On Tue, 2009-09-01 at 16:28 +0100, Daniel P. Berrange wrote:
> * src/security_selinux.c: Use virReportSystemError whereever an
> errno is involved
> * src/qemu_driver.c: Don't overwrite error message from the
> security driver
ACK, looks good - poor wee errno was being forgotten
> @@ -440,6 +431,17 @@ SELinuxSetSecurityPCILabel(virConnectPtr conn,
> }
>
> static int
> +SELinuxSetSecurityUSBLabel(virConnectPtr conn,
> + usbDevice *dev ATTRIBUTE_UNUSED,
> + const char *file, void *opaque)
> +{
> + virDomainObjPtr vm = opaque;
> + const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
> +
> + return SELinuxSetFilecon(conn, file, secdef->imagelabel);
> +}
> +
> +static int
> SELinuxSetSecurityHostdevLabel(virConnectPtr conn,
> virDomainObjPtr vm,
> virDomainHostdevDefPtr dev)
> @@ -451,8 +453,24 @@ SELinuxSetSecurityHostdevLabel(virConnectPtr conn,
> return 0;
>
> switch (dev->source.subsys.type) {
> - case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB:
> - break;
> + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: {
> + if (dev->source.subsys.u.usb.bus && dev->source.subsys.u.usb.device) {
> + usbDevice *usb = usbGetDevice(conn,
> + dev->source.subsys.u.usb.bus,
> + dev->source.subsys.u.usb.device);
> +
> + if (!usb)
> + goto done;
> +
> + ret = usbDeviceFileIterate(conn, usb, SELinuxSetSecurityUSBLabel, vm);
> + usbFreeDevice(conn, usb);
> +
> + break;
> + } else {
> + /* XXX deal with product/vendor better */
> + ret = 0;
> + }
> + }
Ahrrr! There she is! :-)
Looks good, I'd perhaps have just passed the image label as the opaque
pointer to the iterator but ...
Cheers,
Mark.
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list