On Thu, Nov 03, 2016 at 08:19:01PM +0800, Michal Privoznik wrote:
> This is a small helper intended to be run by udev. On its input
> (either as the only command line argument or in DEVNODE
> environment vairable) it is given a device and on the output it
> will either put nothing (meaning the device is not used by any of
> the libvirt domains), or it will print out security labels in the
> following form:
>
> UID GID SELABEL
>
> Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
> ---
> libvirt.spec.in | 1 +
> mingw-libvirt.spec.in | 2 +
> po/POTFILES.in | 1 +
> src/Makefile.am | 20 ++++++++
> src/util/udevhelper.c | 137 ++++++++++++++++++++++++++++++++++++++++++++++++++
> 5 files changed, 161 insertions(+)
> create mode 100644 src/util/udevhelper.c
>
> +static int
> +printLabels(const char *device)
> +{
> + char *filename = NULL;
> + virUdevMgrPtr mgr = NULL;
> + int ret = -1;
> + virSecurityDeviceLabelDefPtr *labels = NULL;
> + size_t i, nlabels = 0;
> + const char *dacLabel = NULL;
> + const char *seLabel = NULL;
> +
> + if (virAsprintf(&filename,
> + "%s/run/libvirt/qemu/devices.udev", LOCALSTATEDIR) < 0)
> + goto cleanup;
> +
> + if (!(mgr = virUdevMgrNewFromFile(filename)))
> + goto cleanup;
> +
> + if (virUdevMgrLookupLabels(mgr, device, &labels, &nlabels) < 0)
> + goto cleanup;
IIUC the 'device' here is a canonical device path, like "/dev/sda" ?
If so, then this is not going to work, because the code is recording
labels against the path seen in the XML which is not canonicalized.
eg XML could contain /dev/disk/by-path/<BLAH>, and so the lookup will
not match /dev/sda even though they point to the same device.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list