security: Add virSecurityDomainSetDirLabel

That function can be used for setting security labels on arbitrary directories. Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2025-03-20 06:50:22 +03:00 · 2015-08-17 10:43:43 -07:00 · 2015-08-17 10:43:43 -07:00 · f65a2a12f4
commit f65a2a12f4
parent 7b6953bc22
4 changed files with 27 additions and 0 deletions
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@ -1026,6 +1026,7 @@ virSecurityDriverLookup;
 # security/security_manager.h
 virSecurityManagerCheckAllLabel;
 virSecurityManagerClearSocketLabel;
+virSecurityManagerDomainSetDirLabel;
 virSecurityManagerGenLabel;
 virSecurityManagerGetBaseLabel;
 virSecurityManagerGetDOI;
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@ -118,6 +118,9 @@ typedef int (*virSecurityDomainSetImageLabel) (virSecurityManagerPtr mgr,
 typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManagerPtr mgr,
                                                   virDomainDefPtr def,
                                                   virStorageSourcePtr src);
+typedef int (*virSecurityDomainSetDirLabel) (virSecurityManagerPtr mgr,
+                                             virDomainDefPtr def,
+                                             const char *path);


 struct _virSecurityDriver {
@ -168,6 +171,8 @@ struct _virSecurityDriver {
    virSecurityDomainSetHugepages domainSetSecurityHugepages;

    virSecurityDriverGetBaseLabel getBaseLabel;
+
+    virSecurityDomainSetDirLabel domainSetDirLabel;
 };

 virSecurityDriverPtr virSecurityDriverLookup(const char *name,
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@ -991,3 +991,20 @@ virSecurityManagerSetHugepages(virSecurityManagerPtr mgr,

    return 0;
 }
+
+
+int
+virSecurityManagerDomainSetDirLabel(virSecurityManagerPtr mgr,
+                                    virDomainDefPtr vm,
+                                    const char *path)
+{
+    if (mgr->drv->domainSetDirLabel) {
+        int ret;
+        virObjectLock(mgr);
+        ret = mgr->drv->domainSetDirLabel(mgr, vm, path);
+        virObjectUnlock(mgr);
+        return ret;
+    }
+
+    return 0;
+}
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@ -150,4 +150,8 @@ int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
                                        virDomainDefPtr vm,
                                        virStorageSourcePtr src);

+int virSecurityManagerDomainSetDirLabel(virSecurityManagerPtr mgr,
+                                        virDomainDefPtr vm,
+                                        const char *path);
+
 #endif /* VIR_SECURITY_MANAGER_H__ */