[libvirt] [PATCH v4 21/25] security_dac: Implement virSecurityManagerMoveImageMetadata

Thursday, 25 April 2019

Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com&gt;
Reviewed-by: Cole Robinson <crobinso(a)redhat.com&gt;
---
 src/security/security_dac.c | 62 +++++++++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 56416e6f6a..137daf5d28 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1015,6 +1015,67 @@ virSecurityDACRestoreImageLabel(virSecurityManagerPtr mgr,
 }
 
 
+struct virSecurityDACMoveImageMetadataData {
+    virSecurityManagerPtr mgr;
+    const char *src;
+    const char *dst;
+};
+
+
+static int
+virSecurityDACMoveImageMetadataHelper(pid_t pid ATTRIBUTE_UNUSED,
+                                      void *opaque)
+{
+    struct virSecurityDACMoveImageMetadataData *data = opaque;
+    const char *paths[2] = { data->src, data->dst };
+    virSecurityManagerMetadataLockStatePtr state;
+    int ret;
+
+    if (!(state = virSecurityManagerMetadataLock(data->mgr, paths,
ARRAY_CARDINALITY(paths))))
+        return -1;
+
+    ret = virSecurityMoveRememberedLabel(SECURITY_DAC_NAME, data->src, data->dst);
+    virSecurityManagerMetadataUnlock(data->mgr, &state);
+    return ret;
+}
+
+
+static int
+virSecurityDACMoveImageMetadata(virSecurityManagerPtr mgr,
+                                pid_t pid,
+                                virStorageSourcePtr src,
+                                virStorageSourcePtr dst)
+{
+    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+    struct virSecurityDACMoveImageMetadataData data = { .mgr = mgr, 0 };
+    int rc;
+
+    /* If dynamicOwnership is turned off, or owner remembering is
+     * not enabled there's nothing for us to do. */
+    if (!priv->dynamicOwnership)
+        return 0;
+
+    if (src && virStorageSourceIsLocalStorage(src))
+        data.src = src->path;
+
+    if (dst && virStorageSourceIsLocalStorage(dst))
+        data.dst = dst->path;
+
+    if (!data.src)
+        return 0;
+
+    if (pid == -1) {
+        rc = virProcessRunInFork(virSecurityDACMoveImageMetadataHelper, &data);
+    } else {
+        rc = virProcessRunInMountNamespace(pid,
+                                           virSecurityDACMoveImageMetadataHelper,
+                                           &data);
+    }
+
+    return rc;
+}
+
+
 static int
 virSecurityDACSetHostdevLabelHelper(const char *file,
                                     void *opaque)
@@ -2384,6 +2445,7 @@ virSecurityDriver virSecurityDriverDAC = {
 
     .domainSetSecurityImageLabel        = virSecurityDACSetImageLabel,
     .domainRestoreSecurityImageLabel    = virSecurityDACRestoreImageLabel,
+    .domainMoveImageMetadata            = virSecurityDACMoveImageMetadata,
 
     .domainSetSecurityMemoryLabel       = virSecurityDACSetMemoryLabel,
     .domainRestoreSecurityMemoryLabel   = virSecurityDACRestoreMemoryLabel,
-- 
2.21.0


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[libvirt] [PATCH v4 21/25] security_dac: Implement virSecurityManagerMoveImageMetadata