Skip to content

L
libvirt

openeuler / libvirt

通知 3
Star 0
Fork 0
L
libvirt

体验新版 GitCode,发现更多精彩内容 >>

提交 307fb904 编写于 作者: M Michal Privoznik
2 浏览文件
操作

virSecurityManager: Track if running as privileged 

We may want to do some decisions in drivers based on fact if we
are running as privileged user or not. Propagate this info there.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
上级 276c4091
隐藏空白更改
内联 并排
Showing with 38 addition and 16 deletion
src/lxc/lxc_controller.c
浏览文件 @ 307fb904
......@@ -2646,7 +2646,7 @@ int main(int argc, char *argv[])
if (!(ctrl->securityManager = virSecurityManagerNew(securityDriver,
LXC_DRIVER_NAME,
false, false, false)))
false, false, false, false)))
goto cleanup;
if (ctrl->def->seclabels) {
......
src/lxc/lxc_driver.c
浏览文件 @ 307fb904
......@@ -1558,7 +1558,8 @@ lxcSecurityInit(virLXCDriverConfigPtr cfg)
LXC_DRIVER_NAME,
false,
cfg->securityDefaultConfined,
cfg->securityRequireConfined);
cfg->securityRequireConfined,
true);
if (!mgr)
goto error;
......
src/qemu/qemu_driver.c
浏览文件 @ 307fb904
......@@ -398,7 +398,8 @@ qemuSecurityInit(virQEMUDriverPtr driver)
QEMU_DRIVER_NAME,
cfg->allowDiskFormatProbing,
cfg->securityDefaultConfined,
cfg->securityRequireConfined)))
cfg->securityRequireConfined,
virQEMUDriverIsPrivileged(driver))))
goto error;
if (!stack) {
if (!(stack = virSecurityManagerNewStack(mgr)))
......@@ -415,7 +416,8 @@ qemuSecurityInit(virQEMUDriverPtr driver)
QEMU_DRIVER_NAME,
cfg->allowDiskFormatProbing,
cfg->securityDefaultConfined,
cfg->securityRequireConfined)))
cfg->securityRequireConfined,
virQEMUDriverIsPrivileged(driver))))
goto error;
if (!(stack = virSecurityManagerNewStack(mgr)))
goto error;
......@@ -429,6 +431,7 @@ qemuSecurityInit(virQEMUDriverPtr driver)
cfg->allowDiskFormatProbing,
cfg->securityDefaultConfined,
cfg->securityRequireConfined,
virQEMUDriverIsPrivileged(driver),
cfg->dynamicOwnership,
qemuSecurityChownCallback)))
goto error;
......
src/security/security_manager.c
浏览文件 @ 307fb904
......@@ -40,6 +40,7 @@ struct _virSecurityManager {
bool allowDiskFormatProbing;
bool defaultConfined;
bool requireConfined;
bool privileged;
const char *virtDriver;
void *privateData;
};
......@@ -78,7 +79,8 @@ virSecurityManagerNewDriver(virSecurityDriverPtr drv,
const char *virtDriver,
bool allowDiskFormatProbing,
bool defaultConfined,
bool requireConfined)
bool requireConfined,
bool privileged)
{
virSecurityManagerPtr mgr;
char *privateData;
......@@ -87,10 +89,10 @@ virSecurityManagerNewDriver(virSecurityDriverPtr drv,
return NULL;
VIR_DEBUG("drv=%p (%s) virtDriver=%s allowDiskFormatProbing=%d "
"defaultConfined=%d requireConfined=%d",
"defaultConfined=%d requireConfined=%d privileged=%d",
drv, drv->name, virtDriver,
allowDiskFormatProbing, defaultConfined,
requireConfined);
requireConfined, privileged);
if (VIR_ALLOC_N(privateData, drv->privateDataLen) < 0)
return NULL;
......@@ -104,6 +106,7 @@ virSecurityManagerNewDriver(virSecurityDriverPtr drv,
mgr->allowDiskFormatProbing = allowDiskFormatProbing;
mgr->defaultConfined = defaultConfined;
mgr->requireConfined = requireConfined;
mgr->privileged = privileged;
mgr->virtDriver = virtDriver;
mgr->privateData = privateData;
......@@ -124,7 +127,8 @@ virSecurityManagerNewStack(virSecurityManagerPtr primary)
virSecurityManagerGetDriver(primary),
virSecurityManagerGetAllowDiskFormatProbing(primary),
virSecurityManagerGetDefaultConfined(primary),
virSecurityManagerGetRequireConfined(primary));
virSecurityManagerGetRequireConfined(primary),
virSecurityManagerGetPrivileged(primary));
if (!mgr)
return NULL;
......@@ -153,6 +157,7 @@ virSecurityManagerNewDAC(const char *virtDriver,
bool defaultConfined,
bool requireConfined,
bool dynamicOwnership,
bool privileged,
virSecurityManagerDACChownCallback chownCallback)
{
virSecurityManagerPtr mgr =
......@@ -160,7 +165,8 @@ virSecurityManagerNewDAC(const char *virtDriver,
virtDriver,
allowDiskFormatProbing,
defaultConfined,
requireConfined);
requireConfined,
privileged);
if (!mgr)
return NULL;
......@@ -182,7 +188,8 @@ virSecurityManagerNew(const char *name,
const char *virtDriver,
bool allowDiskFormatProbing,
bool defaultConfined,
bool requireConfined)
bool requireConfined,
bool privileged)
{
virSecurityDriverPtr drv = virSecurityDriverLookup(name, virtDriver);
if (!drv)
......@@ -212,7 +219,8 @@ virSecurityManagerNew(const char *name,
virtDriver,
allowDiskFormatProbing,
defaultConfined,
requireConfined);
requireConfined,
privileged);
}
......@@ -333,6 +341,13 @@ virSecurityManagerGetRequireConfined(virSecurityManagerPtr mgr)
}
bool
virSecurityManagerGetPrivileged(virSecurityManagerPtr mgr)
{
return mgr->privileged;
}
/**
* virSecurityManagerRestoreDiskLabel:
* @mgr: security manager object
......
src/security/security_manager.h
浏览文件 @ 307fb904
......@@ -34,7 +34,8 @@ virSecurityManagerPtr virSecurityManagerNew(const char *name,
const char *virtDriver,
bool allowDiskFormatProbing,
bool defaultConfined,
bool requireConfined);
bool requireConfined,
bool privileged);
virSecurityManagerPtr virSecurityManagerNewStack(virSecurityManagerPtr primary);
int virSecurityManagerStackAddNested(virSecurityManagerPtr stack,
......@@ -62,6 +63,7 @@ virSecurityManagerPtr virSecurityManagerNewDAC(const char *virtDriver,
bool defaultConfined,
bool requireConfined,
bool dynamicOwnership,
bool privileged,
virSecurityManagerDACChownCallback chownCallback);
int virSecurityManagerPreFork(virSecurityManagerPtr mgr);
......@@ -77,6 +79,7 @@ const char *virSecurityManagerGetBaseLabel(virSecurityManagerPtr mgr, int virtTy
bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr);
bool virSecurityManagerGetDefaultConfined(virSecurityManagerPtr mgr);
bool virSecurityManagerGetRequireConfined(virSecurityManagerPtr mgr);
bool virSecurityManagerGetPrivileged(virSecurityManagerPtr mgr);
int virSecurityManagerRestoreDiskLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
......
tests/qemuhotplugtest.c
浏览文件 @ 307fb904
......@@ -361,7 +361,7 @@ mymain(void)
if (!driver.lockManager)
return EXIT_FAILURE;
if (!(mgr = virSecurityManagerNew("none", "qemu", false, false, false)))
if (!(mgr = virSecurityManagerNew("none", "qemu", false, false, false, true)))
return EXIT_FAILURE;
if (!(driver.securityManager = virSecurityManagerNewStack(mgr)))
return EXIT_FAILURE;
......
tests/seclabeltest.c
浏览文件 @ 307fb904
......@@ -17,7 +17,7 @@ main(int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED)
if (virThreadInitialize() < 0)
return EXIT_FAILURE;
mgr = virSecurityManagerNew(NULL, "QEMU", false, true, false);
mgr = virSecurityManagerNew(NULL, "QEMU", false, true, false, false);
if (mgr == NULL) {
fprintf(stderr, "Failed to start security driver");
return EXIT_FAILURE;
......
tests/securityselinuxlabeltest.c
浏览文件 @ 307fb904
......@@ -351,7 +351,7 @@ mymain(void)
if (!rc)
return EXIT_AM_SKIP;
if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false))) {
if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false, true))) {
virErrorPtr err = virGetLastError();
VIR_TEST_VERBOSE("Unable to initialize security driver: %s\n",
err->message);
......
tests/securityselinuxtest.c
浏览文件 @ 307fb904
......@@ -272,7 +272,7 @@ mymain(void)
int ret = 0;
virSecurityManagerPtr mgr;
if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false))) {
if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false, true))) {
virErrorPtr err = virGetLastError();
fprintf(stderr, "Unable to initialize security driver: %s\n",
err->message);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册