[PATCH 1/3] Use standard naming prefix for SELinux driver function names

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>

The function names in the SELinux driver all start with
SELinux or 'mcs' as a prefix. Sanitize this so that they
all use 'virSecuritySELinux' as the prefix

Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
---
 src/security/security_selinux.c |  394 ++++++++++++++++++++-------------------
 1 file changed, 198 insertions(+), 196 deletions(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index ffa65fb..7ded0a8 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -64,16 +64,18 @@ struct _virSecuritySELinuxCallbackData {
    The data struct of used mcs should be replaced with a better data structure in the future
 */
 
-struct MCS {
+typedef struct virSecuritySELinuxMCS virSecuritySELinuxMCS;
+typedef virSecuritySELinuxMCS *virSecuritySELinuxMCSPtr;
+struct virSecuritySELinuxMCS {
     char *mcs;
-    struct MCS *next;
+    virSecuritySELinuxMCSPtr next;
 };
-static struct MCS *mcsList = NULL;
+static virSecuritySELinuxMCSPtr mcsList = NULL;
 
 static int
-mcsAdd(const char *mcs)
+virSecuritySELinuxMCSAdd(const char *mcs)
 {
-    struct MCS *ptr;
+    virSecuritySELinuxMCSPtr ptr;
 
     for (ptr = mcsList; ptr; ptr = ptr->next) {
         if (STREQ(ptr->mcs, mcs))
@@ -88,10 +90,10 @@ mcsAdd(const char *mcs)
 }
 
 static int
-mcsRemove(const char *mcs)
+virSecuritySELinuxMCSRemove(const char *mcs)
 {
-    struct MCS *prevptr = NULL;
-    struct MCS *ptr = NULL;
+    virSecuritySELinuxMCSPtr prevptr = NULL;
+    virSecuritySELinuxMCSPtr ptr = NULL;
 
     for (ptr = mcsList; ptr; ptr = ptr->next) {
         if (STREQ(ptr->mcs, mcs)) {
@@ -110,7 +112,7 @@ mcsRemove(const char *mcs)
 }
 
 static char *
-SELinuxGenNewContext(const char *oldcontext, const char *mcs)
+virSecuritySELinuxGenNewContext(const char *oldcontext, const char *mcs)
 {
     char *newcontext = NULL;
     char *scontext = strdup(oldcontext);
@@ -129,7 +131,7 @@ err:
 
 #ifdef HAVE_SELINUX_LXC_CONTEXTS_PATH
 static int
-SELinuxLXCInitialize(virSecurityManagerPtr mgr)
+virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr)
 {
     virConfValuePtr scon = NULL;
     virConfValuePtr tcon = NULL;
@@ -192,7 +194,7 @@ error:
 }
 #else
 static int
-SELinuxLXCInitialize(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
+virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
 {
     virReportSystemError(ENOSYS, "%s",
                          _("libselinux does not support LXC contexts path"));
@@ -202,7 +204,7 @@ SELinuxLXCInitialize(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
 
 
 static int
-SELinuxQEMUInitialize(virSecurityManagerPtr mgr)
+virSecuritySELinuxQEMUInitialize(virSecurityManagerPtr mgr)
 {
     char *ptr;
     virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
@@ -249,20 +251,20 @@ error:
 
 
 static int
-SELinuxInitialize(virSecurityManagerPtr mgr)
+virSecuritySELinuxInitialize(virSecurityManagerPtr mgr)
 {
     VIR_DEBUG("SELinuxInitialize %s", virSecurityManagerGetDriver(mgr));
     if (STREQ(virSecurityManagerGetDriver(mgr),  "LXC")) {
-        return SELinuxLXCInitialize(mgr);
+        return virSecuritySELinuxLXCInitialize(mgr);
     } else {
-        return SELinuxQEMUInitialize(mgr);
+        return virSecuritySELinuxQEMUInitialize(mgr);
     }
 }
 
 
 static int
-SELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
-                        virDomainDefPtr def)
+virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
+                                   virDomainDefPtr def)
 {
     int rc = -1;
     char *mcs = NULL;
@@ -273,7 +275,7 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
     const char *range;
     virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
 
-    VIR_DEBUG("SELinuxGenSecurityLabel %s", virSecurityManagerGetDriver(mgr));
+    VIR_DEBUG("driver=%s", virSecurityManagerGetDriver(mgr));
     if ((def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) &&
         !def->seclabel.baselabel &&
         def->seclabel.model) {
@@ -303,7 +305,7 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
         return rc;
     }
 
-    VIR_DEBUG("SELinuxGenSecurityLabel %d", def->seclabel.type);
+    VIR_DEBUG("type=%d", def->seclabel.type);
 
     switch (def->seclabel.type) {
     case VIR_DOMAIN_SECLABEL_STATIC:
@@ -343,12 +345,12 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
                     goto cleanup;
                 }
             }
-        } while (mcsAdd(mcs) == -1);
+        } while (virSecuritySELinuxMCSAdd(mcs) == -1);
 
         def->seclabel.label =
-            SELinuxGenNewContext(def->seclabel.baselabel ?
-                                 def->seclabel.baselabel :
-                                 data->domain_context, mcs);
+            virSecuritySELinuxGenNewContext(def->seclabel.baselabel ?
+                                            def->seclabel.baselabel :
+                                            data->domain_context, mcs);
         if (! def->seclabel.label)  {
             virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                    _("cannot generate selinux context for %s"), mcs);
@@ -368,7 +370,7 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
     }
 
     if (!def->seclabel.norelabel) {
-        def->seclabel.imagelabel = SELinuxGenNewContext(data->file_context, mcs);
+        def->seclabel.imagelabel = virSecuritySELinuxGenNewContext(data->file_context, mcs);
         if (!def->seclabel.imagelabel)  {
             virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                    _("cannot generate selinux context for %s"), mcs);
@@ -409,9 +411,9 @@ cleanup:
 }
 
 static int
-SELinuxReserveSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
-                            virDomainDefPtr def,
-                            pid_t pid)
+virSecuritySELinuxReserveSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+                                       virDomainDefPtr def,
+                                       pid_t pid)
 {
     security_context_t pctx;
     context_t ctx = NULL;
@@ -435,7 +437,7 @@ SELinuxReserveSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
     if (!mcs)
         goto err;
 
-    mcsAdd(mcs);
+    virSecuritySELinuxMCSAdd(mcs);
 
     context_free(ctx);
 
@@ -448,7 +450,7 @@ err:
 
 
 static int
-SELinuxSecurityDriverProbe(const char *virtDriver)
+virSecuritySELinuxSecurityDriverProbe(const char *virtDriver)
 {
     if (!is_selinux_enabled())
         return SECURITY_DRIVER_DISABLE;
@@ -465,14 +467,14 @@ SELinuxSecurityDriverProbe(const char *virtDriver)
 
 
 static int
-SELinuxSecurityDriverOpen(virSecurityManagerPtr mgr)
+virSecuritySELinuxSecurityDriverOpen(virSecurityManagerPtr mgr)
 {
-    return SELinuxInitialize(mgr);
+    return virSecuritySELinuxInitialize(mgr);
 }
 
 
 static int
-SELinuxSecurityDriverClose(virSecurityManagerPtr mgr)
+virSecuritySELinuxSecurityDriverClose(virSecurityManagerPtr mgr)
 {
     virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
 
@@ -487,12 +489,12 @@ SELinuxSecurityDriverClose(virSecurityManagerPtr mgr)
 }
 
 
-static const char *SELinuxSecurityGetModel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
+static const char *virSecuritySELinuxSecurityGetModel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
 {
     return SECURITY_SELINUX_NAME;
 }
 
-static const char *SELinuxSecurityGetDOI(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
+static const char *virSecuritySELinuxSecurityGetDOI(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
 {
     /*
      * Where will the DOI come from?  SELinux configuration, or qemu
@@ -502,10 +504,10 @@ static const char *SELinuxSecurityGetDOI(virSecurityManagerPtr mgr ATTRIBUTE_UNU
 }
 
 static int
-SELinuxGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
-                               virDomainDefPtr def ATTRIBUTE_UNUSED,
-                               pid_t pid,
-                               virSecurityLabelPtr sec)
+virSecuritySELinuxGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+                                          virDomainDefPtr def ATTRIBUTE_UNUSED,
+                                          pid_t pid,
+                                          virSecurityLabelPtr sec)
 {
     security_context_t ctx;
 
@@ -528,7 +530,7 @@ SELinuxGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
     strcpy(sec->label, (char *) ctx);
     freecon(ctx);
 
-    VIR_DEBUG("SELinuxGetSecurityProcessLabel %s", sec->label);
+    VIR_DEBUG("label=%s", sec->label);
     sec->enforcing = security_getenforce();
     if (sec->enforcing == -1) {
         virReportSystemError(errno, "%s",
@@ -543,7 +545,7 @@ SELinuxGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
  * return 1 if labelling was not possible.  Otherwise, require a label
  * change, and return 0 for success, -1 for failure.  */
 static int
-SELinuxSetFileconHelper(const char *path, char *tcon, bool optional)
+virSecuritySELinuxSetFileconHelper(const char *path, char *tcon, bool optional)
 {
     security_context_t econ;
 
@@ -596,19 +598,19 @@ SELinuxSetFileconHelper(const char *path, char *tcon, bool optional)
 }
 
 static int
-SELinuxSetFileconOptional(const char *path, char *tcon)
+virSecuritySELinuxSetFileconOptional(const char *path, char *tcon)
 {
-    return SELinuxSetFileconHelper(path, tcon, true);
+    return virSecuritySELinuxSetFileconHelper(path, tcon, true);
 }
 
 static int
-SELinuxSetFilecon(const char *path, char *tcon)
+virSecuritySELinuxSetFilecon(const char *path, char *tcon)
 {
-    return SELinuxSetFileconHelper(path, tcon, false);
+    return virSecuritySELinuxSetFileconHelper(path, tcon, false);
 }
 
 static int
-SELinuxFSetFilecon(int fd, char *tcon)
+virSecuritySELinuxFSetFilecon(int fd, char *tcon)
 {
     security_context_t econ;
 
@@ -669,7 +671,7 @@ getContext(const char *newpath, mode_t mode, security_context_t *fcon)
 /* This method shouldn't raise errors, since they'll overwrite
  * errors that the caller(s) are already dealing with */
 static int
-SELinuxRestoreSecurityFileLabel(const char *path)
+virSecuritySELinuxRestoreSecurityFileLabel(const char *path)
 {
     struct stat buf;
     security_context_t fcon = NULL;
@@ -694,7 +696,7 @@ SELinuxRestoreSecurityFileLabel(const char *path)
     if (getContext(newpath, buf.st_mode, &fcon) < 0) {
         VIR_WARN("cannot lookup default selinux label for %s", newpath);
     } else {
-        rc = SELinuxSetFilecon(newpath, fcon);
+        rc = virSecuritySELinuxSetFilecon(newpath, fcon);
     }
 
 err:
@@ -704,10 +706,10 @@ err:
 }
 
 static int
-SELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
-                                    virDomainDefPtr def,
-                                    virDomainDiskDefPtr disk,
-                                    int migrated)
+virSecuritySELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+                                               virDomainDefPtr def,
+                                               virDomainDiskDefPtr disk,
+                                               int migrated)
 {
     const virSecurityLabelDefPtr secdef = &def->seclabel;
 
@@ -744,24 +746,24 @@ SELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
         }
     }
 
-    return SELinuxRestoreSecurityFileLabel(disk->src);
+    return virSecuritySELinuxRestoreSecurityFileLabel(disk->src);
 }
 
 
 static int
-SELinuxRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
-                                 virDomainDefPtr def,
-                                 virDomainDiskDefPtr disk)
+virSecuritySELinuxRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
+                                            virDomainDefPtr def,
+                                            virDomainDiskDefPtr disk)
 {
-    return SELinuxRestoreSecurityImageLabelInt(mgr, def, disk, 0);
+    return virSecuritySELinuxRestoreSecurityImageLabelInt(mgr, def, disk, 0);
 }
 
 
 static int
-SELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
-                            const char *path,
-                            size_t depth,
-                            void *opaque)
+virSecuritySELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
+                                       const char *path,
+                                       size_t depth,
+                                       void *opaque)
 {
     virSecuritySELinuxCallbackDataPtr cbdata = opaque;
     const virSecurityLabelDefPtr secdef = cbdata->secdef;
@@ -773,20 +775,20 @@ SELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
 
     if (disk->seclabel && !disk->seclabel->norelabel &&
         disk->seclabel->label) {
-        ret = SELinuxSetFilecon(path, disk->seclabel->label);
+        ret = virSecuritySELinuxSetFilecon(path, disk->seclabel->label);
     } else if (depth == 0) {
 
         if (disk->shared) {
-            ret = SELinuxSetFileconOptional(path, data->file_context);
+            ret = virSecuritySELinuxSetFileconOptional(path, data->file_context);
         } else if (disk->readonly) {
-            ret = SELinuxSetFileconOptional(path, data->content_context);
+            ret = virSecuritySELinuxSetFileconOptional(path, data->content_context);
         } else if (secdef->imagelabel) {
-            ret = SELinuxSetFileconOptional(path, secdef->imagelabel);
+            ret = virSecuritySELinuxSetFileconOptional(path, secdef->imagelabel);
         } else {
             ret = 0;
         }
     } else {
-        ret = SELinuxSetFileconOptional(path, data->content_context);
+        ret = virSecuritySELinuxSetFileconOptional(path, data->content_context);
     }
     if (ret == 1 && !disk->seclabel) {
         /* If we failed to set a label, but virt_use_nfs let us
@@ -802,9 +804,9 @@ SELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
 }
 
 static int
-SELinuxSetSecurityImageLabel(virSecurityManagerPtr mgr,
-                             virDomainDefPtr def,
-                             virDomainDiskDefPtr disk)
+virSecuritySELinuxSetSecurityImageLabel(virSecurityManagerPtr mgr,
+                                        virDomainDefPtr def,
+                                        virDomainDiskDefPtr disk)
 
 {
     virSecuritySELinuxCallbackData cbdata;
@@ -829,35 +831,35 @@ SELinuxSetSecurityImageLabel(virSecurityManagerPtr mgr,
                                        allowDiskFormatProbing,
                                        true,
                                        -1, -1, /* current process uid:gid */
-                                       SELinuxSetSecurityFileLabel,
+                                       virSecuritySELinuxSetSecurityFileLabel,
                                        &cbdata);
 }
 
 
 static int
-SELinuxSetSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED,
-                           const char *file, void *opaque)
+virSecuritySELinuxSetSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED,
+                                      const char *file, void *opaque)
 {
     virDomainDefPtr def = opaque;
     const virSecurityLabelDefPtr secdef = &def->seclabel;
 
-    return SELinuxSetFilecon(file, secdef->imagelabel);
+    return virSecuritySELinuxSetFilecon(file, secdef->imagelabel);
 }
 
 static int
-SELinuxSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
-                           const char *file, void *opaque)
+virSecuritySELinuxSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
+                                      const char *file, void *opaque)
 {
     virDomainDefPtr def = opaque;
     const virSecurityLabelDefPtr secdef = &def->seclabel;
 
-    return SELinuxSetFilecon(file, secdef->imagelabel);
+    return virSecuritySELinuxSetFilecon(file, secdef->imagelabel);
 }
 
 static int
-SELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
-                               virDomainDefPtr def,
-                               virDomainHostdevDefPtr dev)
+virSecuritySELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+                                          virDomainDefPtr def,
+                                          virDomainHostdevDefPtr dev)
 
 {
     const virSecurityLabelDefPtr secdef = &def->seclabel;
@@ -877,7 +879,7 @@ SELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
         if (!usb)
             goto done;
 
-        ret = usbDeviceFileIterate(usb, SELinuxSetSecurityUSBLabel, def);
+        ret = usbDeviceFileIterate(usb, virSecuritySELinuxSetSecurityUSBLabel, def);
         usbFreeDevice(usb);
         break;
     }
@@ -891,7 +893,7 @@ SELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
         if (!pci)
             goto done;
 
-        ret = pciDeviceFileIterate(pci, SELinuxSetSecurityPCILabel, def);
+        ret = pciDeviceFileIterate(pci, virSecuritySELinuxSetSecurityPCILabel, def);
         pciFreeDevice(pci);
 
         break;
@@ -908,25 +910,25 @@ done:
 
 
 static int
-SELinuxRestoreSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED,
-                               const char *file,
-                               void *opaque ATTRIBUTE_UNUSED)
+virSecuritySELinuxRestoreSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED,
+                                          const char *file,
+                                          void *opaque ATTRIBUTE_UNUSED)
 {
-    return SELinuxRestoreSecurityFileLabel(file);
+    return virSecuritySELinuxRestoreSecurityFileLabel(file);
 }
 
 static int
-SELinuxRestoreSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
-                               const char *file,
-                               void *opaque ATTRIBUTE_UNUSED)
+virSecuritySELinuxRestoreSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
+                                          const char *file,
+                                          void *opaque ATTRIBUTE_UNUSED)
 {
-    return SELinuxRestoreSecurityFileLabel(file);
+    return virSecuritySELinuxRestoreSecurityFileLabel(file);
 }
 
 static int
-SELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
-                                   virDomainDefPtr def,
-                                   virDomainHostdevDefPtr dev)
+virSecuritySELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+                                              virDomainDefPtr def,
+                                              virDomainHostdevDefPtr dev)
 
 {
     const virSecurityLabelDefPtr secdef = &def->seclabel;
@@ -946,7 +948,7 @@ SELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
         if (!usb)
             goto done;
 
-        ret = usbDeviceFileIterate(usb, SELinuxRestoreSecurityUSBLabel, NULL);
+        ret = usbDeviceFileIterate(usb, virSecuritySELinuxRestoreSecurityUSBLabel, NULL);
         usbFreeDevice(usb);
 
         break;
@@ -961,7 +963,7 @@ SELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
         if (!pci)
             goto done;
 
-        ret = pciDeviceFileIterate(pci, SELinuxRestoreSecurityPCILabel, NULL);
+        ret = pciDeviceFileIterate(pci, virSecuritySELinuxRestoreSecurityPCILabel, NULL);
         pciFreeDevice(pci);
 
         break;
@@ -978,8 +980,8 @@ done:
 
 
 static int
-SELinuxSetSecurityChardevLabel(virDomainDefPtr def,
-                               virDomainChrSourceDefPtr dev)
+virSecuritySELinuxSetSecurityChardevLabel(virDomainDefPtr def,
+                                          virDomainChrSourceDefPtr dev)
 
 {
     const virSecurityLabelDefPtr secdef = &def->seclabel;
@@ -992,7 +994,7 @@ SELinuxSetSecurityChardevLabel(virDomainDefPtr def,
     switch (dev->type) {
     case VIR_DOMAIN_CHR_TYPE_DEV:
     case VIR_DOMAIN_CHR_TYPE_FILE:
-        ret = SELinuxSetFilecon(dev->data.file.path, secdef->imagelabel);
+        ret = virSecuritySELinuxSetFilecon(dev->data.file.path, secdef->imagelabel);
         break;
 
     case VIR_DOMAIN_CHR_TYPE_PIPE:
@@ -1002,11 +1004,11 @@ SELinuxSetSecurityChardevLabel(virDomainDefPtr def,
             goto done;
         }
         if (virFileExists(in) && virFileExists(out)) {
-            if ((SELinuxSetFilecon(in, secdef->imagelabel) < 0) ||
-                (SELinuxSetFilecon(out, secdef->imagelabel) < 0)) {
+            if ((virSecuritySELinuxSetFilecon(in, secdef->imagelabel) < 0) ||
+                (virSecuritySELinuxSetFilecon(out, secdef->imagelabel) < 0)) {
                 goto done;
             }
-        } else if (SELinuxSetFilecon(dev->data.file.path, secdef->imagelabel) < 0) {
+        } else if (virSecuritySELinuxSetFilecon(dev->data.file.path, secdef->imagelabel) < 0) {
             goto done;
         }
         ret = 0;
@@ -1024,8 +1026,8 @@ done:
 }
 
 static int
-SELinuxRestoreSecurityChardevLabel(virDomainDefPtr def,
-                                   virDomainChrSourceDefPtr dev)
+virSecuritySELinuxRestoreSecurityChardevLabel(virDomainDefPtr def,
+                                              virDomainChrSourceDefPtr dev)
 
 {
     const virSecurityLabelDefPtr secdef = &def->seclabel;
@@ -1038,7 +1040,7 @@ SELinuxRestoreSecurityChardevLabel(virDomainDefPtr def,
     switch (dev->type) {
     case VIR_DOMAIN_CHR_TYPE_DEV:
     case VIR_DOMAIN_CHR_TYPE_FILE:
-        if (SELinuxRestoreSecurityFileLabel(dev->data.file.path) < 0)
+        if (virSecuritySELinuxRestoreSecurityFileLabel(dev->data.file.path) < 0)
             goto done;
         ret = 0;
         break;
@@ -1049,11 +1051,11 @@ SELinuxRestoreSecurityChardevLabel(virDomainDefPtr def,
             goto done;
         }
         if (virFileExists(in) && virFileExists(out)) {
-            if ((SELinuxRestoreSecurityFileLabel(out) < 0) ||
-                (SELinuxRestoreSecurityFileLabel(in) < 0)) {
+            if ((virSecuritySELinuxRestoreSecurityFileLabel(out) < 0) ||
+                (virSecuritySELinuxRestoreSecurityFileLabel(in) < 0)) {
                 goto done;
             }
-        } else if (SELinuxRestoreSecurityFileLabel(dev->data.file.path) < 0) {
+        } else if (virSecuritySELinuxRestoreSecurityFileLabel(dev->data.file.path) < 0) {
             goto done;
         }
         ret = 0;
@@ -1072,23 +1074,23 @@ done:
 
 
 static int
-SELinuxRestoreSecurityChardevCallback(virDomainDefPtr def,
-                                      virDomainChrDefPtr dev,
-                                      void *opaque ATTRIBUTE_UNUSED)
+virSecuritySELinuxRestoreSecurityChardevCallback(virDomainDefPtr def,
+                                                 virDomainChrDefPtr dev,
+                                                 void *opaque ATTRIBUTE_UNUSED)
 {
     /* This is taken care of by processing of def->serials */
     if (dev->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CONSOLE &&
         dev->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL)
         return 0;
 
-    return SELinuxRestoreSecurityChardevLabel(def, &dev->source);
+    return virSecuritySELinuxRestoreSecurityChardevLabel(def, &dev->source);
 }
 
 
 static int
-SELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def,
-                                        virDomainSmartcardDefPtr dev,
-                                        void *opaque ATTRIBUTE_UNUSED)
+virSecuritySELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def,
+                                                   virDomainSmartcardDefPtr dev,
+                                                   void *opaque ATTRIBUTE_UNUSED)
 {
     const char *database;
 
@@ -1100,10 +1102,10 @@ SELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def,
         database = dev->data.cert.database;
         if (!database)
             database = VIR_DOMAIN_SMARTCARD_DEFAULT_DATABASE;
-        return SELinuxRestoreSecurityFileLabel(database);
+        return virSecuritySELinuxRestoreSecurityFileLabel(database);
 
     case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH:
-        return SELinuxRestoreSecurityChardevLabel(def, &dev->data.passthru);
+        return virSecuritySELinuxRestoreSecurityChardevLabel(def, &dev->data.passthru);
 
     default:
         virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
@@ -1117,9 +1119,9 @@ SELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def,
 
 
 static int
-SELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
-                               virDomainDefPtr def,
-                               int migrated ATTRIBUTE_UNUSED)
+virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+                                          virDomainDefPtr def,
+                                          int migrated ATTRIBUTE_UNUSED)
 {
     const virSecurityLabelDefPtr secdef = &def->seclabel;
     int i;
@@ -1131,45 +1133,45 @@ SELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
         return 0;
 
     for (i = 0 ; i < def->nhostdevs ; i++) {
-        if (SELinuxRestoreSecurityHostdevLabel(mgr,
-                                               def,
-                                               def->hostdevs[i]) < 0)
+        if (virSecuritySELinuxRestoreSecurityHostdevLabel(mgr,
+                                                          def,
+                                                          def->hostdevs[i]) < 0)
             rc = -1;
     }
     for (i = 0 ; i < def->ndisks ; i++) {
-        if (SELinuxRestoreSecurityImageLabelInt(mgr,
-                                                def,
-                                                def->disks[i],
-                                                migrated) < 0)
+        if (virSecuritySELinuxRestoreSecurityImageLabelInt(mgr,
+                                                           def,
+                                                           def->disks[i],
+                                                           migrated) < 0)
             rc = -1;
     }
 
     if (virDomainChrDefForeach(def,
                                false,
-                               SELinuxRestoreSecurityChardevCallback,
+                               virSecuritySELinuxRestoreSecurityChardevCallback,
                                NULL) < 0)
         rc = -1;
 
     if (virDomainSmartcardDefForeach(def,
                                      false,
-                                     SELinuxRestoreSecuritySmartcardCallback,
+                                     virSecuritySELinuxRestoreSecuritySmartcardCallback,
                                      NULL) < 0)
         rc = -1;
 
     if (def->os.kernel &&
-        SELinuxRestoreSecurityFileLabel(def->os.kernel) < 0)
+        virSecuritySELinuxRestoreSecurityFileLabel(def->os.kernel) < 0)
         rc = -1;
 
     if (def->os.initrd &&
-        SELinuxRestoreSecurityFileLabel(def->os.initrd) < 0)
+        virSecuritySELinuxRestoreSecurityFileLabel(def->os.initrd) < 0)
         rc = -1;
 
     return rc;
 }
 
 static int
-SELinuxReleaseSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
-                            virDomainDefPtr def)
+virSecuritySELinuxReleaseSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+                                       virDomainDefPtr def)
 {
     const virSecurityLabelDefPtr secdef = &def->seclabel;
 
@@ -1177,7 +1179,7 @@ SELinuxReleaseSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
         if (secdef->label != NULL) {
             context_t con = context_new(secdef->label);
             if (con) {
-                mcsRemove(context_range_get(con));
+                virSecuritySELinuxMCSRemove(context_range_get(con));
                 context_free(con);
             }
         }
@@ -1192,36 +1194,36 @@ SELinuxReleaseSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
 
 
 static int
-SELinuxSetSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
-                          virDomainDefPtr def,
-                          const char *savefile)
+virSecuritySELinuxSetSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+                                     virDomainDefPtr def,
+                                     const char *savefile)
 {
     const virSecurityLabelDefPtr secdef = &def->seclabel;
 
     if (secdef->norelabel)
         return 0;
 
-    return SELinuxSetFilecon(savefile, secdef->imagelabel);
+    return virSecuritySELinuxSetFilecon(savefile, secdef->imagelabel);
 }
 
 
 static int
-SELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
-                              virDomainDefPtr def,
-                              const char *savefile)
+virSecuritySELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+                                         virDomainDefPtr def,
+                                         const char *savefile)
 {
     const virSecurityLabelDefPtr secdef = &def->seclabel;
 
     if (secdef->norelabel)
         return 0;
 
-    return SELinuxRestoreSecurityFileLabel(savefile);
+    return virSecuritySELinuxRestoreSecurityFileLabel(savefile);
 }
 
 
 static int
-SELinuxSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
-                      virDomainDefPtr def)
+virSecuritySELinuxSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+                                 virDomainDefPtr def)
 {
     const virSecurityLabelDefPtr secdef = &def->seclabel;
     if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
@@ -1244,12 +1246,12 @@ SELinuxSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
 }
 
 static int
-SELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr,
-                               virDomainDefPtr def)
+virSecuritySELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr,
+                                          virDomainDefPtr def)
 {
     /* TODO: verify DOI */
     const virSecurityLabelDefPtr secdef = &def->seclabel;
-    VIR_DEBUG("SELinuxSetSecurityProcessLabel %s", secdef->label);
+    VIR_DEBUG("label=%s", secdef->label);
 
     if (def->seclabel.label == NULL)
         return 0;
@@ -1276,8 +1278,8 @@ SELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr,
 }
 
 static int
-SELinuxSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr,
-                                    virDomainDefPtr def)
+virSecuritySELinuxSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr,
+                                               virDomainDefPtr def)
 {
     /* TODO: verify DOI */
     const virSecurityLabelDefPtr secdef = &def->seclabel;
@@ -1347,8 +1349,8 @@ done:
 }
 
 static int
-SELinuxSetSecuritySocketLabel(virSecurityManagerPtr mgr,
-                              virDomainDefPtr vm)
+virSecuritySELinuxSetSecuritySocketLabel(virSecurityManagerPtr mgr,
+                                         virDomainDefPtr vm)
 {
     const virSecurityLabelDefPtr secdef = &vm->seclabel;
     int rc = -1;
@@ -1384,8 +1386,8 @@ done:
 }
 
 static int
-SELinuxClearSecuritySocketLabel(virSecurityManagerPtr mgr,
-                                virDomainDefPtr def)
+virSecuritySELinuxClearSecuritySocketLabel(virSecurityManagerPtr mgr,
+                                           virDomainDefPtr def)
 {
     /* TODO: verify DOI */
     const virSecurityLabelDefPtr secdef = &def->seclabel;
@@ -1415,7 +1417,7 @@ SELinuxClearSecuritySocketLabel(virSecurityManagerPtr mgr,
 
 
 static int
-SELinuxSetSecurityChardevCallback(virDomainDefPtr def,
+virSecuritySELinuxSetSecurityChardevCallback(virDomainDefPtr def,
                                   virDomainChrDefPtr dev,
                                   void *opaque ATTRIBUTE_UNUSED)
 {
@@ -1424,12 +1426,12 @@ SELinuxSetSecurityChardevCallback(virDomainDefPtr def,
         dev->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL)
         return 0;
 
-    return SELinuxSetSecurityChardevLabel(def, &dev->source);
+    return virSecuritySELinuxSetSecurityChardevLabel(def, &dev->source);
 }
 
 
 static int
-SELinuxSetSecuritySmartcardCallback(virDomainDefPtr def,
+virSecuritySELinuxSetSecuritySmartcardCallback(virDomainDefPtr def,
                                     virDomainSmartcardDefPtr dev,
                                     void *opaque)
 {
@@ -1445,10 +1447,10 @@ SELinuxSetSecuritySmartcardCallback(virDomainDefPtr def,
         database = dev->data.cert.database;
         if (!database)
             database = VIR_DOMAIN_SMARTCARD_DEFAULT_DATABASE;
-        return SELinuxSetFilecon(database, data->content_context);
+        return virSecuritySELinuxSetFilecon(database, data->content_context);
 
     case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH:
-        return SELinuxSetSecurityChardevLabel(def, &dev->data.passthru);
+        return virSecuritySELinuxSetSecurityChardevLabel(def, &dev->data.passthru);
 
     default:
         virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
@@ -1462,7 +1464,7 @@ SELinuxSetSecuritySmartcardCallback(virDomainDefPtr def,
 
 
 static int
-SELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
+virSecuritySELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
                            virDomainDefPtr def,
                            const char *stdin_path)
 {
@@ -1480,14 +1482,14 @@ SELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
                      def->disks[i]->src, def->disks[i]->dst);
             continue;
         }
-        if (SELinuxSetSecurityImageLabel(mgr,
+        if (virSecuritySELinuxSetSecurityImageLabel(mgr,
                                          def, def->disks[i]) < 0)
             return -1;
     }
     /* XXX fixme process  def->fss if relabel == true */
 
     for (i = 0 ; i < def->nhostdevs ; i++) {
-        if (SELinuxSetSecurityHostdevLabel(mgr,
+        if (virSecuritySELinuxSetSecurityHostdevLabel(mgr,
                                            def,
                                            def->hostdevs[i]) < 0)
             return -1;
@@ -1495,26 +1497,26 @@ SELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
 
     if (virDomainChrDefForeach(def,
                                true,
-                               SELinuxSetSecurityChardevCallback,
+                               virSecuritySELinuxSetSecurityChardevCallback,
                                NULL) < 0)
         return -1;
 
     if (virDomainSmartcardDefForeach(def,
                                      true,
-                                     SELinuxSetSecuritySmartcardCallback,
+                                     virSecuritySELinuxSetSecuritySmartcardCallback,
                                      mgr) < 0)
         return -1;
 
     if (def->os.kernel &&
-        SELinuxSetFilecon(def->os.kernel, data->content_context) < 0)
+        virSecuritySELinuxSetFilecon(def->os.kernel, data->content_context) < 0)
         return -1;
 
     if (def->os.initrd &&
-        SELinuxSetFilecon(def->os.initrd, data->content_context) < 0)
+        virSecuritySELinuxSetFilecon(def->os.initrd, data->content_context) < 0)
         return -1;
 
     if (stdin_path) {
-        if (SELinuxSetFilecon(stdin_path, data->content_context) < 0 &&
+        if (virSecuritySELinuxSetFilecon(stdin_path, data->content_context) < 0 &&
             virStorageFileIsSharedFSType(stdin_path,
                                          VIR_STORAGE_FILE_SHFS_NFS) != 1)
             return -1;
@@ -1524,7 +1526,7 @@ SELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
 }
 
 static int
-SELinuxSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+virSecuritySELinuxSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
                        virDomainDefPtr def,
                        int fd)
 {
@@ -1533,11 +1535,11 @@ SELinuxSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
     if (secdef->imagelabel == NULL)
         return 0;
 
-    return SELinuxFSetFilecon(fd, secdef->imagelabel);
+    return virSecuritySELinuxFSetFilecon(fd, secdef->imagelabel);
 }
 
-static char *genImageLabel(virSecurityManagerPtr mgr,
-                           virDomainDefPtr def) {
+static char *virSecuritySELinuxGenImageLabel(virSecurityManagerPtr mgr,
+                                             virDomainDefPtr def) {
     const virSecurityLabelDefPtr secdef = &def->seclabel;
     virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
     const char *range;
@@ -1558,7 +1560,7 @@ static char *genImageLabel(virSecurityManagerPtr mgr,
                 virReportOOMError();
                 goto cleanup;
             }
-            label = SELinuxGenNewContext(data->file_context, mcs);
+            label = virSecuritySELinuxGenNewContext(data->file_context, mcs);
             if (!label) {
                 virReportOOMError();
                 goto cleanup;
@@ -1572,13 +1574,13 @@ cleanup:
         return label;
 }
 
-static char *SELinuxGetSecurityMountOptions(virSecurityManagerPtr mgr,
-                                            virDomainDefPtr def) {
+static char *virSecuritySELinuxGetSecurityMountOptions(virSecurityManagerPtr mgr,
+                                                       virDomainDefPtr def) {
     char *opts = NULL;
     const virSecurityLabelDefPtr secdef = &def->seclabel;
 
     if (! secdef->imagelabel)
-        secdef->imagelabel = genImageLabel(mgr,def);
+        secdef->imagelabel = virSecuritySELinuxGenImageLabel(mgr,def);
 
     if (secdef->imagelabel) {
         virAsprintf(&opts,
@@ -1586,46 +1588,46 @@ static char *SELinuxGetSecurityMountOptions(virSecurityManagerPtr mgr,
                     (const char*) secdef->imagelabel);
     }
 
-    VIR_DEBUG("SELinuxGetSecurityMountOptions imageLabel %s", secdef->imagelabel);
+    VIR_DEBUG("imageLabel=%s", secdef->imagelabel);
     return opts;
 }
 
 virSecurityDriver virSecurityDriverSELinux = {
     .privateDataLen                     = sizeof(virSecuritySELinuxData),
     .name                               = SECURITY_SELINUX_NAME,
-    .probe                              = SELinuxSecurityDriverProbe,
-    .open                               = SELinuxSecurityDriverOpen,
-    .close                              = SELinuxSecurityDriverClose,
+    .probe                              = virSecuritySELinuxSecurityDriverProbe,
+    .open                               = virSecuritySELinuxSecurityDriverOpen,
+    .close                              = virSecuritySELinuxSecurityDriverClose,
 
-    .getModel                           = SELinuxSecurityGetModel,
-    .getDOI                             = SELinuxSecurityGetDOI,
+    .getModel                           = virSecuritySELinuxSecurityGetModel,
+    .getDOI                             = virSecuritySELinuxSecurityGetDOI,
 
-    .domainSecurityVerify               = SELinuxSecurityVerify,
+    .domainSecurityVerify               = virSecuritySELinuxSecurityVerify,
 
-    .domainSetSecurityImageLabel        = SELinuxSetSecurityImageLabel,
-    .domainRestoreSecurityImageLabel    = SELinuxRestoreSecurityImageLabel,
+    .domainSetSecurityImageLabel        = virSecuritySELinuxSetSecurityImageLabel,
+    .domainRestoreSecurityImageLabel    = virSecuritySELinuxRestoreSecurityImageLabel,
 
-    .domainSetSecurityDaemonSocketLabel = SELinuxSetSecurityDaemonSocketLabel,
-    .domainSetSecuritySocketLabel       = SELinuxSetSecuritySocketLabel,
-    .domainClearSecuritySocketLabel     = SELinuxClearSecuritySocketLabel,
+    .domainSetSecurityDaemonSocketLabel = virSecuritySELinuxSetSecurityDaemonSocketLabel,
+    .domainSetSecuritySocketLabel       = virSecuritySELinuxSetSecuritySocketLabel,
+    .domainClearSecuritySocketLabel     = virSecuritySELinuxClearSecuritySocketLabel,
 
-    .domainGenSecurityLabel             = SELinuxGenSecurityLabel,
-    .domainReserveSecurityLabel         = SELinuxReserveSecurityLabel,
-    .domainReleaseSecurityLabel         = SELinuxReleaseSecurityLabel,
+    .domainGenSecurityLabel             = virSecuritySELinuxGenSecurityLabel,
+    .domainReserveSecurityLabel         = virSecuritySELinuxReserveSecurityLabel,
+    .domainReleaseSecurityLabel         = virSecuritySELinuxReleaseSecurityLabel,
 
-    .domainGetSecurityProcessLabel      = SELinuxGetSecurityProcessLabel,
-    .domainSetSecurityProcessLabel      = SELinuxSetSecurityProcessLabel,
+    .domainGetSecurityProcessLabel      = virSecuritySELinuxGetSecurityProcessLabel,
+    .domainSetSecurityProcessLabel      = virSecuritySELinuxSetSecurityProcessLabel,
 
-    .domainSetSecurityAllLabel          = SELinuxSetSecurityAllLabel,
-    .domainRestoreSecurityAllLabel      = SELinuxRestoreSecurityAllLabel,
+    .domainSetSecurityAllLabel          = virSecuritySELinuxSetSecurityAllLabel,
+    .domainRestoreSecurityAllLabel      = virSecuritySELinuxRestoreSecurityAllLabel,
 
-    .domainSetSecurityHostdevLabel      = SELinuxSetSecurityHostdevLabel,
-    .domainRestoreSecurityHostdevLabel  = SELinuxRestoreSecurityHostdevLabel,
+    .domainSetSecurityHostdevLabel      = virSecuritySELinuxSetSecurityHostdevLabel,
+    .domainRestoreSecurityHostdevLabel  = virSecuritySELinuxRestoreSecurityHostdevLabel,
 
-    .domainSetSavedStateLabel           = SELinuxSetSavedStateLabel,
-    .domainRestoreSavedStateLabel       = SELinuxRestoreSavedStateLabel,
+    .domainSetSavedStateLabel           = virSecuritySELinuxSetSavedStateLabel,
+    .domainRestoreSavedStateLabel       = virSecuritySELinuxRestoreSavedStateLabel,
 
-    .domainSetSecurityImageFDLabel      = SELinuxSetImageFDLabel,
+    .domainSetSecurityImageFDLabel      = virSecuritySELinuxSetImageFDLabel,
 
-    .domainGetSecurityMountOptions      = SELinuxGetSecurityMountOptions,
+    .domainGetSecurityMountOptions      = virSecuritySELinuxGetSecurityMountOptions,
 };
-- 
1.7.10.1

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]