security: Refactor virSecurityManagerGenLabel

if (mgr == NULL || mgr->drv == NULL) return ret; This check isn't really necessary, security manager cannot be a NULL pointer as it is either selinux (by default) or 'none', if no other driver is set in the config. Even with no config file driver name yields 'none'. The other hunk checks for domain's security model validity, but we should also check devices' security model as well, therefore this hunk is moved into a separate function which is called by virSecurityManagerCheckAllLabel that checks both the domain's security model and devices' security model. https://bugzilla.redhat.com/show_bug.cgi?id=1165485Signed-off-by: N Ján Tomko <jtomko@redhat.com>

security: Refactor virSecurityManagerGenLabel
if (mgr == NULL || mgr->drv == NULL) return ret; This check isn't really necessary, security manager cannot be a NULL pointer as it is either selinux (by default) or 'none', if no other driver is set in the config. Even with no config file driver name yields 'none'. The other hunk checks for domain's security model validity, but we should also check devices' security model as well, therefore this hunk is moved into a separate function which is called by virSecurityManagerCheckAllLabel that checks both the domain's security model and devices' security model. https://bugzilla.redhat.com/show_bug.cgi?id=1165485Signed-off-by: N Ján Tomko <jtomko@redhat.com>
aee3b77c · Erik Skultety · Ján Tomko · c3d9d3bb · aee3b77c
隐藏空白更改
内联并排

Showing with 19 addition and 19 deletion

src/security/security_manager.c src/security/security_manager.c +19 -19

未找到文件。
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -576,33 +576,15 @@ virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
                           virDomainDefPtr vm)
 {
    int ret = -1;
-    size_t i, j;
+    size_t i;
    virSecurityManagerPtr* sec_managers = NULL;
    virSecurityLabelDefPtr seclabel;
    bool generated = false;

-    if (mgr == NULL || mgr->drv == NULL)
-        return ret;
-
    if ((sec_managers = virSecurityManagerGetNested(mgr)) == NULL)
        return ret;

    virObjectLock(mgr);
-    for (i = 0; i < vm->nseclabels; i++) {
-        if (!vm->seclabels[i]->model)
-            continue;
-
-        for (j = 0; sec_managers[j]; j++)
-            if (STREQ(vm->seclabels[i]->model, sec_managers[j]->drv->name))
-                break;
-
-        if (!sec_managers[j]) {
-            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                           _("Unable to find security driver for label %s"),
-                           vm->seclabels[i]->model);
-            goto cleanup;
-        }
-    }

    for (i = 0; sec_managers[i]; i++) {
        generated = false;
@@ -727,6 +709,21 @@ static int virSecurityManagerCheckModel(virSecurityManagerPtr mgr,
 }


+static int
+virSecurityManagerCheckDomainLabel(virSecurityManagerPtr mgr,
+                                   virDomainDefPtr def)
+{
+    size_t i;
+
+    for (i = 0; i < def->nseclabels; i++) {
+        if (virSecurityManagerCheckModel(mgr, def->seclabels[i]->model) < 0)
+            return -1;
+    }
+
+    return 0;
+}
+
+
 static int
 virSecurityManagerCheckDiskLabel(virSecurityManagerPtr mgr,
                                 virDomainDiskDefPtr disk)
@@ -772,6 +769,9 @@ int virSecurityManagerCheckAllLabel(virSecurityManagerPtr mgr,
 {
    size_t i;

+    if (virSecurityManagerCheckDomainLabel(mgr, vm) < 0)
+        return -1;
+
    for (i = 0; i < vm->ndisks; i++) {
        if (virSecurityManagerCheckDiskLabel(mgr, vm->disks[i]) < 0)
            return -1;