security: Add virSecurityDomainSetDirLabel

That function can be used for setting security labels on arbitrary directories. Signed-off-by: N Martin Kletzander <mkletzan@redhat.com>

security: Add virSecurityDomainSetDirLabel
That function can be used for setting security labels on arbitrary directories. Signed-off-by: N Martin Kletzander <mkletzan@redhat.com>
f65a2a12 · Martin Kletzander · 7b6953bc · f65a2a12 · f65a2a12 · f65a2a12
4 changed file
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1026,6 +1026,7 @@ virSecurityDriverLookup;
 # security/security_manager.h
 virSecurityManagerCheckAllLabel;
 virSecurityManagerClearSocketLabel;
+virSecurityManagerDomainSetDirLabel;
 virSecurityManagerGenLabel;
 virSecurityManagerGetBaseLabel;
 virSecurityManagerGetDOI;

--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -118,6 +118,9 @@ typedef int (*virSecurityDomainSetImageLabel) (virSecurityManagerPtr mgr,
 typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManagerPtr mgr,
                                                   virDomainDefPtr def,
                                                   virStorageSourcePtr src);
+typedef int (*virSecurityDomainSetDirLabel) (virSecurityManagerPtr mgr,
+                                             virDomainDefPtr def,
+                                             const char *path);
 struct _virSecurityDriver {
@@ -168,6 +171,8 @@ struct _virSecurityDriver {
    virSecurityDomainSetHugepages domainSetSecurityHugepages;
    virSecurityDriverGetBaseLabel getBaseLabel;
+    virSecurityDomainSetDirLabel domainSetDirLabel;
 };
 virSecurityDriverPtr virSecurityDriverLookup(const char *name,

--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -991,3 +991,20 @@ virSecurityManagerSetHugepages(virSecurityManagerPtr mgr,
    return 0;
 }
+int
+virSecurityManagerDomainSetDirLabel(virSecurityManagerPtr mgr,
+                                    virDomainDefPtr vm,
+                                    const char *path)
+{
+    if (mgr->drv->domainSetDirLabel) {
+        int ret;
+        virObjectLock(mgr);
+        ret = mgr->drv->domainSetDirLabel(mgr, vm, path);
+        virObjectUnlock(mgr);
+        return ret;
+    }
+    return 0;
+}
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -150,4 +150,8 @@ int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
                                        virDomainDefPtr vm,
                                        virStorageSourcePtr src);
+int virSecurityManagerDomainSetDirLabel(virSecurityManagerPtr mgr,
+                                        virDomainDefPtr vm,
+                                        const char *path);
 #endif /* VIR_SECURITY_MANAGER_H__ */