From: Peter Krempa Date: Mon, 23 Jun 2014 15:19:25 +0000 (+0200) Subject: security: AppArmor: Implement per-image seclabel restore X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=15cad6577f62f39126cc6759f684c44e7543d27c;p=people%2Fliuw%2Flibxenctrl-split%2Flibvirt.git security: AppArmor: Implement per-image seclabel restore Refactor the existing code to allow re-using it for the per-image label restore too. --- diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c index b4cbc6141..391bf60fc 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -684,16 +684,24 @@ AppArmorClearSecuritySocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, /* Called when hotplugging */ static int -AppArmorRestoreSecurityDiskLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainDiskDefPtr disk) +AppArmorRestoreSecurityImageLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virStorageSourcePtr src) { - if (virDomainDiskGetType(disk) == VIR_STORAGE_TYPE_NETWORK) + if (!virStorageSourceIsLocalStorage(src)) return 0; return reload_profile(mgr, def, NULL, false); } +static int +AppArmorRestoreSecurityDiskLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainDiskDefPtr disk) +{ + return AppArmorRestoreSecurityImageLabel(mgr, def, disk->src); +} + /* Called when hotplugging */ static int AppArmorSetSecurityDiskLabel(virSecurityManagerPtr mgr, @@ -975,6 +983,8 @@ virSecurityDriver virAppArmorSecurityDriver = { .domainSetSecurityDiskLabel = AppArmorSetSecurityDiskLabel, .domainRestoreSecurityDiskLabel = AppArmorRestoreSecurityDiskLabel, + .domainRestoreSecurityImageLabel = AppArmorRestoreSecurityImageLabel, + .domainSetSecurityDaemonSocketLabel = AppArmorSetSecurityDaemonSocketLabel, .domainSetSecuritySocketLabel = AppArmorSetSecuritySocketLabel, .domainClearSecuritySocketLabel = AppArmorClearSecuritySocketLabel,