From: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
Add a generic way to run a command through the security management.
Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
---
src/qemu/qemu_security.c | 22 ++++++++++++++++++++++
src/qemu/qemu_security.h | 6 ++++++
2 files changed, 28 insertions(+)
diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index 3cd6d9bd3d..f8b53e06b3 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -632,3 +632,25 @@ qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver,
virSecurityManagerTransactionAbort(driver->securityManager);
return ret;
}
+
+
+int
+qemuSecurityCommandRun(virQEMUDriverPtr driver,
+ virDomainObjPtr vm,
+ virCommandPtr cmd,
+ int *exitstatus,
+ int *cmdret)
+{
+ if (virSecurityManagerSetChildProcessLabel(driver->securityManager,
+ vm->def, cmd) < 0)
+ return -1;
+
+ if (virSecurityManagerPreFork(driver->securityManager) < 0)
+ return -1;
+
+ *cmdret = virCommandRun(cmd, exitstatus);
+
+ virSecurityManagerPostFork(driver->securityManager);
+
+ return 0;
+}
diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
index 68e377f418..8cf4ab0721 100644
--- a/src/qemu/qemu_security.h
+++ b/src/qemu/qemu_security.h
@@ -101,6 +101,12 @@ int qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver,
virDomainObjPtr vm,
const char *savefile);
+int qemuSecurityCommandRun(virQEMUDriverPtr driver,
+ virDomainObjPtr vm,
+ virCommandPtr cmd,
+ int *exitstatus,
+ int *cmdret);
+
/* Please note that for these APIs there is no wrapper yet. Do NOT blindly add
* new APIs here. If an API can touch a file add a proper wrapper instead.
*/
--
2.23.0.rc1
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
