Re: [PATCHv1.5 4/8] security: DAC: Introduce callback to perform image chown

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 07/22/2014 05:20 AM, Peter Krempa wrote:
> To integrate the security driver with the storage driver we need to
> pass a callback for a function that will chown storage volumes.
> 
> Introduce and document the callback prototype.


ACK

Although I'm still not sure I completely follow how or what role the
cfg->user and cfg->group 'play'.... or if there needs to be a
relationship with the chownCallback.


John


> ---
>  src/qemu/qemu_driver.c          |  3 ++-
>  src/security/security_dac.c     |  9 +++++++++
>  src/security/security_dac.h     |  3 +++
>  src/security/security_manager.c |  4 +++-
>  src/security/security_manager.h | 19 ++++++++++++++++++-
>  5 files changed, 35 insertions(+), 3 deletions(-)
> 
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index eae23d3..a5a9e0f 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -374,7 +374,8 @@ qemuSecurityInit(virQEMUDriverPtr driver)
>                                               cfg->allowDiskFormatProbing,
>                                               cfg->securityDefaultConfined,
>                                               cfg->securityRequireConfined,
> -                                             cfg->dynamicOwnership)))
> +                                             cfg->dynamicOwnership,
> +                                             NULL)))
>              goto error;
>          if (!stack) {
>              if (!(stack = virSecurityManagerNewStack(mgr)))
> diff --git a/src/security/security_dac.c b/src/security/security_dac.c
> index cdb2735..1fb0c86 100644
> --- a/src/security/security_dac.c
> +++ b/src/security/security_dac.c
> @@ -51,6 +51,7 @@ struct _virSecurityDACData {
>      int ngroups;
>      bool dynamicOwnership;
>      char *baselabel;
> +    virSecurityManagerDACChownCallback chownCallback;
>  };
> 
>  typedef struct _virSecurityDACCallbackData virSecurityDACCallbackData;
> @@ -87,6 +88,14 @@ virSecurityDACSetDynamicOwnership(virSecurityManagerPtr mgr,
>      priv->dynamicOwnership = dynamicOwnership;
>  }
> 
> +void
> +virSecurityDACSetChownCallback(virSecurityManagerPtr mgr,
> +                               virSecurityManagerDACChownCallback chownCallback)
> +{
> +    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
> +    priv->chownCallback = chownCallback;
> +}
> +
>  /* returns 1 if label isn't found, 0 on success, -1 on error */
>  static int
>  ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
> diff --git a/src/security/security_dac.h b/src/security/security_dac.h
> index dbcf56f..846cefb 100644
> --- a/src/security/security_dac.h
> +++ b/src/security/security_dac.h
> @@ -32,4 +32,7 @@ int virSecurityDACSetUserAndGroup(virSecurityManagerPtr mgr,
>  void virSecurityDACSetDynamicOwnership(virSecurityManagerPtr mgr,
>                                         bool dynamic);
> 
> +void virSecurityDACSetChownCallback(virSecurityManagerPtr mgr,
> +                                    virSecurityManagerDACChownCallback chownCallback);
> +
>  #endif /* __VIR_SECURITY_DAC */
> diff --git a/src/security/security_manager.c b/src/security/security_manager.c
> index 8a45e04..8671620 100644
> --- a/src/security/security_manager.c
> +++ b/src/security/security_manager.c
> @@ -152,7 +152,8 @@ virSecurityManagerNewDAC(const char *virtDriver,
>                           bool allowDiskFormatProbing,
>                           bool defaultConfined,
>                           bool requireConfined,
> -                         bool dynamicOwnership)
> +                         bool dynamicOwnership,
> +                         virSecurityManagerDACChownCallback chownCallback)
>  {
>      virSecurityManagerPtr mgr =
>          virSecurityManagerNewDriver(&virSecurityDriverDAC,
> @@ -170,6 +171,7 @@ virSecurityManagerNewDAC(const char *virtDriver,
>      }
> 
>      virSecurityDACSetDynamicOwnership(mgr, dynamicOwnership);
> +    virSecurityDACSetChownCallback(mgr, chownCallback);
> 
>      return mgr;
>  }
> diff --git a/src/security/security_manager.h b/src/security/security_manager.h
> index 97b6a2e..156f882 100644
> --- a/src/security/security_manager.h
> +++ b/src/security/security_manager.h
> @@ -25,6 +25,7 @@
> 
>  # include "domain_conf.h"
>  # include "vircommand.h"
> +# include "virstoragefile.h"
> 
>  typedef struct _virSecurityManager virSecurityManager;
>  typedef virSecurityManager *virSecurityManagerPtr;
> @@ -39,13 +40,29 @@ virSecurityManagerPtr virSecurityManagerNewStack(virSecurityManagerPtr primary);
>  int virSecurityManagerStackAddNested(virSecurityManagerPtr stack,
>                                       virSecurityManagerPtr nested);
> 
> +/**
> + * virSecurityManagerDACChownCallback:
> + * @src: Storage file to chown
> + * @uid: target uid
> + * @gid: target gid
> + *
> + * A function callback to chown image files described by the disk source struct
> + * @src. The callback shall return 0 on success, -1 on error and errno set (no
> + * libvirt error reported) OR -2 and a libvirt error reported. */
> +typedef int
> +(*virSecurityManagerDACChownCallback)(virStorageSourcePtr src,
> +                                      uid_t uid,
> +                                      gid_t gid);
> +
> +
>  virSecurityManagerPtr virSecurityManagerNewDAC(const char *virtDriver,
>                                                 uid_t user,
>                                                 gid_t group,
>                                                 bool allowDiskFormatProbing,
>                                                 bool defaultConfined,
>                                                 bool requireConfined,
> -                                               bool dynamicOwnership);
> +                                               bool dynamicOwnership,
> +                                               virSecurityManagerDACChownCallback chownCallback);
> 
>  int virSecurityManagerPreFork(virSecurityManagerPtr mgr);
>  void virSecurityManagerPostFork(virSecurityManagerPtr mgr);
> 

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]