Re: [libvirt] Resubmission #2: [PATCH 1/3] sVirt AppArmor security driver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Sep 25, 2009 at 05:47:35PM -0500, Jamie Strandboge wrote:
> On Fri, 25 Sep 2009, Jamie Strandboge wrote:
> 
> > [PATCH 1]
> > patch_1_reenable-nonfile-labels.patch (Updated based on prior feedback):
> > When James Morris originally submitted his sVirt patches (as seen in
> > libvirt 0.6.1), he did not require on disk labelling for
> > virSecurityDomainRestoreImageLabel. A later commit[2] changed this
> > behavior to assume on disk labelling, which halts implementations for
> > path-based MAC systems such as AppArmor and TOMOYO where
> > vm->def->seclabel is required to obtain the label. This patch simply
> > adds the 'virDomainObjPtr vm' argument back to *RestoreImageLabel.
> 
> -- 
> Jamie Strandboge             | http://www.canonical.com

> diff -Naurp libvirt.orig/src/qemu/qemu_driver.c libvirt/src/qemu/qemu_driver.c
> --- libvirt.orig/src/qemu/qemu_driver.c	2009-09-25 10:50:21.000000000 -0500
> +++ libvirt/src/qemu/qemu_driver.c	2009-09-25 16:56:32.000000000 -0500
> @@ -6309,7 +6309,7 @@ static int qemudDomainDetachDevice(virDo
>           dev->data.disk->bus == VIR_DOMAIN_DISK_BUS_VIRTIO)) {
>          ret = qemudDomainDetachPciDiskDevice(dom->conn, vm, dev);
>          if (driver->securityDriver)
> -            driver->securityDriver->domainRestoreSecurityImageLabel(dom->conn, dev->data.disk);
> +            driver->securityDriver->domainRestoreSecurityImageLabel(dom->conn, vm, dev->data.disk);
>          if (qemuDomainSetDeviceOwnership(dom->conn, driver, dev, 1) < 0)
>              VIR_WARN0("Fail to restore disk device ownership");
>      } else if (dev->type == VIR_DOMAIN_DEVICE_NET) {
> diff -Naurp libvirt.orig/src/security/security_driver.h libvirt/src/security/security_driver.h
> --- libvirt.orig/src/security/security_driver.h	2009-09-22 12:51:57.000000000 -0500
> +++ libvirt/src/security/security_driver.h	2009-09-25 16:56:32.000000000 -0500
> @@ -32,6 +32,7 @@ typedef virSecurityDriverStatus (*virSec
>  typedef int (*virSecurityDriverOpen) (virConnectPtr conn,
>                                        virSecurityDriverPtr drv);
>  typedef int (*virSecurityDomainRestoreImageLabel) (virConnectPtr conn,
> +                                                   virDomainObjPtr vm,
>                                                     virDomainDiskDefPtr disk);
>  typedef int (*virSecurityDomainSetImageLabel) (virConnectPtr conn,
>                                                 virDomainObjPtr vm,
> diff -Naurp libvirt.orig/src/security/security_selinux.c libvirt/src/security/security_selinux.c
> --- libvirt.orig/src/security/security_selinux.c	2009-09-22 12:51:57.000000000 -0500
> +++ libvirt/src/security/security_selinux.c	2009-09-25 16:56:32.000000000 -0500
> @@ -377,6 +377,7 @@ err:
>  
>  static int
>  SELinuxRestoreSecurityImageLabel(virConnectPtr conn,
> +                                 virDomainObjPtr vm ATTRIBUTE_UNUSED,
>                                   virDomainDiskDefPtr disk)
>  {
>      /* Don't restore labels on readoly/shared disks, because
> @@ -581,7 +582,8 @@ SELinuxRestoreSecurityLabel(virConnectPt
>                  rc = -1;
>          }
>          for (i = 0 ; i < vm->def->ndisks ; i++) {
> -            if (SELinuxRestoreSecurityImageLabel(conn, vm->def->disks[i]) < 0)
> +            if (SELinuxRestoreSecurityImageLabel(conn, vm,
> +                                                 vm->def->disks[i]) < 0)
>                  rc = -1;
>          }
>          VIR_FREE(secdef->model);


ACK


Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]