msg_gen_function += virReportError
msg_gen_function += virReportErrorHelper
msg_gen_function += virReportSystemError
-msg_gen_function += virSecurityReportError
msg_gen_function += virXenError
msg_gen_function += virXenInotifyError
msg_gen_function += virXenStoreError
char *libvirt_daemon = NULL;
if (virFileResolveLink("/proc/self/exe", &libvirt_daemon) < 0) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- "%s", _("could not find libvirtd"));
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ "%s", _("could not find libvirtd"));
return rc;
}
/* Update the profile only if it is loaded */
if (profile_loaded(secdef->imagelabel) >= 0) {
if (load_profile(mgr, secdef->imagelabel, def, fn, append) < 0) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- _("cannot update AppArmor profile "
- "\'%s\'"),
- secdef->imagelabel);
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("cannot update AppArmor profile "
+ "\'%s\'"),
+ secdef->imagelabel);
goto clean;
}
}
if (reload_profile(ptr->mgr, def, file, true) < 0) {
const virSecurityLabelDefPtr secdef = &def->seclabel;
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- _("cannot update AppArmor profile "
- "\'%s\'"),
- secdef->imagelabel);
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("cannot update AppArmor profile "
+ "\'%s\'"),
+ secdef->imagelabel);
return -1;
}
return 0;
if (reload_profile(ptr->mgr, def, file, true) < 0) {
const virSecurityLabelDefPtr secdef = &def->seclabel;
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- _("cannot update AppArmor profile "
- "\'%s\'"),
- secdef->imagelabel);
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("cannot update AppArmor profile "
+ "\'%s\'"),
+ secdef->imagelabel);
return -1;
}
return 0;
}
if (!virFileExists(template)) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- _("template \'%s\' does not exist"), template);
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("template \'%s\' does not exist"), template);
goto clean;
}
rc = SECURITY_DRIVER_ENABLE;
return 0;
if (def->seclabel.baselabel) {
- virSecurityReportError(VIR_ERR_CONFIG_UNSUPPORTED,
- "%s", _("Cannot set a base label with AppArmour"));
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ "%s", _("Cannot set a base label with AppArmour"));
return rc;
}
if ((def->seclabel.label) ||
(def->seclabel.model) || (def->seclabel.imagelabel)) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- "%s",
- _("security label already defined for VM"));
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ "%s",
+ _("security label already defined for VM"));
return rc;
}
/* Now that we have a label, load the profile into the kernel. */
if (load_profile(mgr, def->seclabel.label, def, NULL, false) < 0) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- _("cannot load AppArmor profile "
- "\'%s\'"), def->seclabel.label);
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("cannot load AppArmor profile "
+ "\'%s\'"), def->seclabel.label);
goto err;
}
if (virStrcpy(sec->label, profile_name,
VIR_SECURITY_LABEL_BUFLEN) == NULL) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- "%s", _("error copying profile name"));
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ "%s", _("error copying profile name"));
goto clean;
}
if ((sec->enforcing = profile_status(profile_name, 1)) < 0) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- "%s", _("error calling profile_status()"));
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ "%s", _("error calling profile_status()"));
goto clean;
}
rc = 0;
if (secdef->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
if ((rc = remove_profile(secdef->label)) != 0) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- _("could not remove profile for \'%s\'"),
- secdef->label);
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("could not remove profile for \'%s\'"),
+ secdef->label);
}
}
return rc;
return rc;
if (STRNEQ(virSecurityManagerGetModel(mgr), secdef->model)) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- _("security label driver mismatch: "
- "\'%s\' model configured for domain, but "
- "hypervisor driver is \'%s\'."),
- secdef->model, virSecurityManagerGetModel(mgr));
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("security label driver mismatch: "
+ "\'%s\' model configured for domain, but "
+ "hypervisor driver is \'%s\'."),
+ secdef->model, virSecurityManagerGetModel(mgr));
if (use_apparmor() > 0)
goto clean;
}
if (aa_change_profile(profile_name) < 0) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("error calling aa_change_profile()"));
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("error calling aa_change_profile()"));
goto clean;
}
rc = 0;
if (secdef->imagelabel) {
/* if the device doesn't exist, error out */
if (!virFileExists(disk->src)) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- _("\'%s\' does not exist"), disk->src);
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("\'%s\' does not exist"), disk->src);
return rc;
}
if (profile_loaded(secdef->imagelabel) >= 0) {
if (load_profile(mgr, secdef->imagelabel, def, disk->src,
false) < 0) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- _("cannot update AppArmor profile "
- "\'%s\'"),
- secdef->imagelabel);
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("cannot update AppArmor profile "
+ "\'%s\'"),
+ secdef->imagelabel);
goto clean;
}
}
if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC) {
if (use_apparmor() < 0 || profile_status(secdef->label, 0) < 0) {
- virSecurityReportError(VIR_ERR_XML_ERROR,
- _("Invalid security label \'%s\'"),
- secdef->label);
+ virReportError(VIR_ERR_XML_ERROR,
+ _("Invalid security label \'%s\'"),
+ secdef->label);
return -1;
}
}
#include "security_nop.h"
+#define VIR_FROM_THIS VIR_FROM_SECURITY
+
static virSecurityDriverPtr security_drivers[] = {
#ifdef WITH_SECDRIVER_SELINUX
&virSecurityDriverSELinux,
}
if (!drv) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- _("Security driver %s not found"),
- NULLSTR(name));
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Security driver %s not found"),
+ NULLSTR(name));
return NULL;
}
/* driver "none" needs some special handling of *Confined bools */
if (STREQ(drv->name, "none")) {
if (requireConfined) {
- virSecurityReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("Security driver \"none\" cannot create confined guests"));
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Security driver \"none\" cannot create confined guests"));
return NULL;
}
if (mgr->drv->getDOI)
return mgr->drv->getDOI(mgr);
- virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return NULL;
}
if (mgr->drv->getModel)
return mgr->drv->getModel(mgr);
- virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return NULL;
}
if (mgr->drv->domainRestoreSecurityImageLabel)
return mgr->drv->domainRestoreSecurityImageLabel(mgr, vm, disk);
- virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}
if (mgr->drv->domainSetSecurityDaemonSocketLabel)
return mgr->drv->domainSetSecurityDaemonSocketLabel(mgr, vm);
- virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}
if (mgr->drv->domainSetSecuritySocketLabel)
return mgr->drv->domainSetSecuritySocketLabel(mgr, vm);
- virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}
if (mgr->drv->domainClearSecuritySocketLabel)
return mgr->drv->domainClearSecuritySocketLabel(mgr, vm);
- virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}
if (mgr->drv->domainSetSecurityImageLabel)
return mgr->drv->domainSetSecurityImageLabel(mgr, vm, disk);
- virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}
if (mgr->drv->domainRestoreSecurityHostdevLabel)
return mgr->drv->domainRestoreSecurityHostdevLabel(mgr, vm, dev);
- virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}
if (mgr->drv->domainSetSecurityHostdevLabel)
return mgr->drv->domainSetSecurityHostdevLabel(mgr, vm, dev);
- virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}
if (mgr->drv->domainSetSavedStateLabel)
return mgr->drv->domainSetSavedStateLabel(mgr, vm, savefile);
- virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}
if (mgr->drv->domainRestoreSavedStateLabel)
return mgr->drv->domainRestoreSavedStateLabel(mgr, vm, savefile);
- virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}
if ((vm->seclabel.type == VIR_DOMAIN_SECLABEL_NONE) &&
mgr->requireConfined) {
- virSecurityReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("Unconfined guests are not allowed on this host"));
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Unconfined guests are not allowed on this host"));
return -1;
}
if (mgr->drv->domainGenSecurityLabel)
return mgr->drv->domainGenSecurityLabel(mgr, vm);
- virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}
if (mgr->drv->domainReserveSecurityLabel)
return mgr->drv->domainReserveSecurityLabel(mgr, vm, pid);
- virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}
if (mgr->drv->domainReleaseSecurityLabel)
return mgr->drv->domainReleaseSecurityLabel(mgr, vm);
- virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}
if (mgr->drv->domainSetSecurityAllLabel)
return mgr->drv->domainSetSecurityAllLabel(mgr, vm, stdin_path);
- virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}
if (mgr->drv->domainRestoreSecurityAllLabel)
return mgr->drv->domainRestoreSecurityAllLabel(mgr, vm, migrated);
- virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}
if (mgr->drv->domainGetSecurityProcessLabel)
return mgr->drv->domainGetSecurityProcessLabel(mgr, vm, pid, sec);
- virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}
if (mgr->drv->domainSetSecurityProcessLabel)
return mgr->drv->domainSetSecurityProcessLabel(mgr, vm);
- virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}
if (mgr->drv->domainSecurityVerify)
return mgr->drv->domainSecurityVerify(mgr, def);
- virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}
if (mgr->drv->domainSetSecurityImageFDLabel)
return mgr->drv->domainSetSecurityImageFDLabel(mgr, vm, fd);
- virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}
/*
I don't think this is an error, these should be optional
- virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
+ virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
*/
return NULL;
}
#ifndef VIR_SECURITY_MANAGER_H__
# define VIR_SECURITY_MANAGER_H__
-# define virSecurityReportError(code, ...) \
- virReportErrorHelper(VIR_FROM_SECURITY, code, __FILE__, \
- __FUNCTION__, __LINE__, __VA_ARGS__)
-
-
typedef struct _virSecurityManager virSecurityManager;
typedef virSecurityManager *virSecurityManagerPtr;
if ((def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) &&
!def->seclabel.baselabel &&
def->seclabel.model) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- "%s", _("security model already defined for VM"));
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ "%s", _("security model already defined for VM"));
return rc;
}
if (def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC &&
def->seclabel.label) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- "%s", _("security label already defined for VM"));
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ "%s", _("security label already defined for VM"));
return rc;
}
if (def->seclabel.imagelabel) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- "%s", _("security image label already defined for VM"));
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ "%s", _("security image label already defined for VM"));
return rc;
}
if (def->seclabel.model &&
STRNEQ(def->seclabel.model, SECURITY_SELINUX_NAME)) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- _("security label model %s is not supported with selinux"),
- def->seclabel.model);
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("security label model %s is not supported with selinux"),
+ def->seclabel.model);
return rc;
}
def->seclabel.baselabel :
data->domain_context, mcs);
if (! def->seclabel.label) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- _("cannot generate selinux context for %s"), mcs);
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("cannot generate selinux context for %s"), mcs);
goto cleanup;
}
break;
break;
default:
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- _("unexpected security label type '%s'"),
- virDomainSeclabelTypeToString(def->seclabel.type));
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("unexpected security label type '%s'"),
+ virDomainSeclabelTypeToString(def->seclabel.type));
goto cleanup;
}
if (!def->seclabel.norelabel) {
def->seclabel.imagelabel = SELinuxGenNewContext(data->file_context, mcs);
if (!def->seclabel.imagelabel) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- _("cannot generate selinux context for %s"), mcs);
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("cannot generate selinux context for %s"), mcs);
goto cleanup;
}
}
}
if (strlen((char *) ctx) >= VIR_SECURITY_LABEL_BUFLEN) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- _("security label exceeds "
- "maximum length: %d"),
- VIR_SECURITY_LABEL_BUFLEN - 1);
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("security label exceeds "
+ "maximum length: %d"),
+ VIR_SECURITY_LABEL_BUFLEN - 1);
freecon(ctx);
return -1;
}
return SELinuxRestoreSecurityChardevLabel(def, &dev->data.passthru);
default:
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- _("unknown smartcard type %d"),
- dev->type);
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("unknown smartcard type %d"),
+ dev->type);
return -1;
}
{
const virSecurityLabelDefPtr secdef = &def->seclabel;
if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- _("security label driver mismatch: "
- "'%s' model configured for domain, but "
- "hypervisor driver is '%s'."),
- secdef->model, virSecurityManagerGetModel(mgr));
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("security label driver mismatch: "
+ "'%s' model configured for domain, but "
+ "hypervisor driver is '%s'."),
+ secdef->model, virSecurityManagerGetModel(mgr));
return -1;
}
if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC) {
if (security_check_context(secdef->label) != 0) {
- virSecurityReportError(VIR_ERR_XML_ERROR,
- _("Invalid security label %s"), secdef->label);
+ virReportError(VIR_ERR_XML_ERROR,
+ _("Invalid security label %s"), secdef->label);
return -1;
}
}
return 0;
if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- _("security label driver mismatch: "
- "'%s' model configured for domain, but "
- "hypervisor driver is '%s'."),
- secdef->model, virSecurityManagerGetModel(mgr));
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("security label driver mismatch: "
+ "'%s' model configured for domain, but "
+ "hypervisor driver is '%s'."),
+ secdef->model, virSecurityManagerGetModel(mgr));
if (security_getenforce() == 1)
return -1;
}
return 0;
if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- _("security label driver mismatch: "
- "'%s' model configured for domain, but "
- "hypervisor driver is '%s'."),
- secdef->model, virSecurityManagerGetModel(mgr));
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("security label driver mismatch: "
+ "'%s' model configured for domain, but "
+ "hypervisor driver is '%s'."),
+ secdef->model, virSecurityManagerGetModel(mgr));
goto done;
}
return 0;
if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- _("security label driver mismatch: "
- "'%s' model configured for domain, but "
- "hypervisor driver is '%s'."),
- secdef->model, virSecurityManagerGetModel(mgr));
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("security label driver mismatch: "
+ "'%s' model configured for domain, but "
+ "hypervisor driver is '%s'."),
+ secdef->model, virSecurityManagerGetModel(mgr));
goto done;
}
return 0;
if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- _("security label driver mismatch: "
- "'%s' model configured for domain, but "
- "hypervisor driver is '%s'."),
- secdef->model, virSecurityManagerGetModel(mgr));
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("security label driver mismatch: "
+ "'%s' model configured for domain, but "
+ "hypervisor driver is '%s'."),
+ secdef->model, virSecurityManagerGetModel(mgr));
if (security_getenforce() == 1)
return -1;
}
return SELinuxSetSecurityChardevLabel(def, &dev->data.passthru);
default:
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- _("unknown smartcard type %d"),
- dev->type);
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("unknown smartcard type %d"),
+ dev->type);
return -1;
}
projects / libvirt.git / commitdiff