{
+ if (mgr->drv->domainMoveImageMetadata) {
+ int ret;
+ virObjectLock(mgr);
+ ret = mgr->drv->domainMoveImageMetadata(mgr, pid, src, dst);
+ virObjectUnlock(mgr);
+ return ret;
+ }
+
+ virReportUnsupportedError();
+ return -1;
+}
+
+
int
virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm)
virDomainDefPtr vm,
virStorageSourcePtr src,
virSecurityDomainImageLabelFlags flags);
+int virSecurityManagerMoveImageMetadata(virSecurityManagerPtr mgr,
+ pid_t pid,
+ virStorageSourcePtr src,
+ virStorageSourcePtr dst);
int virSecurityManagerSetMemoryLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
return 0;
}
+static int
+virSecurityDomainMoveImageMetadataNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+ pid_t pid ATTRIBUTE_UNUSED,
+ virStorageSourcePtr src ATTRIBUTE_UNUSED,
+ virStorageSourcePtr dst ATTRIBUTE_UNUSED)
+{
+ return 0;
+}
+
static int
virSecurityDomainSetMemoryLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr def ATTRIBUTE_UNUSED,
.domainSetSecurityImageLabel = virSecurityDomainSetImageLabelNop,
.domainRestoreSecurityImageLabel = virSecurityDomainRestoreImageLabelNop,
+ .domainMoveImageMetadata = virSecurityDomainMoveImageMetadataNop,
.domainSetSecurityMemoryLabel = virSecurityDomainSetMemoryLabelNop,
.domainRestoreSecurityMemoryLabel = virSecurityDomainRestoreMemoryLabelNop,
return rc;
}
+static int
+virSecurityStackMoveImageMetadata(virSecurityManagerPtr mgr,
+ pid_t pid,
+ virStorageSourcePtr src,
+ virStorageSourcePtr dst)
+{
+ virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+ virSecurityStackItemPtr item = priv->itemsHead;
+ int rc = 0;
+
+ for (; item; item = item->next) {
+ if (virSecurityManagerMoveImageMetadata(item->securityManager,
+ pid, src, dst) < 0)
+ rc = -1;
+ }
+
+ return rc;
+}
+
static int
virSecurityStackSetMemoryLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
.domainSetSecurityImageLabel = virSecurityStackSetImageLabel,
.domainRestoreSecurityImageLabel = virSecurityStackRestoreImageLabel,
+ .domainMoveImageMetadata = virSecurityStackMoveImageMetadata,
.domainSetSecurityMemoryLabel = virSecurityStackSetMemoryLabel,
.domainRestoreSecurityMemoryLabel = virSecurityStackRestoreMemoryLabel,
projects / libvirt.git / commitdiff