diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c index 19085ecd37..2c33abb615 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -44,6 +44,7 @@ #include "viruuid.h" #include "virpci.h" #include "virusb.h" +#include "virscsivhost.h" #include "virfile.h" #include "configmake.h" #include "vircommand.h" @@ -357,6 +358,13 @@ AppArmorSetSecuritySCSILabel(virSCSIDevicePtr dev ATTRIBUTE_UNUSED, return AppArmorSetSecurityHostdevLabelHelper(file, opaque); } +static int +AppArmorSetSecurityHostLabel(virSCSIVHostDevicePtr dev ATTRIBUTE_UNUSED, + const char *file, void *opaque) +{ + return AppArmorSetSecurityHostdevLabelHelper(file, opaque); +} + /* Called on libvirtd startup to see if AppArmor is available */ static int AppArmorSecurityManagerProbe(const char *virtDriver ATTRIBUTE_UNUSED) @@ -831,6 +839,7 @@ AppArmorSetSecurityHostdevLabel(virSecurityManagerPtr mgr, virDomainHostdevSubsysUSBPtr usbsrc = &dev->source.subsys.u.usb; virDomainHostdevSubsysPCIPtr pcisrc = &dev->source.subsys.u.pci; virDomainHostdevSubsysSCSIPtr scsisrc = &dev->source.subsys.u.scsi; + virDomainHostdevSubsysSCSIVHostPtr hostsrc = &dev->source.subsys.u.scsi_host; if (!secdef) return -1; @@ -910,7 +919,16 @@ AppArmorSetSecurityHostdevLabel(virSecurityManagerPtr mgr, } case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI_HOST: { - /* Fall through for now */ + virSCSIVHostDevicePtr host = virSCSIVHostDeviceNew(hostsrc->wwpn); + + if (!host) + goto done; + + ret = virSCSIVHostDeviceFileIterate(host, + AppArmorSetSecurityHostLabel, + ptr); + virSCSIVHostDeviceFree(host); + break; } case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST: diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 2803962d8e..649219e527 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -36,6 +36,7 @@ #include "virpci.h" #include "virusb.h" #include "virscsi.h" +#include "virscsivhost.h" #include "virstoragefile.h" #include "virstring.h" #include "virutil.h" @@ -581,6 +582,15 @@ virSecurityDACSetSCSILabel(virSCSIDevicePtr dev ATTRIBUTE_UNUSED, } +static int +virSecurityDACSetHostLabel(virSCSIVHostDevicePtr dev ATTRIBUTE_UNUSED, + const char *file, + void *opaque) +{ + return virSecurityDACSetHostdevLabelHelper(file, opaque); +} + + static int virSecurityDACSetHostdevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, @@ -592,6 +602,7 @@ virSecurityDACSetHostdevLabel(virSecurityManagerPtr mgr, virDomainHostdevSubsysUSBPtr usbsrc = &dev->source.subsys.u.usb; virDomainHostdevSubsysPCIPtr pcisrc = &dev->source.subsys.u.pci; virDomainHostdevSubsysSCSIPtr scsisrc = &dev->source.subsys.u.scsi; + virDomainHostdevSubsysSCSIVHostPtr hostsrc = &dev->source.subsys.u.scsi_host; int ret = -1; if (!priv->dynamicOwnership) @@ -677,7 +688,16 @@ virSecurityDACSetHostdevLabel(virSecurityManagerPtr mgr, } case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI_HOST: { - /* Fall through for now */ + virSCSIVHostDevicePtr host = virSCSIVHostDeviceNew(hostsrc->wwpn); + + if (!host) + goto done; + + ret = virSCSIVHostDeviceFileIterate(host, + virSecurityDACSetHostLabel, + &cbdata); + virSCSIVHostDeviceFree(host); + break; } case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST: @@ -723,6 +743,17 @@ virSecurityDACRestoreSCSILabel(virSCSIDevicePtr dev ATTRIBUTE_UNUSED, } +static int +virSecurityDACRestoreHostLabel(virSCSIVHostDevicePtr dev ATTRIBUTE_UNUSED, + const char *file, + void *opaque) +{ + virSecurityManagerPtr mgr = opaque; + virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr); + return virSecurityDACRestoreFileLabel(priv, file); +} + + static int virSecurityDACRestoreHostdevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, @@ -735,6 +766,7 @@ virSecurityDACRestoreHostdevLabel(virSecurityManagerPtr mgr, virDomainHostdevSubsysUSBPtr usbsrc = &dev->source.subsys.u.usb; virDomainHostdevSubsysPCIPtr pcisrc = &dev->source.subsys.u.pci; virDomainHostdevSubsysSCSIPtr scsisrc = &dev->source.subsys.u.scsi; + virDomainHostdevSubsysSCSIVHostPtr hostsrc = &dev->source.subsys.u.scsi_host; int ret = -1; secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME); @@ -810,7 +842,17 @@ virSecurityDACRestoreHostdevLabel(virSecurityManagerPtr mgr, } case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI_HOST: { - /* Fall through for now */ + virSCSIVHostDevicePtr host = virSCSIVHostDeviceNew(hostsrc->wwpn); + + if (!host) + goto done; + + ret = virSCSIVHostDeviceFileIterate(host, + virSecurityDACRestoreHostLabel, + mgr); + virSCSIVHostDeviceFree(host); + + break; } case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST: diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 9870b41c12..1776a630ea 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -39,6 +39,7 @@ #include "virpci.h" #include "virusb.h" #include "virscsi.h" +#include "virscsivhost.h" #include "virstoragefile.h" #include "virfile.h" #include "virhash.h" @@ -1415,6 +1416,13 @@ virSecuritySELinuxSetSCSILabel(virSCSIDevicePtr dev, secdef->imagelabel); } +static int +virSecuritySELinuxSetHostLabel(virSCSIVHostDevicePtr dev ATTRIBUTE_UNUSED, + const char *file, void *opaque) +{ + return virSecuritySELinuxSetHostdevLabelHelper(file, opaque); +} + static int virSecuritySELinuxSetHostdevSubsysLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, @@ -1425,6 +1433,7 @@ virSecuritySELinuxSetHostdevSubsysLabel(virSecurityManagerPtr mgr, virDomainHostdevSubsysUSBPtr usbsrc = &dev->source.subsys.u.usb; virDomainHostdevSubsysPCIPtr pcisrc = &dev->source.subsys.u.pci; virDomainHostdevSubsysSCSIPtr scsisrc = &dev->source.subsys.u.scsi; + virDomainHostdevSubsysSCSIVHostPtr hostsrc = &dev->source.subsys.u.scsi_host; virSecuritySELinuxCallbackData data = {.mgr = mgr, .def = def}; int ret = -1; @@ -1499,7 +1508,16 @@ virSecuritySELinuxSetHostdevSubsysLabel(virSecurityManagerPtr mgr, } case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI_HOST: { - /* Fall through for now */ + virSCSIVHostDevicePtr host = virSCSIVHostDeviceNew(hostsrc->wwpn); + + if (!host) + goto done; + + ret = virSCSIVHostDeviceFileIterate(host, + virSecuritySELinuxSetHostLabel, + &data); + virSCSIVHostDeviceFree(host); + break; } case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST: @@ -1626,6 +1644,16 @@ virSecuritySELinuxRestoreSCSILabel(virSCSIDevicePtr dev, return virSecuritySELinuxRestoreFileLabel(mgr, file); } +static int +virSecuritySELinuxRestoreHostLabel(virSCSIVHostDevicePtr dev ATTRIBUTE_UNUSED, + const char *file, + void *opaque) +{ + virSecurityManagerPtr mgr = opaque; + + return virSecuritySELinuxRestoreFileLabel(mgr, file); +} + static int virSecuritySELinuxRestoreHostdevSubsysLabel(virSecurityManagerPtr mgr, virDomainHostdevDefPtr dev, @@ -1635,6 +1663,7 @@ virSecuritySELinuxRestoreHostdevSubsysLabel(virSecurityManagerPtr mgr, virDomainHostdevSubsysUSBPtr usbsrc = &dev->source.subsys.u.usb; virDomainHostdevSubsysPCIPtr pcisrc = &dev->source.subsys.u.pci; virDomainHostdevSubsysSCSIPtr scsisrc = &dev->source.subsys.u.scsi; + virDomainHostdevSubsysSCSIVHostPtr hostsrc = &dev->source.subsys.u.scsi_host; int ret = -1; /* Like virSecuritySELinuxRestoreImageLabelInt() for a networked @@ -1705,7 +1734,17 @@ virSecuritySELinuxRestoreHostdevSubsysLabel(virSecurityManagerPtr mgr, } case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI_HOST: { - /* Fall through for now */ + virSCSIVHostDevicePtr host = virSCSIVHostDeviceNew(hostsrc->wwpn); + + if (!host) + goto done; + + ret = virSCSIVHostDeviceFileIterate(host, + virSecuritySELinuxRestoreHostLabel, + mgr); + virSCSIVHostDeviceFree(host); + + break; } case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST: