[PATCH v2 02/10] security: add virSecurityManagerUpdateImageLabel
After migration, some labels of images need to be updated. So add
virSecurityManagerUpdateImageLabel to do it.
Signed-off-by: Peng Liang <liangpeng10(a)huawei.com>
---
src/libvirt_private.syms | 1 +
src/security/security_driver.h | 5 +++++
src/security/security_manager.c | 29 +++++++++++++++++++++++++++++
src/security/security_manager.h | 5 +++++
4 files changed, 40 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index fd0eea0777e2..ed750de262a1 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1720,6 +1720,7 @@ virSecurityManagerStackAddNested;
virSecurityManagerTransactionAbort;
virSecurityManagerTransactionCommit;
virSecurityManagerTransactionStart;
+virSecurityManagerUpdateImageLabel;
virSecurityManagerVerify;
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index a1fc23be383f..7c1e9a5a8596 100644
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -123,6 +123,10 @@ typedef int (*virSecurityDomainMoveImageMetadata) (virSecurityManager
*mgr,
pid_t pid,
virStorageSource *src,
virStorageSource *dst);
+typedef int (*virSecurityDomainUpdateImageLabel) (virSecurityManager *mgr,
+ virDomainDef *def,
+ virStorageSource *src,
+ virSecurityDomainImageLabelFlags
flags);
typedef int (*virSecurityDomainSetMemoryLabel) (virSecurityManager *mgr,
virDomainDef *def,
virDomainMemoryDef *mem);
@@ -186,6 +190,7 @@ struct _virSecurityDriver {
virSecurityDomainSetImageLabel domainSetSecurityImageLabel;
virSecurityDomainRestoreImageLabel domainRestoreSecurityImageLabel;
virSecurityDomainMoveImageMetadata domainMoveImageMetadata;
+ virSecurityDomainUpdateImageLabel domainUpdateSecurityImageLabel;
virSecurityDomainSetMemoryLabel domainSetSecurityMemoryLabel;
virSecurityDomainRestoreMemoryLabel domainRestoreSecurityMemoryLabel;
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index d8a03a19cb8b..bbdecbf41606 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -476,6 +476,35 @@ virSecurityManagerMoveImageMetadata(virSecurityManager *mgr,
}
+/**
+ * virSecurityManagerUpdateImageLabel:
+ * @mgr: security manager object
+ * @vm: domain definition object
+ * @src: disk source definition to operate on
+ * @flags: bitwise or of 'virSecurityDomainImageLabelFlags'
+ *
+ * Update security label from @src according to @flags.
+ *
+ * Returns: 0 on success, -1 on error.
+ */
+int
+virSecurityManagerUpdateImageLabel(virSecurityManager *mgr,
+ virDomainDef *vm,
+ virStorageSource *src,
+ virSecurityDomainImageLabelFlags flags)
+{
+ if (mgr->drv->domainUpdateSecurityImageLabel) {
+ int ret;
+ virObjectLock(mgr);
+ ret = mgr->drv->domainUpdateSecurityImageLabel(mgr, vm, src, flags);
+ virObjectUnlock(mgr);
+ return ret;
+ }
+
+ return 0;
+}
+
+
int
virSecurityManagerSetDaemonSocketLabel(virSecurityManager *mgr,
virDomainDef *vm)
diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index 59020b147527..365f18e2dcfd 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -175,6 +175,11 @@ int virSecurityManagerMoveImageMetadata(virSecurityManager *mgr,
pid_t pid,
virStorageSource *src,
virStorageSource *dst);
+int
+virSecurityManagerUpdateImageLabel(virSecurityManager *mgr,
+ virDomainDef *vm,
+ virStorageSource *src,
+ virSecurityDomainImageLabelFlags flags);
int virSecurityManagerSetMemoryLabel(virSecurityManager *mgr,
virDomainDef *vm,
--
2.31.1