There is a case in which we do not want 'remember' to be set to true in SetOwnership() calls inside the HostdevLabelHelper() functions of both DAC and SELinux drivers. Next patch will explain and handle that scenario. For now, let's make virSecurityDACSetOwnership() and virSecuritySELinuxSetHostdevLabelHelper() accept a 'remember' flag, which will be used to set the 'remember' parameter of their respective SetOwnership() calls. No functional change is made. Signed-off-by: Daniel Henrique Barboza <danielhb413@xxxxxxxxx> --- src/security/security_dac.c | 13 +++++++------ src/security/security_selinux.c | 14 ++++++++------ 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 2561ee440e..b456c59a02 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1144,6 +1144,7 @@ virSecurityDACMoveImageMetadata(virSecurityManagerPtr mgr, static int virSecurityDACSetHostdevLabelHelper(const char *file, + bool remember, void *opaque) { virSecurityDACCallbackDataPtr cbdata = opaque; @@ -1156,7 +1157,7 @@ virSecurityDACSetHostdevLabelHelper(const char *file, if (virSecurityDACGetIds(secdef, priv, &user, &group, NULL, NULL) < 0) return -1; - return virSecurityDACSetOwnership(mgr, NULL, file, user, group, true); + return virSecurityDACSetOwnership(mgr, NULL, file, user, group, remember); } @@ -1165,7 +1166,7 @@ virSecurityDACSetPCILabel(virPCIDevicePtr dev G_GNUC_UNUSED, const char *file, void *opaque) { - return virSecurityDACSetHostdevLabelHelper(file, opaque); + return virSecurityDACSetHostdevLabelHelper(file, true, opaque); } @@ -1174,7 +1175,7 @@ virSecurityDACSetUSBLabel(virUSBDevicePtr dev G_GNUC_UNUSED, const char *file, void *opaque) { - return virSecurityDACSetHostdevLabelHelper(file, opaque); + return virSecurityDACSetHostdevLabelHelper(file, true, opaque); } @@ -1183,7 +1184,7 @@ virSecurityDACSetSCSILabel(virSCSIDevicePtr dev G_GNUC_UNUSED, const char *file, void *opaque) { - return virSecurityDACSetHostdevLabelHelper(file, opaque); + return virSecurityDACSetHostdevLabelHelper(file, true, opaque); } @@ -1192,7 +1193,7 @@ virSecurityDACSetHostLabel(virSCSIVHostDevicePtr dev G_GNUC_UNUSED, const char *file, void *opaque) { - return virSecurityDACSetHostdevLabelHelper(file, opaque); + return virSecurityDACSetHostdevLabelHelper(file, true, opaque); } @@ -1312,7 +1313,7 @@ virSecurityDACSetHostdevLabel(virSecurityManagerPtr mgr, if (!(vfiodev = virMediatedDeviceGetIOMMUGroupDev(mdevsrc->uuidstr))) return -1; - ret = virSecurityDACSetHostdevLabelHelper(vfiodev, &cbdata); + ret = virSecurityDACSetHostdevLabelHelper(vfiodev, true, &cbdata); VIR_FREE(vfiodev); break; diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 21279e7622..86acc0a33f 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -2001,7 +2001,9 @@ virSecuritySELinuxMoveImageMetadata(virSecurityManagerPtr mgr, static int -virSecuritySELinuxSetHostdevLabelHelper(const char *file, void *opaque) +virSecuritySELinuxSetHostdevLabelHelper(const char *file, + bool remember, + void *opaque) { virSecurityLabelDefPtr secdef; virSecuritySELinuxCallbackDataPtr data = opaque; @@ -2011,21 +2013,21 @@ virSecuritySELinuxSetHostdevLabelHelper(const char *file, void *opaque) secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); if (secdef == NULL) return 0; - return virSecuritySELinuxSetFilecon(mgr, file, secdef->imagelabel, true); + return virSecuritySELinuxSetFilecon(mgr, file, secdef->imagelabel, remember); } static int virSecuritySELinuxSetPCILabel(virPCIDevicePtr dev G_GNUC_UNUSED, const char *file, void *opaque) { - return virSecuritySELinuxSetHostdevLabelHelper(file, opaque); + return virSecuritySELinuxSetHostdevLabelHelper(file, true, opaque); } static int virSecuritySELinuxSetUSBLabel(virUSBDevicePtr dev G_GNUC_UNUSED, const char *file, void *opaque) { - return virSecuritySELinuxSetHostdevLabelHelper(file, opaque); + return virSecuritySELinuxSetHostdevLabelHelper(file, true, opaque); } static int @@ -2056,7 +2058,7 @@ static int virSecuritySELinuxSetHostLabel(virSCSIVHostDevicePtr dev G_GNUC_UNUSED, const char *file, void *opaque) { - return virSecuritySELinuxSetHostdevLabelHelper(file, opaque); + return virSecuritySELinuxSetHostdevLabelHelper(file, true, opaque); } @@ -2164,7 +2166,7 @@ virSecuritySELinuxSetHostdevSubsysLabel(virSecurityManagerPtr mgr, if (!(vfiodev = virMediatedDeviceGetIOMMUGroupDev(mdevsrc->uuidstr))) return ret; - ret = virSecuritySELinuxSetHostdevLabelHelper(vfiodev, &data); + ret = virSecuritySELinuxSetHostdevLabelHelper(vfiodev, true, &data); VIR_FREE(vfiodev); break; -- 2.24.1