Refactor the existing code to allow re-using it for the per-image label
restore too.
---
src/security/security_apparmor.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index b4cbc61..391bf60 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -684,16 +684,24 @@ AppArmorClearSecuritySocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
/* Called when hotplugging */
static int
-AppArmorRestoreSecurityDiskLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def,
- virDomainDiskDefPtr disk)
+AppArmorRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virStorageSourcePtr src)
{
- if (virDomainDiskGetType(disk) == VIR_STORAGE_TYPE_NETWORK)
+ if (!virStorageSourceIsLocalStorage(src))
return 0;
return reload_profile(mgr, def, NULL, false);
}
+static int
+AppArmorRestoreSecurityDiskLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virDomainDiskDefPtr disk)
+{
+ return AppArmorRestoreSecurityImageLabel(mgr, def, disk->src);
+}
+
/* Called when hotplugging */
static int
AppArmorSetSecurityDiskLabel(virSecurityManagerPtr mgr,
@@ -975,6 +983,8 @@ virSecurityDriver virAppArmorSecurityDriver = {
.domainSetSecurityDiskLabel = AppArmorSetSecurityDiskLabel,
.domainRestoreSecurityDiskLabel = AppArmorRestoreSecurityDiskLabel,
+ .domainRestoreSecurityImageLabel = AppArmorRestoreSecurityImageLabel,
+
.domainSetSecurityDaemonSocketLabel = AppArmorSetSecurityDaemonSocketLabel,
.domainSetSecuritySocketLabel = AppArmorSetSecuritySocketLabel,
.domainClearSecuritySocketLabel = AppArmorClearSecuritySocketLabel,
--
1.9.3
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list