
On Tue, Oct 06, 2015 at 05:14:04PM +0200, Michal Privoznik wrote:
So imagine you want to crate new security manager:
if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false, true)));
Hard to parse, right? What about this:
if (!(mgr = virSecurityManagerNew("selinux", "QEMU", VIR_SECURITY_MANAGER_DEFAULT_CONFINED | VIR_SECURITY_MANAGER_PRIVILEGED)));
Now that's better! This is what the commit does.
Yes, that's what we put in the commit message. What and why the commit does it.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/lxc/lxc_controller.c | 3 +- src/lxc/lxc_driver.c | 14 +++++--- src/qemu/qemu_driver.c | 28 ++++++++-------- src/security/security_manager.c | 70 +++++++++++++--------------------------- src/security/security_manager.h | 25 ++++++++------ tests/qemuhotplugtest.c | 3 +- tests/seclabeltest.c | 2 +- tests/securityselinuxlabeltest.c | 4 ++- tests/securityselinuxtest.c | 4 ++- 9 files changed, 72 insertions(+), 81 deletions(-)
@@ -153,20 +140,13 @@ virSecurityManagerPtr virSecurityManagerNewDAC(const char *virtDriver, uid_t user, gid_t group, - bool allowDiskFormatProbing, - bool defaultConfined, - bool requireConfined, - bool dynamicOwnership, - bool privileged, + unsigned int flags, virSecurityManagerDACChownCallback chownCallback) {
virCheckFlags(VIR_SECURITY_MANAGER_NEW_MASK | VIR_SECURITY_MANAGER_DYNAMIC_OWNERSHIP, NULL);
virSecurityManagerPtr mgr = virSecurityManagerNewDriver(&virSecurityDriverDAC, virtDriver, - allowDiskFormatProbing, - defaultConfined, - requireConfined, - privileged); + flags & VIR_SECURITY_MANAGER_NEW_MASK);
if (!mgr) return NULL; @@ -176,7 +156,7 @@ virSecurityManagerNewDAC(const char *virtDriver, return NULL; }
- virSecurityDACSetDynamicOwnership(mgr, dynamicOwnership); + virSecurityDACSetDynamicOwnership(mgr, flags & VIR_SECURITY_MANAGER_DYNAMIC_OWNERSHIP); virSecurityDACSetChownCallback(mgr, chownCallback);
return mgr;
ACK Jan