10:06 a.m.
These APIs will be used whenever we are hot (un-)plugging a
memdev.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/libvirt_private.syms | 2 ++
src/security/security_driver.h | 9 +++++++
src/security/security_manager.c | 56 +++++++++++++++++++++++++++++++++++++++++
src/security/security_manager.h | 7 ++++++
src/security/security_stack.c | 38 ++++++++++++++++++++++++++++
5 files changed, 112 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 6c89d44e2..681414266 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1180,6 +1180,7 @@ virSecurityManagerRestoreAllLabel;
virSecurityManagerRestoreDiskLabel;
virSecurityManagerRestoreHostdevLabel;
virSecurityManagerRestoreImageLabel;
+virSecurityManagerRestoreMemoryLabel;
virSecurityManagerRestoreSavedStateLabel;
virSecurityManagerSetAllLabel;
virSecurityManagerSetChildProcessLabel;
@@ -1188,6 +1189,7 @@ virSecurityManagerSetDiskLabel;
virSecurityManagerSetHostdevLabel;
virSecurityManagerSetImageFDLabel;
virSecurityManagerSetImageLabel;
+virSecurityManagerSetMemoryLabel;
virSecurityManagerSetProcessLabel;
virSecurityManagerSetSavedStateLabel;
virSecurityManagerSetSocketLabel;
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index fa65eb359..0f5cce5f8 100644
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -123,6 +123,12 @@ typedef int (*virSecurityDomainSetImageLabel) (virSecurityManagerPtr
mgr,
typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
virStorageSourcePtr src);
+typedef int (*virSecurityDomainSetMemoryLabel) (virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virDomainMemoryDefPtr mem);
+typedef int (*virSecurityDomainRestoreMemoryLabel) (virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virDomainMemoryDefPtr mem);
typedef int (*virSecurityDomainSetPathLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
const char *path);
@@ -152,6 +158,9 @@ struct _virSecurityDriver {
virSecurityDomainSetImageLabel domainSetSecurityImageLabel;
virSecurityDomainRestoreImageLabel domainRestoreSecurityImageLabel;
+ virSecurityDomainSetMemoryLabel domainSetSecurityMemoryLabel;
+ virSecurityDomainRestoreMemoryLabel domainRestoreSecurityMemoryLabel;
+
virSecurityDomainSetDaemonSocketLabel domainSetSecurityDaemonSocketLabel;
virSecurityDomainSetSocketLabel domainSetSecuritySocketLabel;
virSecurityDomainClearSocketLabel domainClearSecuritySocketLabel;
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index d8c6facc8..6c777db1e 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -1052,3 +1052,59 @@ virSecurityManagerDomainSetPathLabel(virSecurityManagerPtr mgr,
return 0;
}
+
+
+/**
+ * virSecurityManagerSetMemoryLabel:
+ * @mgr: security manager object
+ * @vm: domain definition object
+ * @mem: memory module to operate on
+ *
+ * Labels the host part of a memory module.
+ *
+ * Returns: 0 on success, -1 on error.
+ */
+int
+virSecurityManagerSetMemoryLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ virDomainMemoryDefPtr mem)
+{
+ if (mgr->drv->domainSetSecurityMemoryLabel) {
+ int ret;
+ virObjectLock(mgr);
+ ret = mgr->drv->domainSetSecurityMemoryLabel(mgr, vm, mem);
+ virObjectUnlock(mgr);
+ return ret;
+ }
+
+ virReportUnsupportedError();
+ return -1;
+}
+
+
+/**
+ * virSecurityManagerRestoreMemoryLabel:
+ * @mgr: security manager object
+ * @vm: domain definition object
+ * @mem: memory module to operate on
+ *
+ * Removes security label from the host part of a memory module.
+ *
+ * Returns: 0 on success, -1 on error.
+ */
+int
+virSecurityManagerRestoreMemoryLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ virDomainMemoryDefPtr mem)
+{
+ if (mgr->drv->domainRestoreSecurityMemoryLabel) {
+ int ret;
+ virObjectLock(mgr);
+ ret = mgr->drv->domainRestoreSecurityMemoryLabel(mgr, vm, mem);
+ virObjectUnlock(mgr);
+ return ret;
+ }
+
+ virReportUnsupportedError();
+ return -1;
+}
diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index bae8493ee..238e66cd0 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -162,6 +162,13 @@ int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
virStorageSourcePtr src);
+int virSecurityManagerSetMemoryLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ virDomainMemoryDefPtr mem);
+int virSecurityManagerRestoreMemoryLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ virDomainMemoryDefPtr mem);
+
int virSecurityManagerDomainSetPathLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
const char *path);
diff --git a/src/security/security_stack.c b/src/security/security_stack.c
index 6056ae321..b02ee18a8 100644
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -627,6 +627,41 @@ virSecurityStackRestoreImageLabel(virSecurityManagerPtr mgr,
return rc;
}
+static int
+virSecurityStackSetMemoryLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ virDomainMemoryDefPtr mem)
+{
+ virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+ virSecurityStackItemPtr item = priv->itemsHead;
+ int rc = 0;
+
+ for (; item; item = item->next) {
+ if (virSecurityManagerSetMemoryLabel(item->securityManager, vm, mem) < 0)
+ rc = -1;
+ }
+
+ return rc;
+}
+
+static int
+virSecurityStackRestoreMemoryLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ virDomainMemoryDefPtr mem)
+{
+ virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+ virSecurityStackItemPtr item = priv->itemsHead;
+ int rc = 0;
+
+ for (; item; item = item->next) {
+ if (virSecurityManagerRestoreMemoryLabel(item->securityManager,
+ vm, mem) < 0)
+ rc = -1;
+ }
+
+ return rc;
+}
+
static int
virSecurityStackDomainSetPathLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
@@ -669,6 +704,9 @@ virSecurityDriver virSecurityDriverStack = {
.domainSetSecurityImageLabel = virSecurityStackSetImageLabel,
.domainRestoreSecurityImageLabel = virSecurityStackRestoreImageLabel,
+ .domainSetSecurityMemoryLabel = virSecurityStackSetMemoryLabel,
+ .domainRestoreSecurityMemoryLabel = virSecurityStackRestoreMemoryLabel,
+
.domainSetSecurityDaemonSocketLabel = virSecurityStackSetDaemonSocketLabel,
.domainSetSecuritySocketLabel = virSecurityStackSetSocketLabel,
.domainClearSecuritySocketLabel = virSecurityStackClearSocketLabel,
--
2.11.0