Re: [libvirt] [PATCHv5 16/28] security: selinux: Implement per-image seclabel set
On 07/04/2014 05:29 AM, Peter Krempa wrote:
Refactor the code and reuse it to implement the functionality.
---
src/security/security_selinux.c | 91 ++++++++++++++++++++++++-----------------
1 file changed, 53 insertions(+), 38 deletions(-)
static int
virSecuritySELinuxSetSecurityDiskLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
virDomainDiskDefPtr disk)
{
- virSecuritySELinuxCallbackData cbdata;
- cbdata.manager = mgr;
- cbdata.secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+ bool first = true;
+ virStorageSourcePtr next;
- if (!cbdata.secdef || cbdata.secdef->norelabel)
- return 0;
+ for (next = disk->src; next; next = next->backingStore) {
+ if (virSecuritySELinuxSetSecurityImageLabelInternal(mgr, def, next,
+ first) < 0)
+ return -1;
Similar question to earlier patches about pre-existing design - if we
fail partway through, should we undo our earlier labels on the exit
path? But as before, that would be a separate patch (this one is
focusing on the refactor with no semantic change, while that patch would
be an intentional behavior change).
ACK.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 604 bytes)