Re: [libvirt] [PATCH 02/11] syntax-check: Enforce qemuSecurity

On Wed, Feb 08, 2017 at 11:37:05 +0100, Michal Privoznik wrote: > Now that we have some qemuSecurity wrappers over > virSecurityManager APIs, lets make sure everybody sticks with > them. We have them for a reason and calling virSecurityManager > API directly instead of wrapper may lead into accidentally > labelling a file on the host instead of namespace. > > Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com&gt; > --- > cfg.mk | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/cfg.mk b/cfg.mk > index 69e3f3a1a..6fb2fc961 100644 > --- a/cfg.mk > +++ b/cfg.mk > @@ -585,6 +585,14 @@ sc_prohibit_unsigned_pid: > halt='use signed type for pid values' \ > $(_sc_search_regexp) > > +sc_prohibit_direct_secdriver: > + @for i in $$(grep -i ^WRAP.\( src/qemu/qemu_security.c | \ > + awk 'BEGIN {FS = "[^[:alnum:]]"} {print "virSecurityManager" $$2 }'); do \ > + grep -n $$i $$($(VC_LIST_EXCEPT) | grep -E '^src/qemu/') && \ > + { echo "$(ME): prefer qemuSecurity$${i#virSecurityManager} over $$i" 1>&2; exit 1; } \ > + done || : This won't work without the "WRAP" stuff so you'll need to come up with something else.