Now that we have some qemuSecurity wrappers over
virSecurityManager APIs, lets make sure everybody sticks with
them. We have them for a reason and calling virSecurityManager
API directly instead of wrapper may lead into accidentally
labelling a file on the host instead of namespace.
Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
---
cfg.mk | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/cfg.mk b/cfg.mk
index 69e3f3a1a..6fb2fc961 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -585,6 +585,14 @@ sc_prohibit_unsigned_pid:
halt='use signed type for pid values' \
$(_sc_search_regexp)
+sc_prohibit_direct_secdriver:
+ @for i in $$(grep -i ^WRAP.\( src/qemu/qemu_security.c | \
+ awk 'BEGIN {FS = "[^[:alnum:]]"} {print "virSecurityManager" $$2 }'); do \
+ grep -n $$i $$($(VC_LIST_EXCEPT) | grep -E '^src/qemu/') && \
+ { echo "$(ME): prefer qemuSecurity$${i#virSecurityManager} over $$i" 1>&2; exit 1; } \
+ done || :
+
+
# Many of the function names below came from this filter:
# git grep -B2 '\<_('|grep -E '\.c- *[[:alpha:]_][[:alnum:]_]* ?\(.*[,;]$' \
# |sed 's/.*\.c- *//'|perl -pe 's/ ?\(.*//'|sort -u \
--
2.11.0
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
