Skip to content

L
libvirt

openeuler / libvirt

通知 3
Star 0
Fork 0
L
libvirt

体验新版 GitCode,发现更多精彩内容 >>

提交 7077cfef 编写于 作者: P Peter Krempa
浏览文件
操作

security: DAC: Implement per-image seclabel set 

Refactor the code and reuse it to implement the functionality.
上级 4f2170dc
隐藏空白更改
内联 并排
Showing with 25 addition and 27 deletion
src/security/security_dac.c
浏览文件 @ 7077cfef
...@@ -289,22 +289,29 @@ virSecurityDACRestoreSecurityFileLabel(const char *path) ...@@ -289,22 +289,29 @@ virSecurityDACRestoreSecurityFileLabel(const char *path)
static int static int
virSecurityDACSetSecurityFileLabel(virDomainDiskDefPtr disk, virSecurityDACSetSecurityImageLabel(virSecurityManagerPtr mgr,
const char *path, virDomainDefPtr def,
size_t depth ATTRIBUTE_UNUSED, virStorageSourcePtr src)
void *opaque)
{ {
virSecurityDACCallbackDataPtr cbdata = opaque; virSecurityLabelDefPtr secdef;
virSecurityManagerPtr mgr = cbdata->manager;
virSecurityLabelDefPtr secdef = cbdata->secdef;
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
virSecurityDeviceLabelDefPtr disk_seclabel; virSecurityDeviceLabelDefPtr disk_seclabel;
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
uid_t user; uid_t user;
gid_t group; gid_t group;
disk_seclabel = virStorageSourceGetSecurityLabelDef(disk->src, if (!priv->dynamicOwnership)
SECURITY_DAC_NAME); return 0;
/* XXX: Add support for gluster DAC permissions */
if (!src->path || !virStorageSourceIsLocalStorage(src))
return 0;
secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
if (secdef && secdef->norelabel)
return 0;
disk_seclabel = virStorageSourceGetSecurityLabelDef(src,
SECURITY_DAC_NAME);
if (disk_seclabel && disk_seclabel->norelabel) if (disk_seclabel && disk_seclabel->norelabel)
return 0; return 0;
...@@ -316,7 +323,7 @@ virSecurityDACSetSecurityFileLabel(virDomainDiskDefPtr disk, ...@@ -316,7 +323,7 @@ virSecurityDACSetSecurityFileLabel(virDomainDiskDefPtr disk,
return -1; return -1;
} }
return virSecurityDACSetOwnership(path, user, group); return virSecurityDACSetOwnership(src->path, user, group);
} }
...@@ -326,24 +333,14 @@ virSecurityDACSetSecurityDiskLabel(virSecurityManagerPtr mgr, ...@@ -326,24 +333,14 @@ virSecurityDACSetSecurityDiskLabel(virSecurityManagerPtr mgr,
virDomainDiskDefPtr disk) virDomainDiskDefPtr disk)
{ {
virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr); virStorageSourcePtr next;
virSecurityDACCallbackData cbdata;
virSecurityLabelDefPtr secdef;
if (!priv->dynamicOwnership) for (next = disk->src; next; next = next->backingStore) {
return 0; if (virSecurityDACSetSecurityImageLabel(mgr, def, next) < 0)
return -1;
secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME); }
if (secdef && secdef->norelabel)
return 0;
cbdata.manager = mgr; return 0;
cbdata.secdef = secdef;
return virDomainDiskDefForeachPath(disk,
false,
virSecurityDACSetSecurityFileLabel,
&cbdata);
} }
...@@ -1274,6 +1271,7 @@ virSecurityDriver virSecurityDriverDAC = { ...@@ -1274,6 +1271,7 @@ virSecurityDriver virSecurityDriverDAC = {
.domainSetSecurityDiskLabel = virSecurityDACSetSecurityDiskLabel, .domainSetSecurityDiskLabel = virSecurityDACSetSecurityDiskLabel,
.domainRestoreSecurityDiskLabel = virSecurityDACRestoreSecurityDiskLabel, .domainRestoreSecurityDiskLabel = virSecurityDACRestoreSecurityDiskLabel,
.domainSetSecurityImageLabel = virSecurityDACSetSecurityImageLabel,
.domainRestoreSecurityImageLabel = virSecurityDACRestoreSecurityImageLabel, .domainRestoreSecurityImageLabel = virSecurityDACRestoreSecurityImageLabel,
.domainSetSecurityDaemonSocketLabel = virSecurityDACSetDaemonSocketLabel, .domainSetSecurityDaemonSocketLabel = virSecurityDACSetDaemonSocketLabel,
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册