Functions labelling character devices can be used in the future for
labelling additional character devices that are not present in the
definition itself.
Signed-off-by: Martin Kletzander <mkletzan@xxxxxxxxxx>
---
src/libvirt_private.syms | 1 +
src/security/security_dac.c | 2 ++
src/security/security_driver.h | 7 ++++++-
src/security/security_manager.c | 19 +++++++++++++++++++
src/security/security_manager.h | 5 +++++
src/security/security_selinux.c | 2 ++
src/security/security_stack.c | 21 +++++++++++++++++++++
7 files changed, 56 insertions(+), 1 deletion(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 45f42f502035..b1c03f00050b 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1044,6 +1044,7 @@ virSecurityManagerRestoreHostdevLabel;
virSecurityManagerRestoreImageLabel;
virSecurityManagerRestoreSavedStateLabel;
virSecurityManagerSetAllLabel;
+virSecurityManagerSetChardevLabel;
virSecurityManagerSetChildProcessLabel;
virSecurityManagerSetDaemonSocketLabel;
virSecurityManagerSetDiskLabel;
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index bed23c30ae8c..ea34d40fac51 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1441,4 +1441,6 @@ virSecurityDriver virSecurityDriverDAC = {
.domainGetSecurityMountOptions = virSecurityDACGetMountOptions,
.getBaseLabel = virSecurityDACGetBaseLabel,
+
+ .domainSetChardevLabel = virSecurityDACSetChardevLabel,
};
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index f0dca09177e5..08aa3e1f8747 100644
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -118,7 +118,10 @@ typedef int (*virSecurityDomainSetImageLabel) (virSecurityManagerPtr mgr,
typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
virStorageSourcePtr src);
-
+typedef int (*virSecurityDomainSetChardevLabel) (virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virDomainChrDefPtr dev,
+ virDomainChrSourceDefPtr src);
struct _virSecurityDriver {
size_t privateDataLen;
@@ -168,6 +171,8 @@ struct _virSecurityDriver {
virSecurityDomainSetHugepages domainSetSecurityHugepages;
virSecurityDriverGetBaseLabel getBaseLabel;
+
+ virSecurityDomainSetChardevLabel domainSetChardevLabel;
};
virSecurityDriverPtr virSecurityDriverLookup(const char *name,
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index b0cd9e856903..ec3479ae73a9 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -991,3 +991,22 @@ virSecurityManagerSetHugepages(virSecurityManagerPtr mgr,
return 0;
}
+
+
+int
+virSecurityManagerSetChardevLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virDomainChrDefPtr dev,
+ virDomainChrSourceDefPtr src)
+{
+ int ret;
+
+ if (!mgr->drv->domainSetChardevLabel)
+ return 0;
+
+ virObjectLock(mgr);
+ ret = mgr->drv->domainSetChardevLabel(mgr, def, dev, src);
+ virObjectUnlock(mgr);
+
+ return ret;
+}
diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index 13468db3997b..25ddd5fe79a0 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -150,4 +150,9 @@ int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
virStorageSourcePtr src);
+int virSecurityManagerSetChardevLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virDomainChrDefPtr dev,
+ virDomainChrSourceDefPtr src);
+
#endif /* VIR_SECURITY_MANAGER_H__ */
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index a37f8c140b07..7000701d0447 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2549,4 +2549,6 @@ virSecurityDriver virSecurityDriverSELinux = {
.domainGetSecurityMountOptions = virSecuritySELinuxGetSecurityMountOptions,
.getBaseLabel = virSecuritySELinuxGetBaseLabel,
+
+ .domainSetChardevLabel = virSecuritySELinuxSetSecurityChardevLabel,
};
diff --git a/src/security/security_stack.c b/src/security/security_stack.c
index 1ded57b9604c..124d7806203c 100644
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -599,6 +599,25 @@ virSecurityStackRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
return rc;
}
+static int
+virSecurityStackSetChardevLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virDomainChrDefPtr dev,
+ virDomainChrSourceDefPtr src)
+{
+ virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+ virSecurityStackItemPtr item = priv->itemsHead;
+ int rc = 0;
+
+ for (; item; item = item->next) {
+ if (virSecurityManagerSetChardevLabel(item->securityManager,
+ def, dev, src) < 0)
+ rc = -1;
+ }
+
+ return rc;
+}
+
virSecurityDriver virSecurityDriverStack = {
.privateDataLen = sizeof(virSecurityStackData),
.name = "stack",
@@ -648,4 +667,6 @@ virSecurityDriver virSecurityDriverStack = {
.domainSetSecurityHugepages = virSecurityStackSetHugepages,
.getBaseLabel = virSecurityStackGetBaseLabel,
+
+ .domainSetChardevLabel = virSecurityStackSetChardevLabel,
};
--
2.5.0
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list