vm->def->seclabels[0]->type == VIR_DOMAIN_SECLABEL_DEFAULT)
vm->def->seclabels[0]->type = VIR_DOMAIN_SECLABEL_NONE;
+ if (virSecurityManagerCheckAllLabel(driver->securityManager, vm->def) < 0)
+ goto cleanup;
+
if (virSecurityManagerGenLabel(driver->securityManager, vm->def) < 0) {
virDomainAuditSecurityLabel(vm, false);
goto cleanup;
NULL) < 0)
goto cleanup;
+ VIR_DEBUG("Checking domain and device security labels");
+ if (virSecurityManagerCheckAllLabel(driver->securityManager, vm->def) < 0)
+ goto cleanup;
+
/* If you are using a SecurityDriver with dynamic labelling,
then generate a security label for isolation */
VIR_DEBUG("Generating domain security label (if required)");
}
}
+ if (virSecurityManagerCheckAllLabel(driver->securityManager, vm->def) < 0)
+ goto error;
if (virSecurityManagerGenLabel(driver->securityManager, vm->def) < 0)
goto error;
}
+static int virSecurityManagerCheckModel(virSecurityManagerPtr mgr,
+ char *secmodel)
+{
+ size_t i;
+ virSecurityManagerPtr *sec_managers = NULL;
+
+ if ((sec_managers = virSecurityManagerGetNested(mgr)) == NULL)
+ return -1;
+
+ if (STREQ_NULLABLE(secmodel, "none"))
+ return 0;
+
+ for (i = 0; sec_managers[i]; i++) {
+ if (STREQ_NULLABLE(secmodel, sec_managers[i]->drv->name))
+ return 0;
+ }
+
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("Unable to find security driver for model %s"),
+ secmodel);
+ return -1;
+}
+
+
+static int
+virSecurityManagerCheckDiskLabel(virSecurityManagerPtr mgr,
+ virDomainDiskDefPtr disk)
+{
+ size_t i;
+
+ for (i = 0; i < disk->src->nseclabels; i++) {
+ if (virSecurityManagerCheckModel(mgr, disk->src->seclabels[i]->model) < 0)
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int
+virSecurityManagerCheckChardevLabel(virSecurityManagerPtr mgr,
+ virDomainChrDefPtr dev)
+{
+ size_t i;
+
+ for (i = 0; i < dev->nseclabels; i++) {
+ if (virSecurityManagerCheckModel(mgr, dev->seclabels[i]->model) < 0)
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int
+virSecurityManagerCheckChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
+ virDomainChrDefPtr dev,
+ void *opaque)
+{
+ virSecurityManagerPtr mgr = opaque;
+ return virSecurityManagerCheckChardevLabel(mgr, dev);
+}
+
+
+int virSecurityManagerCheckAllLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm)
+{
+ size_t i;
+
+ for (i = 0; i < vm->ndisks; i++) {
+ if (virSecurityManagerCheckDiskLabel(mgr, vm->disks[i]) < 0)
+ return -1;
+ }
+
+ if (virDomainChrDefForeach(vm,
+ true,
+ virSecurityManagerCheckChardevCallback,
+ mgr) < 0)
+ return -1;
+
+ return 0;
+}
+
+
int
virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
projects / people / liuw / libxenctrl-split / libvirt.git / commitdiff