mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-11 09:17:52 +03:00
Add a domain argument to SVirt *RestoreImageLabel
When James Morris originally submitted his sVirt patches (as seen in libvirt 0.6.1), he did not require on disk labelling for virSecurityDomainRestoreImageLabel. A later commit[2] changed this behavior to assume on disk labelling, which halts implementations for path-based MAC systems such as AppArmor and TOMOYO where vm->def->seclabel is required to obtain the label. * src/security/security_driver.h src/qemu/qemu_driver.c src/security/security_selinux.c: adds the 'virDomainObjPtr vm' argument back to *RestoreImageLabel
This commit is contained in:
parent
db68d6b164
commit
709c37e932
@ -5160,7 +5160,7 @@ static int qemudDomainDetachDevice(virDomainPtr dom,
|
||||
dev->data.disk->bus == VIR_DOMAIN_DISK_BUS_VIRTIO)) {
|
||||
ret = qemudDomainDetachPciDiskDevice(dom->conn, vm, dev);
|
||||
if (driver->securityDriver)
|
||||
driver->securityDriver->domainRestoreSecurityImageLabel(dom->conn, dev->data.disk);
|
||||
driver->securityDriver->domainRestoreSecurityImageLabel(dom->conn, vm, dev->data.disk);
|
||||
if (qemuDomainSetDeviceOwnership(dom->conn, driver, dev, 1) < 0)
|
||||
VIR_WARN0("Fail to restore disk device ownership");
|
||||
} else if (dev->type == VIR_DOMAIN_DEVICE_NET) {
|
||||
|
@ -32,6 +32,7 @@ typedef virSecurityDriverStatus (*virSecurityDriverProbe) (void);
|
||||
typedef int (*virSecurityDriverOpen) (virConnectPtr conn,
|
||||
virSecurityDriverPtr drv);
|
||||
typedef int (*virSecurityDomainRestoreImageLabel) (virConnectPtr conn,
|
||||
virDomainObjPtr vm,
|
||||
virDomainDiskDefPtr disk);
|
||||
typedef int (*virSecurityDomainSetImageLabel) (virConnectPtr conn,
|
||||
virDomainObjPtr vm,
|
||||
|
@ -378,6 +378,7 @@ err:
|
||||
|
||||
static int
|
||||
SELinuxRestoreSecurityImageLabel(virConnectPtr conn,
|
||||
virDomainObjPtr vm ATTRIBUTE_UNUSED,
|
||||
virDomainDiskDefPtr disk)
|
||||
{
|
||||
/* Don't restore labels on readoly/shared disks, because
|
||||
@ -608,7 +609,8 @@ SELinuxRestoreSecurityLabel(virConnectPtr conn,
|
||||
rc = -1;
|
||||
}
|
||||
for (i = 0 ; i < vm->def->ndisks ; i++) {
|
||||
if (SELinuxRestoreSecurityImageLabel(conn, vm->def->disks[i]) < 0)
|
||||
if (SELinuxRestoreSecurityImageLabel(conn, vm,
|
||||
vm->def->disks[i]) < 0)
|
||||
rc = -1;
|
||||
}
|
||||
VIR_FREE(secdef->model);
|
||||
|
Loading…
Reference in New Issue
Block a user