[libvirt] [PATCH v1 08/23] security_dac: Plug in remember/recall APIs
Even though the APIs are not implemented yet, they create a
skeleton that can be filled in later.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/security/security_dac.c | 38 +++++++++++++++++++++++++++++++++-----
1 file changed, 33 insertions(+), 5 deletions(-)
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index a38c46c..6c4e351 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -196,7 +196,6 @@ virSecurityDACGetImageIds(virSecurityLabelDefPtr seclabel,
* Returns: 0 on success, -1 on failure
*/
static int
-ATTRIBUTE_UNUSED
virSecurityDACRememberLabel(virSecurityDACDataPtr priv ATTRIBUTE_UNUSED,
const char *path ATTRIBUTE_UNUSED,
uid_t uid ATTRIBUTE_UNUSED,
@@ -221,7 +220,6 @@ virSecurityDACRememberLabel(virSecurityDACDataPtr priv
ATTRIBUTE_UNUSED,
* -1 on failure (@uid and @gid not touched)
*/
static int
-ATTRIBUTE_UNUSED
virSecurityDACRecallLabel(virSecurityDACDataPtr priv ATTRIBUTE_UNUSED,
const char *path ATTRIBUTE_UNUSED,
uid_t *uid ATTRIBUTE_UNUSED,
@@ -362,7 +360,22 @@ virSecurityDACSetOwnership(virSecurityDACDataPtr priv,
uid_t uid,
gid_t gid)
{
- /* XXX record previous ownership */
+ struct stat sb;
+
+ if (!path && src && src->path &&
+ virStorageSourceIsLocalStorage(src))
+ path = src->path;
+
+ if (path) {
+ if (stat(path, &sb) < 0) {
+ virReportSystemError(errno, _("unable to stat: %s"), path);
+ return -1;
+ }
+
+ if (virSecurityDACRememberLabel(priv, path, sb.st_uid, sb.st_gid) < 0)
+ return -1;
+ }
+
return virSecurityDACSetOwnershipInternal(priv, src, path, uid, gid);
}
@@ -372,11 +385,26 @@ virSecurityDACRestoreSecurityFileLabelInternal(virSecurityDACDataPtr
priv,
virStorageSourcePtr src,
const char *path)
{
+ int rv;
+ uid_t uid = 0; /* By default return to root:root */
+ gid_t gid = 0;
+
VIR_INFO("Restoring DAC user and group on '%s'",
NULLSTR(src ? src->path : path));
- /* XXX recall previous ownership */
- return virSecurityDACSetOwnershipInternal(priv, src, path, 0, 0);
+ if (!path && src && src->path &&
+ virStorageSourceIsLocalStorage(src))
+ path = src->path;
+
+ if (path) {
+ rv = virSecurityDACRecallLabel(priv, path, &uid, &gid);
+ if (rv < 0)
+ return -1;
+ if (rv > 0)
+ return 0;
+ }
+
+ return virSecurityDACSetOwnershipInternal(priv, src, path, uid, gid);
}
--
2.4.9