Skip to content

L
libvirt

openeuler / libvirt

通知 3
Star 0
Fork 0
L
libvirt

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
security_driver.h 11.8 KB
Newer Older
D
Core internal driver stub for sVirt support (Jams Morris & Dan Walsh)  
Daniel P. Berrange 已提交
1 
/*
L
security: add new virSecurityManagerSetChildProcessLabel API  
Laine Stump 已提交
2 
 * Copyright (C) 2008, 2010-2013 Red Hat, Inc.
D
Core internal driver stub for sVirt support (Jams Morris & Dan Walsh)  
Daniel P. Berrange 已提交
3 4 5 6 7 8 
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
O
Desert the FSF address in copyright  
Osier Yang 已提交
9 10 11 12 13 14 
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
E
maint: fix up copyright notice inconsistencies  
Eric Blake 已提交
15 
 * License along with this library.  If not, see
O
Desert the FSF address in copyright  
Osier Yang 已提交
16 17 
 * <http://www.gnu.org/licenses/>.
 *
D
Core internal driver stub for sVirt support (Jams Morris & Dan Walsh)  
Daniel P. Berrange 已提交
18 19 20 21 22 
 * Authors:
 *     James Morris <jmorris@namei.org>
 *
 */
#ifndef __VIR_SECURITY_H__
E
build: consistently indent preprocessor directives  
Eric Blake 已提交
23 
# define __VIR_SECURITY_H__
D
Core internal driver stub for sVirt support (Jams Morris & Dan Walsh)  
Daniel P. Berrange 已提交
24
E
build: consistently indent preprocessor directives  
Eric Blake 已提交
25 26 
# include "internal.h"
# include "domain_conf.h"
D
Core internal driver stub for sVirt support (Jams Morris & Dan Walsh)  
Daniel P. Berrange 已提交
27
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
28 29 
# include "security_manager.h"
D
Core internal driver stub for sVirt support (Jams Morris & Dan Walsh)  
Daniel P. Berrange 已提交
30 31 32 33 34 35 36 37 38 39 40 41 
/*
 * Return values for security driver probing: the driver will determine
 * whether it should be enabled or disabled.
 */
typedef enum {
    SECURITY_DRIVER_ENABLE      = 0,
    SECURITY_DRIVER_ERROR       = -1,
    SECURITY_DRIVER_DISABLE     = -2,
} virSecurityDriverStatus;

typedef struct _virSecurityDriver virSecurityDriver;
typedef virSecurityDriver *virSecurityDriverPtr;
D
Pass security driver object into all security driver callbacks  
Daniel P. Berrange 已提交
42
D
Pass the virt driver name into security drivers  
Daniel Walsh 已提交
43 
typedef virSecurityDriverStatus (*virSecurityDriverProbe) (const char *virtDriver);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
44 45 46 47 48 
typedef int (*virSecurityDriverOpen) (virSecurityManagerPtr mgr);
typedef int (*virSecurityDriverClose) (virSecurityManagerPtr mgr);

typedef const char *(*virSecurityDriverGetModel) (virSecurityManagerPtr mgr);
typedef const char *(*virSecurityDriverGetDOI) (virSecurityManagerPtr mgr);
G
security: add new internal function "virSecurityManagerGetBaseLabel"  
Giuseppe Scrivano 已提交
49 50 
typedef const char *(*virSecurityDriverGetBaseLabel) (virSecurityManagerPtr mgr,
                                                      int virtType);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
51
E
security: framework for driver PreFork handler  
Eric Blake 已提交
52 53 
typedef int (*virSecurityDriverPreFork) (virSecurityManagerPtr mgr);
M
security driver: Introduce transaction APIs  
Michal Privoznik 已提交
54 55 56 57 58 
typedef int (*virSecurityDriverTransactionStart) (virSecurityManagerPtr mgr);
typedef int (*virSecurityDriverTransactionCommit) (virSecurityManagerPtr mgr,
                                                   pid_t pid);
typedef void (*virSecurityDriverTransactionAbort) (virSecurityManagerPtr mgr);
P
security: Rename virSecurityManagerRestoreImageLabel to *Disk*  
Peter Krempa 已提交
59 60 61 
typedef int (*virSecurityDomainRestoreDiskLabel) (virSecurityManagerPtr mgr,
                                                  virDomainDefPtr def,
                                                  virDomainDiskDefPtr disk);
J
security: Rename SetSocketLabel APIs to SetDaemonSocketLabel  
Jiri Denemark 已提交
62 
typedef int (*virSecurityDomainSetDaemonSocketLabel)(virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
63 
                                                     virDomainDefPtr vm);
J
security: Introduce SetSocketLabel  
Jiri Denemark 已提交
64 
typedef int (*virSecurityDomainSetSocketLabel) (virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
65 
                                                virDomainDefPtr def);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
66 
typedef int (*virSecurityDomainClearSocketLabel)(virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
67 
                                                virDomainDefPtr def);
P
security: Rename virSecurityManagerSetImageLabel to *Disk*  
Peter Krempa 已提交
68 69 70 
typedef int (*virSecurityDomainSetDiskLabel) (virSecurityManagerPtr mgr,
                                              virDomainDefPtr def,
                                              virDomainDiskDefPtr disk);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
71 
typedef int (*virSecurityDomainRestoreHostdevLabel) (virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
72 
                                                     virDomainDefPtr def,
D
Allow passing a vroot into security manager hostdev labelling  
Daniel P. Berrange 已提交
73 74 
                                                     virDomainHostdevDefPtr dev,
                                                     const char *vroot);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
75 
typedef int (*virSecurityDomainSetHostdevLabel) (virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
76 
                                                 virDomainDefPtr def,
D
Allow passing a vroot into security manager hostdev labelling  
Daniel P. Berrange 已提交
77 78 
                                                 virDomainHostdevDefPtr dev,
                                                 const char *vroot);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
79 
typedef int (*virSecurityDomainSetSavedStateLabel) (virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
80 
                                                    virDomainDefPtr def,
D
Fix save and restore with non-privileged guests and SELinux  
Daniel P. Berrange 已提交
81 
                                                    const char *savefile);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
82 
typedef int (*virSecurityDomainRestoreSavedStateLabel) (virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
83 
                                                        virDomainDefPtr def,
D
Fix save and restore with non-privileged guests and SELinux  
Daniel P. Berrange 已提交
84 
                                                        const char *savefile);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
85 
typedef int (*virSecurityDomainGenLabel) (virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
86 
                                          virDomainDefPtr sec);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
87 
typedef int (*virSecurityDomainReserveLabel) (virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
88 89 
                                              virDomainDefPtr sec,
                                              pid_t pid);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
90 
typedef int (*virSecurityDomainReleaseLabel) (virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
91 
                                              virDomainDefPtr sec);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
92 
typedef int (*virSecurityDomainSetAllLabel) (virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
93 
                                             virDomainDefPtr sec,
P
security: don't relabel chardev source if virtlogd is used as stdio handler  
Pavel Hrdina 已提交
94 95 
                                             const char *stdin_path,
                                             bool chardevStdioLogd);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
96 
typedef int (*virSecurityDomainRestoreAllLabel) (virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
97 
                                                 virDomainDefPtr def,
P
security: don't relabel chardev source if virtlogd is used as stdio handler  
Pavel Hrdina 已提交
98 99 
                                                 bool migrated,
                                                 bool chardevStdioLogd);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
100 
typedef int (*virSecurityDomainGetProcessLabel) (virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
101 102 
                                                 virDomainDefPtr def,
                                                 pid_t pid,
D
Refactor setup & cleanup of security labels in security driver  
Daniel P. Berrange 已提交
103 
                                                 virSecurityLabelPtr sec);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
104 
typedef int (*virSecurityDomainSetProcessLabel) (virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
105 
                                                 virDomainDefPtr def);
L
security: add new virSecurityManagerSetChildProcessLabel API  
Laine Stump 已提交
106 107 108 
typedef int (*virSecurityDomainSetChildProcessLabel) (virSecurityManagerPtr mgr,
                                                      virDomainDefPtr def,
                                                      virCommandPtr cmd);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
109 110 
typedef int (*virSecurityDomainSecurityVerify) (virSecurityManagerPtr mgr,
                                                virDomainDefPtr def);
D
Rename virSecurityManagerSetFDLabel method  
Daniel P. Berrange 已提交
111 
typedef int (*virSecurityDomainSetImageFDLabel) (virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
112 
                                                 virDomainDefPtr def,
D
Rename virSecurityManagerSetFDLabel method  
Daniel P. Berrange 已提交
113 
                                                 int fd);
G
selinux: add security selinux function to label tapfd  
Guannan Ren 已提交
114 115 116 
typedef int (*virSecurityDomainSetTapFDLabel) (virSecurityManagerPtr mgr,
                                               virDomainDefPtr def,
                                               int fd);
D
Add security driver APIs for getting mount options  
Daniel Walsh 已提交
117 
typedef char *(*virSecurityDomainGetMountOptions) (virSecurityManagerPtr mgr,
P
security: Fix header formatting of a few functions  
Peter Krempa 已提交
118 
                                                   virDomainDefPtr def);
S
add security hook for permitting hugetlbfs access  
Serge Hallyn 已提交
119 
typedef int (*virSecurityDomainSetHugepages) (virSecurityManagerPtr mgr,
P
security: Fix header formatting of a few functions  
Peter Krempa 已提交
120 121 
                                              virDomainDefPtr def,
                                              const char *path);
P
security: Introduce APIs to label single images  
Peter Krempa 已提交
122 123 124 125 126 127 
typedef int (*virSecurityDomainSetImageLabel) (virSecurityManagerPtr mgr,
                                               virDomainDefPtr def,
                                               virStorageSourcePtr src);
typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManagerPtr mgr,
                                                   virDomainDefPtr def,
                                                   virStorageSourcePtr src);
M
security: Introduce internal APIs for memdev labelling  
Michal Privoznik 已提交
128 129 130 131 132 133 
typedef int (*virSecurityDomainSetMemoryLabel) (virSecurityManagerPtr mgr,
                                                virDomainDefPtr def,
                                                virDomainMemoryDefPtr mem);
typedef int (*virSecurityDomainRestoreMemoryLabel) (virSecurityManagerPtr mgr,
                                                    virDomainDefPtr def,
                                                    virDomainMemoryDefPtr mem);
J
security: Introduce functions for input device hot(un)plug  
Ján Tomko 已提交
134 135 136 137 138 139 
typedef int (*virSecurityDomainSetInputLabel) (virSecurityManagerPtr mgr,
                                               virDomainDefPtr def,
                                               virDomainInputDefPtr input);
typedef int (*virSecurityDomainRestoreInputLabel) (virSecurityManagerPtr mgr,
                                                   virDomainDefPtr def,
                                                   virDomainInputDefPtr input);
M
security: Rename DomainSetDirLabel to DomainSetPathLabel  
Martin Kletzander 已提交
140 141 
typedef int (*virSecurityDomainSetPathLabel) (virSecurityManagerPtr mgr,
                                              virDomainDefPtr def,
C
security: full path option for DomainSetPathLabel  
Christian Ehrhardt 已提交
142 143 
                                              const char *path,
                                              bool allowSubtree);
P
security: introduce virSecurityManager(Set|Restore)ChardevLabel  
Pavel Hrdina 已提交
144 145 146 147 148 149 150 151 
typedef int (*virSecurityDomainSetChardevLabel) (virSecurityManagerPtr mgr,
                                                 virDomainDefPtr def,
                                                 virDomainChrSourceDefPtr dev_source,
                                                 bool chardevStdioLogd);
typedef int (*virSecurityDomainRestoreChardevLabel) (virSecurityManagerPtr mgr,
                                                     virDomainDefPtr def,
                                                     virDomainChrSourceDefPtr dev_source,
                                                     bool chardevStdioLogd);
S
security: Label the external swtpm with SELinux labels  
Stefan Berger 已提交
152 153 154 155 
typedef int (*virSecurityDomainSetTPMLabels) (virSecurityManagerPtr mgr,
                                              virDomainDefPtr def);
typedef int (*virSecurityDomainRestoreTPMLabels) (virSecurityManagerPtr mgr,
                                                  virDomainDefPtr def);
P
security: Introduce APIs to label single images  
Peter Krempa 已提交
156
D
Core internal driver stub for sVirt support (Jams Morris & Dan Walsh)  
Daniel P. Berrange 已提交
157 158 

struct _virSecurityDriver {
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
159 
    size_t privateDataLen;
D
Core internal driver stub for sVirt support (Jams Morris & Dan Walsh)  
Daniel P. Berrange 已提交
160 161 162 
    const char *name;
    virSecurityDriverProbe probe;
    virSecurityDriverOpen open;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
163 164 165 166 167 
    virSecurityDriverClose close;

    virSecurityDriverGetModel getModel;
    virSecurityDriverGetDOI getDOI;
E
security: framework for driver PreFork handler  
Eric Blake 已提交
168 169 
    virSecurityDriverPreFork preFork;
M
security driver: Introduce transaction APIs  
Michal Privoznik 已提交
170 171 172 173 
    virSecurityDriverTransactionStart transactionStart;
    virSecurityDriverTransactionCommit transactionCommit;
    virSecurityDriverTransactionAbort transactionAbort;
D
Improve security label error reporting & verification (Dan Walsh)  
Daniel P. Berrange 已提交
174 
    virSecurityDomainSecurityVerify domainSecurityVerify;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
175
P
security: Rename virSecurityManagerSetImageLabel to *Disk*  
Peter Krempa 已提交
176 
    virSecurityDomainSetDiskLabel domainSetSecurityDiskLabel;
P
security: Rename virSecurityManagerRestoreImageLabel to *Disk*  
Peter Krempa 已提交
177 
    virSecurityDomainRestoreDiskLabel domainRestoreSecurityDiskLabel;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
178
P
security: Introduce APIs to label single images  
Peter Krempa 已提交
179 180 181 
    virSecurityDomainSetImageLabel domainSetSecurityImageLabel;
    virSecurityDomainRestoreImageLabel domainRestoreSecurityImageLabel;
M
security: Introduce internal APIs for memdev labelling  
Michal Privoznik 已提交
182 183 184 
    virSecurityDomainSetMemoryLabel domainSetSecurityMemoryLabel;
    virSecurityDomainRestoreMemoryLabel domainRestoreSecurityMemoryLabel;
J
security: Introduce functions for input device hot(un)plug  
Ján Tomko 已提交
185 186 187 
    virSecurityDomainSetInputLabel domainSetSecurityInputLabel;
    virSecurityDomainRestoreInputLabel domainRestoreSecurityInputLabel;
J
security: Rename SetSocketLabel APIs to SetDaemonSocketLabel  
Jiri Denemark 已提交
188 
    virSecurityDomainSetDaemonSocketLabel domainSetSecurityDaemonSocketLabel;
J
security: Introduce SetSocketLabel  
Jiri Denemark 已提交
189 
    virSecurityDomainSetSocketLabel domainSetSecuritySocketLabel;
D
Add support for setting socket MLS level in SELinux driver  
Daniel J Walsh 已提交
190 
    virSecurityDomainClearSocketLabel domainClearSecuritySocketLabel;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
191
D
Core internal driver stub for sVirt support (Jams Morris & Dan Walsh)  
Daniel P. Berrange 已提交
192 
    virSecurityDomainGenLabel domainGenSecurityLabel;
D
Fix re-detection of transient VMs after libvirtd restart  
Daniel P. Berrange 已提交
193 
    virSecurityDomainReserveLabel domainReserveSecurityLabel;
D
Refactor setup & cleanup of security labels in security driver  
Daniel P. Berrange 已提交
194 
    virSecurityDomainReleaseLabel domainReleaseSecurityLabel;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
195
D
Refactor setup & cleanup of security labels in security driver  
Daniel P. Berrange 已提交
196 197 
    virSecurityDomainGetProcessLabel domainGetSecurityProcessLabel;
    virSecurityDomainSetProcessLabel domainSetSecurityProcessLabel;
L
security: add new virSecurityManagerSetChildProcessLabel API  
Laine Stump 已提交
198 
    virSecurityDomainSetChildProcessLabel domainSetSecurityChildProcessLabel;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
199
D
Refactor setup & cleanup of security labels in security driver  
Daniel P. Berrange 已提交
200 201 
    virSecurityDomainSetAllLabel domainSetSecurityAllLabel;
    virSecurityDomainRestoreAllLabel domainRestoreSecurityAllLabel;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
202
D
Support relabelling of USB and PCI devices  
Daniel P. Berrange 已提交
203 
    virSecurityDomainSetHostdevLabel domainSetSecurityHostdevLabel;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
204 205 
    virSecurityDomainRestoreHostdevLabel domainRestoreSecurityHostdevLabel;
D
Fix save and restore with non-privileged guests and SELinux  
Daniel P. Berrange 已提交
206 207 
    virSecurityDomainSetSavedStateLabel domainSetSavedStateLabel;
    virSecurityDomainRestoreSavedStateLabel domainRestoreSavedStateLabel;
L
Add a function to the security driver API that sets the label of an open fd.  
Laine Stump 已提交
208
D
Rename virSecurityManagerSetFDLabel method  
Daniel P. Berrange 已提交
209 
    virSecurityDomainSetImageFDLabel domainSetSecurityImageFDLabel;
G
selinux: add security selinux function to label tapfd  
Guannan Ren 已提交
210 
    virSecurityDomainSetTapFDLabel domainSetSecurityTapFDLabel;
D
Add security driver APIs for getting mount options  
Daniel Walsh 已提交
211 212 

    virSecurityDomainGetMountOptions domainGetSecurityMountOptions;
G
security: add new internal function "virSecurityManagerGetBaseLabel"  
Giuseppe Scrivano 已提交
213 214 

    virSecurityDriverGetBaseLabel getBaseLabel;
M
security: Add virSecurityDomainSetDirLabel  
Martin Kletzander 已提交
215
M
security: Rename DomainSetDirLabel to DomainSetPathLabel  
Martin Kletzander 已提交
216 
    virSecurityDomainSetPathLabel domainSetPathLabel;
P
security: introduce virSecurityManager(Set|Restore)ChardevLabel  
Pavel Hrdina 已提交
217 218 219 

    virSecurityDomainSetChardevLabel domainSetSecurityChardevLabel;
    virSecurityDomainRestoreChardevLabel domainRestoreSecurityChardevLabel;
S
security: Label the external swtpm with SELinux labels  
Stefan Berger 已提交
220 221 222 

    virSecurityDomainSetTPMLabels domainSetSecurityTPMLabels;
    virSecurityDomainRestoreTPMLabels domainRestoreSecurityTPMLabels;
D
Core internal driver stub for sVirt support (Jams Morris & Dan Walsh)  
Daniel P. Berrange 已提交
223 224 
};
D
Pass the virt driver name into security drivers  
Daniel Walsh 已提交
225 226 
virSecurityDriverPtr virSecurityDriverLookup(const char *name,
                                             const char *virtDriver);
D
Core internal driver stub for sVirt support (Jams Morris & Dan Walsh)  
Daniel P. Berrange 已提交
227 228 

#endif /* __VIR_SECURITY_H__ */