• D
    Refactor the security drivers to simplify usage · d6623003
    Daniel P. Berrange 提交于
    The current security driver usage requires horrible code like
    
        if (driver->securityDriver &&
            driver->securityDriver->domainSetSecurityHostdevLabel &&
            driver->securityDriver->domainSetSecurityHostdevLabel(driver->securityDriver,
                                                                  vm, hostdev) < 0)
    
    This pair of checks for NULL clutters up the code, making the driver
    calls 2 lines longer than they really need to be. The goal of the
    patchset is to change the calling convention to simply
    
      if (virSecurityManagerSetHostdevLabel(driver->securityDriver,
                                            vm, hostdev) < 0)
    
    The first check for 'driver->securityDriver' being NULL is removed
    by introducing a 'no op' security driver that will always be present
    if no real driver is enabled. This guarentees driver->securityDriver
    != NULL.
    
    The second check for 'driver->securityDriver->domainSetSecurityHostdevLabel'
    being non-NULL is hidden in a new abstraction called virSecurityManager.
    This separates the driver callbacks, from main internal API. The addition
    of a virSecurityManager object, that is separate from the virSecurityDriver
    struct also allows for security drivers to carry state / configuration
    information directly. Thus the DAC/Stack drivers from src/qemu which
    used to pull config from 'struct qemud_driver' can now be moved into
    the 'src/security' directory and store their config directly.
    
    * src/qemu/qemu_conf.h, src/qemu/qemu_driver.c: Update to
      use new virSecurityManager APIs
    * src/qemu/qemu_security_dac.c,  src/qemu/qemu_security_dac.h
      src/qemu/qemu_security_stacked.c, src/qemu/qemu_security_stacked.h:
      Move into src/security directory
    * src/security/security_stack.c, src/security/security_stack.h,
      src/security/security_dac.c, src/security/security_dac.h: Generic
      versions of previous QEMU specific drivers
    * src/security/security_apparmor.c, src/security/security_apparmor.h,
      src/security/security_driver.c, src/security/security_driver.h,
      src/security/security_selinux.c, src/security/security_selinux.h:
      Update to take virSecurityManagerPtr object as the first param
      in all callbacks
    * src/security/security_nop.c, src/security/security_nop.h: Stub
      implementation of all security driver APIs.
    * src/security/security_manager.h, src/security/security_manager.c:
      New internal API for invoking security drivers
    * src/libvirt.c: Add missing debug for security APIs
    d6623003
security_manager.h 4.6 KB