On 07/04/2014 05:29 AM, Peter Krempa wrote:
Add security driver functions to label separate storage images using
the
virStorageSource definition. This will help to avoid the need to do ugly
changes to the disk struct and use the source directly.
---
src/libvirt_private.syms | 2 ++
src/security/security_driver.h | 10 ++++++++
src/security/security_manager.c | 56 +++++++++++++++++++++++++++++++++++++++++
src/security/security_manager.h | 7 ++++++
src/security/security_nop.c | 19 ++++++++++++++
src/security/security_stack.c | 38 ++++++++++++++++++++++++++++
6 files changed, 132 insertions(+)
+static int
+virSecurityStackSetSecurityImageLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ virStorageSourcePtr src)
+{
+ virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+ virSecurityStackItemPtr item = priv->itemsHead;
+ int rc = 0;
+
+ for (; item; item = item->next) {
+ if (virSecurityManagerSetImageLabel(item->securityManager, vm, src) < 0)
+ rc = -1;
+ }
+
+ return rc;
Pre-existing with virSecurityStackSetSecurityDiskLabel(), but on failure
later in the stack, should we attempt to undo the labels set earlier in
the stack, rather than leaving things half-labeled? If so, that's a
separate patch, so it doesn't affect my review here.
+}
+
+static int
+virSecurityStackRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ virStorageSourcePtr src)
+{
+ virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+ virSecurityStackItemPtr item = priv->itemsHead;
+ int rc = 0;
+
+ for (; item; item = item->next) {
+ if (virSecurityManagerRestoreImageLabel(item->securityManager,
+ vm, src) < 0)
+ rc = -1;
+ }
+
Cleanup, of course, is best effort. Also pre-existing, and not
affecting my review here - should cleanup be done in reverse stack
order, in case we ever hit a situation in the future where the label
applied by the first stack layer affects the ability of the second stack
layer to operate, and therefore must be undone in opposite order?
ACK.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library
http://libvirt.org