I'm going to add functions that will deal with individual image files rather than whole disks. Rename the security function to make room for the new one. --- src/libvirt_private.syms | 2 +- src/lxc/lxc_controller.c | 2 +- src/lxc/lxc_driver.c | 4 ++-- src/qemu/qemu_driver.c | 8 ++++---- src/qemu/qemu_hotplug.c | 16 ++++++++-------- src/security/security_apparmor.c | 6 +++--- src/security/security_dac.c | 14 +++++++------- src/security/security_driver.h | 8 ++++---- src/security/security_manager.c | 10 +++++----- src/security/security_manager.h | 6 +++--- src/security/security_nop.c | 8 ++++---- src/security/security_selinux.c | 10 +++++----- src/security/security_stack.c | 10 +++++----- 13 files changed, 52 insertions(+), 52 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 4f075e5..c31b5bf 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -911,10 +911,10 @@ virSecurityManagerRestoreSavedStateLabel; virSecurityManagerSetAllLabel; virSecurityManagerSetChildProcessLabel; virSecurityManagerSetDaemonSocketLabel; +virSecurityManagerSetDiskLabel; virSecurityManagerSetHostdevLabel; virSecurityManagerSetHugepages; virSecurityManagerSetImageFDLabel; -virSecurityManagerSetImageLabel; virSecurityManagerSetProcessLabel; virSecurityManagerSetSavedStateLabel; virSecurityManagerSetSocketLabel; diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index fe2a5dc..38acdff 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -1727,7 +1727,7 @@ static int virLXCControllerSetupDisk(virLXCControllerPtr ctrl, /* Labelling normally operates on src, but we need * to actually label the dst here, so hack the config */ def->src->path = dst; - if (virSecurityManagerSetImageLabel(securityDriver, ctrl->def, def) < 0) + if (virSecurityManagerSetDiskLabel(securityDriver, ctrl->def, def) < 0) goto cleanup; ret = 0; diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index 9380e8d..06f3e18 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -3899,8 +3899,8 @@ lxcDomainAttachDeviceMknodHelper(pid_t pid ATTRIBUTE_UNUSED, virDomainDiskDefPtr def = data->def->data.disk; char *tmpsrc = def->src->path; def->src->path = data->file; - if (virSecurityManagerSetImageLabel(data->driver->securityManager, - data->vm->def, def) < 0) { + if (virSecurityManagerSetDiskLabel(data->driver->securityManager, + data->vm->def, def) < 0) { def->src->path = tmpsrc; goto cleanup; } diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 9a733a0..22a8ca5 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -12098,8 +12098,8 @@ qemuDomainPrepareDiskChainElement(virQEMUDriverPtr driver, } else if (virDomainLockDiskAttach(driver->lockManager, cfg->uri, vm, disk) < 0 || qemuSetupDiskCgroup(vm, disk) < 0 || - virSecurityManagerSetImageLabel(driver->securityManager, - vm->def, disk) < 0) { + virSecurityManagerSetDiskLabel(driver->securityManager, + vm->def, disk) < 0) { goto cleanup; } @@ -14952,8 +14952,8 @@ qemuDomainBlockPivot(virConnectPtr conn, (virDomainLockDiskAttach(driver->lockManager, cfg->uri, vm, disk) < 0 || qemuSetupDiskCgroup(vm, disk) < 0 || - virSecurityManagerSetImageLabel(driver->securityManager, vm->def, - disk) < 0)) { + virSecurityManagerSetDiskLabel(driver->securityManager, vm->def, + disk) < 0)) { disk->src->path = oldsrc; disk->src->format = oldformat; disk->src->backingStore = oldchain; diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 7289055..4590409 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -91,8 +91,8 @@ int qemuDomainChangeEjectableMedia(virQEMUDriverPtr driver, vm, disk) < 0) goto cleanup; - if (virSecurityManagerSetImageLabel(driver->securityManager, - vm->def, disk) < 0) { + if (virSecurityManagerSetDiskLabel(driver->securityManager, + vm->def, disk) < 0) { if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0) VIR_WARN("Unable to release lock on %s", virDomainDiskGetSource(disk)); @@ -270,8 +270,8 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn, vm, disk) < 0) goto cleanup; - if (virSecurityManagerSetImageLabel(driver->securityManager, - vm->def, disk) < 0) { + if (virSecurityManagerSetDiskLabel(driver->securityManager, + vm->def, disk) < 0) { if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0) VIR_WARN("Unable to release lock on %s", src); goto cleanup; @@ -509,8 +509,8 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn, vm, disk) < 0) goto cleanup; - if (virSecurityManagerSetImageLabel(driver->securityManager, - vm->def, disk) < 0) { + if (virSecurityManagerSetDiskLabel(driver->securityManager, + vm->def, disk) < 0) { if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0) VIR_WARN("Unable to release lock on %s", src); goto cleanup; @@ -634,8 +634,8 @@ qemuDomainAttachUSBMassstorageDevice(virConnectPtr conn, vm, disk) < 0) goto cleanup; - if (virSecurityManagerSetImageLabel(driver->securityManager, - vm->def, disk) < 0) { + if (virSecurityManagerSetDiskLabel(driver->securityManager, + vm->def, disk) < 0) { if (virDomainLockDiskDetach(driver->lockManager, vm, disk) < 0) VIR_WARN("Unable to release lock on %s", src); goto cleanup; diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c index ed9d192..c27ab47 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -696,8 +696,8 @@ AppArmorRestoreSecurityImageLabel(virSecurityManagerPtr mgr, /* Called when hotplugging */ static int -AppArmorSetSecurityImageLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, virDomainDiskDefPtr disk) +AppArmorSetSecurityDiskLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, virDomainDiskDefPtr disk) { int rc = -1; char *profile_name = NULL; @@ -972,7 +972,7 @@ virSecurityDriver virAppArmorSecurityDriver = { .domainSecurityVerify = AppArmorSecurityVerify, - .domainSetSecurityImageLabel = AppArmorSetSecurityImageLabel, + .domainSetSecurityDiskLabel = AppArmorSetSecurityDiskLabel, .domainRestoreSecurityImageLabel = AppArmorRestoreSecurityImageLabel, .domainSetSecurityDaemonSocketLabel = AppArmorSetSecurityDaemonSocketLabel, diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 6e5ccfa..9760e6f 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -321,9 +321,9 @@ virSecurityDACSetSecurityFileLabel(virDomainDiskDefPtr disk, static int -virSecurityDACSetSecurityImageLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainDiskDefPtr disk) +virSecurityDACSetSecurityDiskLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainDiskDefPtr disk) { virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr); @@ -967,9 +967,9 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr, /* XXX fixme - we need to recursively label the entire tree :-( */ if (virDomainDiskGetType(def->disks[i]) == VIR_STORAGE_TYPE_DIR) continue; - if (virSecurityDACSetSecurityImageLabel(mgr, - def, - def->disks[i]) < 0) + if (virSecurityDACSetSecurityDiskLabel(mgr, + def, + def->disks[i]) < 0) return -1; } for (i = 0; i < def->nhostdevs; i++) { @@ -1273,7 +1273,7 @@ virSecurityDriver virSecurityDriverDAC = { .domainSecurityVerify = virSecurityDACVerify, - .domainSetSecurityImageLabel = virSecurityDACSetSecurityImageLabel, + .domainSetSecurityDiskLabel = virSecurityDACSetSecurityDiskLabel, .domainRestoreSecurityImageLabel = virSecurityDACRestoreSecurityImageLabel, .domainSetSecurityDaemonSocketLabel = virSecurityDACSetDaemonSocketLabel, diff --git a/src/security/security_driver.h b/src/security/security_driver.h index 879f63c..6a17a8e 100644 --- a/src/security/security_driver.h +++ b/src/security/security_driver.h @@ -60,9 +60,9 @@ typedef int (*virSecurityDomainSetSocketLabel) (virSecurityManagerPtr mgr, virDomainDefPtr def); typedef int (*virSecurityDomainClearSocketLabel)(virSecurityManagerPtr mgr, virDomainDefPtr def); -typedef int (*virSecurityDomainSetImageLabel) (virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainDiskDefPtr disk); +typedef int (*virSecurityDomainSetDiskLabel) (virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainDiskDefPtr disk); typedef int (*virSecurityDomainRestoreHostdevLabel) (virSecurityManagerPtr mgr, virDomainDefPtr def, virDomainHostdevDefPtr dev, @@ -127,7 +127,7 @@ struct _virSecurityDriver { virSecurityDomainSecurityVerify domainSecurityVerify; - virSecurityDomainSetImageLabel domainSetSecurityImageLabel; + virSecurityDomainSetDiskLabel domainSetSecurityDiskLabel; virSecurityDomainRestoreImageLabel domainRestoreSecurityImageLabel; virSecurityDomainSetDaemonSocketLabel domainSetSecurityDaemonSocketLabel; diff --git a/src/security/security_manager.c b/src/security/security_manager.c index 715159c..f0e3ee1 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -367,14 +367,14 @@ int virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr, return -1; } -int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr, - virDomainDefPtr vm, - virDomainDiskDefPtr disk) +int virSecurityManagerSetDiskLabel(virSecurityManagerPtr mgr, + virDomainDefPtr vm, + virDomainDiskDefPtr disk) { - if (mgr->drv->domainSetSecurityImageLabel) { + if (mgr->drv->domainSetSecurityDiskLabel) { int ret; virObjectLock(mgr); - ret = mgr->drv->domainSetSecurityImageLabel(mgr, vm, disk); + ret = mgr->drv->domainSetSecurityDiskLabel(mgr, vm, disk); virObjectUnlock(mgr); return ret; } diff --git a/src/security/security_manager.h b/src/security/security_manager.h index 3cddcd2..f083b3a 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -70,9 +70,9 @@ int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr, virDomainDefPtr def); int virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr, virDomainDefPtr def); -int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainDiskDefPtr disk); +int virSecurityManagerSetDiskLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainDiskDefPtr disk); int virSecurityManagerRestoreHostdevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, virDomainHostdevDefPtr dev, diff --git a/src/security/security_nop.c b/src/security/security_nop.c index a096ce2..7feeda6 100644 --- a/src/security/security_nop.c +++ b/src/security/security_nop.c @@ -75,9 +75,9 @@ static int virSecurityDomainClearSocketLabelNop(virSecurityManagerPtr mgr ATTRIB return 0; } -static int virSecurityDomainSetImageLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainDefPtr vm ATTRIBUTE_UNUSED, - virDomainDiskDefPtr disk ATTRIBUTE_UNUSED) +static int virSecurityDomainSetDiskLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, + virDomainDefPtr vm ATTRIBUTE_UNUSED, + virDomainDiskDefPtr disk ATTRIBUTE_UNUSED) { return 0; } @@ -206,7 +206,7 @@ virSecurityDriver virSecurityDriverNop = { .domainSecurityVerify = virSecurityDomainVerifyNop, - .domainSetSecurityImageLabel = virSecurityDomainSetImageLabelNop, + .domainSetSecurityDiskLabel = virSecurityDomainSetDiskLabelNop, .domainRestoreSecurityImageLabel = virSecurityDomainRestoreImageLabelNop, .domainSetSecurityDaemonSocketLabel = virSecurityDomainSetDaemonSocketLabelNop, diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index f5d67a9..a4c13a1 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1243,9 +1243,9 @@ virSecuritySELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk, } static int -virSecuritySELinuxSetSecurityImageLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainDiskDefPtr disk) +virSecuritySELinuxSetSecurityDiskLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainDiskDefPtr disk) { virSecuritySELinuxCallbackData cbdata; @@ -2240,7 +2240,7 @@ virSecuritySELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr, def->disks[i]->dst); continue; } - if (virSecuritySELinuxSetSecurityImageLabel(mgr, + if (virSecuritySELinuxSetSecurityDiskLabel(mgr, def, def->disks[i]) < 0) return -1; } @@ -2426,7 +2426,7 @@ virSecurityDriver virSecurityDriverSELinux = { .domainSecurityVerify = virSecuritySELinuxSecurityVerify, - .domainSetSecurityImageLabel = virSecuritySELinuxSetSecurityImageLabel, + .domainSetSecurityDiskLabel = virSecuritySELinuxSetSecurityDiskLabel, .domainRestoreSecurityImageLabel = virSecuritySELinuxRestoreSecurityImageLabel, .domainSetSecurityDaemonSocketLabel = virSecuritySELinuxSetSecurityDaemonSocketLabel, diff --git a/src/security/security_stack.c b/src/security/security_stack.c index 355c978..63b2720 100644 --- a/src/security/security_stack.c +++ b/src/security/security_stack.c @@ -222,16 +222,16 @@ virSecurityStackReserveLabel(virSecurityManagerPtr mgr, static int -virSecurityStackSetSecurityImageLabel(virSecurityManagerPtr mgr, - virDomainDefPtr vm, - virDomainDiskDefPtr disk) +virSecurityStackSetSecurityDiskLabel(virSecurityManagerPtr mgr, + virDomainDefPtr vm, + virDomainDiskDefPtr disk) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); virSecurityStackItemPtr item = priv->itemsHead; int rc = 0; for (; item; item = item->next) { - if (virSecurityManagerSetImageLabel(item->securityManager, vm, disk) < 0) + if (virSecurityManagerSetDiskLabel(item->securityManager, vm, disk) < 0) rc = -1; } @@ -578,7 +578,7 @@ virSecurityDriver virSecurityDriverStack = { .domainSecurityVerify = virSecurityStackVerify, - .domainSetSecurityImageLabel = virSecurityStackSetSecurityImageLabel, + .domainSetSecurityDiskLabel = virSecurityStackSetSecurityDiskLabel, .domainRestoreSecurityImageLabel = virSecurityStackRestoreSecurityImageLabel, .domainSetSecurityDaemonSocketLabel = virSecurityStackSetDaemonSocketLabel, -- 1.9.3 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list