[PATCH 3/6] security: Relabel virtio-pmem
Just like with NVDIMM model, we have to relabel the path to
virtio-pmem so that QEMU can access it.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/security/security_apparmor.c | 2 +-
src/security/security_dac.c | 4 ++--
src/security/security_selinux.c | 4 ++--
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 1d828ce0d8..29f0956d22 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -683,6 +683,7 @@ AppArmorSetMemoryLabel(virSecurityManagerPtr mgr,
{
switch (mem->model) {
case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+ case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
if (!virFileExists(mem->nvdimmPath)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("%s: \'%s\' does not exist"),
@@ -690,7 +691,6 @@ AppArmorSetMemoryLabel(virSecurityManagerPtr mgr,
return -1;
}
return reload_profile(mgr, def, mem->nvdimmPath, true);
- case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
case VIR_DOMAIN_MEMORY_MODEL_NONE:
case VIR_DOMAIN_MEMORY_MODEL_DIMM:
case VIR_DOMAIN_MEMORY_MODEL_LAST:
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 0acdc2a52d..71d58758c4 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1889,10 +1889,10 @@ virSecurityDACRestoreMemoryLabel(virSecurityManagerPtr mgr,
switch (mem->model) {
case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+ case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
ret = virSecurityDACRestoreFileLabel(mgr, mem->nvdimmPath);
break;
- case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
case VIR_DOMAIN_MEMORY_MODEL_DIMM:
case VIR_DOMAIN_MEMORY_MODEL_LAST:
case VIR_DOMAIN_MEMORY_MODEL_NONE:
@@ -2063,6 +2063,7 @@ virSecurityDACSetMemoryLabel(virSecurityManagerPtr mgr,
switch (mem->model) {
case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+ case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
if (seclabel && !seclabel->relabel)
return 0;
@@ -2075,7 +2076,6 @@ virSecurityDACSetMemoryLabel(virSecurityManagerPtr mgr,
user, group, true);
break;
- case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
case VIR_DOMAIN_MEMORY_MODEL_DIMM:
case VIR_DOMAIN_MEMORY_MODEL_LAST:
case VIR_DOMAIN_MEMORY_MODEL_NONE:
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index bbffbccb17..3563dbfb86 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1572,6 +1572,7 @@ virSecuritySELinuxSetMemoryLabel(virSecurityManagerPtr mgr,
switch (mem->model) {
case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+ case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
if (!seclabel || !seclabel->relabel)
return 0;
@@ -1581,7 +1582,6 @@ virSecuritySELinuxSetMemoryLabel(virSecurityManagerPtr mgr,
return -1;
break;
- case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
case VIR_DOMAIN_MEMORY_MODEL_NONE:
case VIR_DOMAIN_MEMORY_MODEL_DIMM:
case VIR_DOMAIN_MEMORY_MODEL_LAST:
@@ -1602,6 +1602,7 @@ virSecuritySELinuxRestoreMemoryLabel(virSecurityManagerPtr mgr,
switch (mem->model) {
case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+ case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
if (!seclabel || !seclabel->relabel)
return 0;
@@ -1609,7 +1610,6 @@ virSecuritySELinuxRestoreMemoryLabel(virSecurityManagerPtr mgr,
ret = virSecuritySELinuxRestoreFileLabel(mgr, mem->nvdimmPath, true);
break;
- case VIR_DOMAIN_MEMORY_MODEL_VIRTIO_PMEM:
case VIR_DOMAIN_MEMORY_MODEL_DIMM:
case VIR_DOMAIN_MEMORY_MODEL_NONE:
case VIR_DOMAIN_MEMORY_MODEL_LAST:
--
2.26.2