Re: [PATCHv5 14/28] security: Introduce APIs to label single images

Eric Blake <eblake@xxxxxxxxxx> · Tue, 08 Jul 2014 16:27:53 -0600

On 07/04/2014 05:29 AM, Peter Krempa wrote:
> Add security driver functions to label separate storage images using the
> virStorageSource definition. This will help to avoid the need to do ugly
> changes to the disk struct and use the source directly.
> ---
>  src/libvirt_private.syms        |  2 ++
>  src/security/security_driver.h  | 10 ++++++++
>  src/security/security_manager.c | 56 +++++++++++++++++++++++++++++++++++++++++
>  src/security/security_manager.h |  7 ++++++
>  src/security/security_nop.c     | 19 ++++++++++++++
>  src/security/security_stack.c   | 38 ++++++++++++++++++++++++++++
>  6 files changed, 132 insertions(+)
> 

> +static int
> +virSecurityStackSetSecurityImageLabel(virSecurityManagerPtr mgr,
> +                                      virDomainDefPtr vm,
> +                                      virStorageSourcePtr src)
> +{
> +    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
> +    virSecurityStackItemPtr item = priv->itemsHead;
> +    int rc = 0;
> +
> +    for (; item; item = item->next) {
> +        if (virSecurityManagerSetImageLabel(item->securityManager, vm, src) < 0)
> +            rc = -1;
> +    }
> +
> +    return rc;

Pre-existing with virSecurityStackSetSecurityDiskLabel(), but on failure
later in the stack, should we attempt to undo the labels set earlier in
the stack, rather than leaving things half-labeled?  If so, that's a
separate patch, so it doesn't affect my review here.

> +}
> +
> +static int
> +virSecurityStackRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
> +                                          virDomainDefPtr vm,
> +                                          virStorageSourcePtr src)
> +{
> +    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
> +    virSecurityStackItemPtr item = priv->itemsHead;
> +    int rc = 0;
> +
> +    for (; item; item = item->next) {
> +        if (virSecurityManagerRestoreImageLabel(item->securityManager,
> +                                                vm, src) < 0)
> +            rc = -1;
> +    }
> +

Cleanup, of course, is best effort.  Also pre-existing, and not
affecting my review here - should cleanup be done in reverse stack
order, in case we ever hit a situation in the future where the label
applied by the first stack layer affects the ability of the second stack
layer to operate, and therefore must be undone in opposite order?

ACK.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment:
signature.asc

Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list