Skip to content

L
libvirt

openeuler / libvirt

通知 3
Star 0
Fork 0
L
libvirt

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
security_stack.c 24.9 KB
Newer Older
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
1 
/*
M
Use K&R style for curly braces in remaining files  
Martin Kletzander 已提交
2 
 * Copyright (C) 2010-2014 Red Hat, Inc.
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
3 4 5 6 7 8 9 10 11 12 13 14 
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
E
maint: fix up copyright notice inconsistencies  
Eric Blake 已提交
15 
 * License along with this library.  If not, see
O
Desert the FSF address in copyright  
Osier Yang 已提交
16 
 * <http://www.gnu.org/licenses/>.
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
17 18 19 20 21 22 23 24 
 *
 * Stacked security driver
 */

#include <config.h>

#include "security_stack.h"
D
Rename virterror.c virterror_internal.h to virerror.{c,h}  
Daniel P. Berrange 已提交
25 
#include "virerror.h"
D
Rename memory.{c,h} to viralloc.{c,h}  
Daniel P. Berrange 已提交
26 
#include "viralloc.h"
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
27 28 29 30 31 

#define VIR_FROM_THIS VIR_FROM_SECURITY

typedef struct _virSecurityStackData virSecurityStackData;
typedef virSecurityStackData *virSecurityStackDataPtr;
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
32 
typedef struct _virSecurityStackItem virSecurityStackItem;
E
maint: avoid further typedef accidents  
Eric Blake 已提交
33 
typedef virSecurityStackItem *virSecurityStackItemPtr;
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
34 35 36 37 

struct _virSecurityStackItem {
    virSecurityManagerPtr securityManager;
    virSecurityStackItemPtr next;
M
security_stack: Turn list of nested drivers into a doubly linked list  
Michal Privoznik 已提交
38 
    virSecurityStackItemPtr prev;
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
39 
};
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
40 41 

struct _virSecurityStackData {
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
42 
    virSecurityStackItemPtr itemsHead;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
43 44 
};
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
45 46 47 48 49 50 
int
virSecurityStackAddNested(virSecurityManagerPtr mgr,
                          virSecurityManagerPtr nested)
{
    virSecurityStackItemPtr item = NULL;
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
D
Fix configuration of QEMU security drivers  
Daniel P. Berrange 已提交
51 52 53 54 55 
    virSecurityStackItemPtr tmp;

    tmp = priv->itemsHead;
    while (tmp && tmp->next)
        tmp = tmp->next;
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
56
M
Adapt to VIR_ALLOC and virAsprintf in src/security/*  
Michal Privoznik 已提交
57 
    if (VIR_ALLOC(item) < 0)
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
58 59 
        return -1;
    item->securityManager = nested;
M
security_stack: Turn list of nested drivers into a doubly linked list  
Michal Privoznik 已提交
60 
    item->prev = tmp;
D
Fix configuration of QEMU security drivers  
Daniel P. Berrange 已提交
61 62 63 64 65 
    if (tmp)
        tmp->next = item;
    else
        priv->itemsHead = item;
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
66 67 68 69 70 71 72 
    return 0;
}

virSecurityManagerPtr
virSecurityStackGetPrimary(virSecurityManagerPtr mgr)
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
D
Fix configuration of QEMU security drivers  
Daniel P. Berrange 已提交
73 
    return priv->itemsHead->securityManager;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
74 75 76 
}

static virSecurityDriverStatus
D
Pass the virt driver name into security drivers  
Daniel Walsh 已提交
77 
virSecurityStackProbe(const char *virtDriver ATTRIBUTE_UNUSED)
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
78 79 80 81 82 83 84 85 86 87 88 
{
    return SECURITY_DRIVER_ENABLE;
}

static int
virSecurityStackOpen(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
{
    return 0;
}

static int
E
security: avoid memory leak  
Eric Blake 已提交
89 
virSecurityStackClose(virSecurityManagerPtr mgr)
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
90 
{
E
security: avoid memory leak  
Eric Blake 已提交
91 
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
92 
    virSecurityStackItemPtr next, item = priv->itemsHead;
E
security: avoid memory leak  
Eric Blake 已提交
93
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
94 95 
    while (item) {
        next = item->next;
D
Turn virSecurityManager into a virObjectLockable  
Daniel P. Berrange 已提交
96 
        virObjectUnref(item->securityManager);
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
97 98 99 
        VIR_FREE(item);
        item = next;
    }
E
security: avoid memory leak  
Eric Blake 已提交
100
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
101 102 103 104 105 106 
    return 0;
}

static const char *
virSecurityStackGetModel(virSecurityManagerPtr mgr)
{
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
107 
    return virSecurityManagerGetModel(virSecurityStackGetPrimary(mgr));
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
108 109 110 111 112 
}

static const char *
virSecurityStackGetDOI(virSecurityManagerPtr mgr)
{
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
113 
    return virSecurityManagerGetDOI(virSecurityStackGetPrimary(mgr));
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
114 115 
}
E
security: framework for driver PreFork handler  
Eric Blake 已提交
116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 
static int
virSecurityStackPreFork(virSecurityManagerPtr mgr)
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    virSecurityStackItemPtr item = priv->itemsHead;
    int rc = 0;

    /* XXX For now, we rely on no driver having any state that requires
     * rollback if a later driver in the stack fails; if this changes,
     * we'd need to split this into transaction semantics by dividing
     * the work into prepare/commit/abort.  */
    for (; item; item = item->next) {
        if (virSecurityManagerPreFork(item->securityManager) < 0) {
            rc = -1;
            break;
        }
E
security: fix deadlock with prefork  
Eric Blake 已提交
132 133 134 135 136 
        /* Undo the unbalanced locking left behind after recursion; if
         * PostFork ever delegates to driver callbacks, we'd instead
         * need to recurse to an internal method that does not regrab
         * a lock. */
        virSecurityManagerPostFork(item->securityManager);
E
security: framework for driver PreFork handler  
Eric Blake 已提交
137 138 139 140 141 
    }

    return rc;
}
M
security driver: Introduce transaction APIs  
Michal Privoznik 已提交
142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 

static int
virSecurityStackTransactionStart(virSecurityManagerPtr mgr)
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    virSecurityStackItemPtr item = priv->itemsHead;
    int rc = 0;

    for (; item; item = item->next) {
        if (virSecurityManagerTransactionStart(item->securityManager) < 0)
            rc = -1;
    }

    return rc;
}


static int
virSecurityStackTransactionCommit(virSecurityManagerPtr mgr,
M
virSecurityManagerTransactionCommit: Do metadata locking iff enabled in config  
Michal Privoznik 已提交
161 162 
                                  pid_t pid,
                                  bool lock)
M
security driver: Introduce transaction APIs  
Michal Privoznik 已提交
163 164 165 166 167 168 
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    virSecurityStackItemPtr item = priv->itemsHead;
    int rc = 0;

    for (; item; item = item->next) {
M
virSecurityManagerTransactionCommit: Do metadata locking iff enabled in config  
Michal Privoznik 已提交
169 
        if (virSecurityManagerTransactionCommit(item->securityManager, pid, lock) < 0)
M
security driver: Introduce transaction APIs  
Michal Privoznik 已提交
170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 
            rc = -1;
    }

    return rc;
}


static void
virSecurityStackTransactionAbort(virSecurityManagerPtr mgr)
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    virSecurityStackItemPtr item = priv->itemsHead;

    for (; item; item = item->next)
        virSecurityManagerTransactionAbort(item->securityManager);
}
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
188 189 190 191 192 
static int
virSecurityStackVerify(virSecurityManagerPtr mgr,
                       virDomainDefPtr def)
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
193 
    virSecurityStackItemPtr item = priv->itemsHead;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
194 195 
    int rc = 0;
D
Remove spurious whitespace between function name & open brackets  
Daniel P. Berrange 已提交
196 
    for (; item; item = item->next) {
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
197 198 199 200 201 
        if (virSecurityManagerVerify(item->securityManager, def) < 0) {
            rc = -1;
            break;
        }
    }
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
202 203 204 205 206 207 208 

    return rc;
}


static int
virSecurityStackGenLabel(virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
209 
                         virDomainDefPtr vm)
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
210 211 212 
{
    int rc = 0;
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
213 
    if (virSecurityManagerGenLabel(virSecurityStackGetPrimary(mgr), vm) < 0)
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
214 215 
        rc = -1;
M
lib: Fix c99 style comments  
Michal Privoznik 已提交
216 
/* TODO */
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 
#if 0
    /* We don't allow secondary drivers to generate labels.
     * This may have to change in the future, but requires
     * changes elsewhere in domain_conf.c and capabilities.c
     * XML formats first, to allow recording of multiple
     * labels
     */
    if (virSecurityManagerGenLabel(priv->secondary, vm) < 0)
        rc = -1;
#endif

    return rc;
}


static int
virSecurityStackReleaseLabel(virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
234 
                             virDomainDefPtr vm)
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
235 236 237 
{
    int rc = 0;
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
238 
    if (virSecurityManagerReleaseLabel(virSecurityStackGetPrimary(mgr), vm) < 0)
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
239 
        rc = -1;
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
240
M
lib: Fix c99 style comments  
Michal Privoznik 已提交
241 
/* TODO */
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
242 243 244 245 246 247 248 249 250 251 252 253 
#if 0
    /* XXX See note in GenLabel */
    if (virSecurityManagerReleaseLabel(priv->secondary, vm) < 0)
        rc = -1;
#endif

    return rc;
}


static int
virSecurityStackReserveLabel(virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
254 255 
                             virDomainDefPtr vm,
                             pid_t pid)
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
256 257 258 
{
    int rc = 0;
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
259 
    if (virSecurityManagerReserveLabel(virSecurityStackGetPrimary(mgr), vm, pid) < 0)
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
260 
        rc = -1;
M
lib: Fix c99 style comments  
Michal Privoznik 已提交
261 
/* TODO */
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
262 263 
#if 0
    /* XXX See note in GenLabel */
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
264 
    if (virSecurityManagerReserveLabel(priv->secondary, vm, pid) < 0)
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
265 266 267 268 269 270 271 272 
        rc = -1;
#endif

    return rc;
}


static int
J
security_stack: remove extra Security from function names  
Ján Tomko 已提交
273 274 275 276 
virSecurityStackSetHostdevLabel(virSecurityManagerPtr mgr,
                                virDomainDefPtr vm,
                                virDomainHostdevDefPtr dev,
                                const char *vroot)
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
277 278 279 

{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
280 
    virSecurityStackItemPtr item = priv->itemsHead;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
281 282 
    int rc = 0;
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
283 
    for (; item; item = item->next) {
D
Allow passing a vroot into security manager hostdev labelling  
Daniel P. Berrange 已提交
284 285 286 287 
        if (virSecurityManagerSetHostdevLabel(item->securityManager,
                                              vm,
                                              dev,
                                              vroot) < 0)
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
288 289 
            rc = -1;
    }
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
290 291 292 293 294 295 

    return rc;
}


static int
J
security_stack: remove extra Security from function names  
Ján Tomko 已提交
296 297 298 299 
virSecurityStackRestoreHostdevLabel(virSecurityManagerPtr mgr,
                                    virDomainDefPtr vm,
                                    virDomainHostdevDefPtr dev,
                                    const char *vroot)
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
300 301 
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
302 
    virSecurityStackItemPtr item = priv->itemsHead;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
303 304 
    int rc = 0;
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
305 
    for (; item; item = item->next) {
D
Allow passing a vroot into security manager hostdev labelling  
Daniel P. Berrange 已提交
306 307 308 309 
        if (virSecurityManagerRestoreHostdevLabel(item->securityManager,
                                                  vm,
                                                  dev,
                                                  vroot) < 0)
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
310 311 
            rc = -1;
    }
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
312 313 314 315 316 317 

    return rc;
}


static int
J
security_stack: remove extra Security from function names  
Ján Tomko 已提交
318 319 
virSecurityStackSetAllLabel(virSecurityManagerPtr mgr,
                            virDomainDefPtr vm,
P
security: don't relabel chardev source if virtlogd is used as stdio handler  
Pavel Hrdina 已提交
320 
                            const char *stdin_path,
M
security: Pass @migrated to virSecurityManagerSetAllLabel  
Michal Privoznik 已提交
321 322 
                            bool chardevStdioLogd,
                            bool migrated)
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
323 324 
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
325 
    virSecurityStackItemPtr item = priv->itemsHead;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
326 327 
    int rc = 0;
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
328 
    for (; item; item = item->next) {
P
security: don't relabel chardev source if virtlogd is used as stdio handler  
Pavel Hrdina 已提交
329 
        if (virSecurityManagerSetAllLabel(item->securityManager, vm,
M
security: Pass @migrated to virSecurityManagerSetAllLabel  
Michal Privoznik 已提交
330 331 
                                          stdin_path, chardevStdioLogd,
                                          migrated) < 0)
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
332 333 
            rc = -1;
    }
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
334 335 336 337 338 339 

    return rc;
}


static int
J
security_stack: remove extra Security from function names  
Ján Tomko 已提交
340 341 
virSecurityStackRestoreAllLabel(virSecurityManagerPtr mgr,
                                virDomainDefPtr vm,
P
security: don't relabel chardev source if virtlogd is used as stdio handler  
Pavel Hrdina 已提交
342 343 
                                bool migrated,
                                bool chardevStdioLogd)
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
344 345 
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
346 
    virSecurityStackItemPtr item = priv->itemsHead;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
347 348 
    int rc = 0;
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
349 
    for (; item; item = item->next) {
P
security: don't relabel chardev source if virtlogd is used as stdio handler  
Pavel Hrdina 已提交
350 351 
        if (virSecurityManagerRestoreAllLabel(item->securityManager, vm,
                                              migrated, chardevStdioLogd) < 0)
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
352 353 
            rc = -1;
    }
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
354 355 356 357 358 359 360 

    return rc;
}


static int
virSecurityStackSetSavedStateLabel(virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
361 
                                   virDomainDefPtr vm,
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
362 363 364 
                                   const char *savefile)
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
365 
    virSecurityStackItemPtr item = priv->itemsHead;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
366 367 
    int rc = 0;
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
368 369 370 371 
    for (; item; item = item->next) {
        if (virSecurityManagerSetSavedStateLabel(item->securityManager, vm, savefile) < 0)
            rc = -1;
    }
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
372 373 374 375 376 377 378 

    return rc;
}


static int
virSecurityStackRestoreSavedStateLabel(virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
379 
                                       virDomainDefPtr vm,
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
380 381 382 
                                       const char *savefile)
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
383 
    virSecurityStackItemPtr item = priv->itemsHead;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
384 385 
    int rc = 0;
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
386 387 388 389 
    for (; item; item = item->next) {
        if (virSecurityManagerRestoreSavedStateLabel(item->securityManager, vm, savefile) < 0)
            rc = -1;
    }
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
390 391 392 393 394 395 396 

    return rc;
}


static int
virSecurityStackSetProcessLabel(virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
397 
                                virDomainDefPtr vm)
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
398 399 
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
400 
    virSecurityStackItemPtr item = priv->itemsHead;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
401 402 
    int rc = 0;
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
403 404 405 406 
    for (; item; item = item->next) {
        if (virSecurityManagerSetProcessLabel(item->securityManager, vm) < 0)
            rc = -1;
    }
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
407 408 409 410 

    return rc;
}
L
security: add new virSecurityManagerSetChildProcessLabel API  
Laine Stump 已提交
411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 
static int
virSecurityStackSetChildProcessLabel(virSecurityManagerPtr mgr,
                                     virDomainDefPtr vm,
                                     virCommandPtr cmd)
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    virSecurityStackItemPtr item = priv->itemsHead;
    int rc = 0;

    for (; item; item = item->next) {
        if (virSecurityManagerSetChildProcessLabel(item->securityManager, vm, cmd) < 0)
            rc = -1;
    }

    return rc;
}
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
428 429 
static int
virSecurityStackGetProcessLabel(virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
430 431 
                                virDomainDefPtr vm,
                                pid_t pid,
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
432 433 434 435 
                                virSecurityLabelPtr seclabel)
{
    int rc = 0;
M
lib: Fix c99 style comments  
Michal Privoznik 已提交
436 
/* TODO */
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
437 
#if 0
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
438 
    if (virSecurityManagerGetProcessLabel(priv->secondary, vm, pid, seclabel) < 0)
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
439 440 
        rc = -1;
#endif
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
441 
    if (virSecurityManagerGetProcessLabel(virSecurityStackGetPrimary(mgr), vm, pid, seclabel) < 0)
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
442 443 444 445 446 447 448 
        rc = -1;

    return rc;
}


static int
J
security: Rename SetSocketLabel APIs to SetDaemonSocketLabel  
Jiri Denemark 已提交
449 
virSecurityStackSetDaemonSocketLabel(virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
450 
                                     virDomainDefPtr vm)
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
451 452 
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
453 
    virSecurityStackItemPtr item = priv->itemsHead;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
454 455 
    int rc = 0;
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
456 457 458 459 
    for (; item; item = item->next) {
        if (virSecurityManagerSetDaemonSocketLabel(item->securityManager, vm) < 0)
            rc = -1;
    }
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
460 461 462 463 464 

    return rc;
}
J
security: Introduce SetSocketLabel  
Jiri Denemark 已提交
465 466 
static int
virSecurityStackSetSocketLabel(virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
467 
                               virDomainDefPtr vm)
J
security: Introduce SetSocketLabel  
Jiri Denemark 已提交
468 469 
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
470 
    virSecurityStackItemPtr item = priv->itemsHead;
J
security: Introduce SetSocketLabel  
Jiri Denemark 已提交
471 472 
    int rc = 0;
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
473 474 475 476 
    for (; item; item = item->next) {
        if (virSecurityManagerSetSocketLabel(item->securityManager, vm) < 0)
            rc = -1;
    }
J
security: Introduce SetSocketLabel  
Jiri Denemark 已提交
477 478 479 480 481 

    return rc;
}
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
482 483 
static int
virSecurityStackClearSocketLabel(virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
484 
                                 virDomainDefPtr vm)
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
485 486 
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
487 
    virSecurityStackItemPtr item = priv->itemsHead;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
488 489 
    int rc = 0;
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
490 491 492 493 
    for (; item; item = item->next) {
        if (virSecurityManagerClearSocketLabel(item->securityManager, vm) < 0)
            rc = -1;
    }
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
494 495 496 497 

    return rc;
}
L
Add a function to the security driver API that sets the label of an open fd.  
Laine Stump 已提交
498 
static int
D
Rename virSecurityManagerSetFDLabel method  
Daniel P. Berrange 已提交
499 
virSecurityStackSetImageFDLabel(virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
500 
                                virDomainDefPtr vm,
D
Rename virSecurityManagerSetFDLabel method  
Daniel P. Berrange 已提交
501 
                                int fd)
L
Add a function to the security driver API that sets the label of an open fd.  
Laine Stump 已提交
502 503 
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
504 
    virSecurityStackItemPtr item = priv->itemsHead;
L
Add a function to the security driver API that sets the label of an open fd.  
Laine Stump 已提交
505 506 
    int rc = 0;
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
507 508 509 510 
    for (; item; item = item->next) {
        if (virSecurityManagerSetImageFDLabel(item->securityManager, vm, fd) < 0)
            rc = -1;
    }
L
Add a function to the security driver API that sets the label of an open fd.  
Laine Stump 已提交
511 512 513 514 

    return rc;
}
G
selinux: add security selinux function to label tapfd  
Guannan Ren 已提交
515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 
static int
virSecurityStackSetTapFDLabel(virSecurityManagerPtr mgr,
                              virDomainDefPtr vm,
                              int fd)
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    virSecurityStackItemPtr item = priv->itemsHead;
    int rc = 0;

    for (; item; item = item->next) {
        if (virSecurityManagerSetTapFDLabel(item->securityManager, vm, fd) < 0)
            rc = -1;
    }

    return rc;
}
M
Use K&R style for curly braces in remaining files  
Martin Kletzander 已提交
532 533 534 535 
static char *
virSecurityStackGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
                                virDomainDefPtr vm ATTRIBUTE_UNUSED)
{
D
Add security driver APIs for getting mount options  
Daniel Walsh 已提交
536 537 
    return NULL;
}
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
538
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
539 540 541 542 543 544 
virSecurityManagerPtr*
virSecurityStackGetNested(virSecurityManagerPtr mgr)
{
    virSecurityManagerPtr *list = NULL;
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    virSecurityStackItemPtr item;
D
Convert 'int i' to 'size_t i' in src/security files  
Daniel P. Berrange 已提交
545 546 
    int len = 0;
    size_t i;
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
547 548 549 550 

    for (item = priv->itemsHead; item; item = item->next)
        len++;
M
Adapt to VIR_ALLOC and virAsprintf in src/security/*  
Michal Privoznik 已提交
551 
    if (VIR_ALLOC_N(list, len + 1) < 0)
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
552 553 
        return NULL;
D
Convert 'int i' to 'size_t i' in src/security files  
Daniel P. Berrange 已提交
554 
    for (i = 0, item = priv->itemsHead; item; item = item->next, i++)
M
Update security layer to handle many security labels  
Marcelo Cerri 已提交
555 556 557 558 559 560 
        list[i] = item->securityManager;
    list[len] = NULL;

    return list;
}
G
security: add new internal function "virSecurityManagerGetBaseLabel"  
Giuseppe Scrivano 已提交
561 562 563 564 565 566 567 
static const char *
virSecurityStackGetBaseLabel(virSecurityManagerPtr mgr, int virtType)
{
    return virSecurityManagerGetBaseLabel(virSecurityStackGetPrimary(mgr),
                                          virtType);
}
P
security: Introduce APIs to label single images  
Peter Krempa 已提交
568 
static int
J
security_stack: remove extra Security from function names  
Ján Tomko 已提交
569 570 
virSecurityStackSetImageLabel(virSecurityManagerPtr mgr,
                              virDomainDefPtr vm,
P
security: Remove security driver internals for disk labeling  
Peter Krempa 已提交
571 572 
                              virStorageSourcePtr src,
                              virSecurityDomainImageLabelFlags flags)
P
security: Introduce APIs to label single images  
Peter Krempa 已提交
573 574 575 576 577 578 
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    virSecurityStackItemPtr item = priv->itemsHead;
    int rc = 0;

    for (; item; item = item->next) {
P
security: Remove security driver internals for disk labeling  
Peter Krempa 已提交
579 580 
        if (virSecurityManagerSetImageLabel(item->securityManager, vm, src,
                                            flags) < 0)
P
security: Introduce APIs to label single images  
Peter Krempa 已提交
581 582 583 584 585 586 587 
            rc = -1;
    }

    return rc;
}

static int
J
security_stack: remove extra Security from function names  
Ján Tomko 已提交
588 589 
virSecurityStackRestoreImageLabel(virSecurityManagerPtr mgr,
                                  virDomainDefPtr vm,
P
security: Remove security driver internals for disk labeling  
Peter Krempa 已提交
590 591 
                                  virStorageSourcePtr src,
                                  virSecurityDomainImageLabelFlags flags)
P
security: Introduce APIs to label single images  
Peter Krempa 已提交
592 593 594 595 596 597 598 
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    virSecurityStackItemPtr item = priv->itemsHead;
    int rc = 0;

    for (; item; item = item->next) {
        if (virSecurityManagerRestoreImageLabel(item->securityManager,
P
security: Remove security driver internals for disk labeling  
Peter Krempa 已提交
599 
                                                vm, src, flags) < 0)
P
security: Introduce APIs to label single images  
Peter Krempa 已提交
600 601 602 603 604 605 
            rc = -1;
    }

    return rc;
}
M
security: Introduce virSecurityManagerMoveImageMetadata  
Michal Privoznik 已提交
606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 
static int
virSecurityStackMoveImageMetadata(virSecurityManagerPtr mgr,
                                  pid_t pid,
                                  virStorageSourcePtr src,
                                  virStorageSourcePtr dst)
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    virSecurityStackItemPtr item = priv->itemsHead;
    int rc = 0;

    for (; item; item = item->next) {
        if (virSecurityManagerMoveImageMetadata(item->securityManager,
                                                pid, src, dst) < 0)
            rc = -1;
    }

    return rc;
}
M
security: Introduce internal APIs for memdev labelling  
Michal Privoznik 已提交
625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 
static int
virSecurityStackSetMemoryLabel(virSecurityManagerPtr mgr,
                               virDomainDefPtr vm,
                               virDomainMemoryDefPtr mem)
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    virSecurityStackItemPtr item = priv->itemsHead;
    int rc = 0;

    for (; item; item = item->next) {
        if (virSecurityManagerSetMemoryLabel(item->securityManager, vm, mem) < 0)
            rc = -1;
    }

    return rc;
}

static int
virSecurityStackRestoreMemoryLabel(virSecurityManagerPtr mgr,
                                   virDomainDefPtr vm,
                                   virDomainMemoryDefPtr mem)
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    virSecurityStackItemPtr item = priv->itemsHead;
    int rc = 0;

    for (; item; item = item->next) {
        if (virSecurityManagerRestoreMemoryLabel(item->securityManager,
                                                 vm, mem) < 0)
            rc = -1;
    }

    return rc;
}
J
security: Introduce functions for input device hot(un)plug  
Ján Tomko 已提交
660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 
static int
virSecurityStackSetInputLabel(virSecurityManagerPtr mgr,
                              virDomainDefPtr vm,
                              virDomainInputDefPtr input)
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    virSecurityStackItemPtr item = priv->itemsHead;
    int rc = 0;

    for (; item; item = item->next) {
        if (virSecurityManagerSetInputLabel(item->securityManager, vm, input) < 0)
            rc = -1;
    }

    return rc;
}

static int
virSecurityStackRestoreInputLabel(virSecurityManagerPtr mgr,
                                  virDomainDefPtr vm,
                                  virDomainInputDefPtr input)
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    virSecurityStackItemPtr item = priv->itemsHead;
    int rc = 0;

    for (; item; item = item->next) {
        if (virSecurityManagerRestoreInputLabel(item->securityManager,
                                                vm, input) < 0)
            rc = -1;
    }

    return rc;
}
M
security_stack: Add SetDirLabel support  
Martin Kletzander 已提交
695 
static int
M
security: Rename DomainSetDirLabel to DomainSetPathLabel  
Martin Kletzander 已提交
696 697 
virSecurityStackDomainSetPathLabel(virSecurityManagerPtr mgr,
                                   virDomainDefPtr vm,
C
security: full path option for DomainSetPathLabel  
Christian Ehrhardt 已提交
698 699 
                                   const char *path,
                                   bool allowSubtree)
M
security_stack: Add SetDirLabel support  
Martin Kletzander 已提交
700 701 702 703 704 705 
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    virSecurityStackItemPtr item = priv->itemsHead;
    int rc = 0;

    for (; item; item = item->next) {
M
security: Rename DomainSetDirLabel to DomainSetPathLabel  
Martin Kletzander 已提交
706 
        if (virSecurityManagerDomainSetPathLabel(item->securityManager,
C
security: full path option for DomainSetPathLabel  
Christian Ehrhardt 已提交
707 
                                                 vm, path, allowSubtree) < 0)
M
security_stack: Add SetDirLabel support  
Martin Kletzander 已提交
708 709 710 711 712 713 
            rc = -1;
    }

    return rc;
}
P
security: introduce virSecurityManager(Set|Restore)ChardevLabel  
Pavel Hrdina 已提交
714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 
static int
virSecurityStackDomainSetChardevLabel(virSecurityManagerPtr mgr,
                                      virDomainDefPtr def,
                                      virDomainChrSourceDefPtr dev_source,
                                      bool chardevStdioLogd)
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    virSecurityStackItemPtr item = priv->itemsHead;
    int rc = 0;

    for (; item; item = item->next) {
        if (virSecurityManagerSetChardevLabel(item->securityManager,
                                              def, dev_source,
                                              chardevStdioLogd) < 0)
            rc = -1;
    }

    return rc;
}

static int
virSecurityStackDomainRestoreChardevLabel(virSecurityManagerPtr mgr,
                                          virDomainDefPtr def,
                                          virDomainChrSourceDefPtr dev_source,
                                          bool chardevStdioLogd)
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    virSecurityStackItemPtr item = priv->itemsHead;
    int rc = 0;

    for (; item; item = item->next) {
        if (virSecurityManagerRestoreChardevLabel(item->securityManager,
                                                  def, dev_source,
                                                  chardevStdioLogd) < 0)
            rc = -1;
    }

    return rc;
}
S
security: Label the external swtpm with SELinux labels  
Stefan Berger 已提交
754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 

static int
virSecurityStackSetTPMLabels(virSecurityManagerPtr mgr,
                             virDomainDefPtr vm)
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    virSecurityStackItemPtr item = priv->itemsHead;
    int rc = 0;

    for (; item; item = item->next) {
        if (virSecurityManagerSetTPMLabels(item->securityManager,
                                           vm) < 0)
            rc = -1;
    }

    return rc;
}


static int
virSecurityStackRestoreTPMLabels(virSecurityManagerPtr mgr,
                                 virDomainDefPtr vm)
{
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    virSecurityStackItemPtr item = priv->itemsHead;
    int rc = 0;

    for (; item; item = item->next) {
        if (virSecurityManagerRestoreTPMLabels(item->securityManager,
                                               vm) < 0)
            rc = -1;
    }

    return rc;
}
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
791 
virSecurityDriver virSecurityDriverStack = {
M
security: Switch to C99-style struct initialization  
Michal Privoznik 已提交
792 793 794 795 796 
    .privateDataLen                     = sizeof(virSecurityStackData),
    .name                               = "stack",
    .probe                              = virSecurityStackProbe,
    .open                               = virSecurityStackOpen,
    .close                              = virSecurityStackClose,
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
797
M
security: Switch to C99-style struct initialization  
Michal Privoznik 已提交
798 799 
    .getModel                           = virSecurityStackGetModel,
    .getDOI                             = virSecurityStackGetDOI,
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
800
E
security: framework for driver PreFork handler  
Eric Blake 已提交
801 802 
    .preFork                            = virSecurityStackPreFork,
M
security driver: Introduce transaction APIs  
Michal Privoznik 已提交
803 804 805 806 
    .transactionStart                   = virSecurityStackTransactionStart,
    .transactionCommit                  = virSecurityStackTransactionCommit,
    .transactionAbort                   = virSecurityStackTransactionAbort,
M
security: Switch to C99-style struct initialization  
Michal Privoznik 已提交
807 
    .domainSecurityVerify               = virSecurityStackVerify,
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
808
J
security_stack: remove extra Security from function names  
Ján Tomko 已提交
809 810 
    .domainSetSecurityImageLabel        = virSecurityStackSetImageLabel,
    .domainRestoreSecurityImageLabel    = virSecurityStackRestoreImageLabel,
M
security: Introduce virSecurityManagerMoveImageMetadata  
Michal Privoznik 已提交
811 
    .domainMoveImageMetadata            = virSecurityStackMoveImageMetadata,
P
security: Introduce APIs to label single images  
Peter Krempa 已提交
812
M
security: Introduce internal APIs for memdev labelling  
Michal Privoznik 已提交
813 814 815 
    .domainSetSecurityMemoryLabel       = virSecurityStackSetMemoryLabel,
    .domainRestoreSecurityMemoryLabel   = virSecurityStackRestoreMemoryLabel,
J
security: Introduce functions for input device hot(un)plug  
Ján Tomko 已提交
816 817 818 
    .domainSetSecurityInputLabel        = virSecurityStackSetInputLabel,
    .domainRestoreSecurityInputLabel    = virSecurityStackRestoreInputLabel,
M
security: Switch to C99-style struct initialization  
Michal Privoznik 已提交
819 820 821 
    .domainSetSecurityDaemonSocketLabel = virSecurityStackSetDaemonSocketLabel,
    .domainSetSecuritySocketLabel       = virSecurityStackSetSocketLabel,
    .domainClearSecuritySocketLabel     = virSecurityStackClearSocketLabel,
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
822
M
security: Switch to C99-style struct initialization  
Michal Privoznik 已提交
823 824 825 
    .domainGenSecurityLabel             = virSecurityStackGenLabel,
    .domainReserveSecurityLabel         = virSecurityStackReserveLabel,
    .domainReleaseSecurityLabel         = virSecurityStackReleaseLabel,
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
826
M
security: Switch to C99-style struct initialization  
Michal Privoznik 已提交
827 828 
    .domainGetSecurityProcessLabel      = virSecurityStackGetProcessLabel,
    .domainSetSecurityProcessLabel      = virSecurityStackSetProcessLabel,
L
security: add new virSecurityManagerSetChildProcessLabel API  
Laine Stump 已提交
829 
    .domainSetSecurityChildProcessLabel = virSecurityStackSetChildProcessLabel,
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
830
J
security_stack: remove extra Security from function names  
Ján Tomko 已提交
831 832 
    .domainSetSecurityAllLabel          = virSecurityStackSetAllLabel,
    .domainRestoreSecurityAllLabel      = virSecurityStackRestoreAllLabel,
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
833
J
security_stack: remove extra Security from function names  
Ján Tomko 已提交
834 835 
    .domainSetSecurityHostdevLabel      = virSecurityStackSetHostdevLabel,
    .domainRestoreSecurityHostdevLabel  = virSecurityStackRestoreHostdevLabel,
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
836
M
security: Switch to C99-style struct initialization  
Michal Privoznik 已提交
837 838 
    .domainSetSavedStateLabel           = virSecurityStackSetSavedStateLabel,
    .domainRestoreSavedStateLabel       = virSecurityStackRestoreSavedStateLabel,
L
Add a function to the security driver API that sets the label of an open fd.  
Laine Stump 已提交
839
M
security: Switch to C99-style struct initialization  
Michal Privoznik 已提交
840 
    .domainSetSecurityImageFDLabel      = virSecurityStackSetImageFDLabel,
G
selinux: add security selinux function to label tapfd  
Guannan Ren 已提交
841 
    .domainSetSecurityTapFDLabel        = virSecurityStackSetTapFDLabel,
D
Add security driver APIs for getting mount options  
Daniel Walsh 已提交
842
M
security: Switch to C99-style struct initialization  
Michal Privoznik 已提交
843 
    .domainGetSecurityMountOptions      = virSecurityStackGetMountOptions,
S
add security hook for permitting hugetlbfs access  
Serge Hallyn 已提交
844
G
security: add new internal function "virSecurityManagerGetBaseLabel"  
Giuseppe Scrivano 已提交
845 
    .getBaseLabel                       = virSecurityStackGetBaseLabel,
M
security_stack: Add SetDirLabel support  
Martin Kletzander 已提交
846
M
security: Rename DomainSetDirLabel to DomainSetPathLabel  
Martin Kletzander 已提交
847 
    .domainSetPathLabel                 = virSecurityStackDomainSetPathLabel,
P
security: introduce virSecurityManager(Set|Restore)ChardevLabel  
Pavel Hrdina 已提交
848 849 850 

    .domainSetSecurityChardevLabel      = virSecurityStackDomainSetChardevLabel,
    .domainRestoreSecurityChardevLabel  = virSecurityStackDomainRestoreChardevLabel,
S
security: Label the external swtpm with SELinux labels  
Stefan Berger 已提交
851 852 853 

    .domainSetSecurityTPMLabels         = virSecurityStackSetTPMLabels,
    .domainRestoreSecurityTPMLabels     = virSecurityStackRestoreTPMLabels,
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
854 
};