security: Relabel virtio-pmem

Just like with NVDIMM model, we have to relabel the path to virtio-pmem so that QEMU can access it. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2025-03-11 00:58:38 +03:00 · 2020-12-09 16:33:20 +01:00 · 2020-12-09 16:33:20 +01:00 · 5259748a9f
commit 5259748a9f
parent 173733b7a8
3 changed files with 5 additions and 5 deletions
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@ -683,6 +683,7 @@ AppArmorSetMemoryLabel(virSecurityManagerPtr mgr,
 {
    switch (mem->model) {
    case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+    case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
        if (!virFileExists(mem->nvdimmPath)) {
            virReportError(VIR_ERR_INTERNAL_ERROR,
                           _("%s: \'%s\' does not exist"),
@ -690,7 +691,6 @@ AppArmorSetMemoryLabel(virSecurityManagerPtr mgr,
            return -1;
        }
        return reload_profile(mgr, def, mem->nvdimmPath, true);
-    case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
    case VIR_DOMAIN_MEMORY_MODEL_NONE:
    case VIR_DOMAIN_MEMORY_MODEL_DIMM:
    case VIR_DOMAIN_MEMORY_MODEL_LAST:
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@ -1889,10 +1889,10 @@ virSecurityDACRestoreMemoryLabel(virSecurityManagerPtr mgr,

    switch (mem->model) {
    case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+    case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
        ret = virSecurityDACRestoreFileLabel(mgr, mem->nvdimmPath);
        break;

-    case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
    case VIR_DOMAIN_MEMORY_MODEL_DIMM:
    case VIR_DOMAIN_MEMORY_MODEL_LAST:
    case VIR_DOMAIN_MEMORY_MODEL_NONE:
@ -2063,6 +2063,7 @@ virSecurityDACSetMemoryLabel(virSecurityManagerPtr mgr,

    switch (mem->model) {
    case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+    case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
        seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
        if (seclabel && !seclabel->relabel)
            return 0;
@ -2075,7 +2076,6 @@ virSecurityDACSetMemoryLabel(virSecurityManagerPtr mgr,
                                         user, group, true);
        break;

-    case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
    case VIR_DOMAIN_MEMORY_MODEL_DIMM:
    case VIR_DOMAIN_MEMORY_MODEL_LAST:
    case VIR_DOMAIN_MEMORY_MODEL_NONE:
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@ -1572,6 +1572,7 @@ virSecuritySELinuxSetMemoryLabel(virSecurityManagerPtr mgr,

    switch (mem->model) {
    case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+    case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
        seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
        if (!seclabel || !seclabel->relabel)
            return 0;
@ -1581,7 +1582,6 @@ virSecuritySELinuxSetMemoryLabel(virSecurityManagerPtr mgr,
            return -1;
        break;

-    case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
    case VIR_DOMAIN_MEMORY_MODEL_NONE:
    case VIR_DOMAIN_MEMORY_MODEL_DIMM:
    case VIR_DOMAIN_MEMORY_MODEL_LAST:
@ -1602,6 +1602,7 @@ virSecuritySELinuxRestoreMemoryLabel(virSecurityManagerPtr mgr,

    switch (mem->model) {
    case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+    case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
        seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
        if (!seclabel || !seclabel->relabel)
            return 0;
@ -1609,7 +1610,6 @@ virSecuritySELinuxRestoreMemoryLabel(virSecurityManagerPtr mgr,
        ret = virSecuritySELinuxRestoreFileLabel(mgr, mem->nvdimmPath, true);
        break;

-    case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
    case VIR_DOMAIN_MEMORY_MODEL_DIMM:
    case VIR_DOMAIN_MEMORY_MODEL_NONE:
    case VIR_DOMAIN_MEMORY_MODEL_LAST: