Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
libvirt
提交
e4818895
L
libvirt
项目概览
openeuler
/
libvirt
通知
3
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
L
libvirt
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
e4818895
编写于
3月 03, 2009
作者:
D
Daniel P. Berrange
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Misc sVirt bug fixes
上级
efa5832b
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
49 addition
and
22 deletion
+49
-22
ChangeLog
ChangeLog
+8
-0
src/qemu_driver.c
src/qemu_driver.c
+5
-7
src/security.h
src/security.h
+2
-1
src/security_selinux.c
src/security_selinux.c
+34
-14
未找到文件。
ChangeLog
浏览文件 @
e4818895
Tue Mar 3 14:58:13 GMT 2009 Daniel P. Berrange <berrange@redhat.com>
Misc sVirt bug fixes
* src/qemu_driver.c: Don't raise error - let callee do it
* src/security.h: Pass virCOnnectPtr when generating label
* src/security_selinux.c: Fix STREQ logic bugs, and use
VIR_ALLOC, and report detailed errors.
Tue Mar 3 15:58:55 +0100 2009 Jim Meyering <meyering@redhat.com>
config: fix a typo
...
...
src/qemu_driver.c
浏览文件 @
e4818895
...
...
@@ -1316,13 +1316,11 @@ static int qemudStartVMDaemon(virConnectPtr conn,
/* If you are using a SecurityDriver and there was no security label in
database, then generate a security label for isolation */
if
(
vm
->
def
->
seclabel
.
label
==
NULL
&&
driver
->
securityDriver
)
{
if
(
driver
->
securityDriver
->
domainGenSecurityLabel
(
vm
)
<
0
)
{
qemudReportError
(
conn
,
NULL
,
NULL
,
VIR_ERR_INTERNAL_ERROR
,
"%s"
,
_
(
"Unable to generate Security Label"
));
return
-
1
;
}
}
if
(
vm
->
def
->
seclabel
.
label
==
NULL
&&
driver
->
securityDriver
&&
driver
->
securityDriver
->
domainGenSecurityLabel
&&
driver
->
securityDriver
->
domainGenSecurityLabel
(
conn
,
vm
)
<
0
)
return
-
1
;
FD_ZERO
(
&
keepfd
);
...
...
src/security.h
浏览文件 @
e4818895
...
...
@@ -37,7 +37,8 @@ typedef int (*virSecurityDomainRestoreImageLabel) (virConnectPtr conn,
typedef
int
(
*
virSecurityDomainSetImageLabel
)
(
virConnectPtr
conn
,
virDomainObjPtr
vm
,
virDomainDeviceDefPtr
dev
);
typedef
int
(
*
virSecurityDomainGenLabel
)
(
virDomainObjPtr
sec
);
typedef
int
(
*
virSecurityDomainGenLabel
)
(
virConnectPtr
conn
,
virDomainObjPtr
sec
);
typedef
int
(
*
virSecurityDomainGetLabel
)
(
virConnectPtr
conn
,
virDomainObjPtr
vm
,
virSecurityLabelPtr
sec
);
...
...
src/security_selinux.c
浏览文件 @
e4818895
...
...
@@ -24,6 +24,9 @@
#include "util.h"
#include "memory.h"
#define VIR_FROM_THIS VIR_FROM_SECURITY
static
char
default_domain_context
[
1024
];
static
char
default_image_context
[
1024
];
#define SECURITY_SELINUX_VOID_DOI "0"
...
...
@@ -45,10 +48,11 @@ mcsAdd(const char *mcs)
struct
MCS
*
ptr
;
for
(
ptr
=
mcsList
;
ptr
;
ptr
=
ptr
->
next
)
{
if
(
STREQ
(
ptr
->
mcs
,
mcs
)
==
0
)
if
(
STREQ
(
ptr
->
mcs
,
mcs
))
return
-
1
;
}
ptr
=
malloc
(
sizeof
(
struct
MCS
));
if
(
VIR_ALLOC
(
ptr
)
<
0
)
return
-
1
;
ptr
->
mcs
=
strdup
(
mcs
);
ptr
->
next
=
mcsList
;
mcsList
=
ptr
;
...
...
@@ -62,7 +66,7 @@ mcsRemove(const char *mcs)
struct
MCS
*
ptr
=
NULL
;
for
(
ptr
=
mcsList
;
ptr
;
ptr
=
ptr
->
next
)
{
if
(
STREQ
(
ptr
->
mcs
,
mcs
)
==
0
)
{
if
(
STREQ
(
ptr
->
mcs
,
mcs
))
{
if
(
prevptr
)
prevptr
->
next
=
ptr
->
next
;
else
{
...
...
@@ -112,7 +116,7 @@ SELinuxInitialize(virConnectPtr conn)
}
if
(
saferead
(
fd
,
default_domain_context
,
sizeof
(
default_domain_context
))
<
0
)
{
virSecurityReportError
(
conn
,
VIR_ERR_ERROR
,
virSecurityReportError
(
conn
,
VIR_ERR_ERROR
,
_
(
"%s: cannot read SELinux virtual domain context file %s: %s"
),
__func__
,
selinux_virtual_domain_context_path
(),
virStrerror
(
errno
,
ebuf
,
sizeof
ebuf
));
...
...
@@ -149,7 +153,8 @@ SELinuxInitialize(virConnectPtr conn)
}
static
int
SELinuxGenSecurityLabel
(
virDomainObjPtr
vm
)
SELinuxGenSecurityLabel
(
virConnectPtr
conn
,
virDomainObjPtr
vm
)
{
int
rc
=
-
1
;
char
mcs
[
1024
];
...
...
@@ -158,8 +163,11 @@ SELinuxGenSecurityLabel(virDomainObjPtr vm)
int
c2
=
0
;
if
(
(
vm
->
def
->
seclabel
.
label
)
||
(
vm
->
def
->
seclabel
.
model
)
||
(
vm
->
def
->
seclabel
.
imagelabel
))
(
vm
->
def
->
seclabel
.
imagelabel
))
{
virSecurityReportError
(
conn
,
VIR_ERR_ERROR
,
"%s"
,
_
(
"security labellin already defined for VM"
));
return
rc
;
}
do
{
c1
=
virRandom
(
1024
);
...
...
@@ -168,7 +176,7 @@ SELinuxGenSecurityLabel(virDomainObjPtr vm)
if
(
c1
==
c2
)
{
sprintf
(
mcs
,
"s0:c%d"
,
c1
);
}
else
{
if
(
c1
==
c2
)
if
(
c1
<
c2
)
sprintf
(
mcs
,
"s0:c%d,c%d"
,
c1
,
c2
);
else
sprintf
(
mcs
,
"s0:c%d,c%d"
,
c2
,
c1
);
...
...
@@ -176,20 +184,32 @@ SELinuxGenSecurityLabel(virDomainObjPtr vm)
}
while
(
mcsAdd
(
mcs
)
==
-
1
);
vm
->
def
->
seclabel
.
label
=
SELinuxGenNewContext
(
default_domain_context
,
mcs
);
if
(
!
vm
->
def
->
seclabel
.
label
)
goto
err
;
if
(
!
vm
->
def
->
seclabel
.
label
)
{
virSecurityReportError
(
conn
,
VIR_ERR_ERROR
,
_
(
"cannot generate selinux context for %s"
),
mcs
);
goto
err
;
}
vm
->
def
->
seclabel
.
imagelabel
=
SELinuxGenNewContext
(
default_image_context
,
mcs
);
if
(
!
vm
->
def
->
seclabel
.
imagelabel
)
goto
err
;
if
(
!
vm
->
def
->
seclabel
.
imagelabel
)
{
virSecurityReportError
(
conn
,
VIR_ERR_ERROR
,
_
(
"cannot generate selinux context for %s"
),
mcs
);
goto
err
;
}
vm
->
def
->
seclabel
.
model
=
strdup
(
SECURITY_SELINUX_NAME
);
if
(
!
vm
->
def
->
seclabel
.
model
)
goto
err
;
if
(
!
vm
->
def
->
seclabel
.
model
)
{
virReportOOMError
(
conn
);
goto
err
;
}
rc
=
0
;
goto
done
;
err:
free
(
vm
->
def
->
seclabel
.
label
);
vm
->
def
->
seclabel
.
label
=
NULL
;
free
(
vm
->
def
->
seclabel
.
imagelabel
);
vm
->
def
->
seclabel
.
imagelabel
=
NULL
;
free
(
vm
->
def
->
seclabel
.
model
);
vm
->
def
->
seclabel
.
model
=
NULL
;
VIR_FREE
(
vm
->
def
->
seclabel
.
label
)
;
VIR_FREE
(
vm
->
def
->
seclabel
.
imagelabel
)
;
VIR_FREE
(
vm
->
def
->
seclabel
.
model
)
;
done:
free
(
scontext
);
VIR_FREE
(
scontext
);
return
rc
;
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录