security: Allow 'remember' to be set for HostdevLabelHelper

There is a case in which we do not want 'remember' to be set to true in SetOwnership() calls inside the HostdevLabelHelper() functions of both DAC and SELinux drivers. Next patch will explain and handle that scenario. For now, let's make virSecurityDACSetOwnership() and virSecuritySELinuxSetHostdevLabelHelper() accept a 'remember' flag, which will be used to set the 'remember' parameter of their respective SetOwnership() calls. No functional change is made. Signed-off-by: N Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: N Michal Privoznik <mprivozn@redhat.com>

security: Allow 'remember' to be set for HostdevLabelHelper
There is a case in which we do not want 'remember' to be set to true in SetOwnership() calls inside the HostdevLabelHelper() functions of both DAC and SELinux drivers. Next patch will explain and handle that scenario. For now, let's make virSecurityDACSetOwnership() and virSecuritySELinuxSetHostdevLabelHelper() accept a 'remember' flag, which will be used to set the 'remember' parameter of their respective SetOwnership() calls. No functional change is made. Signed-off-by: N Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: N Michal Privoznik <mprivozn@redhat.com>
09804edd · Daniel Henrique Barboza · Michal Privoznik · 5b971b0f · 09804edd · 09804edd
隐藏空白更改
内联并排

Showing with 15 addition and 12 deletion

src/security/security_dac.c src/security/security_dac.c +7 -6

src/security/security_selinux.c src/security/security_selinux.c +8 -6

未找到文件。
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1144,6 +1144,7 @@ virSecurityDACMoveImageMetadata(virSecurityManagerPtr mgr,

 static int
 virSecurityDACSetHostdevLabelHelper(const char *file,
+                                    bool remember,
                                    void *opaque)
 {
    virSecurityDACCallbackDataPtr cbdata = opaque;
@@ -1156,7 +1157,7 @@ virSecurityDACSetHostdevLabelHelper(const char *file,
    if (virSecurityDACGetIds(secdef, priv, &user, &group, NULL, NULL) < 0)
        return -1;

-    return virSecurityDACSetOwnership(mgr, NULL, file, user, group, true);
+    return virSecurityDACSetOwnership(mgr, NULL, file, user, group, remember);
 }


@@ -1165,7 +1166,7 @@ virSecurityDACSetPCILabel(virPCIDevicePtr dev G_GNUC_UNUSED,
                          const char *file,
                          void *opaque)
 {
-    return virSecurityDACSetHostdevLabelHelper(file, opaque);
+    return virSecurityDACSetHostdevLabelHelper(file, true, opaque);
 }


@@ -1174,7 +1175,7 @@ virSecurityDACSetUSBLabel(virUSBDevicePtr dev G_GNUC_UNUSED,
                          const char *file,
                          void *opaque)
 {
-    return virSecurityDACSetHostdevLabelHelper(file, opaque);
+    return virSecurityDACSetHostdevLabelHelper(file, true, opaque);
 }


@@ -1183,7 +1184,7 @@ virSecurityDACSetSCSILabel(virSCSIDevicePtr dev G_GNUC_UNUSED,
                           const char *file,
                           void *opaque)
 {
-    return virSecurityDACSetHostdevLabelHelper(file, opaque);
+    return virSecurityDACSetHostdevLabelHelper(file, true, opaque);
 }


@@ -1192,7 +1193,7 @@ virSecurityDACSetHostLabel(virSCSIVHostDevicePtr dev G_GNUC_UNUSED,
                           const char *file,
                           void *opaque)
 {
-    return virSecurityDACSetHostdevLabelHelper(file, opaque);
+    return virSecurityDACSetHostdevLabelHelper(file, true, opaque);
 }


@@ -1312,7 +1313,7 @@ virSecurityDACSetHostdevLabel(virSecurityManagerPtr mgr,
        if (!(vfiodev = virMediatedDeviceGetIOMMUGroupDev(mdevsrc->uuidstr)))
            return -1;

-        ret = virSecurityDACSetHostdevLabelHelper(vfiodev, &cbdata);
+        ret = virSecurityDACSetHostdevLabelHelper(vfiodev, true, &cbdata);

        VIR_FREE(vfiodev);
        break;

--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2001,7 +2001,9 @@ virSecuritySELinuxMoveImageMetadata(virSecurityManagerPtr mgr,


 static int
-virSecuritySELinuxSetHostdevLabelHelper(const char *file, void *opaque)
+virSecuritySELinuxSetHostdevLabelHelper(const char *file,
+                                        bool remember,
+                                        void *opaque)
 {
    virSecurityLabelDefPtr secdef;
    virSecuritySELinuxCallbackDataPtr data = opaque;
@@ -2011,21 +2013,21 @@ virSecuritySELinuxSetHostdevLabelHelper(const char *file, void *opaque)
    secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
    if (secdef == NULL)
        return 0;
-    return virSecuritySELinuxSetFilecon(mgr, file, secdef->imagelabel, true);
+    return virSecuritySELinuxSetFilecon(mgr, file, secdef->imagelabel, remember);
 }

 static int
 virSecuritySELinuxSetPCILabel(virPCIDevicePtr dev G_GNUC_UNUSED,
                              const char *file, void *opaque)
 {
-    return virSecuritySELinuxSetHostdevLabelHelper(file, opaque);
+    return virSecuritySELinuxSetHostdevLabelHelper(file, true, opaque);
 }

 static int
 virSecuritySELinuxSetUSBLabel(virUSBDevicePtr dev G_GNUC_UNUSED,
                              const char *file, void *opaque)
 {
-    return virSecuritySELinuxSetHostdevLabelHelper(file, opaque);
+    return virSecuritySELinuxSetHostdevLabelHelper(file, true, opaque);
 }

 static int
@@ -2056,7 +2058,7 @@ static int
 virSecuritySELinuxSetHostLabel(virSCSIVHostDevicePtr dev G_GNUC_UNUSED,
                               const char *file, void *opaque)
 {
-    return virSecuritySELinuxSetHostdevLabelHelper(file, opaque);
+    return virSecuritySELinuxSetHostdevLabelHelper(file, true, opaque);
 }


@@ -2164,7 +2166,7 @@ virSecuritySELinuxSetHostdevSubsysLabel(virSecurityManagerPtr mgr,
        if (!(vfiodev = virMediatedDeviceGetIOMMUGroupDev(mdevsrc->uuidstr)))
            return ret;

-        ret = virSecuritySELinuxSetHostdevLabelHelper(vfiodev, &data);
+        ret = virSecuritySELinuxSetHostdevLabelHelper(vfiodev, true, &data);

        VIR_FREE(vfiodev);
        break;