[libvirt] [PATCH 3/7] security: Add virSecurityIsSpecifiedDriver

Wednesday, 12 January 2011

Signed-off-by: Cole Robinson <crobinso(a)redhat.com&gt;
---
 src/security/security_apparmor.c |    7 +------
 src/security/security_driver.c   |   19 +++++++++++++++++++
 src/security/security_driver.h   |    3 +++
 src/security/security_selinux.c  |   29 +++++------------------------
 4 files changed, 28 insertions(+), 30 deletions(-)

diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 42f812c..00e5a01 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -581,12 +581,7 @@ AppArmorSetSecurityProcessLabel(virSecurityManagerPtr mgr,
virDomainObjPtr vm)
     if ((profile_name = get_profile_name(vm)) == NULL)
         return rc;
 
-    if (STRNEQ(virSecurityManagerGetModel(mgr), secdef->model)) {
-        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
-                               _("security label driver mismatch: "
-                               "\'%s\' model configured for domain, but
"
-                               "hypervisor driver is \'%s\'."),
-                               secdef->model, virSecurityManagerGetModel(mgr));
+    if (!virSecurityIsSpecifiedDriver(mgr, vm->def)) {
         if (use_apparmor() > 0)
             goto clean;
     }
diff --git a/src/security/security_driver.c b/src/security/security_driver.c
index fd2c01a..5711aee 100644
--- a/src/security/security_driver.c
+++ b/src/security/security_driver.c
@@ -75,3 +75,22 @@ virSecurityDriverPtr virSecurityDriverLookup(const char *name)
 
     return drv;
 }
+
+bool
+virSecurityIsSpecifiedDriver(virSecurityManagerPtr mgr,
+                             virDomainDefPtr def)
+{
+    bool ret = true;
+
+    if (!STREQ(virSecurityManagerGetModel(mgr), def->seclabel.model)) {
+        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
+                               _("security label driver mismatch: "
+                                 "'%s' model configured for domain, but
"
+                                 "hypervisor driver is '%s'."),
+                               def->seclabel.model,
+                               virSecurityManagerGetModel(mgr));
+        ret = false;
+    }
+
+    return ret;
+}
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index e5a8d41..a0b15f4 100644
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -117,5 +117,8 @@ struct _virSecurityDriver {
 };
 
 virSecurityDriverPtr virSecurityDriverLookup(const char *name);
+bool virSecurityIsSpecifiedDriver(virSecurityManagerPtr mgr,
+                                  virDomainDefPtr def)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
 
 #endif /* __VIR_SECURITY_H__ */
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index f11e209..f3b76f9 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -866,12 +866,8 @@ SELinuxSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
                       virDomainDefPtr def)
 {
     const virSecurityLabelDefPtr secdef = &def->seclabel;
-    if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
-        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
-                               _("security label driver mismatch: "
-                                 "'%s' model configured for domain, but
"
-                                 "hypervisor driver is '%s'."),
-                               secdef->model, virSecurityManagerGetModel(mgr));
+
+    if (!virSecurityIsSpecifiedDriver(mgr, def)) {
         return -1;
     }
 
@@ -895,12 +891,7 @@ SELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr,
     if (vm->def->seclabel.label == NULL)
         return 0;
 
-    if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
-        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
-                               _("security label driver mismatch: "
-                                 "'%s' model configured for domain, but
"
-                                 "hypervisor driver is '%s'."),
-                               secdef->model, virSecurityManagerGetModel(mgr));
+    if (!virSecurityIsSpecifiedDriver(mgr, vm->def)) {
         if (security_getenforce() == 1)
             return -1;
     }
@@ -930,12 +921,7 @@ SELinuxSetSecuritySocketLabel(virSecurityManagerPtr mgr,
     if (vm->def->seclabel.label == NULL)
         return 0;
 
-    if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
-        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
-                               _("security label driver mismatch: "
-                                 "'%s' model configured for domain, but
"
-                                 "hypervisor driver is '%s'."),
-                               secdef->model, virSecurityManagerGetModel(mgr));
+    if (!virSecurityIsSpecifiedDriver(mgr, vm->def)) {
         goto done;
     }
 
@@ -997,12 +983,7 @@ SELinuxClearSecuritySocketLabel(virSecurityManagerPtr mgr,
     if (vm->def->seclabel.label == NULL)
         return 0;
 
-    if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
-        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
-                               _("security label driver mismatch: "
-                                 "'%s' model configured for domain, but
"
-                                 "hypervisor driver is '%s'."),
-                               secdef->model, virSecurityManagerGetModel(mgr));
+    if (!virSecurityIsSpecifiedDriver(mgr, vm->def)) {
         if (security_getenforce() == 1)
             return -1;
     }
-- 
1.7.3.2


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[libvirt] [PATCH 3/7] security: Add virSecurityIsSpecifiedDriver