Re: [PATCH 2/4] security: add security part for shmem device

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 07/30/2015 06:00 PM, Daniel P. Berrange wrote:
On Thu, Jul 23, 2015 at 06:13:47PM +0800, Luyao Huang wrote:
A new api to help set/restore the shmem deivce dac/selinux label.

Signed-off-by: Luyao Huang <lhuang@xxxxxxxxxx>
---
  src/libvirt_private.syms        |  2 ++
  src/security/security_dac.c     | 67 +++++++++++++++++++++++++++++++++++++++
  src/security/security_driver.h  | 11 +++++++
  src/security/security_manager.c | 38 ++++++++++++++++++++++
  src/security/security_manager.h |  8 +++++
  src/security/security_selinux.c | 70 +++++++++++++++++++++++++++++++++++++++++
  src/security/security_stack.c   | 41 ++++++++++++++++++++++++
  7 files changed, 237 insertions(+)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index deb6980..f954aa5 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1433,4 +1497,7 @@ virSecurityDriver virSecurityDriverDAC = {
      .domainGetSecurityMountOptions      = virSecurityDACGetMountOptions,
.getBaseLabel = virSecurityDACGetBaseLabel,
+
+    .domainSetSecurityShmemLabel        = virSecurityDACSetShmemLabel,
+    .domainRestoreSecurityShmemLabel    = virSecurityDACRestoreShmemLabel,
NB, you should also be modifying the virSecurityDACRestoreSecurityAllLabel
and virSecurityDACSetSecurityAllLabel methods to call this code during


diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 6e67a86..cbf89ee 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2549,4 +2616,7 @@ virSecurityDriver virSecurityDriverSELinux = {
.domainGetSecurityMountOptions = virSecuritySELinuxGetSecurityMountOptions,
      .getBaseLabel                       = virSecuritySELinuxGetBaseLabel,
+
+    .domainSetSecurityShmemLabel        = virSecuritySELinuxSetShmemLabel,
+    .domainRestoreSecurityShmemLabel    = virSecuritySELinuxRestoreShmemLabel,
  };
Likewise virSecuritySELinuxRestoreSecurityAllLabel and
virSecuritySELinuxSetSecurityAllLabel

Doing this avoids the need to manually call these shmem specific
security methods during general guest startup/shutdown. They only
need to be called manually during hotplug/unplug.

Okay, i see, i move these function in virSecuritySELinuxRestoreSecurityAllLabel and virSecuritySELinuxSetSecurityAllLabel.

Thanks a lot for your review and advise.

Regards,
Daniel

Luyao

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]