security: introduce virSecurityManager(Set|Restore)ChardevLabel

SELinux and DAC drivers already have both functions but they were not exported as public API of security manager. Signed-off-by: N Pavel Hrdina <phrdina@redhat.com>

security: introduce virSecurityManager(Set|Restore)ChardevLabel
SELinux and DAC drivers already have both functions but they were not exported as public API of security manager. Signed-off-by: N Pavel Hrdina <phrdina@redhat.com>
1b4f66ec · Pavel Hrdina · f28ed2e9 · 1b4f66ec · 1b4f66ec · 1b4f66ec
8 changed file
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1276,6 +1276,7 @@ virSecurityManagerPreFork;
 virSecurityManagerReleaseLabel;
 virSecurityManagerReserveLabel;
 virSecurityManagerRestoreAllLabel;
+virSecurityManagerRestoreChardevLabel;
 virSecurityManagerRestoreDiskLabel;
 virSecurityManagerRestoreHostdevLabel;
 virSecurityManagerRestoreImageLabel;
@@ -1283,6 +1284,7 @@ virSecurityManagerRestoreInputLabel;
 virSecurityManagerRestoreMemoryLabel;
 virSecurityManagerRestoreSavedStateLabel;
 virSecurityManagerSetAllLabel;
+virSecurityManagerSetChardevLabel;
 virSecurityManagerSetChildProcessLabel;
 virSecurityManagerSetDaemonSocketLabel;
 virSecurityManagerSetDiskLabel;

--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -2155,4 +2155,7 @@ virSecurityDriver virSecurityDriverDAC = {
    .getBaseLabel                       = virSecurityDACGetBaseLabel,

    .domainSetPathLabel                 = virSecurityDACDomainSetPathLabel,
+
+    .domainSetSecurityChardevLabel      = virSecurityDACSetChardevLabel,
+    .domainRestoreSecurityChardevLabel  = virSecurityDACRestoreChardevLabel,
 };
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -140,6 +140,14 @@ typedef int (*virSecurityDomainRestoreInputLabel) (virSecurityManagerPtr mgr,
 typedef int (*virSecurityDomainSetPathLabel) (virSecurityManagerPtr mgr,
                                              virDomainDefPtr def,
                                              const char *path);
+typedef int (*virSecurityDomainSetChardevLabel) (virSecurityManagerPtr mgr,
+                                                 virDomainDefPtr def,
+                                                 virDomainChrSourceDefPtr dev_source,
+                                                 bool chardevStdioLogd);
+typedef int (*virSecurityDomainRestoreChardevLabel) (virSecurityManagerPtr mgr,
+                                                     virDomainDefPtr def,
+                                                     virDomainChrSourceDefPtr dev_source,
+                                                     bool chardevStdioLogd);


 struct _virSecurityDriver {
@@ -201,6 +209,9 @@ struct _virSecurityDriver {
    virSecurityDriverGetBaseLabel getBaseLabel;

    virSecurityDomainSetPathLabel domainSetPathLabel;
+
+    virSecurityDomainSetChardevLabel domainSetSecurityChardevLabel;
+    virSecurityDomainRestoreChardevLabel domainRestoreSecurityChardevLabel;
 };

 virSecurityDriverPtr virSecurityDriverLookup(const char *name,

--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -1152,3 +1152,43 @@ virSecurityManagerRestoreInputLabel(virSecurityManagerPtr mgr,
    virReportUnsupportedError();
    return -1;
 }
+
+
+int
+virSecurityManagerSetChardevLabel(virSecurityManagerPtr mgr,
+                                  virDomainDefPtr def,
+                                  virDomainChrSourceDefPtr dev_source,
+                                  bool chardevStdioLogd)
+{
+    if (mgr->drv->domainSetSecurityChardevLabel) {
+        int ret;
+        virObjectLock(mgr);
+        ret = mgr->drv->domainSetSecurityChardevLabel(mgr, def, dev_source,
+                                                      chardevStdioLogd);
+        virObjectUnlock(mgr);
+        return ret;
+    }
+
+    virReportUnsupportedError();
+    return -1;
+}
+
+
+int
+virSecurityManagerRestoreChardevLabel(virSecurityManagerPtr mgr,
+                                      virDomainDefPtr def,
+                                      virDomainChrSourceDefPtr dev_source,
+                                      bool chardevStdioLogd)
+{
+    if (mgr->drv->domainRestoreSecurityChardevLabel) {
+        int ret;
+        virObjectLock(mgr);
+        ret = mgr->drv->domainRestoreSecurityChardevLabel(mgr, def, dev_source,
+                                                          chardevStdioLogd);
+        virObjectUnlock(mgr);
+        return ret;
+    }
+
+    virReportUnsupportedError();
+    return -1;
+}
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -184,4 +184,14 @@ int virSecurityManagerDomainSetPathLabel(virSecurityManagerPtr mgr,
                                         virDomainDefPtr vm,
                                         const char *path);

+int virSecurityManagerSetChardevLabel(virSecurityManagerPtr mgr,
+                                      virDomainDefPtr def,
+                                      virDomainChrSourceDefPtr dev_source,
+                                      bool chardevStdioLogd);
+
+int virSecurityManagerRestoreChardevLabel(virSecurityManagerPtr mgr,
+                                          virDomainDefPtr def,
+                                          virDomainChrSourceDefPtr dev_source,
+                                          bool chardevStdioLogd);
+
 #endif /* VIR_SECURITY_MANAGER_H__ */
--- a/src/security/security_nop.c
+++ b/src/security/security_nop.c
@@ -262,6 +262,23 @@ virSecurityDomainInputLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
    return 0;
 }

+static int
+virSecurityDomainSetChardevLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+                                    virDomainDefPtr def ATTRIBUTE_UNUSED,
+                                    virDomainChrSourceDefPtr dev_source ATTRIBUTE_UNUSED,
+                                    bool chardevStdioLogd ATTRIBUTE_UNUSED)
+{
+    return 0;
+}
+
+static int
+virSecurityDomainRestoreChardevLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+                                        virDomainDefPtr def ATTRIBUTE_UNUSED,
+                                        virDomainChrSourceDefPtr dev_source ATTRIBUTE_UNUSED,
+                                        bool chardevStdioLogd ATTRIBUTE_UNUSED)
+{
+    return 0;
+}

 virSecurityDriver virSecurityDriverNop = {
    .privateDataLen                     = 0,
@@ -314,4 +331,7 @@ virSecurityDriver virSecurityDriverNop = {
    .domainGetSecurityMountOptions      = virSecurityDomainGetMountOptionsNop,

    .getBaseLabel                       = virSecurityGetBaseLabel,
+
+    .domainSetSecurityChardevLabel      = virSecurityDomainSetChardevLabelNop,
+    .domainRestoreSecurityChardevLabel  = virSecurityDomainRestoreChardevLabelNop,
 };
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -3095,4 +3095,7 @@ virSecurityDriver virSecurityDriverSELinux = {
    .getBaseLabel                       = virSecuritySELinuxGetBaseLabel,

    .domainSetPathLabel                 = virSecuritySELinuxDomainSetPathLabel,
+
+    .domainSetSecurityChardevLabel      = virSecuritySELinuxSetChardevLabel,
+    .domainRestoreSecurityChardevLabel  = virSecuritySELinuxRestoreChardevLabel,
 };
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -719,6 +719,46 @@ virSecurityStackDomainSetPathLabel(virSecurityManagerPtr mgr,
    return rc;
 }

+static int
+virSecurityStackDomainSetChardevLabel(virSecurityManagerPtr mgr,
+                                      virDomainDefPtr def,
+                                      virDomainChrSourceDefPtr dev_source,
+                                      bool chardevStdioLogd)
+{
+    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+    virSecurityStackItemPtr item = priv->itemsHead;
+    int rc = 0;
+
+    for (; item; item = item->next) {
+        if (virSecurityManagerSetChardevLabel(item->securityManager,
+                                              def, dev_source,
+                                              chardevStdioLogd) < 0)
+            rc = -1;
+    }
+
+    return rc;
+}
+
+static int
+virSecurityStackDomainRestoreChardevLabel(virSecurityManagerPtr mgr,
+                                          virDomainDefPtr def,
+                                          virDomainChrSourceDefPtr dev_source,
+                                          bool chardevStdioLogd)
+{
+    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+    virSecurityStackItemPtr item = priv->itemsHead;
+    int rc = 0;
+
+    for (; item; item = item->next) {
+        if (virSecurityManagerRestoreChardevLabel(item->securityManager,
+                                                  def, dev_source,
+                                                  chardevStdioLogd) < 0)
+            rc = -1;
+    }
+
+    return rc;
+}
+
 virSecurityDriver virSecurityDriverStack = {
    .privateDataLen                     = sizeof(virSecurityStackData),
    .name                               = "stack",
@@ -778,4 +818,7 @@ virSecurityDriver virSecurityDriverStack = {
    .getBaseLabel                       = virSecurityStackGetBaseLabel,

    .domainSetPathLabel                 = virSecurityStackDomainSetPathLabel,
+
+    .domainSetSecurityChardevLabel      = virSecurityStackDomainSetChardevLabel,
+    .domainRestoreSecurityChardevLabel  = virSecurityStackDomainRestoreChardevLabel,
 };