From: Peter Krempa <pkrempa@redhat.com>
Date: Thu, 10 Jul 2014 12:17:24 +0000 (+0200)
Subject: security: DAC: Introduce callback to perform image chown
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=7490a6d272486f15c21aa10435f5c0e8bf66ee18;p=libvirt.git

security: DAC: Introduce callback to perform image chown

To integrate the security driver with the storage driver we need to
pass a callback for a function that will chown storage volumes.

Introduce and document the callback prototype.
---

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index ac7a65275e..7a9c89749e 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -374,7 +374,8 @@ qemuSecurityInit(virQEMUDriverPtr driver)
                                              cfg->allowDiskFormatProbing,
                                              cfg->securityDefaultConfined,
                                              cfg->securityRequireConfined,
-                                             cfg->dynamicOwnership)))
+                                             cfg->dynamicOwnership,
+                                             NULL)))
             goto error;
         if (!stack) {
             if (!(stack = virSecurityManagerNewStack(mgr)))
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index cdb2735bad..1fb0c86ea8 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -51,6 +51,7 @@ struct _virSecurityDACData {
     int ngroups;
     bool dynamicOwnership;
     char *baselabel;
+    virSecurityManagerDACChownCallback chownCallback;
 };
 
 typedef struct _virSecurityDACCallbackData virSecurityDACCallbackData;
@@ -87,6 +88,14 @@ virSecurityDACSetDynamicOwnership(virSecurityManagerPtr mgr,
     priv->dynamicOwnership = dynamicOwnership;
 }
 
+void
+virSecurityDACSetChownCallback(virSecurityManagerPtr mgr,
+                               virSecurityManagerDACChownCallback chownCallback)
+{
+    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+    priv->chownCallback = chownCallback;
+}
+
 /* returns 1 if label isn't found, 0 on success, -1 on error */
 static int
 ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
diff --git a/src/security/security_dac.h b/src/security/security_dac.h
index dbcf56fdde..846cefbb57 100644
--- a/src/security/security_dac.h
+++ b/src/security/security_dac.h
@@ -32,4 +32,7 @@ int virSecurityDACSetUserAndGroup(virSecurityManagerPtr mgr,
 void virSecurityDACSetDynamicOwnership(virSecurityManagerPtr mgr,
                                        bool dynamic);
 
+void virSecurityDACSetChownCallback(virSecurityManagerPtr mgr,
+                                    virSecurityManagerDACChownCallback chownCallback);
+
 #endif /* __VIR_SECURITY_DAC */
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 8a45e04958..8671620bae 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -152,7 +152,8 @@ virSecurityManagerNewDAC(const char *virtDriver,
                          bool allowDiskFormatProbing,
                          bool defaultConfined,
                          bool requireConfined,
-                         bool dynamicOwnership)
+                         bool dynamicOwnership,
+                         virSecurityManagerDACChownCallback chownCallback)
 {
     virSecurityManagerPtr mgr =
         virSecurityManagerNewDriver(&virSecurityDriverDAC,
@@ -170,6 +171,7 @@ virSecurityManagerNewDAC(const char *virtDriver,
     }
 
     virSecurityDACSetDynamicOwnership(mgr, dynamicOwnership);
+    virSecurityDACSetChownCallback(mgr, chownCallback);
 
     return mgr;
 }
diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index 97b6a2e67f..156f882910 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -25,6 +25,7 @@
 
 # include "domain_conf.h"
 # include "vircommand.h"
+# include "virstoragefile.h"
 
 typedef struct _virSecurityManager virSecurityManager;
 typedef virSecurityManager *virSecurityManagerPtr;
@@ -39,13 +40,29 @@ virSecurityManagerPtr virSecurityManagerNewStack(virSecurityManagerPtr primary);
 int virSecurityManagerStackAddNested(virSecurityManagerPtr stack,
                                      virSecurityManagerPtr nested);
 
+/**
+ * virSecurityManagerDACChownCallback:
+ * @src: Storage file to chown
+ * @uid: target uid
+ * @gid: target gid
+ *
+ * A function callback to chown image files described by the disk source struct
+ * @src. The callback shall return 0 on success, -1 on error and errno set (no
+ * libvirt error reported) OR -2 and a libvirt error reported. */
+typedef int
+(*virSecurityManagerDACChownCallback)(virStorageSourcePtr src,
+                                      uid_t uid,
+                                      gid_t gid);
+
+
 virSecurityManagerPtr virSecurityManagerNewDAC(const char *virtDriver,
                                                uid_t user,
                                                gid_t group,
                                                bool allowDiskFormatProbing,
                                                bool defaultConfined,
                                                bool requireConfined,
-                                               bool dynamicOwnership);
+                                               bool dynamicOwnership,
+                                               virSecurityManagerDACChownCallback chownCallback);
 
 int virSecurityManagerPreFork(virSecurityManagerPtr mgr);
 void virSecurityManagerPostFork(virSecurityManagerPtr mgr);