From 4c85d96f27ad094e8bbba1654663d3f18ba98f77 Mon Sep 17 00:00:00 2001 From: Jiri Denemark Date: Fri, 26 Aug 2011 09:05:57 +0200 Subject: [PATCH] security: Rename SetSocketLabel APIs to SetDaemonSocketLabel The APIs are designed to label a socket in a way that the libvirt daemon itself is able to access it (i.e., in SELinux the label is virtd_t based as opposed to svirt_* we use for labeling resources that need to be accessed by a vm). The new name reflects this. --- src/libvirt_private.syms | 2 +- src/qemu/qemu_process.c | 3 ++- src/security/security_apparmor.c | 6 +++--- src/security/security_dac.c | 6 +++--- src/security/security_driver.h | 6 +++--- src/security/security_manager.c | 8 ++++---- src/security/security_manager.h | 4 ++-- src/security/security_nop.c | 6 +++--- src/security/security_selinux.c | 6 +++--- src/security/security_stack.c | 10 +++++----- 10 files changed, 29 insertions(+), 28 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 0618b4930e..c3e33b4847 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -904,13 +904,13 @@ virSecurityManagerRestoreAllLabel; virSecurityManagerRestoreHostdevLabel; virSecurityManagerRestoreSavedStateLabel; virSecurityManagerSetAllLabel; +virSecurityManagerSetDaemonSocketLabel; virSecurityManagerSetImageFDLabel; virSecurityManagerSetImageLabel; virSecurityManagerSetHostdevLabel; virSecurityManagerSetProcessFDLabel; virSecurityManagerSetProcessLabel; virSecurityManagerSetSavedStateLabel; -virSecurityManagerSetSocketLabel; virSecurityManagerVerify; # sexpr.h diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index f691bbb6eb..58b4d36521 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -821,7 +821,8 @@ qemuConnectMonitor(struct qemud_driver *driver, virDomainObjPtr vm) qemuDomainObjPrivatePtr priv = vm->privateData; int ret = -1; - if (virSecurityManagerSetSocketLabel(driver->securityManager, vm) < 0) { + if (virSecurityManagerSetDaemonSocketLabel(driver->securityManager, + vm) < 0) { VIR_ERROR(_("Failed to set security context for monitor for %s"), vm->def->name); goto error; diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c index 1d49ff6a2d..0ad772699d 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -578,8 +578,8 @@ AppArmorSetSecurityProcessLabel(virSecurityManagerPtr mgr, virDomainObjPtr vm) } static int -AppArmorSetSecuritySocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED) +AppArmorSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, + virDomainObjPtr vm ATTRIBUTE_UNUSED) { return 0; } @@ -835,7 +835,7 @@ virSecurityDriver virAppArmorSecurityDriver = { AppArmorSetSecurityImageLabel, AppArmorRestoreSecurityImageLabel, - AppArmorSetSecuritySocketLabel, + AppArmorSetSecurityDaemonSocketLabel, AppArmorClearSecuritySocketLabel, AppArmorGenSecurityLabel, diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 58d57ec212..6df4087151 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -667,8 +667,8 @@ virSecurityDACGetProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, } static int -virSecurityDACSetSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED) +virSecurityDACSetDaemonSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, + virDomainObjPtr vm ATTRIBUTE_UNUSED) { return 0; } @@ -714,7 +714,7 @@ virSecurityDriver virSecurityDriverDAC = { virSecurityDACSetSecurityImageLabel, virSecurityDACRestoreSecurityImageLabel, - virSecurityDACSetSocketLabel, + virSecurityDACSetDaemonSocketLabel, virSecurityDACClearSocketLabel, virSecurityDACGenLabel, diff --git a/src/security/security_driver.h b/src/security/security_driver.h index 154f197a46..73c8f04624 100644 --- a/src/security/security_driver.h +++ b/src/security/security_driver.h @@ -41,8 +41,8 @@ typedef const char *(*virSecurityDriverGetDOI) (virSecurityManagerPtr mgr); typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManagerPtr mgr, virDomainObjPtr vm, virDomainDiskDefPtr disk); -typedef int (*virSecurityDomainSetSocketLabel) (virSecurityManagerPtr mgr, - virDomainObjPtr vm); +typedef int (*virSecurityDomainSetDaemonSocketLabel)(virSecurityManagerPtr mgr, + virDomainObjPtr vm); typedef int (*virSecurityDomainClearSocketLabel)(virSecurityManagerPtr mgr, virDomainObjPtr vm); typedef int (*virSecurityDomainSetImageLabel) (virSecurityManagerPtr mgr, @@ -101,7 +101,7 @@ struct _virSecurityDriver { virSecurityDomainSetImageLabel domainSetSecurityImageLabel; virSecurityDomainRestoreImageLabel domainRestoreSecurityImageLabel; - virSecurityDomainSetSocketLabel domainSetSecuritySocketLabel; + virSecurityDomainSetDaemonSocketLabel domainSetSecurityDaemonSocketLabel; virSecurityDomainClearSocketLabel domainClearSecuritySocketLabel; virSecurityDomainGenLabel domainGenSecurityLabel; diff --git a/src/security/security_manager.c b/src/security/security_manager.c index 6ae58dc816..d30ebcf309 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -160,11 +160,11 @@ int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr, return -1; } -int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm) +int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr, + virDomainObjPtr vm) { - if (mgr->drv->domainSetSecuritySocketLabel) - return mgr->drv->domainSetSecuritySocketLabel(mgr, vm); + if (mgr->drv->domainSetSecurityDaemonSocketLabel) + return mgr->drv->domainSetSecurityDaemonSocketLabel(mgr, vm); virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); return -1; diff --git a/src/security/security_manager.h b/src/security/security_manager.h index 8c3b8b2e5f..8d614a78cb 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -53,8 +53,8 @@ bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr); int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr, virDomainObjPtr vm, virDomainDiskDefPtr disk); -int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm); +int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr, + virDomainObjPtr vm); int virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr, virDomainObjPtr vm); int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr, diff --git a/src/security/security_nop.c b/src/security/security_nop.c index 24d36fe1f5..67d3ff6f92 100644 --- a/src/security/security_nop.c +++ b/src/security/security_nop.c @@ -53,8 +53,8 @@ static int virSecurityDomainRestoreImageLabelNop(virSecurityManagerPtr mgr ATTRI return 0; } -static int virSecurityDomainSetSocketLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED) +static int virSecurityDomainSetDaemonSocketLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, + virDomainObjPtr vm ATTRIBUTE_UNUSED) { return 0; } @@ -171,7 +171,7 @@ virSecurityDriver virSecurityDriverNop = { virSecurityDomainSetImageLabelNop, virSecurityDomainRestoreImageLabelNop, - virSecurityDomainSetSocketLabelNop, + virSecurityDomainSetDaemonSocketLabelNop, virSecurityDomainClearSocketLabelNop, virSecurityDomainGenLabelNop, diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 5e6145ff95..f87c9a5b08 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1066,8 +1066,8 @@ SELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr, } static int -SELinuxSetSecuritySocketLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm) +SELinuxSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr, + virDomainObjPtr vm) { /* TODO: verify DOI */ const virSecurityLabelDefPtr secdef = &vm->def->seclabel; @@ -1312,7 +1312,7 @@ virSecurityDriver virSecurityDriverSELinux = { SELinuxSetSecurityImageLabel, SELinuxRestoreSecurityImageLabel, - SELinuxSetSecuritySocketLabel, + SELinuxSetSecurityDaemonSocketLabel, SELinuxClearSecuritySocketLabel, SELinuxGenSecurityLabel, diff --git a/src/security/security_stack.c b/src/security/security_stack.c index b63e4c8a3b..404ff65d4d 100644 --- a/src/security/security_stack.c +++ b/src/security/security_stack.c @@ -339,15 +339,15 @@ virSecurityStackGetProcessLabel(virSecurityManagerPtr mgr, static int -virSecurityStackSetSocketLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm) +virSecurityStackSetDaemonSocketLabel(virSecurityManagerPtr mgr, + virDomainObjPtr vm) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); int rc = 0; - if (virSecurityManagerSetSocketLabel(priv->secondary, vm) < 0) + if (virSecurityManagerSetDaemonSocketLabel(priv->secondary, vm) < 0) rc = -1; - if (virSecurityManagerSetSocketLabel(priv->primary, vm) < 0) + if (virSecurityManagerSetDaemonSocketLabel(priv->primary, vm) < 0) rc = -1; return rc; @@ -418,7 +418,7 @@ virSecurityDriver virSecurityDriverStack = { virSecurityStackSetSecurityImageLabel, virSecurityStackRestoreSecurityImageLabel, - virSecurityStackSetSocketLabel, + virSecurityStackSetDaemonSocketLabel, virSecurityStackClearSocketLabel, virSecurityStackGenLabel, -- GitLab