virSecurityManagerSetSavedStateLabel;
virSecurityManagerSetSocketLabel;
virSecurityManagerVerify;
+virSecurityManagerGetMountOptions;
# sexpr.h
sexpr_append;
return 0;
}
+static char *virSecurityDACGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+ virDomainDefPtr vm ATTRIBUTE_UNUSED) {
+ return NULL;
+}
+
virSecurityDriver virSecurityDriverDAC = {
sizeof(virSecurityDACData),
"virDAC",
virSecurityDACRestoreSavedStateLabel,
virSecurityDACSetImageFDLabel,
+
+ virSecurityDACGetMountOptions,
};
/*
- * Copyright (C) 2008 Red Hat, Inc.
+ * Copyright (C) 2008-2012 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
*
* Authors:
* James Morris <jmorris@namei.org>
+ * Dan Walsh <dwalsh@redhat.com>
*
*/
#include <config.h>
typedef int (*virSecurityDomainSetImageFDLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
int fd);
+typedef char *(*virSecurityDomainGetMountOptions) (virSecurityManagerPtr mgr,
+ virDomainDefPtr def);
struct _virSecurityDriver {
size_t privateDataLen;
virSecurityDomainRestoreSavedStateLabel domainRestoreSavedStateLabel;
virSecurityDomainSetImageFDLabel domainSetSecurityImageFDLabel;
+
+ virSecurityDomainGetMountOptions domainGetSecurityMountOptions;
};
virSecurityDriverPtr virSecurityDriverLookup(const char *name,
requireConfined);
}
-
void *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr)
{
/* This accesses the memory just beyond mgr, which was allocated
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}
+
+char *virSecurityManagerGetMountOptions(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm)
+{
+ if (mgr->drv->domainGetSecurityMountOptions)
+ return mgr->drv->domainGetSecurityMountOptions(mgr, vm);
+
+ /*
+ I don't think this is an error, these should be optional
+ virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ */
+ return NULL;
+}
int virSecurityManagerSetImageFDLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
int fd);
-
+char *virSecurityManagerGetMountOptions(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm);
#endif /* VIR_SECURITY_MANAGER_H__ */
return 0;
}
+static char *virSecurityDomainGetMountOptionsNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+ virDomainDefPtr vm ATTRIBUTE_UNUSED) {
+ return NULL;
+}
+
virSecurityDriver virSecurityDriverNop = {
0,
"none",
virSecurityDomainRestoreSavedStateLabelNop,
virSecurityDomainSetFDLabelNop,
+
+ virSecurityDomainGetMountOptionsNop,
};
return SELinuxFSetFilecon(fd, secdef->imagelabel);
}
+static char *genImageLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def) {
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
+ virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
+ const char *range;
+ context_t ctx = NULL;
+ char *label = NULL;
+ const char *mcs = NULL;
+
+ if (secdef->label) {
+ ctx = context_new(secdef->label);
+ if (!ctx) {
+ virReportOOMError();
+ goto cleanup;
+ }
+ range = context_range_get(ctx);
+ if (range) {
+ mcs = strdup(range);
+ if (!mcs) {
+ virReportOOMError();
+ goto cleanup;
+ }
+ label = SELinuxGenNewContext(data->file_context, mcs);
+ if (!label) {
+ virReportOOMError();
+ goto cleanup;
+ }
+ }
+ }
+
+cleanup:
+ context_free(ctx);
+ VIR_FREE(mcs);
+ return label;
+}
+
+static char *SELinuxGetSecurityMountOptions(virSecurityManagerPtr mgr,
+ virDomainDefPtr def) {
+ char *opts = NULL;
+ const virSecurityLabelDefPtr secdef = &def->seclabel;
+
+ if (! secdef->imagelabel)
+ secdef->imagelabel = genImageLabel(mgr,def);
+
+ if (secdef->imagelabel) {
+ virAsprintf(&opts,
+ ",context=\"%s\"",
+ (const char*) secdef->imagelabel);
+ }
+
+ VIR_DEBUG("SELinuxGetSecurityMountOptions imageLabel %s", secdef->imagelabel);
+ return opts;
+}
+
virSecurityDriver virSecurityDriverSELinux = {
sizeof(virSecuritySELinuxData),
SECURITY_SELINUX_NAME,
SELinuxRestoreSavedStateLabel,
SELinuxSetImageFDLabel,
+
+ SELinuxGetSecurityMountOptions,
};
return rc;
}
+static char *virSecurityStackGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+ virDomainDefPtr vm ATTRIBUTE_UNUSED) {
+ return NULL;
+}
virSecurityDriver virSecurityDriverStack = {
sizeof(virSecurityStackData),
virSecurityStackRestoreSavedStateLabel,
virSecurityStackSetImageFDLabel,
+
+ virSecurityStackGetMountOptions,
};
projects / libvirt.git / commitdiff