提交 458d0a8c 编写于 作者: M Michal Privoznik

security: Pass @migrated to virSecurityManagerSetAllLabel

In upcoming commits, virSecurityManagerSetAllLabel() will perform
rollback in case of failure by calling
virSecurityManagerRestoreAllLabel(). But in order to do that, the
former needs to have @migrated argument so that it can be passed
to the latter.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
Reviewed-by: NCole Robinson <crobinso@redhat.com>
上级 27cb4c1a
...@@ -1346,7 +1346,7 @@ int virLXCProcessStart(virConnectPtr conn, ...@@ -1346,7 +1346,7 @@ int virLXCProcessStart(virConnectPtr conn,
VIR_DEBUG("Setting domain security labels"); VIR_DEBUG("Setting domain security labels");
if (virSecurityManagerSetAllLabel(driver->securityManager, if (virSecurityManagerSetAllLabel(driver->securityManager,
vm->def, NULL, false) < 0) vm->def, NULL, false, false) < 0)
goto cleanup; goto cleanup;
VIR_DEBUG("Setting up consoles"); VIR_DEBUG("Setting up consoles");
......
...@@ -6939,7 +6939,8 @@ qemuProcessLaunch(virConnectPtr conn, ...@@ -6939,7 +6939,8 @@ qemuProcessLaunch(virConnectPtr conn,
VIR_DEBUG("Setting domain security labels"); VIR_DEBUG("Setting domain security labels");
if (qemuSecuritySetAllLabel(driver, if (qemuSecuritySetAllLabel(driver,
vm, vm,
incoming ? incoming->path : NULL) < 0) incoming ? incoming->path : NULL,
incoming != NULL) < 0)
goto cleanup; goto cleanup;
/* Security manager labeled all devices, therefore /* Security manager labeled all devices, therefore
......
...@@ -32,7 +32,8 @@ VIR_LOG_INIT("qemu.qemu_process"); ...@@ -32,7 +32,8 @@ VIR_LOG_INIT("qemu.qemu_process");
int int
qemuSecuritySetAllLabel(virQEMUDriverPtr driver, qemuSecuritySetAllLabel(virQEMUDriverPtr driver,
virDomainObjPtr vm, virDomainObjPtr vm,
const char *stdin_path) const char *stdin_path,
bool migrated)
{ {
int ret = -1; int ret = -1;
qemuDomainObjPrivatePtr priv = vm->privateData; qemuDomainObjPrivatePtr priv = vm->privateData;
...@@ -47,7 +48,8 @@ qemuSecuritySetAllLabel(virQEMUDriverPtr driver, ...@@ -47,7 +48,8 @@ qemuSecuritySetAllLabel(virQEMUDriverPtr driver,
if (virSecurityManagerSetAllLabel(driver->securityManager, if (virSecurityManagerSetAllLabel(driver->securityManager,
vm->def, vm->def,
stdin_path, stdin_path,
priv->chardevStdioLogd) < 0) priv->chardevStdioLogd,
migrated) < 0)
goto cleanup; goto cleanup;
if (virSecurityManagerTransactionCommit(driver->securityManager, if (virSecurityManagerTransactionCommit(driver->securityManager,
......
...@@ -26,7 +26,8 @@ ...@@ -26,7 +26,8 @@
int qemuSecuritySetAllLabel(virQEMUDriverPtr driver, int qemuSecuritySetAllLabel(virQEMUDriverPtr driver,
virDomainObjPtr vm, virDomainObjPtr vm,
const char *stdin_path); const char *stdin_path,
bool migrated);
void qemuSecurityRestoreAllLabel(virQEMUDriverPtr driver, void qemuSecurityRestoreAllLabel(virQEMUDriverPtr driver,
virDomainObjPtr vm, virDomainObjPtr vm,
......
...@@ -488,7 +488,8 @@ static int ...@@ -488,7 +488,8 @@ static int
AppArmorSetSecurityAllLabel(virSecurityManagerPtr mgr, AppArmorSetSecurityAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def, virDomainDefPtr def,
const char *stdin_path, const char *stdin_path,
bool chardevStdioLogd ATTRIBUTE_UNUSED) bool chardevStdioLogd ATTRIBUTE_UNUSED,
bool migrated ATTRIBUTE_UNUSED)
{ {
virSecurityLabelDefPtr secdef = virDomainDefGetSecurityLabelDef(def, virSecurityLabelDefPtr secdef = virDomainDefGetSecurityLabelDef(def,
SECURITY_APPARMOR_NAME); SECURITY_APPARMOR_NAME);
......
...@@ -2053,7 +2053,8 @@ static int ...@@ -2053,7 +2053,8 @@ static int
virSecurityDACSetAllLabel(virSecurityManagerPtr mgr, virSecurityDACSetAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def, virDomainDefPtr def,
const char *stdin_path ATTRIBUTE_UNUSED, const char *stdin_path ATTRIBUTE_UNUSED,
bool chardevStdioLogd) bool chardevStdioLogd,
bool migrated ATTRIBUTE_UNUSED)
{ {
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr); virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
virSecurityLabelDefPtr secdef; virSecurityLabelDefPtr secdef;
......
...@@ -83,7 +83,8 @@ typedef int (*virSecurityDomainReleaseLabel) (virSecurityManagerPtr mgr, ...@@ -83,7 +83,8 @@ typedef int (*virSecurityDomainReleaseLabel) (virSecurityManagerPtr mgr,
typedef int (*virSecurityDomainSetAllLabel) (virSecurityManagerPtr mgr, typedef int (*virSecurityDomainSetAllLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr sec, virDomainDefPtr sec,
const char *stdin_path, const char *stdin_path,
bool chardevStdioLogd); bool chardevStdioLogd,
bool migrated);
typedef int (*virSecurityDomainRestoreAllLabel) (virSecurityManagerPtr mgr, typedef int (*virSecurityDomainRestoreAllLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def, virDomainDefPtr def,
bool migrated, bool migrated,
......
...@@ -852,13 +852,15 @@ int ...@@ -852,13 +852,15 @@ int
virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr, virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm, virDomainDefPtr vm,
const char *stdin_path, const char *stdin_path,
bool chardevStdioLogd) bool chardevStdioLogd,
bool migrated)
{ {
if (mgr->drv->domainSetSecurityAllLabel) { if (mgr->drv->domainSetSecurityAllLabel) {
int ret; int ret;
virObjectLock(mgr); virObjectLock(mgr);
ret = mgr->drv->domainSetSecurityAllLabel(mgr, vm, stdin_path, ret = mgr->drv->domainSetSecurityAllLabel(mgr, vm, stdin_path,
chardevStdioLogd); chardevStdioLogd,
migrated);
virObjectUnlock(mgr); virObjectUnlock(mgr);
return ret; return ret;
} }
......
...@@ -121,7 +121,8 @@ int virSecurityManagerCheckAllLabel(virSecurityManagerPtr mgr, ...@@ -121,7 +121,8 @@ int virSecurityManagerCheckAllLabel(virSecurityManagerPtr mgr,
int virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr, int virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr sec, virDomainDefPtr sec,
const char *stdin_path, const char *stdin_path,
bool chardevStdioLogd); bool chardevStdioLogd,
bool migrated);
int virSecurityManagerRestoreAllLabel(virSecurityManagerPtr mgr, int virSecurityManagerRestoreAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def, virDomainDefPtr def,
bool migrated, bool migrated,
......
...@@ -136,7 +136,8 @@ static int ...@@ -136,7 +136,8 @@ static int
virSecurityDomainSetAllLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virSecurityDomainSetAllLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr sec ATTRIBUTE_UNUSED, virDomainDefPtr sec ATTRIBUTE_UNUSED,
const char *stdin_path ATTRIBUTE_UNUSED, const char *stdin_path ATTRIBUTE_UNUSED,
bool chardevStdioLogd ATTRIBUTE_UNUSED) bool chardevStdioLogd ATTRIBUTE_UNUSED,
bool migrated ATTRIBUTE_UNUSED)
{ {
return 0; return 0;
} }
......
...@@ -3133,7 +3133,8 @@ static int ...@@ -3133,7 +3133,8 @@ static int
virSecuritySELinuxSetAllLabel(virSecurityManagerPtr mgr, virSecuritySELinuxSetAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def, virDomainDefPtr def,
const char *stdin_path, const char *stdin_path,
bool chardevStdioLogd) bool chardevStdioLogd,
bool migrated ATTRIBUTE_UNUSED)
{ {
size_t i; size_t i;
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr); virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
......
...@@ -316,7 +316,8 @@ static int ...@@ -316,7 +316,8 @@ static int
virSecurityStackSetAllLabel(virSecurityManagerPtr mgr, virSecurityStackSetAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm, virDomainDefPtr vm,
const char *stdin_path, const char *stdin_path,
bool chardevStdioLogd) bool chardevStdioLogd,
bool migrated)
{ {
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
virSecurityStackItemPtr item = priv->itemsHead; virSecurityStackItemPtr item = priv->itemsHead;
...@@ -324,7 +325,8 @@ virSecurityStackSetAllLabel(virSecurityManagerPtr mgr, ...@@ -324,7 +325,8 @@ virSecurityStackSetAllLabel(virSecurityManagerPtr mgr,
for (; item; item = item->next) { for (; item; item = item->next) {
if (virSecurityManagerSetAllLabel(item->securityManager, vm, if (virSecurityManagerSetAllLabel(item->securityManager, vm,
stdin_path, chardevStdioLogd) < 0) stdin_path, chardevStdioLogd,
migrated) < 0)
rc = -1; rc = -1;
} }
......
...@@ -116,7 +116,7 @@ testDomain(const void *opaque) ...@@ -116,7 +116,7 @@ testDomain(const void *opaque)
if (setenv(ENVVAR, "1", 0) < 0) if (setenv(ENVVAR, "1", 0) < 0)
return -1; return -1;
if (qemuSecuritySetAllLabel(data->driver, vm, NULL) < 0) if (qemuSecuritySetAllLabel(data->driver, vm, NULL, false) < 0)
goto cleanup; goto cleanup;
qemuSecurityRestoreAllLabel(data->driver, vm, false); qemuSecurityRestoreAllLabel(data->driver, vm, false);
......
...@@ -310,7 +310,7 @@ testSELinuxLabeling(const void *opaque) ...@@ -310,7 +310,7 @@ testSELinuxLabeling(const void *opaque)
if (!(def = testSELinuxLoadDef(testname))) if (!(def = testSELinuxLoadDef(testname)))
goto cleanup; goto cleanup;
if (virSecurityManagerSetAllLabel(mgr, def, NULL, false) < 0) if (virSecurityManagerSetAllLabel(mgr, def, NULL, false, false) < 0)
goto cleanup; goto cleanup;
if (testSELinuxCheckLabels(files, nfiles) < 0) if (testSELinuxCheckLabels(files, nfiles) < 0)
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册