[PATCH v4 05/13] qemu: Properly setup the NVRAM virStorageSource

Peter Krempa <pkrempa@xxxxxxxxxx> · Fri, 3 Jun 2022 13:48:37 +0200

Use the designated helpers for virStorageSource instead using the
file-based ones with a check.

Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
---
 src/qemu/qemu_cgroup.c          |  3 +--
 src/qemu/qemu_namespace.c       |  5 +++--
 src/security/security_dac.c     | 21 +++++++++++----------
 src/security/security_selinux.c | 23 +++++++++++------------
 src/security/virt-aa-helper.c   |  6 +++---
 5 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index 64baed14e6..f189ca2bb6 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -581,8 +581,7 @@ qemuSetupFirmwareCgroup(virDomainObj *vm)
         return -1;

     if (vm->def->os.loader->nvram &&
-        virStorageSourceIsLocalStorage(vm->def->os.loader->nvram) &&
-        qemuSetupImagePathCgroup(vm, vm->def->os.loader->nvram->path, false) < 0)
+        qemuSetupImageCgroup(vm, vm->def->os.loader->nvram) < 0)
         return -1;

     return 0;
diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
index 9e133587b7..59c6dc52ac 100644
--- a/src/qemu/qemu_namespace.c
+++ b/src/qemu/qemu_namespace.c
@@ -573,8 +573,9 @@ qemuDomainSetupLoader(virDomainObj *vm,
             *paths = g_slist_prepend(*paths, g_strdup(loader->path));

             if (loader->nvram &&
-                virStorageSourceIsLocalStorage(loader->nvram))
-                *paths = g_slist_prepend(*paths, g_strdup(loader->nvram->path));
+                qemuDomainSetupDisk(loader->nvram, paths) < 0)
+                return -1;
+
             break;

         case VIR_DOMAIN_LOADER_TYPE_NONE:
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 03661efda1..bb89e466e1 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1974,10 +1974,11 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr,
             rc = -1;
     }

-    if (def->os.loader && def->os.loader->nvram &&
-        virStorageSourceIsLocalStorage(def->os.loader->nvram) &&
-        virSecurityDACRestoreFileLabel(mgr, def->os.loader->nvram->path) < 0)
-        rc = -1;
+    if (def->os.loader && def->os.loader->nvram) {
+        if (virSecurityDACRestoreImageLabelInt(mgr, def, def->os.loader->nvram,
+                                               migrated) < 0)
+            rc = -1;
+    }

     if (def->os.kernel &&
         virSecurityDACRestoreFileLabel(mgr, def->os.kernel) < 0)
@@ -2186,12 +2187,12 @@ virSecurityDACSetAllLabel(virSecurityManager *mgr,
             return -1;
     }

-    if (def->os.loader && def->os.loader->nvram &&
-        virStorageSourceIsLocalStorage(def->os.loader->nvram) &&
-        virSecurityDACSetOwnership(mgr, NULL,
-                                   def->os.loader->nvram->path,
-                                   user, group, true) < 0)
-        return -1;
+    if (def->os.loader && def->os.loader->nvram) {
+        if (virSecurityDACSetImageLabel(mgr, def, def->os.loader->nvram,
+                                        VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN |
+                                        VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP) < 0)
+            return -1;
+    }

     if (def->os.kernel &&
         virSecurityDACSetOwnership(mgr, NULL,
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index e026212b13..6a9d8e7e59 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2805,10 +2805,11 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager *mgr,
             rc = -1;
     }

-    if (def->os.loader && def->os.loader->nvram &&
-        virStorageSourceIsLocalStorage(def->os.loader->nvram) &&
-        virSecuritySELinuxRestoreFileLabel(mgr, def->os.loader->nvram->path, true) < 0)
-        rc = -1;
+    if (def->os.loader && def->os.loader->nvram) {
+        if (virSecuritySELinuxRestoreImageLabelInt(mgr, def, def->os.loader->nvram,
+                                                   migrated) < 0)
+            rc = -1;
+    }

     if (def->os.kernel &&
         virSecuritySELinuxRestoreFileLabel(mgr, def->os.kernel, true) < 0)
@@ -3210,14 +3211,12 @@ virSecuritySELinuxSetAllLabel(virSecurityManager *mgr,
             return -1;
     }

-    /* This is different than kernel or initrd. The nvram store
-     * is really a disk, qemu can read and write to it. */
-    if (def->os.loader && def->os.loader->nvram &&
-        virStorageSourceIsLocalStorage(def->os.loader->nvram) &&
-        secdef && secdef->imagelabel &&
-        virSecuritySELinuxSetFilecon(mgr, def->os.loader->nvram->path,
-                                     secdef->imagelabel, true) < 0)
-        return -1;
+    if (def->os.loader && def->os.loader->nvram) {
+        if (virSecuritySELinuxSetImageLabel(mgr, def, def->os.loader->nvram,
+                                            VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN |
+                                            VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP) < 0)
+            return -1;
+    }

     if (def->os.kernel &&
         virSecuritySELinuxSetFilecon(mgr, def->os.kernel,
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 2ddf293c2c..d86b0f1cc2 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1006,10 +1006,10 @@ get_files(vahControl * ctl)
         if (vah_add_file(&buf, ctl->def->os.loader->path, "rk") != 0)
             goto cleanup;

-    if (ctl->def->os.loader && ctl->def->os.loader->nvram &&
-        virStorageSourceIsLocalStorage(ctl->def->os.loader->nvram))
-        if (vah_add_file(&buf, ctl->def->os.loader->nvram->path, "rwk") != 0)
+    if (ctl->def->os.loader && ctl->def->os.loader->nvram) {
+        if (storage_source_add_files(disk->src, &buf, 0) < 0)
             goto cleanup;
+    }

     for (i = 0; i < ctl->def->ngraphics; i++) {
         virDomainGraphicsDef *graphics = ctl->def->graphics[i];
-- 
2.35.3







