}
+static int
+virSecurityDACRestoreSysinfoLabel(virSecurityManagerPtr mgr,
+ virSysinfoDefPtr def)
+{
+ size_t i;
+
+ for (i = 0; i < def->nfw_cfgs; i++) {
+ virSysinfoFWCfgDefPtr f = &def->fw_cfgs[i];
+
+ if (f->file &&
+ virSecurityDACRestoreFileLabel(mgr, f->file) < 0)
+ return -1;
+ }
+
+ return 0;
+}
+
+
static int
virSecurityDACRestoreAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
rc = -1;
}
+ for (i = 0; i < def->nsysinfo; i++) {
+ if (virSecurityDACRestoreSysinfoLabel(mgr,
+ def->sysinfo[i]) < 0)
+ rc = -1;
+ }
+
if (def->os.loader && def->os.loader->nvram &&
virSecurityDACRestoreFileLabel(mgr, def->os.loader->nvram) < 0)
rc = -1;
}
+static int
+virSecurityDACSetSysinfoLabel(virSecurityManagerPtr mgr,
+ uid_t user,
+ gid_t group,
+ virSysinfoDefPtr def)
+{
+ size_t i;
+
+ for (i = 0; i < def->nfw_cfgs; i++) {
+ virSysinfoFWCfgDefPtr f = &def->fw_cfgs[i];
+
+ if (f->file &&
+ virSecurityDACSetOwnership(mgr, NULL, f->file,
+ user, group, true) < 0)
+ return -1;
+ }
+
+ return 0;
+}
+
+
static int
virSecurityDACSetAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
if (virSecurityDACGetImageIds(secdef, priv, &user, &group))
return -1;
+ for (i = 0; i < def->nsysinfo; i++) {
+ if (virSecurityDACSetSysinfoLabel(mgr, user, group, def->sysinfo[i]) < 0)
+ return -1;
+ }
+
if (def->os.loader && def->os.loader->nvram &&
virSecurityDACSetOwnership(mgr, NULL,
def->os.loader->nvram,
}
+static int
+virSecuritySELinuxRestoreSysinfoLabel(virSecurityManagerPtr mgr,
+ virSysinfoDefPtr def)
+{
+ size_t i;
+
+ for (i = 0; i < def->nfw_cfgs; i++) {
+ virSysinfoFWCfgDefPtr f = &def->fw_cfgs[i];
+
+ if (f->file &&
+ virSecuritySELinuxRestoreFileLabel(mgr, f->file, true) < 0)
+ return -1;
+ }
+
+ return 0;
+}
+
+
static int
virSecuritySELinuxRestoreAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
mgr) < 0)
rc = -1;
+ for (i = 0; i < def->nsysinfo; i++) {
+ if (virSecuritySELinuxRestoreSysinfoLabel(mgr, def->sysinfo[i]) < 0)
+ rc = -1;
+ }
+
if (def->os.loader && def->os.loader->nvram &&
virSecuritySELinuxRestoreFileLabel(mgr, def->os.loader->nvram, true) < 0)
rc = -1;
}
+static int
+virSecuritySELinuxSetSysinfoLabel(virSecurityManagerPtr mgr,
+ virSysinfoDefPtr def,
+ virSecuritySELinuxDataPtr data)
+{
+ size_t i;
+
+ for (i = 0; i < def->nfw_cfgs; i++) {
+ virSysinfoFWCfgDefPtr f = &def->fw_cfgs[i];
+
+ if (f->file &&
+ virSecuritySELinuxSetFilecon(mgr, f->file,
+ data->content_context, true) < 0)
+ return -1;
+ }
+
+ return 0;
+}
+
+
static int
virSecuritySELinuxSetAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
mgr) < 0)
return -1;
+ for (i = 0; i < def->nsysinfo; i++) {
+ if (virSecuritySELinuxSetSysinfoLabel(mgr,
+ def->sysinfo[i],
+ data) < 0)
+ return -1;
+ }
+
/* This is different than kernel or initrd. The nvram store
* is really a disk, qemu can read and write to it. */
if (def->os.loader && def->os.loader->nvram &&
}
}
+ for (i = 0; i < ctl->def->nsysinfo; i++) {
+ size_t j;
+
+ for (j = 0; j < ctl->def->sysinfo[i]->nfw_cfgs; j++) {
+ virSysinfoFWCfgDefPtr f = &ctl->def->sysinfo[i]->fw_cfgs[j];
+
+ if (f->file &&
+ vah_add_file(&buf, f->file, "r") != 0)
+ goto cleanup;
+ }
+ }
+
for (i = 0; i < ctl->def->nshmems; i++) {
virDomainShmemDef *shmem = ctl->def->shmems[i];
/* explicit server paths can be on any model to overwrites defaults.
projects / libvirt.git / commitdiff