After previous commit this function is used no more.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
virSecurityManagerSetInputLabel;
virSecurityManagerSetMemoryLabel;
virSecurityManagerSetProcessLabel;
-virSecurityManagerSetSavedStateLabel;
virSecurityManagerSetSocketLabel;
virSecurityManagerSetTapFDLabel;
virSecurityManagerSetTPMLabels;
return reload_profile(mgr, def, NULL, false);
}
-static int
-AppArmorSetSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def,
- const char *savefile)
-{
- return reload_profile(mgr, def, savefile, true);
-}
-
static int
AppArmorSetPathLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
.domainSetSecurityHostdevLabel = AppArmorSetSecurityHostdevLabel,
.domainRestoreSecurityHostdevLabel = AppArmorRestoreSecurityHostdevLabel,
- .domainSetSavedStateLabel = AppArmorSetSavedStateLabel,
.domainRestoreSavedStateLabel = AppArmorRestoreSavedStateLabel,
.domainSetPathLabel = AppArmorSetPathLabel,
}
-static int
-virSecurityDACSetSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def,
- const char *savefile)
-{
- virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
- virSecurityLabelDefPtr secdef;
- uid_t user;
- gid_t group;
-
- secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
-
- if (virSecurityDACGetImageIds(secdef, priv, &user, &group) < 0)
- return -1;
-
- return virSecurityDACSetOwnership(mgr, NULL, savefile, user, group, true);
-}
-
-
static int
virSecurityDACRestoreSavedStateLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def G_GNUC_UNUSED,
.domainSetSecurityHostdevLabel = virSecurityDACSetHostdevLabel,
.domainRestoreSecurityHostdevLabel = virSecurityDACRestoreHostdevLabel,
- .domainSetSavedStateLabel = virSecurityDACSetSavedStateLabel,
.domainRestoreSavedStateLabel = virSecurityDACRestoreSavedStateLabel,
.domainSetSecurityImageFDLabel = virSecurityDACSetImageFDLabel,
virDomainDefPtr def,
virDomainHostdevDefPtr dev,
const char *vroot);
-typedef int (*virSecurityDomainSetSavedStateLabel) (virSecurityManagerPtr mgr,
- virDomainDefPtr def,
- const char *savefile);
typedef int (*virSecurityDomainRestoreSavedStateLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
const char *savefile);
virSecurityDomainSetHostdevLabel domainSetSecurityHostdevLabel;
virSecurityDomainRestoreHostdevLabel domainRestoreSecurityHostdevLabel;
- virSecurityDomainSetSavedStateLabel domainSetSavedStateLabel;
virSecurityDomainRestoreSavedStateLabel domainRestoreSavedStateLabel;
virSecurityDomainSetImageFDLabel domainSetSecurityImageFDLabel;
}
-int
-virSecurityManagerSetSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr vm,
- const char *savefile)
-{
- if (mgr->drv->domainSetSavedStateLabel) {
- int ret;
- virObjectLock(mgr);
- ret = mgr->drv->domainSetSavedStateLabel(mgr, vm, savefile);
- virObjectUnlock(mgr);
- return ret;
- }
-
- virReportUnsupportedError();
- return -1;
-}
-
int
virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
virDomainDefPtr def,
virDomainHostdevDefPtr dev,
const char *vroot);
-int virSecurityManagerSetSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def,
- const char *savefile);
int virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
const char *savefile);
return 0;
}
-static int
-virSecurityDomainSetSavedStateLabelNop(virSecurityManagerPtr mgr G_GNUC_UNUSED,
- virDomainDefPtr vm G_GNUC_UNUSED,
- const char *savefile G_GNUC_UNUSED)
-{
- return 0;
-}
-
static int
virSecurityDomainRestoreSavedStateLabelNop(virSecurityManagerPtr mgr G_GNUC_UNUSED,
virDomainDefPtr vm G_GNUC_UNUSED,
.domainSetSecurityHostdevLabel = virSecurityDomainSetHostdevLabelNop,
.domainRestoreSecurityHostdevLabel = virSecurityDomainRestoreHostdevLabelNop,
- .domainSetSavedStateLabel = virSecurityDomainSetSavedStateLabelNop,
.domainRestoreSavedStateLabel = virSecurityDomainRestoreSavedStateLabelNop,
.domainSetSecurityImageFDLabel = virSecurityDomainSetFDLabelNop,
}
-static int
-virSecuritySELinuxSetSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def,
- const char *savefile)
-{
- virSecurityLabelDefPtr secdef;
-
- secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
- if (!secdef || !secdef->relabel)
- return 0;
-
- return virSecuritySELinuxSetFilecon(mgr, savefile, secdef->imagelabel, true);
-}
-
-
static int
virSecuritySELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
.domainSetSecurityHostdevLabel = virSecuritySELinuxSetHostdevLabel,
.domainRestoreSecurityHostdevLabel = virSecuritySELinuxRestoreHostdevLabel,
- .domainSetSavedStateLabel = virSecuritySELinuxSetSavedStateLabel,
.domainRestoreSavedStateLabel = virSecuritySELinuxRestoreSavedStateLabel,
.domainSetSecurityImageFDLabel = virSecuritySELinuxSetImageFDLabel,
}
-static int
-virSecurityStackSetSavedStateLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr vm,
- const char *savefile)
-{
- virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
- virSecurityStackItemPtr item = priv->itemsHead;
-
- for (; item; item = item->next) {
- if (virSecurityManagerSetSavedStateLabel(item->securityManager, vm, savefile) < 0)
- goto rollback;
- }
-
- return 0;
-
- rollback:
- for (item = item->prev; item; item = item->prev) {
- if (virSecurityManagerRestoreSavedStateLabel(item->securityManager,
- vm,
- savefile) < 0) {
- VIR_WARN("Unable to restore saved state label after failed set "
- "label call virDriver=%s driver=%s savefile=%s",
- virSecurityManagerGetVirtDriver(mgr),
- virSecurityManagerGetDriver(item->securityManager),
- savefile);
- }
- }
- return -1;
-}
-
-
static int
virSecurityStackRestoreSavedStateLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
.domainSetSecurityHostdevLabel = virSecurityStackSetHostdevLabel,
.domainRestoreSecurityHostdevLabel = virSecurityStackRestoreHostdevLabel,
- .domainSetSavedStateLabel = virSecurityStackSetSavedStateLabel,
.domainRestoreSavedStateLabel = virSecurityStackRestoreSavedStateLabel,
.domainSetSecurityImageFDLabel = virSecurityStackSetImageFDLabel,
projects / libvirt.git / commitdiff