[PATCH v2 07/10] security_selinux: Label host side of NVDIMM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

When domain is being started up, we ought to relabel the host
side of NVDIMM so qemu has access to it.

Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
---
 src/security/security_selinux.c | 66 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 4be946d..c7c4921 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1119,6 +1119,62 @@ virSecuritySELinuxRestoreInputLabel(virSecurityManagerPtr mgr,
 
 
 static int
+virSecuritySELinuxSetMemoryLabel(virSecurityManagerPtr mgr,
+                                 virDomainDefPtr def,
+                                 virDomainMemoryDefPtr mem)
+{
+    virSecurityLabelDefPtr seclabel;
+
+    seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+    if (seclabel == NULL)
+        return 0;
+
+    switch ((virDomainMemoryModel) mem->model) {
+    case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+        if (virSecuritySELinuxSetFilecon(mgr, mem->path,
+                                         seclabel->imagelabel) < 0)
+            return -1;
+        break;
+
+    case VIR_DOMAIN_MEMORY_MODEL_NONE:
+    case VIR_DOMAIN_MEMORY_MODEL_DIMM:
+    case VIR_DOMAIN_MEMORY_MODEL_LAST:
+        break;
+    }
+
+    return 0;
+}
+
+
+static int
+virSecuritySELinuxRestoreMemoryLabel(virSecurityManagerPtr mgr,
+                                     virDomainDefPtr def,
+                                     virDomainMemoryDefPtr mem)
+{
+    int ret = -1;
+    virSecurityLabelDefPtr seclabel;
+
+    seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+    if (seclabel == NULL)
+        return 0;
+
+    switch ((virDomainMemoryModel) mem->model) {
+    case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+        ret = virSecuritySELinuxRestoreFileLabel(mgr, mem->path);
+        break;
+
+    case VIR_DOMAIN_MEMORY_MODEL_DIMM:
+    case VIR_DOMAIN_MEMORY_MODEL_NONE:
+    case VIR_DOMAIN_MEMORY_MODEL_LAST:
+        ret = 0;
+        break;
+    }
+
+    return ret;
+}
+
+
+static int
 virSecuritySELinuxSetTPMFileLabel(virSecurityManagerPtr mgr,
                                   virDomainDefPtr def,
                                   virDomainTPMDefPtr tpm)
@@ -2016,6 +2072,11 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManagerPtr mgr,
             rc = -1;
     }
 
+    for (i = 0; i < def->nmems; i++) {
+        if (virSecuritySELinuxRestoreMemoryLabel(mgr, def, def->mems[i]) < 0)
+            return -1;
+    }
+
     for (i = 0; i < def->ndisks; i++) {
         virDomainDiskDefPtr disk = def->disks[i];
 
@@ -2402,6 +2463,11 @@ virSecuritySELinuxSetAllLabel(virSecurityManagerPtr mgr,
             return -1;
     }
 
+    for (i = 0; i < def->nmems; i++) {
+        if (virSecuritySELinuxSetMemoryLabel(mgr, def, def->mems[i]) < 0)
+            return -1;
+    }
+
     if (def->tpm) {
         if (virSecuritySELinuxSetTPMFileLabel(mgr, def, def->tpm) < 0)
             return -1;
-- 
2.8.4

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]