From: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
Add a generic way to run a command through the security management.
Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
---
src/qemu/qemu_security.c | 22 ++++++++++++++++++++++
src/qemu/qemu_security.h | 6 ++++++
2 files changed, 28 insertions(+)
diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index 87209d3781..f9aa94e0a7 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -631,3 +631,25 @@ qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver,
virSecurityManagerTransactionAbort(driver->securityManager);
return ret;
}
+
+
+int
+qemuSecurityCommandRun(virQEMUDriverPtr driver,
+ virDomainObjPtr vm,
+ virCommandPtr cmd,
+ int *exitstatus,
+ int *cmdret)
+{
+ if (virSecurityManagerSetChildProcessLabel(driver->securityManager,
+ vm->def, cmd) < 0)
+ return -1;
+
+ if (virSecurityManagerPreFork(driver->securityManager) < 0)
+ return -1;
+
+ *cmdret = virCommandRun(cmd, exitstatus);
+
+ virSecurityManagerPostFork(driver->securityManager);
+
+ return 0;
+}
diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
index 68e377f418..8cf4ab0721 100644
--- a/src/qemu/qemu_security.h
+++ b/src/qemu/qemu_security.h
@@ -101,6 +101,12 @@ int qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver,
virDomainObjPtr vm,
const char *savefile);
+int qemuSecurityCommandRun(virQEMUDriverPtr driver,
+ virDomainObjPtr vm,
+ virCommandPtr cmd,
+ int *exitstatus,
+ int *cmdret);
+
/* Please note that for these APIs there is no wrapper yet. Do NOT blindly add
* new APIs here. If an API can touch a file add a proper wrapper instead.
*/
--
2.22.0.214.g8dca754b1e
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
