Skip to content

L
libvirt

openeuler / libvirt

通知 3
Star 0
Fork 0
L
libvirt

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
security_driver.h 9.9 KB
Newer Older
D
Core internal driver stub for sVirt support (Jams Morris & Dan Walsh)  
Daniel P. Berrange 已提交
1 
/*
L
security: add new virSecurityManagerSetChildProcessLabel API  
Laine Stump 已提交
2 
 * Copyright (C) 2008, 2010-2013 Red Hat, Inc.
D
Core internal driver stub for sVirt support (Jams Morris & Dan Walsh)  
Daniel P. Berrange 已提交
3 4 5 6 7 8 
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
O
Desert the FSF address in copyright  
Osier Yang 已提交
9 10 11 12 13 14 
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
E
maint: fix up copyright notice inconsistencies  
Eric Blake 已提交
15 
 * License along with this library.  If not, see
O
Desert the FSF address in copyright  
Osier Yang 已提交
16 17 
 * <http://www.gnu.org/licenses/>.
 *
D
Core internal driver stub for sVirt support (Jams Morris & Dan Walsh)  
Daniel P. Berrange 已提交
18 19 20 21 22 
 * Authors:
 *     James Morris <jmorris@namei.org>
 *
 */
#ifndef __VIR_SECURITY_H__
E
build: consistently indent preprocessor directives  
Eric Blake 已提交
23 
# define __VIR_SECURITY_H__
D
Core internal driver stub for sVirt support (Jams Morris & Dan Walsh)  
Daniel P. Berrange 已提交
24
E
build: consistently indent preprocessor directives  
Eric Blake 已提交
25 26 
# include "internal.h"
# include "domain_conf.h"
D
Core internal driver stub for sVirt support (Jams Morris & Dan Walsh)  
Daniel P. Berrange 已提交
27
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
28 29 
# include "security_manager.h"
D
Core internal driver stub for sVirt support (Jams Morris & Dan Walsh)  
Daniel P. Berrange 已提交
30 31 32 33 34 35 36 37 38 39 40 41 
/*
 * Return values for security driver probing: the driver will determine
 * whether it should be enabled or disabled.
 */
typedef enum {
    SECURITY_DRIVER_ENABLE      = 0,
    SECURITY_DRIVER_ERROR       = -1,
    SECURITY_DRIVER_DISABLE     = -2,
} virSecurityDriverStatus;

typedef struct _virSecurityDriver virSecurityDriver;
typedef virSecurityDriver *virSecurityDriverPtr;
D
Pass security driver object into all security driver callbacks  
Daniel P. Berrange 已提交
42
D
Pass the virt driver name into security drivers  
Daniel Walsh 已提交
43 
typedef virSecurityDriverStatus (*virSecurityDriverProbe) (const char *virtDriver);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
44 45 46 47 48 
typedef int (*virSecurityDriverOpen) (virSecurityManagerPtr mgr);
typedef int (*virSecurityDriverClose) (virSecurityManagerPtr mgr);

typedef const char *(*virSecurityDriverGetModel) (virSecurityManagerPtr mgr);
typedef const char *(*virSecurityDriverGetDOI) (virSecurityManagerPtr mgr);
G
security: add new internal function "virSecurityManagerGetBaseLabel"  
Giuseppe Scrivano 已提交
49 50 
typedef const char *(*virSecurityDriverGetBaseLabel) (virSecurityManagerPtr mgr,
                                                      int virtType);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
51
E
security: framework for driver PreFork handler  
Eric Blake 已提交
52 53 
typedef int (*virSecurityDriverPreFork) (virSecurityManagerPtr mgr);
M
security driver: Introduce transaction APIs  
Michal Privoznik 已提交
54 55 56 57 58 
typedef int (*virSecurityDriverTransactionStart) (virSecurityManagerPtr mgr);
typedef int (*virSecurityDriverTransactionCommit) (virSecurityManagerPtr mgr,
                                                   pid_t pid);
typedef void (*virSecurityDriverTransactionAbort) (virSecurityManagerPtr mgr);
P
security: Rename virSecurityManagerRestoreImageLabel to *Disk*  
Peter Krempa 已提交
59 60 61 
typedef int (*virSecurityDomainRestoreDiskLabel) (virSecurityManagerPtr mgr,
                                                  virDomainDefPtr def,
                                                  virDomainDiskDefPtr disk);
J
security: Rename SetSocketLabel APIs to SetDaemonSocketLabel  
Jiri Denemark 已提交
62 
typedef int (*virSecurityDomainSetDaemonSocketLabel)(virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
63 
                                                     virDomainDefPtr vm);
J
security: Introduce SetSocketLabel  
Jiri Denemark 已提交
64 
typedef int (*virSecurityDomainSetSocketLabel) (virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
65 
                                                virDomainDefPtr def);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
66 
typedef int (*virSecurityDomainClearSocketLabel)(virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
67 
                                                virDomainDefPtr def);
P
security: Rename virSecurityManagerSetImageLabel to *Disk*  
Peter Krempa 已提交
68 69 70 
typedef int (*virSecurityDomainSetDiskLabel) (virSecurityManagerPtr mgr,
                                              virDomainDefPtr def,
                                              virDomainDiskDefPtr disk);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
71 
typedef int (*virSecurityDomainRestoreHostdevLabel) (virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
72 
                                                     virDomainDefPtr def,
D
Allow passing a vroot into security manager hostdev labelling  
Daniel P. Berrange 已提交
73 74 
                                                     virDomainHostdevDefPtr dev,
                                                     const char *vroot);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
75 
typedef int (*virSecurityDomainSetHostdevLabel) (virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
76 
                                                 virDomainDefPtr def,
D
Allow passing a vroot into security manager hostdev labelling  
Daniel P. Berrange 已提交
77 78 
                                                 virDomainHostdevDefPtr dev,
                                                 const char *vroot);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
79 
typedef int (*virSecurityDomainSetSavedStateLabel) (virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
80 
                                                    virDomainDefPtr def,
D
Fix save and restore with non-privileged guests and SELinux  
Daniel P. Berrange 已提交
81 
                                                    const char *savefile);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
82 
typedef int (*virSecurityDomainRestoreSavedStateLabel) (virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
83 
                                                        virDomainDefPtr def,
D
Fix save and restore with non-privileged guests and SELinux  
Daniel P. Berrange 已提交
84 
                                                        const char *savefile);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
85 
typedef int (*virSecurityDomainGenLabel) (virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
86 
                                          virDomainDefPtr sec);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
87 
typedef int (*virSecurityDomainReserveLabel) (virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
88 89 
                                              virDomainDefPtr sec,
                                              pid_t pid);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
90 
typedef int (*virSecurityDomainReleaseLabel) (virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
91 
                                              virDomainDefPtr sec);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
92 
typedef int (*virSecurityDomainSetAllLabel) (virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
93 
                                             virDomainDefPtr sec,
J
Add stdin_path to qemudStartVMDaemon() args.  
Jamie Strandboge 已提交
94 
                                             const char *stdin_path);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
95 
typedef int (*virSecurityDomainRestoreAllLabel) (virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
96 
                                                 virDomainDefPtr def,
P
security: Sanitize type of @migrated in virSecurityManagerRestoreAllLabel  
Peter Krempa 已提交
97 
                                                 bool migrated);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
98 
typedef int (*virSecurityDomainGetProcessLabel) (virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
99 100 
                                                 virDomainDefPtr def,
                                                 pid_t pid,
D
Refactor setup & cleanup of security labels in security driver  
Daniel P. Berrange 已提交
101 
                                                 virSecurityLabelPtr sec);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
102 
typedef int (*virSecurityDomainSetProcessLabel) (virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
103 
                                                 virDomainDefPtr def);
L
security: add new virSecurityManagerSetChildProcessLabel API  
Laine Stump 已提交
104 105 106 
typedef int (*virSecurityDomainSetChildProcessLabel) (virSecurityManagerPtr mgr,
                                                      virDomainDefPtr def,
                                                      virCommandPtr cmd);
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
107 108 
typedef int (*virSecurityDomainSecurityVerify) (virSecurityManagerPtr mgr,
                                                virDomainDefPtr def);
D
Rename virSecurityManagerSetFDLabel method  
Daniel P. Berrange 已提交
109 
typedef int (*virSecurityDomainSetImageFDLabel) (virSecurityManagerPtr mgr,
D
Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr  
Daniel P. Berrange 已提交
110 
                                                 virDomainDefPtr def,
D
Rename virSecurityManagerSetFDLabel method  
Daniel P. Berrange 已提交
111 
                                                 int fd);
G
selinux: add security selinux function to label tapfd  
Guannan Ren 已提交
112 113 114 
typedef int (*virSecurityDomainSetTapFDLabel) (virSecurityManagerPtr mgr,
                                               virDomainDefPtr def,
                                               int fd);
D
Add security driver APIs for getting mount options  
Daniel Walsh 已提交
115 
typedef char *(*virSecurityDomainGetMountOptions) (virSecurityManagerPtr mgr,
P
security: Fix header formatting of a few functions  
Peter Krempa 已提交
116 
                                                   virDomainDefPtr def);
S
add security hook for permitting hugetlbfs access  
Serge Hallyn 已提交
117 
typedef int (*virSecurityDomainSetHugepages) (virSecurityManagerPtr mgr,
P
security: Fix header formatting of a few functions  
Peter Krempa 已提交
118 119 
                                              virDomainDefPtr def,
                                              const char *path);
P
security: Introduce APIs to label single images  
Peter Krempa 已提交
120 121 122 123 124 125 
typedef int (*virSecurityDomainSetImageLabel) (virSecurityManagerPtr mgr,
                                               virDomainDefPtr def,
                                               virStorageSourcePtr src);
typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManagerPtr mgr,
                                                   virDomainDefPtr def,
                                                   virStorageSourcePtr src);
M
security: Introduce internal APIs for memdev labelling  
Michal Privoznik 已提交
126 127 128 129 130 131 
typedef int (*virSecurityDomainSetMemoryLabel) (virSecurityManagerPtr mgr,
                                                virDomainDefPtr def,
                                                virDomainMemoryDefPtr mem);
typedef int (*virSecurityDomainRestoreMemoryLabel) (virSecurityManagerPtr mgr,
                                                    virDomainDefPtr def,
                                                    virDomainMemoryDefPtr mem);
M
security: Rename DomainSetDirLabel to DomainSetPathLabel  
Martin Kletzander 已提交
132 133 134 
typedef int (*virSecurityDomainSetPathLabel) (virSecurityManagerPtr mgr,
                                              virDomainDefPtr def,
                                              const char *path);
P
security: Introduce APIs to label single images  
Peter Krempa 已提交
135
D
Core internal driver stub for sVirt support (Jams Morris & Dan Walsh)  
Daniel P. Berrange 已提交
136 137 

struct _virSecurityDriver {
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
138 
    size_t privateDataLen;
D
Core internal driver stub for sVirt support (Jams Morris & Dan Walsh)  
Daniel P. Berrange 已提交
139 140 141 
    const char *name;
    virSecurityDriverProbe probe;
    virSecurityDriverOpen open;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
142 143 144 145 146 
    virSecurityDriverClose close;

    virSecurityDriverGetModel getModel;
    virSecurityDriverGetDOI getDOI;
E
security: framework for driver PreFork handler  
Eric Blake 已提交
147 148 
    virSecurityDriverPreFork preFork;
M
security driver: Introduce transaction APIs  
Michal Privoznik 已提交
149 150 151 152 
    virSecurityDriverTransactionStart transactionStart;
    virSecurityDriverTransactionCommit transactionCommit;
    virSecurityDriverTransactionAbort transactionAbort;
D
Improve security label error reporting & verification (Dan Walsh)  
Daniel P. Berrange 已提交
153 
    virSecurityDomainSecurityVerify domainSecurityVerify;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
154
P
security: Rename virSecurityManagerSetImageLabel to *Disk*  
Peter Krempa 已提交
155 
    virSecurityDomainSetDiskLabel domainSetSecurityDiskLabel;
P
security: Rename virSecurityManagerRestoreImageLabel to *Disk*  
Peter Krempa 已提交
156 
    virSecurityDomainRestoreDiskLabel domainRestoreSecurityDiskLabel;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
157
P
security: Introduce APIs to label single images  
Peter Krempa 已提交
158 159 160 
    virSecurityDomainSetImageLabel domainSetSecurityImageLabel;
    virSecurityDomainRestoreImageLabel domainRestoreSecurityImageLabel;
M
security: Introduce internal APIs for memdev labelling  
Michal Privoznik 已提交
161 162 163 
    virSecurityDomainSetMemoryLabel domainSetSecurityMemoryLabel;
    virSecurityDomainRestoreMemoryLabel domainRestoreSecurityMemoryLabel;
J
security: Rename SetSocketLabel APIs to SetDaemonSocketLabel  
Jiri Denemark 已提交
164 
    virSecurityDomainSetDaemonSocketLabel domainSetSecurityDaemonSocketLabel;
J
security: Introduce SetSocketLabel  
Jiri Denemark 已提交
165 
    virSecurityDomainSetSocketLabel domainSetSecuritySocketLabel;
D
Add support for setting socket MLS level in SELinux driver  
Daniel J Walsh 已提交
166 
    virSecurityDomainClearSocketLabel domainClearSecuritySocketLabel;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
167
D
Core internal driver stub for sVirt support (Jams Morris & Dan Walsh)  
Daniel P. Berrange 已提交
168 
    virSecurityDomainGenLabel domainGenSecurityLabel;
D
Fix re-detection of transient VMs after libvirtd restart  
Daniel P. Berrange 已提交
169 
    virSecurityDomainReserveLabel domainReserveSecurityLabel;
D
Refactor setup & cleanup of security labels in security driver  
Daniel P. Berrange 已提交
170 
    virSecurityDomainReleaseLabel domainReleaseSecurityLabel;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
171
D
Refactor setup & cleanup of security labels in security driver  
Daniel P. Berrange 已提交
172 173 
    virSecurityDomainGetProcessLabel domainGetSecurityProcessLabel;
    virSecurityDomainSetProcessLabel domainSetSecurityProcessLabel;
L
security: add new virSecurityManagerSetChildProcessLabel API  
Laine Stump 已提交
174 
    virSecurityDomainSetChildProcessLabel domainSetSecurityChildProcessLabel;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
175
D
Refactor setup & cleanup of security labels in security driver  
Daniel P. Berrange 已提交
176 177 
    virSecurityDomainSetAllLabel domainSetSecurityAllLabel;
    virSecurityDomainRestoreAllLabel domainRestoreSecurityAllLabel;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
178
D
Support relabelling of USB and PCI devices  
Daniel P. Berrange 已提交
179 
    virSecurityDomainSetHostdevLabel domainSetSecurityHostdevLabel;
D
Refactor the security drivers to simplify usage  
Daniel P. Berrange 已提交
180 181 
    virSecurityDomainRestoreHostdevLabel domainRestoreSecurityHostdevLabel;
D
Fix save and restore with non-privileged guests and SELinux  
Daniel P. Berrange 已提交
182 183 
    virSecurityDomainSetSavedStateLabel domainSetSavedStateLabel;
    virSecurityDomainRestoreSavedStateLabel domainRestoreSavedStateLabel;
L
Add a function to the security driver API that sets the label of an open fd.  
Laine Stump 已提交
184
D
Rename virSecurityManagerSetFDLabel method  
Daniel P. Berrange 已提交
185 
    virSecurityDomainSetImageFDLabel domainSetSecurityImageFDLabel;
G
selinux: add security selinux function to label tapfd  
Guannan Ren 已提交
186 
    virSecurityDomainSetTapFDLabel domainSetSecurityTapFDLabel;
D
Add security driver APIs for getting mount options  
Daniel Walsh 已提交
187 188 

    virSecurityDomainGetMountOptions domainGetSecurityMountOptions;
G
security: add new internal function "virSecurityManagerGetBaseLabel"  
Giuseppe Scrivano 已提交
189 190 

    virSecurityDriverGetBaseLabel getBaseLabel;
M
security: Add virSecurityDomainSetDirLabel  
Martin Kletzander 已提交
191
M
security: Rename DomainSetDirLabel to DomainSetPathLabel  
Martin Kletzander 已提交
192 
    virSecurityDomainSetPathLabel domainSetPathLabel;
D
Core internal driver stub for sVirt support (Jams Morris & Dan Walsh)  
Daniel P. Berrange 已提交
193 194 
};
D
Pass the virt driver name into security drivers  
Daniel Walsh 已提交
195 196 
virSecurityDriverPtr virSecurityDriverLookup(const char *name,
                                             const char *virtDriver);
D
Core internal driver stub for sVirt support (Jams Morris & Dan Walsh)  
Daniel P. Berrange 已提交
197 198 

#endif /* __VIR_SECURITY_H__ */