if (driver->securityDriver &&
driver->securityDriver->domainReserveSecurityLabel &&
- driver->securityDriver->domainReserveSecurityLabel(obj) < 0)
+ driver->securityDriver->domainReserveSecurityLabel(driver->securityDriver,
+ obj) < 0)
goto error;
if (obj->def->id >= driver->nextvmid)
DEBUG0("Generating domain security label (if required)");
if (driver->securityDriver &&
driver->securityDriver->domainGenSecurityLabel &&
- driver->securityDriver->domainGenSecurityLabel(vm) < 0)
+ driver->securityDriver->domainGenSecurityLabel(driver->securityDriver,
+ vm) < 0)
goto cleanup;
DEBUG0("Generating setting domain security labels (if required)");
if (driver->securityDriver &&
driver->securityDriver->domainSetSecurityAllLabel &&
- driver->securityDriver->domainSetSecurityAllLabel(vm, stdin_path) < 0) {
+ driver->securityDriver->domainSetSecurityAllLabel(driver->securityDriver,
+ vm, stdin_path) < 0) {
if (stdin_path && virStorageFileIsSharedFS(stdin_path) != 1)
goto cleanup;
}
/* Reset Security Labels */
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityAllLabel)
- driver->securityDriver->domainRestoreSecurityAllLabel(vm, migrated);
+ driver->securityDriver->domainRestoreSecurityAllLabel(driver->securityDriver,
+ vm, migrated);
if (driver->securityDriver &&
driver->securityDriver->domainReleaseSecurityLabel)
- driver->securityDriver->domainReleaseSecurityLabel(vm);
+ driver->securityDriver->domainReleaseSecurityLabel(driver->securityDriver,
+ vm);
/* Clear out dynamically assigned labels */
if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
if ((!bypassSecurityDriver) &&
driver->securityDriver &&
driver->securityDriver->domainSetSavedStateLabel &&
- driver->securityDriver->domainSetSavedStateLabel(vm, path) == -1)
+ driver->securityDriver->domainSetSavedStateLabel(driver->securityDriver,
+ vm, path) == -1)
goto endjob;
if (header.compressed == QEMUD_SAVE_FORMAT_RAW) {
if ((!bypassSecurityDriver) &&
driver->securityDriver &&
driver->securityDriver->domainRestoreSavedStateLabel &&
- driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1)
+ driver->securityDriver->domainRestoreSavedStateLabel(driver->securityDriver,
+ vm, path) == -1)
VIR_WARN("failed to restore save state label on %s", path);
if (cgroup != NULL) {
if ((!bypassSecurityDriver) &&
driver->securityDriver &&
driver->securityDriver->domainRestoreSavedStateLabel &&
- driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1)
+ driver->securityDriver->domainRestoreSavedStateLabel(driver->securityDriver,
+ vm, path) == -1)
VIR_WARN("failed to restore save state label on %s", path);
}
if (driver->securityDriver &&
driver->securityDriver->domainSetSavedStateLabel &&
- driver->securityDriver->domainSetSavedStateLabel(vm, path) == -1)
+ driver->securityDriver->domainSetSavedStateLabel(driver->securityDriver,
+ vm, path) == -1)
goto endjob;
/* Migrate will always stop the VM, so the resume condition is
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSavedStateLabel &&
- driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1)
+ driver->securityDriver->domainRestoreSavedStateLabel(driver->securityDriver,
+ vm, path) == -1)
goto endjob;
endjob:
* QEMU monitor hasn't seen SIGHUP/ERR on poll().
*/
if (virDomainObjIsActive(vm)) {
- if (driver->securityDriver && driver->securityDriver->domainGetSecurityProcessLabel) {
- if (driver->securityDriver->domainGetSecurityProcessLabel(vm, seclabel) == -1) {
- qemuReportError(VIR_ERR_INTERNAL_ERROR,
- "%s", _("Failed to get security label"));
- goto cleanup;
- }
+ if (driver->securityDriver &&
+ driver->securityDriver->domainGetSecurityProcessLabel &&
+ driver->securityDriver->domainGetSecurityProcessLabel(driver->securityDriver,
+ vm, seclabel) < 0) {
+ qemuReportError(VIR_ERR_INTERNAL_ERROR,
+ "%s", _("Failed to get security label"));
+ goto cleanup;
}
}
out:
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSavedStateLabel &&
- driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1)
+ driver->securityDriver->domainRestoreSavedStateLabel(driver->securityDriver,
+ vm, path) == -1)
VIR_WARN("failed to restore save state label on %s", path);
return ret;
if (driver->securityDriver &&
driver->securityDriver->domainSetSecurityImageLabel &&
- driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0)
+ driver->securityDriver->domainSetSecurityImageLabel(driver->securityDriver,
+ vm, disk) < 0)
return -1;
if (!(driveAlias = qemuDeviceDriveHostAlias(origdisk, qemuCmdFlags)))
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityImageLabel &&
- driver->securityDriver->domainRestoreSecurityImageLabel(vm, origdisk) < 0)
+ driver->securityDriver->domainRestoreSecurityImageLabel(driver->securityDriver,
+ vm, origdisk) < 0)
VIR_WARN("Unable to restore security label on ejected image %s", origdisk->src);
VIR_FREE(origdisk->src);
VIR_FREE(driveAlias);
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityImageLabel &&
- driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
+ driver->securityDriver->domainRestoreSecurityImageLabel(driver->securityDriver,
+ vm, disk) < 0)
VIR_WARN("Unable to restore security label on new media %s", disk->src);
return -1;
}
if (driver->securityDriver &&
driver->securityDriver->domainSetSecurityImageLabel &&
- driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0)
+ driver->securityDriver->domainSetSecurityImageLabel(driver->securityDriver,
+ vm, disk) < 0)
return -1;
if (qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE) {
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityImageLabel &&
- driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
+ driver->securityDriver->domainRestoreSecurityImageLabel(driver->securityDriver,
+ vm, disk) < 0)
VIR_WARN("Unable to restore security label on %s", disk->src);
return -1;
if (driver->securityDriver &&
driver->securityDriver->domainSetSecurityImageLabel &&
- driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0)
+ driver->securityDriver->domainSetSecurityImageLabel(driver->securityDriver,
+ vm, disk) < 0)
return -1;
/* We should have an address already, so make sure */
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityImageLabel &&
- driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
+ driver->securityDriver->domainRestoreSecurityImageLabel(driver->securityDriver,
+ vm, disk) < 0)
VIR_WARN("Unable to restore security label on %s", disk->src);
return -1;
if (driver->securityDriver &&
driver->securityDriver->domainSetSecurityImageLabel &&
- driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0)
+ driver->securityDriver->domainSetSecurityImageLabel(driver->securityDriver,
+ vm, disk) < 0)
return -1;
if (!disk->src) {
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityImageLabel &&
- driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
+ driver->securityDriver->domainRestoreSecurityImageLabel(driver->securityDriver,
+ vm, disk) < 0)
VIR_WARN("Unable to restore security label on %s", disk->src);
return -1;
if (driver->securityDriver &&
driver->securityDriver->domainSetSecurityHostdevLabel &&
- driver->securityDriver->domainSetSecurityHostdevLabel(vm, hostdev) < 0)
+ driver->securityDriver->domainSetSecurityHostdevLabel(driver->securityDriver,
+ vm, hostdev) < 0)
return -1;
switch (hostdev->source.subsys.type) {
error:
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityHostdevLabel &&
- driver->securityDriver->domainRestoreSecurityHostdevLabel(vm, hostdev) < 0)
+ driver->securityDriver->domainRestoreSecurityHostdevLabel(driver->securityDriver,
+ vm, hostdev) < 0)
VIR_WARN0("Unable to restore host device labelling on hotplug fail");
return -1;
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityImageLabel &&
- driver->securityDriver->domainRestoreSecurityImageLabel(vm, dev->data.disk) < 0)
+ driver->securityDriver->domainRestoreSecurityImageLabel(driver->securityDriver,
+ vm, dev->data.disk) < 0)
VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
if (cgroup != NULL) {
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityImageLabel &&
- driver->securityDriver->domainRestoreSecurityImageLabel(vm, dev->data.disk) < 0)
+ driver->securityDriver->domainRestoreSecurityImageLabel(driver->securityDriver,
+ vm, dev->data.disk) < 0)
VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
if (cgroup != NULL) {
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSecurityHostdevLabel &&
- driver->securityDriver->domainRestoreSecurityHostdevLabel(vm, dev->data.hostdev) < 0)
+ driver->securityDriver->domainRestoreSecurityHostdevLabel(driver->securityDriver,
+ vm, dev->data.hostdev) < 0)
VIR_WARN0("Failed to restore host device labelling");
return ret;
static int
-qemuSecurityDACSetSecurityImageLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
+qemuSecurityDACSetSecurityImageLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm ATTRIBUTE_UNUSED,
virDomainDiskDefPtr disk)
{
static int
-qemuSecurityDACRestoreSecurityImageLabelInt(virDomainObjPtr vm ATTRIBUTE_UNUSED,
+qemuSecurityDACRestoreSecurityImageLabelInt(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm ATTRIBUTE_UNUSED,
virDomainDiskDefPtr disk,
int migrated)
{
static int
-qemuSecurityDACRestoreSecurityImageLabel(virDomainObjPtr vm,
+qemuSecurityDACRestoreSecurityImageLabel(virSecurityDriverPtr drv,
+ virDomainObjPtr vm,
virDomainDiskDefPtr disk)
{
- return qemuSecurityDACRestoreSecurityImageLabelInt(vm, disk, 0);
+ return qemuSecurityDACRestoreSecurityImageLabelInt(drv, vm, disk, 0);
}
static int
-qemuSecurityDACSetSecurityHostdevLabel(virDomainObjPtr vm,
+qemuSecurityDACSetSecurityHostdevLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm,
virDomainHostdevDefPtr dev)
{
static int
-qemuSecurityDACRestoreSecurityHostdevLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
+qemuSecurityDACRestoreSecurityHostdevLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm ATTRIBUTE_UNUSED,
virDomainHostdevDefPtr dev)
{
static int
-qemuSecurityDACRestoreSecurityAllLabel(virDomainObjPtr vm,
+qemuSecurityDACRestoreSecurityAllLabel(virSecurityDriverPtr drv,
+ virDomainObjPtr vm,
int migrated)
{
int i;
vm->def->name, migrated);
for (i = 0 ; i < vm->def->nhostdevs ; i++) {
- if (qemuSecurityDACRestoreSecurityHostdevLabel(vm,
+ if (qemuSecurityDACRestoreSecurityHostdevLabel(drv,
+ vm,
vm->def->hostdevs[i]) < 0)
rc = -1;
}
for (i = 0 ; i < vm->def->ndisks ; i++) {
- if (qemuSecurityDACRestoreSecurityImageLabelInt(vm,
+ if (qemuSecurityDACRestoreSecurityImageLabelInt(drv,
+ vm,
vm->def->disks[i],
migrated) < 0)
rc = -1;
static int
-qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path ATTRIBUTE_UNUSED)
+qemuSecurityDACSetSecurityAllLabel(virSecurityDriverPtr drv,
+ virDomainObjPtr vm,
+ const char *stdin_path ATTRIBUTE_UNUSED)
{
int i;
/* XXX fixme - we need to recursively label the entriy tree :-( */
if (vm->def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_DIR)
continue;
- if (qemuSecurityDACSetSecurityImageLabel(vm, vm->def->disks[i]) < 0)
+ if (qemuSecurityDACSetSecurityImageLabel(drv,
+ vm,
+ vm->def->disks[i]) < 0)
return -1;
}
for (i = 0 ; i < vm->def->nhostdevs ; i++) {
- if (qemuSecurityDACSetSecurityHostdevLabel(vm, vm->def->hostdevs[i]) < 0)
+ if (qemuSecurityDACSetSecurityHostdevLabel(drv,
+ vm,
+ vm->def->hostdevs[i]) < 0)
return -1;
}
static int
-qemuSecurityDACSetSavedStateLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
+qemuSecurityDACSetSavedStateLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm ATTRIBUTE_UNUSED,
const char *savefile)
{
if (!driver->privileged)
static int
-qemuSecurityDACRestoreSavedStateLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
+qemuSecurityDACRestoreSavedStateLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm ATTRIBUTE_UNUSED,
const char *savefile)
{
if (!driver->privileged)
static int
-qemuSecurityStackedGenLabel(virDomainObjPtr vm)
+qemuSecurityStackedGenLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainGenSecurityLabel &&
- driver->securitySecondaryDriver->domainGenSecurityLabel(vm) < 0)
+ driver->securitySecondaryDriver->domainGenSecurityLabel(driver->securitySecondaryDriver,
+ vm) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainGenSecurityLabel &&
- driver->securityPrimaryDriver->domainGenSecurityLabel(vm) < 0)
+ driver->securityPrimaryDriver->domainGenSecurityLabel(driver->securityPrimaryDriver,
+ vm) < 0)
rc = -1;
return rc;
static int
-qemuSecurityStackedReleaseLabel(virDomainObjPtr vm)
+qemuSecurityStackedReleaseLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainReleaseSecurityLabel &&
- driver->securitySecondaryDriver->domainReleaseSecurityLabel(vm) < 0)
+ driver->securitySecondaryDriver->domainReleaseSecurityLabel(driver->securitySecondaryDriver,
+ vm) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainReleaseSecurityLabel &&
- driver->securityPrimaryDriver->domainReleaseSecurityLabel(vm) < 0)
+ driver->securityPrimaryDriver->domainReleaseSecurityLabel(driver->securityPrimaryDriver,
+ vm) < 0)
rc = -1;
return rc;
static int
-qemuSecurityStackedReserveLabel(virDomainObjPtr vm)
+qemuSecurityStackedReserveLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainReserveSecurityLabel &&
- driver->securitySecondaryDriver->domainReserveSecurityLabel(vm) < 0)
+ driver->securitySecondaryDriver->domainReserveSecurityLabel(driver->securitySecondaryDriver,
+ vm) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainReserveSecurityLabel &&
- driver->securityPrimaryDriver->domainReserveSecurityLabel(vm) < 0)
+ driver->securityPrimaryDriver->domainReserveSecurityLabel(driver->securityPrimaryDriver,
+ vm) < 0)
rc = -1;
return rc;
static int
-qemuSecurityStackedSetSecurityImageLabel(virDomainObjPtr vm,
+qemuSecurityStackedSetSecurityImageLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm,
virDomainDiskDefPtr disk)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainSetSecurityImageLabel &&
- driver->securitySecondaryDriver->domainSetSecurityImageLabel(vm, disk) < 0)
+ driver->securitySecondaryDriver->domainSetSecurityImageLabel(driver->securitySecondaryDriver,
+ vm, disk) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainSetSecurityImageLabel &&
- driver->securityPrimaryDriver->domainSetSecurityImageLabel(vm, disk) < 0)
+ driver->securityPrimaryDriver->domainSetSecurityImageLabel(driver->securityPrimaryDriver,
+ vm, disk) < 0)
rc = -1;
return rc;
static int
-qemuSecurityStackedRestoreSecurityImageLabel(virDomainObjPtr vm,
+qemuSecurityStackedRestoreSecurityImageLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm,
virDomainDiskDefPtr disk)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainRestoreSecurityImageLabel &&
- driver->securitySecondaryDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
+ driver->securitySecondaryDriver->domainRestoreSecurityImageLabel(driver->securitySecondaryDriver,
+ vm, disk) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainRestoreSecurityImageLabel &&
- driver->securityPrimaryDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
+ driver->securityPrimaryDriver->domainRestoreSecurityImageLabel(driver->securityPrimaryDriver,
+ vm, disk) < 0)
rc = -1;
return rc;
static int
-qemuSecurityStackedSetSecurityHostdevLabel(virDomainObjPtr vm,
+qemuSecurityStackedSetSecurityHostdevLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm,
virDomainHostdevDefPtr dev)
{
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainSetSecurityHostdevLabel &&
- driver->securitySecondaryDriver->domainSetSecurityHostdevLabel(vm, dev) < 0)
+ driver->securitySecondaryDriver->domainSetSecurityHostdevLabel(driver->securitySecondaryDriver,
+ vm, dev) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainSetSecurityHostdevLabel &&
- driver->securityPrimaryDriver->domainSetSecurityHostdevLabel(vm, dev) < 0)
+ driver->securityPrimaryDriver->domainSetSecurityHostdevLabel(driver->securityPrimaryDriver,
+ vm, dev) < 0)
rc = -1;
return rc;
static int
-qemuSecurityStackedRestoreSecurityHostdevLabel(virDomainObjPtr vm,
+qemuSecurityStackedRestoreSecurityHostdevLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm,
virDomainHostdevDefPtr dev)
-
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainRestoreSecurityHostdevLabel &&
- driver->securitySecondaryDriver->domainRestoreSecurityHostdevLabel(vm, dev) < 0)
+ driver->securitySecondaryDriver->domainRestoreSecurityHostdevLabel(driver->securitySecondaryDriver,
+ vm, dev) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainRestoreSecurityHostdevLabel &&
- driver->securityPrimaryDriver->domainRestoreSecurityHostdevLabel(vm, dev) < 0)
+ driver->securityPrimaryDriver->domainRestoreSecurityHostdevLabel(driver->securityPrimaryDriver,
+ vm, dev) < 0)
rc = -1;
return rc;
static int
-qemuSecurityStackedSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path)
+qemuSecurityStackedSetSecurityAllLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm,
+ const char *stdin_path)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainSetSecurityAllLabel &&
- driver->securitySecondaryDriver->domainSetSecurityAllLabel(vm, stdin_path) < 0)
+ driver->securitySecondaryDriver->domainSetSecurityAllLabel(driver->securitySecondaryDriver,
+ vm, stdin_path) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainSetSecurityAllLabel &&
- driver->securityPrimaryDriver->domainSetSecurityAllLabel(vm, stdin_path) < 0)
+ driver->securityPrimaryDriver->domainSetSecurityAllLabel(driver->securityPrimaryDriver,
+ vm, stdin_path) < 0)
rc = -1;
return rc;
static int
-qemuSecurityStackedRestoreSecurityAllLabel(virDomainObjPtr vm,
+qemuSecurityStackedRestoreSecurityAllLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm,
int migrated)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainRestoreSecurityAllLabel &&
- driver->securitySecondaryDriver->domainRestoreSecurityAllLabel(vm, migrated) < 0)
+ driver->securitySecondaryDriver->domainRestoreSecurityAllLabel(driver->securitySecondaryDriver,
+ vm, migrated) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainRestoreSecurityAllLabel &&
- driver->securityPrimaryDriver->domainRestoreSecurityAllLabel(vm, migrated) < 0)
+ driver->securityPrimaryDriver->domainRestoreSecurityAllLabel(driver->securityPrimaryDriver,
+ vm, migrated) < 0)
rc = -1;
return rc;
static int
-qemuSecurityStackedSetSavedStateLabel(virDomainObjPtr vm,
+qemuSecurityStackedSetSavedStateLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm,
const char *savefile)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainSetSavedStateLabel &&
- driver->securitySecondaryDriver->domainSetSavedStateLabel(vm, savefile) < 0)
+ driver->securitySecondaryDriver->domainSetSavedStateLabel(driver->securitySecondaryDriver,
+ vm, savefile) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainSetSavedStateLabel &&
- driver->securityPrimaryDriver->domainSetSavedStateLabel(vm, savefile) < 0)
+ driver->securityPrimaryDriver->domainSetSavedStateLabel(driver->securityPrimaryDriver,
+ vm, savefile) < 0)
rc = -1;
return rc;
static int
-qemuSecurityStackedRestoreSavedStateLabel(virDomainObjPtr vm,
+qemuSecurityStackedRestoreSavedStateLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm,
const char *savefile)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainRestoreSavedStateLabel &&
- driver->securitySecondaryDriver->domainRestoreSavedStateLabel(vm, savefile) < 0)
+ driver->securitySecondaryDriver->domainRestoreSavedStateLabel(driver->securitySecondaryDriver,
+ vm, savefile) < 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainRestoreSavedStateLabel &&
- driver->securityPrimaryDriver->domainRestoreSavedStateLabel(vm, savefile) < 0)
+ driver->securityPrimaryDriver->domainRestoreSavedStateLabel(driver->securityPrimaryDriver,
+ vm, savefile) < 0)
rc = -1;
return rc;
}
static int
-qemuSecurityStackedGetProcessLabel(virDomainObjPtr vm,
+qemuSecurityStackedGetProcessLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm,
virSecurityLabelPtr seclabel)
{
int rc = 0;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainGetSecurityProcessLabel &&
- driver->securityPrimaryDriver->domainGetSecurityProcessLabel(vm,
+ driver->securityPrimaryDriver->domainGetSecurityProcessLabel(driver->securityPrimaryDriver,
+ vm,
seclabel) < 0)
rc = -1;
* load (add) a profile. Will create one if necessary
*/
static int
-load_profile(const char *profile, virDomainObjPtr vm,
+load_profile(virSecurityDriverPtr drv,
+ const char *profile, virDomainObjPtr vm,
const char *fn)
{
int rc = -1, status, ret;
* NULL.
*/
static int
-reload_profile(virDomainObjPtr vm, const char *fn)
+reload_profile(virSecurityDriverPtr drv,
+ virDomainObjPtr vm, const char *fn)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
int rc = -1;
/* Update the profile only if it is loaded */
if (profile_loaded(secdef->imagelabel) >= 0) {
- if (load_profile(secdef->imagelabel, vm, fn) < 0) {
+ if (load_profile(drv, secdef->imagelabel, vm, fn) < 0) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot update AppArmor profile "
"\'%s\'"),
* called on shutdown.
*/
static int
-AppArmorGenSecurityLabel(virDomainObjPtr vm)
+AppArmorGenSecurityLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm)
{
int rc = -1;
char *profile_name = NULL;
}
static int
-AppArmorSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path)
+AppArmorSetSecurityAllLabel(virSecurityDriverPtr drv,
+ virDomainObjPtr vm, const char *stdin_path)
{
if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC)
return 0;
/* if the profile is not already loaded, then load one */
if (profile_loaded(vm->def->seclabel.label) < 0) {
- if (load_profile(vm->def->seclabel.label, vm, stdin_path) < 0) {
+ if (load_profile(drv, vm->def->seclabel.label, vm, stdin_path) < 0) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot generate AppArmor profile "
"\'%s\'"), vm->def->seclabel.label);
* running.
*/
static int
-AppArmorGetSecurityProcessLabel(virDomainObjPtr vm, virSecurityLabelPtr sec)
+AppArmorGetSecurityProcessLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm,
+ virSecurityLabelPtr sec)
{
int rc = -1;
char *profile_name = NULL;
* more details. Currently called via qemudShutdownVMDaemon.
*/
static int
-AppArmorReleaseSecurityLabel(virDomainObjPtr vm)
+AppArmorReleaseSecurityLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
static int
-AppArmorRestoreSecurityAllLabel(virDomainObjPtr vm,
+AppArmorRestoreSecurityAllLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm,
int migrated ATTRIBUTE_UNUSED)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
/* Called when hotplugging */
static int
-AppArmorRestoreSecurityImageLabel(virDomainObjPtr vm,
+AppArmorRestoreSecurityImageLabel(virSecurityDriverPtr drv,
+ virDomainObjPtr vm,
virDomainDiskDefPtr disk ATTRIBUTE_UNUSED)
{
- return reload_profile(vm, NULL);
+ return reload_profile(drv, vm, NULL);
}
/* Called when hotplugging */
static int
-AppArmorSetSecurityImageLabel(virDomainObjPtr vm, virDomainDiskDefPtr disk)
+AppArmorSetSecurityImageLabel(virSecurityDriverPtr drv,
+ virDomainObjPtr vm, virDomainDiskDefPtr disk)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
int rc = -1;
/* update the profile only if it is loaded */
if (profile_loaded(secdef->imagelabel) >= 0) {
- if (load_profile(secdef->imagelabel, vm, disk->src) < 0) {
+ if (load_profile(drv, secdef->imagelabel, vm, disk->src) < 0) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot update AppArmor profile "
"\'%s\'"),
}
static int
-AppArmorReserveSecurityLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED)
+AppArmorReserveSecurityLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm ATTRIBUTE_UNUSED)
{
/* NOOP. Nothing to reserve with AppArmor */
return 0;
}
static int
-AppArmorSetSecurityHostdevLabel(virDomainObjPtr vm,
+AppArmorSetSecurityHostdevLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm,
virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED)
{
}
static int
-AppArmorRestoreSecurityHostdevLabel(virDomainObjPtr vm,
+AppArmorRestoreSecurityHostdevLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm,
virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED)
{
}
static int
-AppArmorSetSavedStateLabel(virDomainObjPtr vm,
- const char *savefile)
+AppArmorSetSavedStateLabel(virSecurityDriverPtr drv,
+ virDomainObjPtr vm,
+ const char *savefile)
{
- return reload_profile(vm, savefile);
+ return reload_profile(drv, vm, savefile);
}
static int
-AppArmorRestoreSavedStateLabel(virDomainObjPtr vm,
+AppArmorRestoreSavedStateLabel(virSecurityDriverPtr drv,
+ virDomainObjPtr vm,
const char *savefile ATTRIBUTE_UNUSED)
{
- return reload_profile(vm, NULL);
+ return reload_profile(drv, vm, NULL);
}
virSecurityDriver virAppArmorSecurityDriver = {
typedef struct _virSecurityDriver virSecurityDriver;
typedef virSecurityDriver *virSecurityDriverPtr;
+
+typedef struct _virSecurityDriverState virSecurityDriverState;
+typedef virSecurityDriverState *virSecurityDriverStatePtr;
+
typedef virSecurityDriverStatus (*virSecurityDriverProbe) (void);
typedef int (*virSecurityDriverOpen) (virSecurityDriverPtr drv);
-typedef int (*virSecurityDomainRestoreImageLabel) (virDomainObjPtr vm,
+typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityDriverPtr drv,
+ virDomainObjPtr vm,
virDomainDiskDefPtr disk);
typedef int (*virSecurityDomainSetSocketLabel) (virSecurityDriverPtr drv,
virDomainObjPtr vm);
typedef int (*virSecurityDomainClearSocketLabel)(virSecurityDriverPtr drv,
virDomainObjPtr vm);
-typedef int (*virSecurityDomainSetImageLabel) (virDomainObjPtr vm,
+typedef int (*virSecurityDomainSetImageLabel) (virSecurityDriverPtr drv,
+ virDomainObjPtr vm,
virDomainDiskDefPtr disk);
-typedef int (*virSecurityDomainRestoreHostdevLabel) (virDomainObjPtr vm,
+typedef int (*virSecurityDomainRestoreHostdevLabel) (virSecurityDriverPtr drv,
+ virDomainObjPtr vm,
virDomainHostdevDefPtr dev);
-typedef int (*virSecurityDomainSetHostdevLabel) (virDomainObjPtr vm,
+typedef int (*virSecurityDomainSetHostdevLabel) (virSecurityDriverPtr drv,
+ virDomainObjPtr vm,
virDomainHostdevDefPtr dev);
-typedef int (*virSecurityDomainSetSavedStateLabel) (virDomainObjPtr vm,
+typedef int (*virSecurityDomainSetSavedStateLabel) (virSecurityDriverPtr drv,
+ virDomainObjPtr vm,
const char *savefile);
-typedef int (*virSecurityDomainRestoreSavedStateLabel) (virDomainObjPtr vm,
+typedef int (*virSecurityDomainRestoreSavedStateLabel) (virSecurityDriverPtr drv,
+ virDomainObjPtr vm,
const char *savefile);
-typedef int (*virSecurityDomainGenLabel) (virDomainObjPtr sec);
-typedef int (*virSecurityDomainReserveLabel) (virDomainObjPtr sec);
-typedef int (*virSecurityDomainReleaseLabel) (virDomainObjPtr sec);
-typedef int (*virSecurityDomainSetAllLabel) (virDomainObjPtr sec,
+typedef int (*virSecurityDomainGenLabel) (virSecurityDriverPtr drv,
+ virDomainObjPtr sec);
+typedef int (*virSecurityDomainReserveLabel) (virSecurityDriverPtr drv,
+ virDomainObjPtr sec);
+typedef int (*virSecurityDomainReleaseLabel) (virSecurityDriverPtr drv,
+ virDomainObjPtr sec);
+typedef int (*virSecurityDomainSetAllLabel) (virSecurityDriverPtr drv,
+ virDomainObjPtr sec,
const char *stdin_path);
-typedef int (*virSecurityDomainRestoreAllLabel) (virDomainObjPtr vm,
+typedef int (*virSecurityDomainRestoreAllLabel) (virSecurityDriverPtr drv,
+ virDomainObjPtr vm,
int migrated);
-typedef int (*virSecurityDomainGetProcessLabel) (virDomainObjPtr vm,
+typedef int (*virSecurityDomainGetProcessLabel) (virSecurityDriverPtr drv,
+ virDomainObjPtr vm,
virSecurityLabelPtr sec);
typedef int (*virSecurityDomainSetProcessLabel) (virSecurityDriverPtr drv,
virDomainObjPtr vm);
}
static int
-SELinuxGenSecurityLabel(virDomainObjPtr vm)
+SELinuxGenSecurityLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm)
{
int rc = -1;
char mcs[1024];
}
static int
-SELinuxReserveSecurityLabel(virDomainObjPtr vm)
+SELinuxReserveSecurityLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm)
{
security_context_t pctx;
context_t ctx = NULL;
}
static int
-SELinuxGetSecurityProcessLabel(virDomainObjPtr vm,
+SELinuxGetSecurityProcessLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm,
virSecurityLabelPtr sec)
{
security_context_t ctx;
}
static int
-SELinuxRestoreSecurityImageLabelInt(virDomainObjPtr vm,
+SELinuxRestoreSecurityImageLabelInt(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm,
virDomainDiskDefPtr disk,
int migrated)
{
static int
-SELinuxRestoreSecurityImageLabel(virDomainObjPtr vm,
+SELinuxRestoreSecurityImageLabel(virSecurityDriverPtr drv,
+ virDomainObjPtr vm,
virDomainDiskDefPtr disk)
{
- return SELinuxRestoreSecurityImageLabelInt(vm, disk, 0);
+ return SELinuxRestoreSecurityImageLabelInt(drv, vm, disk, 0);
}
}
static int
-SELinuxSetSecurityImageLabel(virDomainObjPtr vm,
+SELinuxSetSecurityImageLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm,
virDomainDiskDefPtr disk)
{
}
static int
-SELinuxSetSecurityHostdevLabel(virDomainObjPtr vm,
+SELinuxSetSecurityHostdevLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm,
virDomainHostdevDefPtr dev)
{
}
static int
-SELinuxRestoreSecurityHostdevLabel(virDomainObjPtr vm,
+SELinuxRestoreSecurityHostdevLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm,
virDomainHostdevDefPtr dev)
{
static int
-SELinuxRestoreSecurityAllLabel(virDomainObjPtr vm,
+SELinuxRestoreSecurityAllLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm,
int migrated ATTRIBUTE_UNUSED)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
return 0;
for (i = 0 ; i < vm->def->nhostdevs ; i++) {
- if (SELinuxRestoreSecurityHostdevLabel(vm, vm->def->hostdevs[i]) < 0)
+ if (SELinuxRestoreSecurityHostdevLabel(drv,
+ vm,
+ vm->def->hostdevs[i]) < 0)
rc = -1;
}
for (i = 0 ; i < vm->def->ndisks ; i++) {
- if (SELinuxRestoreSecurityImageLabelInt(vm,
+ if (SELinuxRestoreSecurityImageLabelInt(drv,
+ vm,
vm->def->disks[i],
migrated) < 0)
rc = -1;
}
static int
-SELinuxReleaseSecurityLabel(virDomainObjPtr vm)
+SELinuxReleaseSecurityLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
static int
-SELinuxSetSavedStateLabel(virDomainObjPtr vm,
+SELinuxSetSavedStateLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm,
const char *savefile)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
static int
-SELinuxRestoreSavedStateLabel(virDomainObjPtr vm,
+SELinuxRestoreSavedStateLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+ virDomainObjPtr vm,
const char *savefile)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
static int
-SELinuxSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path)
+SELinuxSetSecurityAllLabel(virSecurityDriverPtr drv,
+ virDomainObjPtr vm,
+ const char *stdin_path)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
int i;
vm->def->disks[i]->src, vm->def->disks[i]->dst);
continue;
}
- if (SELinuxSetSecurityImageLabel(vm, vm->def->disks[i]) < 0)
+ if (SELinuxSetSecurityImageLabel(drv,
+ vm, vm->def->disks[i]) < 0)
return -1;
}
for (i = 0 ; i < vm->def->nhostdevs ; i++) {
- if (SELinuxSetSecurityHostdevLabel(vm, vm->def->hostdevs[i]) < 0)
+ if (SELinuxSetSecurityHostdevLabel(drv,
+ vm,
+ vm->def->hostdevs[i]) < 0)
return -1;
}
projects / libvirt.git / commitdiff