diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 054c0749d239ab1a56f376a54c9080c3b033192e..81fc7769b6aacde366bdb2b1028210b99c29c729 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -848,7 +848,7 @@ virSecurityManagerRestoreAllLabel; virSecurityManagerRestoreHostdevLabel; virSecurityManagerRestoreSavedStateLabel; virSecurityManagerSetAllLabel; -virSecurityManagerSetFDLabel; +virSecurityManagerSetImageFDLabel; virSecurityManagerSetImageLabel; virSecurityManagerSetHostdevLabel; virSecurityManagerSetProcessLabel; diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index ca4a8848bd5f96e6b81b2d757b798d7114d02ee9..800b714c0436c3c6ec25993821574e4d818bd85e 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -2688,8 +2688,8 @@ qemuMigrationToFile(struct qemud_driver *driver, virDomainObjPtr vm, * doesn't have to open() the file, so while we still have to * grant SELinux access, we can do it on fd and avoid cleanup * later, as well as skip futzing with cgroup. */ - if (virSecurityManagerSetFDLabel(driver->securityManager, vm, - compressor ? pipeFD[1] : fd) < 0) + if (virSecurityManagerSetImageFDLabel(driver->securityManager, vm, + compressor ? pipeFD[1] : fd) < 0) goto cleanup; bypassSecurityDriver = true; } else { diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 6c2492a6c7b88bc471c2f97fd44dc570fae7cf33..6f5f581a5f3c6d4e41950d6372e01d3ecc730f34 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -2641,7 +2641,7 @@ int qemuProcessStart(virConnectPtr conn, goto cleanup; } if (S_ISFIFO(stdin_sb.st_mode) && - virSecurityManagerSetFDLabel(driver->securityManager, vm, stdin_fd) < 0) + virSecurityManagerSetImageFDLabel(driver->securityManager, vm, stdin_fd) < 0) goto cleanup; } diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c index aebf44ed0a4fd84bdd189050eb2113199a0c0c04..02ed864dff3a0058b14ac3045281c805f0f69b12 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -759,9 +759,9 @@ AppArmorRestoreSavedStateLabel(virSecurityManagerPtr mgr, } static int -AppArmorSetFDLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, - int fd) +AppArmorSetImageFDLabel(virSecurityManagerPtr mgr, + virDomainObjPtr vm, + int fd) { int rc = -1; char *proc = NULL; @@ -820,5 +820,5 @@ virSecurityDriver virAppArmorSecurityDriver = { AppArmorSetSavedStateLabel, AppArmorRestoreSavedStateLabel, - AppArmorSetFDLabel, + AppArmorSetImageFDLabel, }; diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 24b50e6ecb5e21dd2f2aa0c7863088c824fc7489..49bba5cbed428e2c9f209908ad55e1cacca6b5ec 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -682,9 +682,9 @@ virSecurityDACClearSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, } static int -virSecurityDACSetFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED, - int fd ATTRIBUTE_UNUSED) +virSecurityDACSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, + virDomainObjPtr vm ATTRIBUTE_UNUSED, + int fd ATTRIBUTE_UNUSED) { return 0; } @@ -725,5 +725,5 @@ virSecurityDriver virSecurityDriverDAC = { virSecurityDACSetSavedStateLabel, virSecurityDACRestoreSavedStateLabel, - virSecurityDACSetFDLabel, + virSecurityDACSetImageFDLabel, }; diff --git a/src/security/security_driver.h b/src/security/security_driver.h index 42dfcb83838fd7765ceb4b954b5f207b623f6799..6c6db3e423f8ce269d4d4461dab75b1da056277d 100644 --- a/src/security/security_driver.h +++ b/src/security/security_driver.h @@ -79,9 +79,9 @@ typedef int (*virSecurityDomainSetProcessLabel) (virSecurityManagerPtr mgr, virDomainObjPtr vm); typedef int (*virSecurityDomainSecurityVerify) (virSecurityManagerPtr mgr, virDomainDefPtr def); -typedef int (*virSecurityDomainSetFDLabel) (virSecurityManagerPtr mgr, - virDomainObjPtr vm, - int fd); +typedef int (*virSecurityDomainSetImageFDLabel) (virSecurityManagerPtr mgr, + virDomainObjPtr vm, + int fd); struct _virSecurityDriver { size_t privateDataLen; @@ -117,7 +117,7 @@ struct _virSecurityDriver { virSecurityDomainSetSavedStateLabel domainSetSavedStateLabel; virSecurityDomainRestoreSavedStateLabel domainRestoreSavedStateLabel; - virSecurityDomainSetFDLabel domainSetSecurityFDLabel; + virSecurityDomainSetImageFDLabel domainSetSecurityImageFDLabel; }; virSecurityDriverPtr virSecurityDriverLookup(const char *name); diff --git a/src/security/security_manager.c b/src/security/security_manager.c index 6f0becdb78cf3d7ebe6e06876713375dbd026cff..04159f4b19b2bae1da66d455aba1f3e46108783f 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -326,12 +326,12 @@ int virSecurityManagerVerify(virSecurityManagerPtr mgr, return -1; } -int virSecurityManagerSetFDLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, - int fd) +int virSecurityManagerSetImageFDLabel(virSecurityManagerPtr mgr, + virDomainObjPtr vm, + int fd) { - if (mgr->drv->domainSetSecurityFDLabel) - return mgr->drv->domainSetSecurityFDLabel(mgr, vm, fd); + if (mgr->drv->domainSetSecurityImageFDLabel) + return mgr->drv->domainSetSecurityImageFDLabel(mgr, vm, fd); virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); return -1; diff --git a/src/security/security_manager.h b/src/security/security_manager.h index 8d7c220b0088e29f89bed4e1a61e31afa34d071c..581957c2966290ddb7da632b35619f181f14d9b2 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -91,8 +91,8 @@ int virSecurityManagerSetProcessLabel(virSecurityManagerPtr mgr, virDomainObjPtr vm); int virSecurityManagerVerify(virSecurityManagerPtr mgr, virDomainDefPtr def); -int virSecurityManagerSetFDLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, - int fd); +int virSecurityManagerSetImageFDLabel(virSecurityManagerPtr mgr, + virDomainObjPtr vm, + int fd); #endif /* VIR_SECURITY_MANAGER_H__ */ diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 0ce999f9fec1ec4269d8c5a49a053f6147ccded9..dc92ce6782ae784b589aaea1617a419ebd50bb13 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1209,9 +1209,9 @@ SELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr, } static int -SELinuxSetFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm, - int fd) +SELinuxSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, + virDomainObjPtr vm, + int fd) { const virSecurityLabelDefPtr secdef = &vm->def->seclabel; @@ -1255,5 +1255,5 @@ virSecurityDriver virSecurityDriverSELinux = { SELinuxSetSavedStateLabel, SELinuxRestoreSavedStateLabel, - SELinuxSetFDLabel, + SELinuxSetImageFDLabel, }; diff --git a/src/security/security_stack.c b/src/security/security_stack.c index 64f745af887b5eed4118b1afe1363e2c9bca4cd5..bec16264981495abc121d3f19e4618f248440b50 100644 --- a/src/security/security_stack.c +++ b/src/security/security_stack.c @@ -370,16 +370,16 @@ virSecurityStackClearSocketLabel(virSecurityManagerPtr mgr, } static int -virSecurityStackSetFDLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, - int fd) +virSecurityStackSetImageFDLabel(virSecurityManagerPtr mgr, + virDomainObjPtr vm, + int fd) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); int rc = 0; - if (virSecurityManagerSetFDLabel(priv->secondary, vm, fd) < 0) + if (virSecurityManagerSetImageFDLabel(priv->secondary, vm, fd) < 0) rc = -1; - if (virSecurityManagerSetFDLabel(priv->primary, vm, fd) < 0) + if (virSecurityManagerSetImageFDLabel(priv->primary, vm, fd) < 0) rc = -1; return rc; @@ -420,5 +420,5 @@ virSecurityDriver virSecurityDriverStack = { virSecurityStackSetSavedStateLabel, virSecurityStackRestoreSavedStateLabel, - virSecurityStackSetFDLabel, + virSecurityStackSetImageFDLabel, };