4:36 a.m.
Even though the current use of the functions does not require full
implementation with transactions (none of the callers passes a path
somewhere under /dev), it doesn't hurt either. Moreover, in
future patches the paradigm is going to shift so that any API
that touches a file is required to use transactions.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_driver.c | 7 +++---
src/qemu/qemu_security.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++
src/qemu/qemu_security.h | 10 +++++++--
3 files changed, 67 insertions(+), 6 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 2f8d6915e1..6763c8cddc 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -4043,7 +4043,7 @@ qemuDomainScreenshot(virDomainPtr dom,
}
unlink_tmp = true;
- qemuSecuritySetSavedStateLabel(driver->securityManager, vm->def, tmp);
+ qemuSecuritySetSavedStateLabel(driver, vm, tmp);
qemuDomainObjEnterMonitor(driver, vm);
if (qemuMonitorScreendump(priv->mon, videoAlias, screen, tmp) < 0) {
@@ -6662,8 +6662,7 @@ qemuDomainSaveImageStartVM(virConnectPtr conn,
virObjectUnref(cookie);
virCommandFree(cmd);
VIR_FREE(errbuf);
- if (qemuSecurityRestoreSavedStateLabel(driver->securityManager,
- vm->def, path) < 0)
+ if (qemuSecurityRestoreSavedStateLabel(driver, vm, path) < 0)
VIR_WARN("failed to restore save state label on %s", path);
virObjectUnref(cfg);
return ret;
@@ -11828,7 +11827,7 @@ qemuDomainMemoryPeek(virDomainPtr dom,
goto endjob;
}
- qemuSecuritySetSavedStateLabel(driver->securityManager, vm->def, tmp);
+ qemuSecuritySetSavedStateLabel(driver, vm, tmp);
priv = vm->privateData;
qemuDomainObjEnterMonitor(driver, vm);
diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index 268def309a..c64fbdda38 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -523,3 +523,59 @@ qemuSecurityDomainSetPathLabel(virQEMUDriverPtr driver,
virSecurityManagerTransactionAbort(driver->securityManager);
return ret;
}
+
+
+int
+qemuSecuritySetSavedStateLabel(virQEMUDriverPtr driver,
+ virDomainObjPtr vm,
+ const char *savefile)
+{
+ int ret = -1;
+
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
+ virSecurityManagerTransactionStart(driver->securityManager) < 0)
+ goto cleanup;
+
+ if (virSecurityManagerSetSavedStateLabel(driver->securityManager,
+ vm->def,
+ savefile) < 0)
+ goto cleanup;
+
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
+ virSecurityManagerTransactionCommit(driver->securityManager,
+ vm->pid) < 0)
+ goto cleanup;
+
+ ret = 0;
+ cleanup:
+ virSecurityManagerTransactionAbort(driver->securityManager);
+ return ret;
+}
+
+
+int
+qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver,
+ virDomainObjPtr vm,
+ const char *savefile)
+{
+ int ret = -1;
+
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
+ virSecurityManagerTransactionStart(driver->securityManager) < 0)
+ goto cleanup;
+
+ if (virSecurityManagerRestoreSavedStateLabel(driver->securityManager,
+ vm->def,
+ savefile) < 0)
+ goto cleanup;
+
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&
+ virSecurityManagerTransactionCommit(driver->securityManager,
+ vm->pid) < 0)
+ goto cleanup;
+
+ ret = 0;
+ cleanup:
+ virSecurityManagerTransactionAbort(driver->securityManager);
+ return ret;
+}
diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
index fd11fbdd9d..c57774deba 100644
--- a/src/qemu/qemu_security.h
+++ b/src/qemu/qemu_security.h
@@ -100,6 +100,14 @@ int qemuSecurityDomainSetPathLabel(virQEMUDriverPtr driver,
const char *path,
bool allowSubtree);
+int qemuSecuritySetSavedStateLabel(virQEMUDriverPtr driver,
+ virDomainObjPtr vm,
+ const char *savefile);
+
+int qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver,
+ virDomainObjPtr vm,
+ const char *savefile);
+
/* Please note that for these APIs there is no wrapper yet. Do NOT blindly add
* new APIs here. If an API can touch a /dev file add a proper wrapper instead.
*/
@@ -119,11 +127,9 @@ int qemuSecurityDomainSetPathLabel(virQEMUDriverPtr driver,
# define qemuSecurityPreFork virSecurityManagerPreFork
# define qemuSecurityReleaseLabel virSecurityManagerReleaseLabel
# define qemuSecurityReserveLabel virSecurityManagerReserveLabel
-# define qemuSecurityRestoreSavedStateLabel virSecurityManagerRestoreSavedStateLabel
# define qemuSecuritySetChildProcessLabel virSecurityManagerSetChildProcessLabel
# define qemuSecuritySetDaemonSocketLabel virSecurityManagerSetDaemonSocketLabel
# define qemuSecuritySetImageFDLabel virSecurityManagerSetImageFDLabel
-# define qemuSecuritySetSavedStateLabel virSecurityManagerSetSavedStateLabel
# define qemuSecuritySetSocketLabel virSecurityManagerSetSocketLabel
# define qemuSecuritySetTapFDLabel virSecurityManagerSetTapFDLabel
# define qemuSecurityStackAddNested virSecurityManagerStackAddNested
--
2.16.4