On Wed, Feb 08, 2017 at 11:37:05 +0100, Michal Privoznik wrote:
> Now that we have some qemuSecurity wrappers over
> virSecurityManager APIs, lets make sure everybody sticks with
> them. We have them for a reason and calling virSecurityManager
> API directly instead of wrapper may lead into accidentally
> labelling a file on the host instead of namespace.
>
> Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
> ---
> cfg.mk | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/cfg.mk b/cfg.mk
> index 69e3f3a1a..6fb2fc961 100644
> --- a/cfg.mk
> +++ b/cfg.mk
> @@ -585,6 +585,14 @@ sc_prohibit_unsigned_pid:
> halt='use signed type for pid values' \
> $(_sc_search_regexp)
>
> +sc_prohibit_direct_secdriver:
> + @for i in $$(grep -i ^WRAP.\( src/qemu/qemu_security.c | \
> + awk 'BEGIN {FS = "[^[:alnum:]]"} {print "virSecurityManager" $$2 }'); do \
> + grep -n $$i $$($(VC_LIST_EXCEPT) | grep -E '^src/qemu/') && \
> + { echo "$(ME): prefer qemuSecurity$${i#virSecurityManager} over $$i" 1>&2; exit 1; } \
> + done || :
This won't work without the "WRAP" stuff so you'll need to come up with
something else.
Attachment:
signature.asc
Description: Digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
