On Wed, Sep 10, 2014 at 03:26:07PM +0200, Michal Privoznik wrote:
To keep original seclabel for files libvirt is touching we need a
single point where the original seclabels can be stored. Instead
of inventing a new one we can misuse virtlockd which already has
nearly all the infrastructure we need. As nice feature, it keeps
its internal state between virtlockd restarts. Again, it's
something we are going to need, as we don't want to lose the
original labels on the lock daemon restart.
In this commit two functions are introduced:
virLockManagerRememberSeclabel that takes three arguments:
path, model and seclabel
where @path is unique identifier for the file we are about to
label, @model and @seclabel then represents original seclabel.
virLockManagerRecallSeclabel then takes:
path, model, *seclabel
and returns number of references held on @path. If the return
value is zero, *seclabel contains the original label stored by
first call of RememberSeclabel(). If a positive value is
returned, other domains are still using the @path and the
original label shall not be restored.
+int virLockManagerRememberSeclabel(virLockManagerPtr lock,
+ const char *path,
+ const char *model,
+ const char *seclabel)
+{
+ VIR_DEBUG("lock=%p path=%s model=%s seclabel=%s",
+ lock, path, model, seclabel);
+
+ CHECK_MANAGER(drvRemember, -1);
+
+ return lock->driver->drvRemember(lock, path, model, seclabel);
+}
+
+int virLockManagerRecallSeclabel(virLockManagerPtr lock,
+ const char *path,
+ const char *model,
+ char **seclabel)
+{
+ VIR_DEBUG("lock=%p path=%s model=%s seclabel=%p",
+ lock, path, model, seclabel);
+
+ CHECK_MANAGER(drvRecall, -1);
I thin kwe should do
*seclabel = NULL;
to protect against drivers forgetting todo it
+
+ return lock->driver->drvRecall(lock, path, model, seclabel);
+}
Regards,
Daniel
--
|:
http://berrange.com -o-
http://www.flickr.com/photos/dberrange/ :|
|:
http://libvirt.org -o-
http://virt-manager.org :|
|:
http://autobuild.org -o-
http://search.cpan.org/~danberr/ :|
|:
http://entangle-photo.org -o-
http://live.gnome.org/gtk-vnc :|