Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
libvirt
提交
c86afc85
L
libvirt
项目概览
openeuler
/
libvirt
通知
3
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
L
libvirt
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
c86afc85
编写于
15年前
作者:
D
Daniel P. Berrange
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Fix labelling of shared/readonly devices (Dan Walsh)
上级
df59fdce
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
52 addition
and
27 deletion
+52
-27
ChangeLog
ChangeLog
+8
-0
src/qemu_driver.c
src/qemu_driver.c
+2
-2
src/security.h
src/security.h
+2
-3
src/security_selinux.c
src/security_selinux.c
+40
-22
未找到文件。
ChangeLog
浏览文件 @
c86afc85
Tue Mar 17 11:35:58 GMT 2009 Daniel P. Berrange <berrange@redhat.com>
Fix labelling of shared/readonly devices (Dan Walsh)
* src/qemu_driver.c, src/security.h: Disk label commands
take virDomainDiskDefPtr instead of virDomainDefPtr
* src/security_selinux.c: Do not relabel shared or readonly
disk images with MCS label.
Tue Mar 17 11:58:58 CET 2009 Daniel Veillard <veillard@redhat.com>
* src/remote_internal.c: remove file descriptors leak
...
...
This diff is collapsed.
Click to expand it.
src/qemu_driver.c
浏览文件 @
c86afc85
...
...
@@ -3766,7 +3766,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
goto
cleanup
;
}
if
(
driver
->
securityDriver
)
driver
->
securityDriver
->
domainSetSecurityImageLabel
(
dom
->
conn
,
vm
,
dev
);
driver
->
securityDriver
->
domainSetSecurityImageLabel
(
dom
->
conn
,
vm
,
dev
->
data
.
disk
);
break
;
default:
...
...
@@ -3902,7 +3902,7 @@ static int qemudDomainDetachDevice(virDomainPtr dom,
dev
->
data
.
disk
->
bus
==
VIR_DOMAIN_DISK_BUS_VIRTIO
))
{
ret
=
qemudDomainDetachPciDiskDevice
(
dom
->
conn
,
vm
,
dev
);
if
(
driver
->
securityDriver
)
driver
->
securityDriver
->
domainRestoreSecurityImageLabel
(
dom
->
conn
,
vm
,
dev
);
driver
->
securityDriver
->
domainRestoreSecurityImageLabel
(
dom
->
conn
,
dev
->
data
.
disk
);
}
else
qemudReportError
(
dom
->
conn
,
dom
,
NULL
,
VIR_ERR_NO_SUPPORT
,
...
...
This diff is collapsed.
Click to expand it.
src/security.h
浏览文件 @
c86afc85
...
...
@@ -32,11 +32,10 @@ typedef virSecurityDriverStatus (*virSecurityDriverProbe) (void);
typedef
int
(
*
virSecurityDriverOpen
)
(
virConnectPtr
conn
,
virSecurityDriverPtr
drv
);
typedef
int
(
*
virSecurityDomainRestoreImageLabel
)
(
virConnectPtr
conn
,
virDomainObjPtr
vm
,
virDomainDeviceDefPtr
dev
);
virDomainDiskDefPtr
disk
);
typedef
int
(
*
virSecurityDomainSetImageLabel
)
(
virConnectPtr
conn
,
virDomainObjPtr
vm
,
virDomainD
eviceDefPtr
dev
);
virDomainD
iskDefPtr
disk
);
typedef
int
(
*
virSecurityDomainGenLabel
)
(
virConnectPtr
conn
,
virDomainObjPtr
sec
);
typedef
int
(
*
virSecurityDomainGetLabel
)
(
virConnectPtr
conn
,
...
...
This diff is collapsed.
Click to expand it.
src/security_selinux.c
浏览文件 @
c86afc85
...
...
@@ -269,7 +269,7 @@ SELinuxGetSecurityLabel(virConnectPtr conn,
}
static
int
SELinuxSetFilecon
(
virConnectPtr
conn
,
char
*
path
,
char
*
tcon
)
SELinuxSetFilecon
(
virConnectPtr
conn
,
c
onst
c
har
*
path
,
char
*
tcon
)
{
char
ebuf
[
1024
];
...
...
@@ -288,28 +288,51 @@ SELinuxSetFilecon(virConnectPtr conn, char *path, char *tcon)
static
int
SELinuxRestoreSecurityImageLabel
(
virConnectPtr
conn
,
virDomainObjPtr
vm
,
virDomainDeviceDefPtr
dev
)
virDomainDiskDefPtr
disk
)
{
const
virSecurityLabelDefPtr
secdef
=
&
vm
->
def
->
seclabel
;
struct
stat
buf
;
security_context_t
fcon
=
NULL
;
int
rc
=
-
1
;
char
*
newpath
=
NULL
;
const
char
*
path
=
disk
->
src
;
if
(
secdef
->
imagelabel
)
{
return
SELinuxSetFilecon
(
conn
,
dev
->
data
.
disk
->
src
,
default_image_context
);
if
(
disk
->
readonly
||
disk
->
shared
)
return
0
;
if
(
lstat
(
path
,
&
buf
)
!=
0
)
return
-
1
;
if
(
S_ISLNK
(
buf
.
st_mode
))
{
if
(
VIR_ALLOC_N
(
newpath
,
buf
.
st_size
+
1
)
<
0
)
return
-
1
;
if
(
readlink
(
path
,
newpath
,
buf
.
st_size
)
<
0
)
goto
err
;
path
=
newpath
;
if
(
stat
(
path
,
&
buf
)
!=
0
)
goto
err
;
}
return
0
;
if
(
matchpathcon
(
path
,
buf
.
st_mode
,
&
fcon
)
==
0
)
{
rc
=
SELinuxSetFilecon
(
conn
,
path
,
fcon
);
}
err:
VIR_FREE
(
fcon
);
VIR_FREE
(
newpath
);
return
rc
;
}
static
int
SELinuxSetSecurityImageLabel
(
virConnectPtr
conn
,
virDomainObjPtr
vm
,
virDomainD
eviceDefPtr
dev
)
virDomainD
iskDefPtr
disk
)
{
const
virSecurityLabelDefPtr
secdef
=
&
vm
->
def
->
seclabel
;
if
(
secdef
->
imagelabel
)
{
return
SELinuxSetFilecon
(
conn
,
d
ev
->
data
.
d
isk
->
src
,
secdef
->
imagelabel
);
}
if
(
secdef
->
imagelabel
)
return
SELinuxSetFilecon
(
conn
,
disk
->
src
,
secdef
->
imagelabel
);
return
0
;
}
...
...
@@ -322,7 +345,7 @@ SELinuxRestoreSecurityLabel(virConnectPtr conn,
int
rc
=
0
;
if
(
secdef
->
imagelabel
)
{
for
(
i
=
0
;
i
<
vm
->
def
->
ndisks
;
i
++
)
{
if
(
SELinux
SetFilecon
(
conn
,
vm
->
def
->
disks
[
i
]
->
src
,
default_image_context
)
<
0
)
if
(
SELinux
RestoreSecurityImageLabel
(
conn
,
vm
->
def
->
disks
[
i
]
)
<
0
)
rc
=
-
1
;
}
VIR_FREE
(
secdef
->
model
);
...
...
@@ -368,16 +391,11 @@ SELinuxSetSecurityLabel(virConnectPtr conn,
if
(
secdef
->
imagelabel
)
{
for
(
i
=
0
;
i
<
vm
->
def
->
ndisks
;
i
++
)
{
if
(
setfilecon
(
vm
->
def
->
disks
[
i
]
->
src
,
secdef
->
imagelabel
)
<
0
)
{
virSecurityReportError
(
conn
,
VIR_ERR_ERROR
,
_
(
"%s: unable to set security context "
"'\%s
\'
on %s: %s."
),
__func__
,
secdef
->
imagelabel
,
vm
->
def
->
disks
[
i
]
->
src
,
virStrerror
(
errno
,
ebuf
,
sizeof
ebuf
));
if
(
security_getenforce
()
==
1
)
return
-
1
;
}
if
(
vm
->
def
->
disks
[
i
]
->
readonly
||
vm
->
def
->
disks
[
i
]
->
shared
)
continue
;
if
(
SELinuxSetSecurityImageLabel
(
conn
,
vm
,
vm
->
def
->
disks
[
i
])
<
0
)
return
-
1
;
}
}
...
...
This diff is collapsed.
Click to expand it.
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录
新手
引导
客服
返回
顶部