On 8/23/21 4:41 AM, Peng Liang wrote:
> Signed-off-by: Peng Liang <liangpeng10@xxxxxxxxxx>
> ---
> src/libvirt_private.syms | 1 +
> src/security/security_driver.h | 5 +++++
> src/security/security_manager.c | 29 +++++++++++++++++++++++++++++
> src/security/security_manager.h | 5 +++++
> 4 files changed, 40 insertions(+)
>
> diff --git a/src/security/security_manager.c b/src/security/security_manager.c
> index 9906c1691d0f..b580704d3abf 100644
> --- a/src/security/security_manager.c
> +++ b/src/security/security_manager.c
> @@ -476,6 +476,35 @@ virSecurityManagerMoveImageMetadata(virSecurityManager *mgr,
> }
>
>
> +/**
> + * virSecurityManagerUpdateImageLabel:
> + * @mgr: security manager object
> + * @vm: domain definition object
> + * @src: disk source definition to operate on
> + * @flags: bitwise or of 'virSecurityDomainImageLabelFlags'
> + *
> + * Update security label from @src according to @flags.
> + *
> + * Returns: 0 on success, -1 on error.
> + */
> +int
> +virSecurityManagerUpdateImageLabel(virSecurityManager *mgr,
> + virDomainDef *vm,
> + virStorageSource *src,
> + virSecurityDomainImageLabelFlags flags)
> +{
> + if (mgr->drv->domainUpdateSecurityImageLabel) {
> + int ret;
> + virObjectLock(mgr);
> + ret = mgr->drv->domainUpdateSecurityImageLabel(mgr, vm, src, flags);
> + virObjectUnlock(mgr);
> + return ret;
> + }
> +
> + return 0;
> +}
> +
> +
Is there a reason why this needs to be inside virSecurityManager? We
already have virSecurityMoveRememberedLabel() that lives outside of it,
in security_util.c and conceptually this function belongs there.
Michal
