[PATCH v1 08/10] security_dac: Cleanup virSecurityDACSetOwnershipInternal usage

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



We have nice wrappers over internal function that eventually
calls the Internal() function, but for future work it's better to
call those wrappers instead of the internal function directly.
This is due to fact that the wrappers differentiate between
setting or restoring the label while the internal function does
not.

Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
---
 src/security/security_dac.c | 48 ++++++++++++++++++++++++++++++---------------
 1 file changed, 32 insertions(+), 16 deletions(-)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index e398d2c..7f69d86 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -305,21 +305,29 @@ virSecurityDACSetOwnershipInternal(virSecurityDACDataPtr priv,
 
 
 static int
-virSecurityDACSetOwnership(const char *path, uid_t uid, gid_t gid)
+virSecurityDACSetOwnership(virSecurityManagerPtr mgr,
+                           virStorageSourcePtr src,
+                           const char *path,
+                           uid_t uid,
+                           gid_t gid)
 {
-    return virSecurityDACSetOwnershipInternal(NULL, NULL, path, uid, gid);
+    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+
+    /* XXX record previous ownership */
+    return virSecurityDACSetOwnershipInternal(priv, src, path, uid, gid);
 }
 
 
 static int
-virSecurityDACRestoreSecurityFileLabelInternal(virSecurityDACDataPtr priv,
+virSecurityDACRestoreSecurityFileLabelInternal(virSecurityManagerPtr mgr,
                                                virStorageSourcePtr src,
                                                const char *path)
 {
+    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
     VIR_INFO("Restoring DAC user and group on '%s'",
              NULLSTR(src ? src->path : path));
 
-    /* XXX record previous ownership */
+    /* XXX recall previous ownership */
     return virSecurityDACSetOwnershipInternal(priv, src, path, 0, 0);
 }
 
@@ -362,7 +370,7 @@ virSecurityDACSetSecurityImageLabel(virSecurityManagerPtr mgr,
             return -1;
     }
 
-    return virSecurityDACSetOwnershipInternal(priv, src, NULL, user, group);
+    return virSecurityDACSetOwnership(mgr, src, NULL, user, group);
 }
 
 
@@ -434,7 +442,7 @@ virSecurityDACRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr,
         }
     }
 
-    return virSecurityDACRestoreSecurityFileLabelInternal(priv, src, NULL);
+    return virSecurityDACRestoreSecurityFileLabelInternal(mgr, src, NULL);
 }
 
 
@@ -470,7 +478,7 @@ virSecurityDACSetSecurityHostdevLabelHelper(const char *file,
     if (virSecurityDACGetIds(secdef, priv, &user, &group, NULL, NULL))
         return -1;
 
-    return virSecurityDACSetOwnership(file, user, group);
+    return virSecurityDACSetOwnership(mgr, NULL, file, user, group);
 }
 
 
@@ -762,7 +770,8 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
     switch ((virDomainChrType) dev_source->type) {
     case VIR_DOMAIN_CHR_TYPE_DEV:
     case VIR_DOMAIN_CHR_TYPE_FILE:
-        ret = virSecurityDACSetOwnership(dev_source->data.file.path,
+        ret = virSecurityDACSetOwnership(mgr, NULL,
+                                         dev_source->data.file.path,
                                          user, group);
         break;
 
@@ -771,11 +780,14 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
             (virAsprintf(&out, "%s.out", dev_source->data.file.path) < 0))
             goto done;
         if (virFileExists(in) && virFileExists(out)) {
-            if ((virSecurityDACSetOwnership(in, user, group) < 0) ||
-                (virSecurityDACSetOwnership(out, user, group) < 0)) {
+            if ((virSecurityDACSetOwnership(mgr, NULL,
+                                            in, user, group) < 0) ||
+                (virSecurityDACSetOwnership(mgr, NULL,
+                                            out, user, group) < 0)) {
                 goto done;
             }
-        } else if (virSecurityDACSetOwnership(dev_source->data.file.path,
+        } else if (virSecurityDACSetOwnership(mgr, NULL,
+                                              dev_source->data.file.path,
                                               user, group) < 0) {
             goto done;
         }
@@ -1041,19 +1053,23 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr,
         return -1;
 
     if (def->os.loader && def->os.loader->nvram &&
-        virSecurityDACSetOwnership(def->os.loader->nvram, user, group) < 0)
+        virSecurityDACSetOwnership(mgr, NULL,
+                                   def->os.loader->nvram, user, group) < 0)
         return -1;
 
     if (def->os.kernel &&
-        virSecurityDACSetOwnership(def->os.kernel, user, group) < 0)
+        virSecurityDACSetOwnership(mgr, NULL,
+                                   def->os.kernel, user, group) < 0)
         return -1;
 
     if (def->os.initrd &&
-        virSecurityDACSetOwnership(def->os.initrd, user, group) < 0)
+        virSecurityDACSetOwnership(mgr, NULL,
+                                   def->os.initrd, user, group) < 0)
         return -1;
 
     if (def->os.dtb &&
-        virSecurityDACSetOwnership(def->os.dtb, user, group) < 0)
+        virSecurityDACSetOwnership(mgr, NULL,
+                                   def->os.dtb, user, group) < 0)
         return -1;
 
     return 0;
@@ -1075,7 +1091,7 @@ virSecurityDACSetSavedStateLabel(virSecurityManagerPtr mgr,
     if (virSecurityDACGetImageIds(secdef, priv, &user, &group) < 0)
         return -1;
 
-    return virSecurityDACSetOwnership(savefile, user, group);
+    return virSecurityDACSetOwnership(mgr, NULL, savefile, user, group);
 }
 
 
-- 
1.8.5.5

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]