On Thu, Nov 03, 2016 at 08:19:01PM +0800, Michal Privoznik wrote:
This is a small helper intended to be run by udev. On its input (either as the only command line argument or in DEVNODE environment vairable) it is given a device and on the output it will either put nothing (meaning the device is not used by any of the libvirt domains), or it will print out security labels in the following form:
UID GID SELABEL
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- libvirt.spec.in | 1 + mingw-libvirt.spec.in | 2 + po/POTFILES.in | 1 + src/Makefile.am | 20 ++++++++ src/util/udevhelper.c | 137 ++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 161 insertions(+) create mode 100644 src/util/udevhelper.c
+static int +printLabels(const char *device) +{ + char *filename = NULL; + virUdevMgrPtr mgr = NULL; + int ret = -1; + virSecurityDeviceLabelDefPtr *labels = NULL; + size_t i, nlabels = 0; + const char *dacLabel = NULL; + const char *seLabel = NULL; + + if (virAsprintf(&filename, + "%s/run/libvirt/qemu/devices.udev", LOCALSTATEDIR) < 0) + goto cleanup; + + if (!(mgr = virUdevMgrNewFromFile(filename))) + goto cleanup; + + if (virUdevMgrLookupLabels(mgr, device, &labels, &nlabels) < 0) + goto cleanup;
IIUC the 'device' here is a canonical device path, like "/dev/sda" ? If so, then this is not going to work, because the code is recording labels against the path seen in the XML which is not canonicalized. eg XML could contain /dev/disk/by-path/<BLAH>, and so the lookup will not match /dev/sda even though they point to the same device. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|