From: "Daniel P. Berrange" <berrange(a)redhat.com>
The function names in the SELinux driver all start with
SELinux or 'mcs' as a prefix. Sanitize this so that they
all use 'virSecuritySELinux' as the prefix
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
src/security/security_selinux.c | 394 ++++++++++++++++++++-------------------
1 file changed, 198 insertions(+), 196 deletions(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index ffa65fb..7ded0a8 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -64,16 +64,18 @@ struct _virSecuritySELinuxCallbackData {
The data struct of used mcs should be replaced with a better data structure in the
future
*/
-struct MCS {
+typedef struct virSecuritySELinuxMCS virSecuritySELinuxMCS;
+typedef virSecuritySELinuxMCS *virSecuritySELinuxMCSPtr;
+struct virSecuritySELinuxMCS {
char *mcs;
- struct MCS *next;
+ virSecuritySELinuxMCSPtr next;
};
-static struct MCS *mcsList = NULL;
+static virSecuritySELinuxMCSPtr mcsList = NULL;
static int
-mcsAdd(const char *mcs)
+virSecuritySELinuxMCSAdd(const char *mcs)
{
- struct MCS *ptr;
+ virSecuritySELinuxMCSPtr ptr;
for (ptr = mcsList; ptr; ptr = ptr->next) {
if (STREQ(ptr->mcs, mcs))
@@ -88,10 +90,10 @@ mcsAdd(const char *mcs)
}
static int
-mcsRemove(const char *mcs)
+virSecuritySELinuxMCSRemove(const char *mcs)
{
- struct MCS *prevptr = NULL;
- struct MCS *ptr = NULL;
+ virSecuritySELinuxMCSPtr prevptr = NULL;
+ virSecuritySELinuxMCSPtr ptr = NULL;
for (ptr = mcsList; ptr; ptr = ptr->next) {
if (STREQ(ptr->mcs, mcs)) {
@@ -110,7 +112,7 @@ mcsRemove(const char *mcs)
}
static char *
-SELinuxGenNewContext(const char *oldcontext, const char *mcs)
+virSecuritySELinuxGenNewContext(const char *oldcontext, const char *mcs)
{
char *newcontext = NULL;
char *scontext = strdup(oldcontext);
@@ -129,7 +131,7 @@ err:
#ifdef HAVE_SELINUX_LXC_CONTEXTS_PATH
static int
-SELinuxLXCInitialize(virSecurityManagerPtr mgr)
+virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr)
{
virConfValuePtr scon = NULL;
virConfValuePtr tcon = NULL;
@@ -192,7 +194,7 @@ error:
}
#else
static int
-SELinuxLXCInitialize(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
+virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
{
virReportSystemError(ENOSYS, "%s",
_("libselinux does not support LXC contexts path"));
@@ -202,7 +204,7 @@ SELinuxLXCInitialize(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
static int
-SELinuxQEMUInitialize(virSecurityManagerPtr mgr)
+virSecuritySELinuxQEMUInitialize(virSecurityManagerPtr mgr)
{
char *ptr;
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
@@ -249,20 +251,20 @@ error:
static int
-SELinuxInitialize(virSecurityManagerPtr mgr)
+virSecuritySELinuxInitialize(virSecurityManagerPtr mgr)
{
VIR_DEBUG("SELinuxInitialize %s", virSecurityManagerGetDriver(mgr));
if (STREQ(virSecurityManagerGetDriver(mgr), "LXC")) {
- return SELinuxLXCInitialize(mgr);
+ return virSecuritySELinuxLXCInitialize(mgr);
} else {
- return SELinuxQEMUInitialize(mgr);
+ return virSecuritySELinuxQEMUInitialize(mgr);
}
}
static int
-SELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def)
+virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def)
{
int rc = -1;
char *mcs = NULL;
@@ -273,7 +275,7 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
const char *range;
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
- VIR_DEBUG("SELinuxGenSecurityLabel %s", virSecurityManagerGetDriver(mgr));
+ VIR_DEBUG("driver=%s", virSecurityManagerGetDriver(mgr));
if ((def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) &&
!def->seclabel.baselabel &&
def->seclabel.model) {
@@ -303,7 +305,7 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
return rc;
}
- VIR_DEBUG("SELinuxGenSecurityLabel %d", def->seclabel.type);
+ VIR_DEBUG("type=%d", def->seclabel.type);
switch (def->seclabel.type) {
case VIR_DOMAIN_SECLABEL_STATIC:
@@ -343,12 +345,12 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
goto cleanup;
}
}
- } while (mcsAdd(mcs) == -1);
+ } while (virSecuritySELinuxMCSAdd(mcs) == -1);
def->seclabel.label =
- SELinuxGenNewContext(def->seclabel.baselabel ?
- def->seclabel.baselabel :
- data->domain_context, mcs);
+ virSecuritySELinuxGenNewContext(def->seclabel.baselabel ?
+ def->seclabel.baselabel :
+ data->domain_context, mcs);
if (! def->seclabel.label) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot generate selinux context for %s"),
mcs);
@@ -368,7 +370,7 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
}
if (!def->seclabel.norelabel) {
- def->seclabel.imagelabel = SELinuxGenNewContext(data->file_context, mcs);
+ def->seclabel.imagelabel =
virSecuritySELinuxGenNewContext(data->file_context, mcs);
if (!def->seclabel.imagelabel) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
_("cannot generate selinux context for %s"),
mcs);
@@ -409,9 +411,9 @@ cleanup:
}
static int
-SELinuxReserveSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainDefPtr def,
- pid_t pid)
+virSecuritySELinuxReserveSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+ virDomainDefPtr def,
+ pid_t pid)
{
security_context_t pctx;
context_t ctx = NULL;
@@ -435,7 +437,7 @@ SELinuxReserveSecurityLabel(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
if (!mcs)
goto err;
- mcsAdd(mcs);
+ virSecuritySELinuxMCSAdd(mcs);
context_free(ctx);
@@ -448,7 +450,7 @@ err:
static int
-SELinuxSecurityDriverProbe(const char *virtDriver)
+virSecuritySELinuxSecurityDriverProbe(const char *virtDriver)
{
if (!is_selinux_enabled())
return SECURITY_DRIVER_DISABLE;
@@ -465,14 +467,14 @@ SELinuxSecurityDriverProbe(const char *virtDriver)
static int
-SELinuxSecurityDriverOpen(virSecurityManagerPtr mgr)
+virSecuritySELinuxSecurityDriverOpen(virSecurityManagerPtr mgr)
{
- return SELinuxInitialize(mgr);
+ return virSecuritySELinuxInitialize(mgr);
}
static int
-SELinuxSecurityDriverClose(virSecurityManagerPtr mgr)
+virSecuritySELinuxSecurityDriverClose(virSecurityManagerPtr mgr)
{
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
@@ -487,12 +489,12 @@ SELinuxSecurityDriverClose(virSecurityManagerPtr mgr)
}
-static const char *SELinuxSecurityGetModel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
+static const char *virSecuritySELinuxSecurityGetModel(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED)
{
return SECURITY_SELINUX_NAME;
}
-static const char *SELinuxSecurityGetDOI(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED)
+static const char *virSecuritySELinuxSecurityGetDOI(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED)
{
/*
* Where will the DOI come from? SELinux configuration, or qemu
@@ -502,10 +504,10 @@ static const char *SELinuxSecurityGetDOI(virSecurityManagerPtr mgr
ATTRIBUTE_UNU
}
static int
-SELinuxGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainDefPtr def ATTRIBUTE_UNUSED,
- pid_t pid,
- virSecurityLabelPtr sec)
+virSecuritySELinuxGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
+ pid_t pid,
+ virSecurityLabelPtr sec)
{
security_context_t ctx;
@@ -528,7 +530,7 @@ SELinuxGetSecurityProcessLabel(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
strcpy(sec->label, (char *) ctx);
freecon(ctx);
- VIR_DEBUG("SELinuxGetSecurityProcessLabel %s", sec->label);
+ VIR_DEBUG("label=%s", sec->label);
sec->enforcing = security_getenforce();
if (sec->enforcing == -1) {
virReportSystemError(errno, "%s",
@@ -543,7 +545,7 @@ SELinuxGetSecurityProcessLabel(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
* return 1 if labelling was not possible. Otherwise, require a label
* change, and return 0 for success, -1 for failure. */
static int
-SELinuxSetFileconHelper(const char *path, char *tcon, bool optional)
+virSecuritySELinuxSetFileconHelper(const char *path, char *tcon, bool optional)
{
security_context_t econ;
@@ -596,19 +598,19 @@ SELinuxSetFileconHelper(const char *path, char *tcon, bool
optional)
}
static int
-SELinuxSetFileconOptional(const char *path, char *tcon)
+virSecuritySELinuxSetFileconOptional(const char *path, char *tcon)
{
- return SELinuxSetFileconHelper(path, tcon, true);
+ return virSecuritySELinuxSetFileconHelper(path, tcon, true);
}
static int
-SELinuxSetFilecon(const char *path, char *tcon)
+virSecuritySELinuxSetFilecon(const char *path, char *tcon)
{
- return SELinuxSetFileconHelper(path, tcon, false);
+ return virSecuritySELinuxSetFileconHelper(path, tcon, false);
}
static int
-SELinuxFSetFilecon(int fd, char *tcon)
+virSecuritySELinuxFSetFilecon(int fd, char *tcon)
{
security_context_t econ;
@@ -669,7 +671,7 @@ getContext(const char *newpath, mode_t mode, security_context_t
*fcon)
/* This method shouldn't raise errors, since they'll overwrite
* errors that the caller(s) are already dealing with */
static int
-SELinuxRestoreSecurityFileLabel(const char *path)
+virSecuritySELinuxRestoreSecurityFileLabel(const char *path)
{
struct stat buf;
security_context_t fcon = NULL;
@@ -694,7 +696,7 @@ SELinuxRestoreSecurityFileLabel(const char *path)
if (getContext(newpath, buf.st_mode, &fcon) < 0) {
VIR_WARN("cannot lookup default selinux label for %s", newpath);
} else {
- rc = SELinuxSetFilecon(newpath, fcon);
+ rc = virSecuritySELinuxSetFilecon(newpath, fcon);
}
err:
@@ -704,10 +706,10 @@ err:
}
static int
-SELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainDefPtr def,
- virDomainDiskDefPtr disk,
- int migrated)
+virSecuritySELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
+ virDomainDefPtr def,
+ virDomainDiskDefPtr disk,
+ int migrated)
{
const virSecurityLabelDefPtr secdef = &def->seclabel;
@@ -744,24 +746,24 @@ SELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
}
}
- return SELinuxRestoreSecurityFileLabel(disk->src);
+ return virSecuritySELinuxRestoreSecurityFileLabel(disk->src);
}
static int
-SELinuxRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def,
- virDomainDiskDefPtr disk)
+virSecuritySELinuxRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virDomainDiskDefPtr disk)
{
- return SELinuxRestoreSecurityImageLabelInt(mgr, def, disk, 0);
+ return virSecuritySELinuxRestoreSecurityImageLabelInt(mgr, def, disk, 0);
}
static int
-SELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
- const char *path,
- size_t depth,
- void *opaque)
+virSecuritySELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
+ const char *path,
+ size_t depth,
+ void *opaque)
{
virSecuritySELinuxCallbackDataPtr cbdata = opaque;
const virSecurityLabelDefPtr secdef = cbdata->secdef;
@@ -773,20 +775,20 @@ SELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
if (disk->seclabel && !disk->seclabel->norelabel &&
disk->seclabel->label) {
- ret = SELinuxSetFilecon(path, disk->seclabel->label);
+ ret = virSecuritySELinuxSetFilecon(path, disk->seclabel->label);
} else if (depth == 0) {
if (disk->shared) {
- ret = SELinuxSetFileconOptional(path, data->file_context);
+ ret = virSecuritySELinuxSetFileconOptional(path, data->file_context);
} else if (disk->readonly) {
- ret = SELinuxSetFileconOptional(path, data->content_context);
+ ret = virSecuritySELinuxSetFileconOptional(path, data->content_context);
} else if (secdef->imagelabel) {
- ret = SELinuxSetFileconOptional(path, secdef->imagelabel);
+ ret = virSecuritySELinuxSetFileconOptional(path, secdef->imagelabel);
} else {
ret = 0;
}
} else {
- ret = SELinuxSetFileconOptional(path, data->content_context);
+ ret = virSecuritySELinuxSetFileconOptional(path, data->content_context);
}
if (ret == 1 && !disk->seclabel) {
/* If we failed to set a label, but virt_use_nfs let us
@@ -802,9 +804,9 @@ SELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
}
static int
-SELinuxSetSecurityImageLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def,
- virDomainDiskDefPtr disk)
+virSecuritySELinuxSetSecurityImageLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virDomainDiskDefPtr disk)
{
virSecuritySELinuxCallbackData cbdata;
@@ -829,35 +831,35 @@ SELinuxSetSecurityImageLabel(virSecurityManagerPtr mgr,
allowDiskFormatProbing,
true,
-1, -1, /* current process uid:gid */
- SELinuxSetSecurityFileLabel,
+ virSecuritySELinuxSetSecurityFileLabel,
&cbdata);
}
static int
-SELinuxSetSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED,
- const char *file, void *opaque)
+virSecuritySELinuxSetSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED,
+ const char *file, void *opaque)
{
virDomainDefPtr def = opaque;
const virSecurityLabelDefPtr secdef = &def->seclabel;
- return SELinuxSetFilecon(file, secdef->imagelabel);
+ return virSecuritySELinuxSetFilecon(file, secdef->imagelabel);
}
static int
-SELinuxSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
- const char *file, void *opaque)
+virSecuritySELinuxSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
+ const char *file, void *opaque)
{
virDomainDefPtr def = opaque;
const virSecurityLabelDefPtr secdef = &def->seclabel;
- return SELinuxSetFilecon(file, secdef->imagelabel);
+ return virSecuritySELinuxSetFilecon(file, secdef->imagelabel);
}
static int
-SELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainDefPtr def,
- virDomainHostdevDefPtr dev)
+virSecuritySELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+ virDomainDefPtr def,
+ virDomainHostdevDefPtr dev)
{
const virSecurityLabelDefPtr secdef = &def->seclabel;
@@ -877,7 +879,7 @@ SELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
if (!usb)
goto done;
- ret = usbDeviceFileIterate(usb, SELinuxSetSecurityUSBLabel, def);
+ ret = usbDeviceFileIterate(usb, virSecuritySELinuxSetSecurityUSBLabel, def);
usbFreeDevice(usb);
break;
}
@@ -891,7 +893,7 @@ SELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
if (!pci)
goto done;
- ret = pciDeviceFileIterate(pci, SELinuxSetSecurityPCILabel, def);
+ ret = pciDeviceFileIterate(pci, virSecuritySELinuxSetSecurityPCILabel, def);
pciFreeDevice(pci);
break;
@@ -908,25 +910,25 @@ done:
static int
-SELinuxRestoreSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED,
- const char *file,
- void *opaque ATTRIBUTE_UNUSED)
+virSecuritySELinuxRestoreSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED,
+ const char *file,
+ void *opaque ATTRIBUTE_UNUSED)
{
- return SELinuxRestoreSecurityFileLabel(file);
+ return virSecuritySELinuxRestoreSecurityFileLabel(file);
}
static int
-SELinuxRestoreSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
- const char *file,
- void *opaque ATTRIBUTE_UNUSED)
+virSecuritySELinuxRestoreSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
+ const char *file,
+ void *opaque ATTRIBUTE_UNUSED)
{
- return SELinuxRestoreSecurityFileLabel(file);
+ return virSecuritySELinuxRestoreSecurityFileLabel(file);
}
static int
-SELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainDefPtr def,
- virDomainHostdevDefPtr dev)
+virSecuritySELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
+ virDomainDefPtr def,
+ virDomainHostdevDefPtr dev)
{
const virSecurityLabelDefPtr secdef = &def->seclabel;
@@ -946,7 +948,7 @@ SELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
if (!usb)
goto done;
- ret = usbDeviceFileIterate(usb, SELinuxRestoreSecurityUSBLabel, NULL);
+ ret = usbDeviceFileIterate(usb, virSecuritySELinuxRestoreSecurityUSBLabel,
NULL);
usbFreeDevice(usb);
break;
@@ -961,7 +963,7 @@ SELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
if (!pci)
goto done;
- ret = pciDeviceFileIterate(pci, SELinuxRestoreSecurityPCILabel, NULL);
+ ret = pciDeviceFileIterate(pci, virSecuritySELinuxRestoreSecurityPCILabel,
NULL);
pciFreeDevice(pci);
break;
@@ -978,8 +980,8 @@ done:
static int
-SELinuxSetSecurityChardevLabel(virDomainDefPtr def,
- virDomainChrSourceDefPtr dev)
+virSecuritySELinuxSetSecurityChardevLabel(virDomainDefPtr def,
+ virDomainChrSourceDefPtr dev)
{
const virSecurityLabelDefPtr secdef = &def->seclabel;
@@ -992,7 +994,7 @@ SELinuxSetSecurityChardevLabel(virDomainDefPtr def,
switch (dev->type) {
case VIR_DOMAIN_CHR_TYPE_DEV:
case VIR_DOMAIN_CHR_TYPE_FILE:
- ret = SELinuxSetFilecon(dev->data.file.path, secdef->imagelabel);
+ ret = virSecuritySELinuxSetFilecon(dev->data.file.path,
secdef->imagelabel);
break;
case VIR_DOMAIN_CHR_TYPE_PIPE:
@@ -1002,11 +1004,11 @@ SELinuxSetSecurityChardevLabel(virDomainDefPtr def,
goto done;
}
if (virFileExists(in) && virFileExists(out)) {
- if ((SELinuxSetFilecon(in, secdef->imagelabel) < 0) ||
- (SELinuxSetFilecon(out, secdef->imagelabel) < 0)) {
+ if ((virSecuritySELinuxSetFilecon(in, secdef->imagelabel) < 0) ||
+ (virSecuritySELinuxSetFilecon(out, secdef->imagelabel) < 0)) {
goto done;
}
- } else if (SELinuxSetFilecon(dev->data.file.path, secdef->imagelabel) <
0) {
+ } else if (virSecuritySELinuxSetFilecon(dev->data.file.path,
secdef->imagelabel) < 0) {
goto done;
}
ret = 0;
@@ -1024,8 +1026,8 @@ done:
}
static int
-SELinuxRestoreSecurityChardevLabel(virDomainDefPtr def,
- virDomainChrSourceDefPtr dev)
+virSecuritySELinuxRestoreSecurityChardevLabel(virDomainDefPtr def,
+ virDomainChrSourceDefPtr dev)
{
const virSecurityLabelDefPtr secdef = &def->seclabel;
@@ -1038,7 +1040,7 @@ SELinuxRestoreSecurityChardevLabel(virDomainDefPtr def,
switch (dev->type) {
case VIR_DOMAIN_CHR_TYPE_DEV:
case VIR_DOMAIN_CHR_TYPE_FILE:
- if (SELinuxRestoreSecurityFileLabel(dev->data.file.path) < 0)
+ if (virSecuritySELinuxRestoreSecurityFileLabel(dev->data.file.path) < 0)
goto done;
ret = 0;
break;
@@ -1049,11 +1051,11 @@ SELinuxRestoreSecurityChardevLabel(virDomainDefPtr def,
goto done;
}
if (virFileExists(in) && virFileExists(out)) {
- if ((SELinuxRestoreSecurityFileLabel(out) < 0) ||
- (SELinuxRestoreSecurityFileLabel(in) < 0)) {
+ if ((virSecuritySELinuxRestoreSecurityFileLabel(out) < 0) ||
+ (virSecuritySELinuxRestoreSecurityFileLabel(in) < 0)) {
goto done;
}
- } else if (SELinuxRestoreSecurityFileLabel(dev->data.file.path) < 0) {
+ } else if (virSecuritySELinuxRestoreSecurityFileLabel(dev->data.file.path)
< 0) {
goto done;
}
ret = 0;
@@ -1072,23 +1074,23 @@ done:
static int
-SELinuxRestoreSecurityChardevCallback(virDomainDefPtr def,
- virDomainChrDefPtr dev,
- void *opaque ATTRIBUTE_UNUSED)
+virSecuritySELinuxRestoreSecurityChardevCallback(virDomainDefPtr def,
+ virDomainChrDefPtr dev,
+ void *opaque ATTRIBUTE_UNUSED)
{
/* This is taken care of by processing of def->serials */
if (dev->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CONSOLE &&
dev->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL)
return 0;
- return SELinuxRestoreSecurityChardevLabel(def, &dev->source);
+ return virSecuritySELinuxRestoreSecurityChardevLabel(def, &dev->source);
}
static int
-SELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def,
- virDomainSmartcardDefPtr dev,
- void *opaque ATTRIBUTE_UNUSED)
+virSecuritySELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def,
+ virDomainSmartcardDefPtr dev,
+ void *opaque ATTRIBUTE_UNUSED)
{
const char *database;
@@ -1100,10 +1102,10 @@ SELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def,
database = dev->data.cert.database;
if (!database)
database = VIR_DOMAIN_SMARTCARD_DEFAULT_DATABASE;
- return SELinuxRestoreSecurityFileLabel(database);
+ return virSecuritySELinuxRestoreSecurityFileLabel(database);
case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH:
- return SELinuxRestoreSecurityChardevLabel(def, &dev->data.passthru);
+ return virSecuritySELinuxRestoreSecurityChardevLabel(def,
&dev->data.passthru);
default:
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
@@ -1117,9 +1119,9 @@ SELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def,
static int
-SELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainDefPtr def,
- int migrated ATTRIBUTE_UNUSED)
+virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+ virDomainDefPtr def,
+ int migrated ATTRIBUTE_UNUSED)
{
const virSecurityLabelDefPtr secdef = &def->seclabel;
int i;
@@ -1131,45 +1133,45 @@ SELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
return 0;
for (i = 0 ; i < def->nhostdevs ; i++) {
- if (SELinuxRestoreSecurityHostdevLabel(mgr,
- def,
- def->hostdevs[i]) < 0)
+ if (virSecuritySELinuxRestoreSecurityHostdevLabel(mgr,
+ def,
+ def->hostdevs[i]) < 0)
rc = -1;
}
for (i = 0 ; i < def->ndisks ; i++) {
- if (SELinuxRestoreSecurityImageLabelInt(mgr,
- def,
- def->disks[i],
- migrated) < 0)
+ if (virSecuritySELinuxRestoreSecurityImageLabelInt(mgr,
+ def,
+ def->disks[i],
+ migrated) < 0)
rc = -1;
}
if (virDomainChrDefForeach(def,
false,
- SELinuxRestoreSecurityChardevCallback,
+ virSecuritySELinuxRestoreSecurityChardevCallback,
NULL) < 0)
rc = -1;
if (virDomainSmartcardDefForeach(def,
false,
- SELinuxRestoreSecuritySmartcardCallback,
+ virSecuritySELinuxRestoreSecuritySmartcardCallback,
NULL) < 0)
rc = -1;
if (def->os.kernel &&
- SELinuxRestoreSecurityFileLabel(def->os.kernel) < 0)
+ virSecuritySELinuxRestoreSecurityFileLabel(def->os.kernel) < 0)
rc = -1;
if (def->os.initrd &&
- SELinuxRestoreSecurityFileLabel(def->os.initrd) < 0)
+ virSecuritySELinuxRestoreSecurityFileLabel(def->os.initrd) < 0)
rc = -1;
return rc;
}
static int
-SELinuxReleaseSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainDefPtr def)
+virSecuritySELinuxReleaseSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+ virDomainDefPtr def)
{
const virSecurityLabelDefPtr secdef = &def->seclabel;
@@ -1177,7 +1179,7 @@ SELinuxReleaseSecurityLabel(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
if (secdef->label != NULL) {
context_t con = context_new(secdef->label);
if (con) {
- mcsRemove(context_range_get(con));
+ virSecuritySELinuxMCSRemove(context_range_get(con));
context_free(con);
}
}
@@ -1192,36 +1194,36 @@ SELinuxReleaseSecurityLabel(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
static int
-SELinuxSetSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainDefPtr def,
- const char *savefile)
+virSecuritySELinuxSetSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+ virDomainDefPtr def,
+ const char *savefile)
{
const virSecurityLabelDefPtr secdef = &def->seclabel;
if (secdef->norelabel)
return 0;
- return SELinuxSetFilecon(savefile, secdef->imagelabel);
+ return virSecuritySELinuxSetFilecon(savefile, secdef->imagelabel);
}
static int
-SELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainDefPtr def,
- const char *savefile)
+virSecuritySELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+ virDomainDefPtr def,
+ const char *savefile)
{
const virSecurityLabelDefPtr secdef = &def->seclabel;
if (secdef->norelabel)
return 0;
- return SELinuxRestoreSecurityFileLabel(savefile);
+ return virSecuritySELinuxRestoreSecurityFileLabel(savefile);
}
static int
-SELinuxSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainDefPtr def)
+virSecuritySELinuxSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+ virDomainDefPtr def)
{
const virSecurityLabelDefPtr secdef = &def->seclabel;
if (!STREQ(virSecurityManagerGetModel(mgr), secdef->model)) {
@@ -1244,12 +1246,12 @@ SELinuxSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
}
static int
-SELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def)
+virSecuritySELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def)
{
/* TODO: verify DOI */
const virSecurityLabelDefPtr secdef = &def->seclabel;
- VIR_DEBUG("SELinuxSetSecurityProcessLabel %s", secdef->label);
+ VIR_DEBUG("label=%s", secdef->label);
if (def->seclabel.label == NULL)
return 0;
@@ -1276,8 +1278,8 @@ SELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr,
}
static int
-SELinuxSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def)
+virSecuritySELinuxSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def)
{
/* TODO: verify DOI */
const virSecurityLabelDefPtr secdef = &def->seclabel;
@@ -1347,8 +1349,8 @@ done:
}
static int
-SELinuxSetSecuritySocketLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr vm)
+virSecuritySELinuxSetSecuritySocketLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm)
{
const virSecurityLabelDefPtr secdef = &vm->seclabel;
int rc = -1;
@@ -1384,8 +1386,8 @@ done:
}
static int
-SELinuxClearSecuritySocketLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def)
+virSecuritySELinuxClearSecuritySocketLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def)
{
/* TODO: verify DOI */
const virSecurityLabelDefPtr secdef = &def->seclabel;
@@ -1415,7 +1417,7 @@ SELinuxClearSecuritySocketLabel(virSecurityManagerPtr mgr,
static int
-SELinuxSetSecurityChardevCallback(virDomainDefPtr def,
+virSecuritySELinuxSetSecurityChardevCallback(virDomainDefPtr def,
virDomainChrDefPtr dev,
void *opaque ATTRIBUTE_UNUSED)
{
@@ -1424,12 +1426,12 @@ SELinuxSetSecurityChardevCallback(virDomainDefPtr def,
dev->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL)
return 0;
- return SELinuxSetSecurityChardevLabel(def, &dev->source);
+ return virSecuritySELinuxSetSecurityChardevLabel(def, &dev->source);
}
static int
-SELinuxSetSecuritySmartcardCallback(virDomainDefPtr def,
+virSecuritySELinuxSetSecuritySmartcardCallback(virDomainDefPtr def,
virDomainSmartcardDefPtr dev,
void *opaque)
{
@@ -1445,10 +1447,10 @@ SELinuxSetSecuritySmartcardCallback(virDomainDefPtr def,
database = dev->data.cert.database;
if (!database)
database = VIR_DOMAIN_SMARTCARD_DEFAULT_DATABASE;
- return SELinuxSetFilecon(database, data->content_context);
+ return virSecuritySELinuxSetFilecon(database, data->content_context);
case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH:
- return SELinuxSetSecurityChardevLabel(def, &dev->data.passthru);
+ return virSecuritySELinuxSetSecurityChardevLabel(def,
&dev->data.passthru);
default:
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
@@ -1462,7 +1464,7 @@ SELinuxSetSecuritySmartcardCallback(virDomainDefPtr def,
static int
-SELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
+virSecuritySELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
const char *stdin_path)
{
@@ -1480,14 +1482,14 @@ SELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
def->disks[i]->src, def->disks[i]->dst);
continue;
}
- if (SELinuxSetSecurityImageLabel(mgr,
+ if (virSecuritySELinuxSetSecurityImageLabel(mgr,
def, def->disks[i]) < 0)
return -1;
}
/* XXX fixme process def->fss if relabel == true */
for (i = 0 ; i < def->nhostdevs ; i++) {
- if (SELinuxSetSecurityHostdevLabel(mgr,
+ if (virSecuritySELinuxSetSecurityHostdevLabel(mgr,
def,
def->hostdevs[i]) < 0)
return -1;
@@ -1495,26 +1497,26 @@ SELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
if (virDomainChrDefForeach(def,
true,
- SELinuxSetSecurityChardevCallback,
+ virSecuritySELinuxSetSecurityChardevCallback,
NULL) < 0)
return -1;
if (virDomainSmartcardDefForeach(def,
true,
- SELinuxSetSecuritySmartcardCallback,
+ virSecuritySELinuxSetSecuritySmartcardCallback,
mgr) < 0)
return -1;
if (def->os.kernel &&
- SELinuxSetFilecon(def->os.kernel, data->content_context) < 0)
+ virSecuritySELinuxSetFilecon(def->os.kernel, data->content_context) <
0)
return -1;
if (def->os.initrd &&
- SELinuxSetFilecon(def->os.initrd, data->content_context) < 0)
+ virSecuritySELinuxSetFilecon(def->os.initrd, data->content_context) <
0)
return -1;
if (stdin_path) {
- if (SELinuxSetFilecon(stdin_path, data->content_context) < 0 &&
+ if (virSecuritySELinuxSetFilecon(stdin_path, data->content_context) < 0
&&
virStorageFileIsSharedFSType(stdin_path,
VIR_STORAGE_FILE_SHFS_NFS) != 1)
return -1;
@@ -1524,7 +1526,7 @@ SELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr,
}
static int
-SELinuxSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+virSecuritySELinuxSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr def,
int fd)
{
@@ -1533,11 +1535,11 @@ SELinuxSetImageFDLabel(virSecurityManagerPtr mgr
ATTRIBUTE_UNUSED,
if (secdef->imagelabel == NULL)
return 0;
- return SELinuxFSetFilecon(fd, secdef->imagelabel);
+ return virSecuritySELinuxFSetFilecon(fd, secdef->imagelabel);
}
-static char *genImageLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def) {
+static char *virSecuritySELinuxGenImageLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def) {
const virSecurityLabelDefPtr secdef = &def->seclabel;
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
const char *range;
@@ -1558,7 +1560,7 @@ static char *genImageLabel(virSecurityManagerPtr mgr,
virReportOOMError();
goto cleanup;
}
- label = SELinuxGenNewContext(data->file_context, mcs);
+ label = virSecuritySELinuxGenNewContext(data->file_context, mcs);
if (!label) {
virReportOOMError();
goto cleanup;
@@ -1572,13 +1574,13 @@ cleanup:
return label;
}
-static char *SELinuxGetSecurityMountOptions(virSecurityManagerPtr mgr,
- virDomainDefPtr def) {
+static char *virSecuritySELinuxGetSecurityMountOptions(virSecurityManagerPtr mgr,
+ virDomainDefPtr def) {
char *opts = NULL;
const virSecurityLabelDefPtr secdef = &def->seclabel;
if (! secdef->imagelabel)
- secdef->imagelabel = genImageLabel(mgr,def);
+ secdef->imagelabel = virSecuritySELinuxGenImageLabel(mgr,def);
if (secdef->imagelabel) {
virAsprintf(&opts,
@@ -1586,46 +1588,46 @@ static char *SELinuxGetSecurityMountOptions(virSecurityManagerPtr
mgr,
(const char*) secdef->imagelabel);
}
- VIR_DEBUG("SELinuxGetSecurityMountOptions imageLabel %s",
secdef->imagelabel);
+ VIR_DEBUG("imageLabel=%s", secdef->imagelabel);
return opts;
}
virSecurityDriver virSecurityDriverSELinux = {
.privateDataLen = sizeof(virSecuritySELinuxData),
.name = SECURITY_SELINUX_NAME,
- .probe = SELinuxSecurityDriverProbe,
- .open = SELinuxSecurityDriverOpen,
- .close = SELinuxSecurityDriverClose,
+ .probe = virSecuritySELinuxSecurityDriverProbe,
+ .open = virSecuritySELinuxSecurityDriverOpen,
+ .close = virSecuritySELinuxSecurityDriverClose,
- .getModel = SELinuxSecurityGetModel,
- .getDOI = SELinuxSecurityGetDOI,
+ .getModel = virSecuritySELinuxSecurityGetModel,
+ .getDOI = virSecuritySELinuxSecurityGetDOI,
- .domainSecurityVerify = SELinuxSecurityVerify,
+ .domainSecurityVerify = virSecuritySELinuxSecurityVerify,
- .domainSetSecurityImageLabel = SELinuxSetSecurityImageLabel,
- .domainRestoreSecurityImageLabel = SELinuxRestoreSecurityImageLabel,
+ .domainSetSecurityImageLabel = virSecuritySELinuxSetSecurityImageLabel,
+ .domainRestoreSecurityImageLabel = virSecuritySELinuxRestoreSecurityImageLabel,
- .domainSetSecurityDaemonSocketLabel = SELinuxSetSecurityDaemonSocketLabel,
- .domainSetSecuritySocketLabel = SELinuxSetSecuritySocketLabel,
- .domainClearSecuritySocketLabel = SELinuxClearSecuritySocketLabel,
+ .domainSetSecurityDaemonSocketLabel =
virSecuritySELinuxSetSecurityDaemonSocketLabel,
+ .domainSetSecuritySocketLabel = virSecuritySELinuxSetSecuritySocketLabel,
+ .domainClearSecuritySocketLabel = virSecuritySELinuxClearSecuritySocketLabel,
- .domainGenSecurityLabel = SELinuxGenSecurityLabel,
- .domainReserveSecurityLabel = SELinuxReserveSecurityLabel,
- .domainReleaseSecurityLabel = SELinuxReleaseSecurityLabel,
+ .domainGenSecurityLabel = virSecuritySELinuxGenSecurityLabel,
+ .domainReserveSecurityLabel = virSecuritySELinuxReserveSecurityLabel,
+ .domainReleaseSecurityLabel = virSecuritySELinuxReleaseSecurityLabel,
- .domainGetSecurityProcessLabel = SELinuxGetSecurityProcessLabel,
- .domainSetSecurityProcessLabel = SELinuxSetSecurityProcessLabel,
+ .domainGetSecurityProcessLabel = virSecuritySELinuxGetSecurityProcessLabel,
+ .domainSetSecurityProcessLabel = virSecuritySELinuxSetSecurityProcessLabel,
- .domainSetSecurityAllLabel = SELinuxSetSecurityAllLabel,
- .domainRestoreSecurityAllLabel = SELinuxRestoreSecurityAllLabel,
+ .domainSetSecurityAllLabel = virSecuritySELinuxSetSecurityAllLabel,
+ .domainRestoreSecurityAllLabel = virSecuritySELinuxRestoreSecurityAllLabel,
- .domainSetSecurityHostdevLabel = SELinuxSetSecurityHostdevLabel,
- .domainRestoreSecurityHostdevLabel = SELinuxRestoreSecurityHostdevLabel,
+ .domainSetSecurityHostdevLabel = virSecuritySELinuxSetSecurityHostdevLabel,
+ .domainRestoreSecurityHostdevLabel = virSecuritySELinuxRestoreSecurityHostdevLabel,
- .domainSetSavedStateLabel = SELinuxSetSavedStateLabel,
- .domainRestoreSavedStateLabel = SELinuxRestoreSavedStateLabel,
+ .domainSetSavedStateLabel = virSecuritySELinuxSetSavedStateLabel,
+ .domainRestoreSavedStateLabel = virSecuritySELinuxRestoreSavedStateLabel,
- .domainSetSecurityImageFDLabel = SELinuxSetImageFDLabel,
+ .domainSetSecurityImageFDLabel = virSecuritySELinuxSetImageFDLabel,
- .domainGetSecurityMountOptions = SELinuxGetSecurityMountOptions,
+ .domainGetSecurityMountOptions = virSecuritySELinuxGetSecurityMountOptions,
};
--
1.7.10.1