On Wed, Sep 10, 2014 at 03:26:07PM +0200, Michal Privoznik wrote:
To keep original seclabel for files libvirt is touching we need a single point where the original seclabels can be stored. Instead of inventing a new one we can misuse virtlockd which already has nearly all the infrastructure we need. As nice feature, it keeps its internal state between virtlockd restarts. Again, it's something we are going to need, as we don't want to lose the original labels on the lock daemon restart.
In this commit two functions are introduced:
virLockManagerRememberSeclabel that takes three arguments:
path, model and seclabel
where @path is unique identifier for the file we are about to label, @model and @seclabel then represents original seclabel.
virLockManagerRecallSeclabel then takes:
path, model, *seclabel
and returns number of references held on @path. If the return value is zero, *seclabel contains the original label stored by first call of RememberSeclabel(). If a positive value is returned, other domains are still using the @path and the original label shall not be restored.
+int virLockManagerRememberSeclabel(virLockManagerPtr lock, + const char *path, + const char *model, + const char *seclabel) +{ + VIR_DEBUG("lock=%p path=%s model=%s seclabel=%s", + lock, path, model, seclabel); + + CHECK_MANAGER(drvRemember, -1); + + return lock->driver->drvRemember(lock, path, model, seclabel); +} + +int virLockManagerRecallSeclabel(virLockManagerPtr lock, + const char *path, + const char *model, + char **seclabel) +{ + VIR_DEBUG("lock=%p path=%s model=%s seclabel=%p", + lock, path, model, seclabel); + + CHECK_MANAGER(drvRecall, -1);
I thin kwe should do *seclabel = NULL; to protect against drivers forgetting todo it
+ + return lock->driver->drvRecall(lock, path, model, seclabel); +}
Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|