[PATCH v1 08/23] security_dac: Plug in remember/recall APIs

Michal Privoznik <mprivozn@xxxxxxxxxx> · Mon, 12 Oct 2015 12:25:53 +0200

Even though the APIs are not implemented yet, they create a
skeleton that can be filled in later.

Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
---
 src/security/security_dac.c | 38 +++++++++++++++++++++++++++++++++-----
 1 file changed, 33 insertions(+), 5 deletions(-)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index a38c46c..6c4e351 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -196,7 +196,6 @@ virSecurityDACGetImageIds(virSecurityLabelDefPtr seclabel,
  * Returns: 0 on success, -1 on failure
  */
 static int
-ATTRIBUTE_UNUSED
 virSecurityDACRememberLabel(virSecurityDACDataPtr priv ATTRIBUTE_UNUSED,
                             const char *path ATTRIBUTE_UNUSED,
                             uid_t uid ATTRIBUTE_UNUSED,
@@ -221,7 +220,6 @@ virSecurityDACRememberLabel(virSecurityDACDataPtr priv ATTRIBUTE_UNUSED,
  *         -1 on failure (@uid and @gid not touched)
  */
 static int
-ATTRIBUTE_UNUSED
 virSecurityDACRecallLabel(virSecurityDACDataPtr priv ATTRIBUTE_UNUSED,
                           const char *path ATTRIBUTE_UNUSED,
                           uid_t *uid ATTRIBUTE_UNUSED,
@@ -362,7 +360,22 @@ virSecurityDACSetOwnership(virSecurityDACDataPtr priv,
                            uid_t uid,
                            gid_t gid)
 {
-    /* XXX record previous ownership */
+    struct stat sb;
+
+    if (!path && src && src->path &&
+        virStorageSourceIsLocalStorage(src))
+        path = src->path;
+
+    if (path) {
+        if (stat(path, &sb) < 0) {
+            virReportSystemError(errno, _("unable to stat: %s"), path);
+            return -1;
+        }
+
+        if (virSecurityDACRememberLabel(priv, path, sb.st_uid, sb.st_gid) < 0)
+            return -1;
+    }
+
     return virSecurityDACSetOwnershipInternal(priv, src, path, uid, gid);
 }
 
@@ -372,11 +385,26 @@ virSecurityDACRestoreSecurityFileLabelInternal(virSecurityDACDataPtr priv,
                                                virStorageSourcePtr src,
                                                const char *path)
 {
+    int rv;
+    uid_t uid = 0;  /* By default return to root:root */
+    gid_t gid = 0;
+
     VIR_INFO("Restoring DAC user and group on '%s'",
              NULLSTR(src ? src->path : path));
 
-    /* XXX recall previous ownership */
-    return virSecurityDACSetOwnershipInternal(priv, src, path, 0, 0);
+    if (!path && src && src->path &&
+        virStorageSourceIsLocalStorage(src))
+        path = src->path;
+
+    if (path) {
+        rv = virSecurityDACRecallLabel(priv, path, &uid, &gid);
+        if (rv < 0)
+            return -1;
+        if (rv > 0)
+            return 0;
+    }
+
+    return virSecurityDACSetOwnershipInternal(priv, src, path, uid, gid);
 }
 
 
-- 
2.4.9

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list






