security: Pass @migrated to virSecurityManagerSetAllLabel

In upcoming commits, virSecurityManagerSetAllLabel() will perform rollback in case of failure by calling virSecurityManagerRestoreAllLabel(). But in order to do that, the former needs to have @migrated argument so that it can be passed to the latter. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Cole Robinson <crobinso@redhat.com>
2025-01-10 05:17:59 +03:00 · 2019-09-11 07:53:09 +02:00 · 2019-09-11 07:53:09 +02:00 · 458d0a8c52
commit 458d0a8c52
parent 27cb4c1a53
14 changed files with 31 additions and 17 deletions
--- a/src/lxc/lxc_process.c
+++ b/src/lxc/lxc_process.c
@ -1346,7 +1346,7 @@ int virLXCProcessStart(virConnectPtr conn,

    VIR_DEBUG("Setting domain security labels");
    if (virSecurityManagerSetAllLabel(driver->securityManager,
-                                      vm->def, NULL, false) < 0)
+                                      vm->def, NULL, false, false) < 0)
        goto cleanup;

    VIR_DEBUG("Setting up consoles");
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@ -6939,7 +6939,8 @@ qemuProcessLaunch(virConnectPtr conn,
    VIR_DEBUG("Setting domain security labels");
    if (qemuSecuritySetAllLabel(driver,
                                vm,
-                                incoming ? incoming->path : NULL) < 0)
+                                incoming ? incoming->path : NULL,
+                                incoming != NULL) < 0)
        goto cleanup;

    /* Security manager labeled all devices, therefore
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@ -32,7 +32,8 @@ VIR_LOG_INIT("qemu.qemu_process");
 int
 qemuSecuritySetAllLabel(virQEMUDriverPtr driver,
                        virDomainObjPtr vm,
-                        const char *stdin_path)
+                        const char *stdin_path,
+                        bool migrated)
 {
    int ret = -1;
    qemuDomainObjPrivatePtr priv = vm->privateData;
@ -47,7 +48,8 @@ qemuSecuritySetAllLabel(virQEMUDriverPtr driver,
    if (virSecurityManagerSetAllLabel(driver->securityManager,
                                      vm->def,
                                      stdin_path,
-                                      priv->chardevStdioLogd) < 0)
+                                      priv->chardevStdioLogd,
+                                      migrated) < 0)
        goto cleanup;

    if (virSecurityManagerTransactionCommit(driver->securityManager,
--- a/src/qemu/qemu_security.h
+++ b/src/qemu/qemu_security.h
@ -26,7 +26,8 @@

 int qemuSecuritySetAllLabel(virQEMUDriverPtr driver,
                            virDomainObjPtr vm,
-                            const char *stdin_path);
+                            const char *stdin_path,
+                            bool migrated);

 void qemuSecurityRestoreAllLabel(virQEMUDriverPtr driver,
                                 virDomainObjPtr vm,
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@ -488,7 +488,8 @@ static int
 AppArmorSetSecurityAllLabel(virSecurityManagerPtr mgr,
                            virDomainDefPtr def,
                            const char *stdin_path,
-                            bool chardevStdioLogd ATTRIBUTE_UNUSED)
+                            bool chardevStdioLogd ATTRIBUTE_UNUSED,
+                            bool migrated ATTRIBUTE_UNUSED)
 {
    virSecurityLabelDefPtr secdef = virDomainDefGetSecurityLabelDef(def,
                                                    SECURITY_APPARMOR_NAME);
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@ -2053,7 +2053,8 @@ static int
 virSecurityDACSetAllLabel(virSecurityManagerPtr mgr,
                          virDomainDefPtr def,
                          const char *stdin_path ATTRIBUTE_UNUSED,
-                          bool chardevStdioLogd)
+                          bool chardevStdioLogd,
+                          bool migrated ATTRIBUTE_UNUSED)
 {
    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    virSecurityLabelDefPtr secdef;
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@ -83,7 +83,8 @@ typedef int (*virSecurityDomainReleaseLabel) (virSecurityManagerPtr mgr,
 typedef int (*virSecurityDomainSetAllLabel) (virSecurityManagerPtr mgr,
                                             virDomainDefPtr sec,
                                             const char *stdin_path,
-                                             bool chardevStdioLogd);
+                                             bool chardevStdioLogd,
+                                             bool migrated);
 typedef int (*virSecurityDomainRestoreAllLabel) (virSecurityManagerPtr mgr,
                                                 virDomainDefPtr def,
                                                 bool migrated,
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@ -852,13 +852,15 @@ int
 virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr,
                              virDomainDefPtr vm,
                              const char *stdin_path,
-                              bool chardevStdioLogd)
+                              bool chardevStdioLogd,
+                              bool migrated)
 {
    if (mgr->drv->domainSetSecurityAllLabel) {
        int ret;
        virObjectLock(mgr);
        ret = mgr->drv->domainSetSecurityAllLabel(mgr, vm, stdin_path,
-                                                  chardevStdioLogd);
+                                                  chardevStdioLogd,
+                                                  migrated);
        virObjectUnlock(mgr);
        return ret;
    }
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@ -121,7 +121,8 @@ int virSecurityManagerCheckAllLabel(virSecurityManagerPtr mgr,
 int virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr,
                                  virDomainDefPtr sec,
                                  const char *stdin_path,
-                                  bool chardevStdioLogd);
+                                  bool chardevStdioLogd,
+                                  bool migrated);
 int virSecurityManagerRestoreAllLabel(virSecurityManagerPtr mgr,
                                      virDomainDefPtr def,
                                      bool migrated,
--- a/src/security/security_nop.c
+++ b/src/security/security_nop.c
@ -136,7 +136,8 @@ static int
 virSecurityDomainSetAllLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
                                virDomainDefPtr sec ATTRIBUTE_UNUSED,
                                const char *stdin_path ATTRIBUTE_UNUSED,
-                                bool chardevStdioLogd ATTRIBUTE_UNUSED)
+                                bool chardevStdioLogd ATTRIBUTE_UNUSED,
+                                bool migrated ATTRIBUTE_UNUSED)
 {
    return 0;
 }
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@ -3133,7 +3133,8 @@ static int
 virSecuritySELinuxSetAllLabel(virSecurityManagerPtr mgr,
                              virDomainDefPtr def,
                              const char *stdin_path,
-                              bool chardevStdioLogd)
+                              bool chardevStdioLogd,
+                              bool migrated ATTRIBUTE_UNUSED)
 {
    size_t i;
    virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@ -316,7 +316,8 @@ static int
 virSecurityStackSetAllLabel(virSecurityManagerPtr mgr,
                            virDomainDefPtr vm,
                            const char *stdin_path,
-                            bool chardevStdioLogd)
+                            bool chardevStdioLogd,
+                            bool migrated)
 {
    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
    virSecurityStackItemPtr item = priv->itemsHead;
@ -324,7 +325,8 @@ virSecurityStackSetAllLabel(virSecurityManagerPtr mgr,

    for (; item; item = item->next) {
        if (virSecurityManagerSetAllLabel(item->securityManager, vm,
-                                          stdin_path, chardevStdioLogd) < 0)
+                                          stdin_path, chardevStdioLogd,
+                                          migrated) < 0)
            rc = -1;
    }

--- a/tests/qemusecuritytest.c
+++ b/tests/qemusecuritytest.c
@ -116,7 +116,7 @@ testDomain(const void *opaque)
    if (setenv(ENVVAR, "1", 0) < 0)
        return -1;

-    if (qemuSecuritySetAllLabel(data->driver, vm, NULL) < 0)
+    if (qemuSecuritySetAllLabel(data->driver, vm, NULL, false) < 0)
        goto cleanup;

    qemuSecurityRestoreAllLabel(data->driver, vm, false);
--- a/tests/securityselinuxlabeltest.c
+++ b/tests/securityselinuxlabeltest.c
@ -310,7 +310,7 @@ testSELinuxLabeling(const void *opaque)
    if (!(def = testSELinuxLoadDef(testname)))
        goto cleanup;

-    if (virSecurityManagerSetAllLabel(mgr, def, NULL, false) < 0)
+    if (virSecurityManagerSetAllLabel(mgr, def, NULL, false, false) < 0)
        goto cleanup;

    if (testSELinuxCheckLabels(files, nfiles) < 0)