On 8/8/19 4:54 PM, marcandre.lureau@redhat.com wrote:
From: Marc-André Lureau <marcandre.lureau@redhat.com>
Add a generic way to run a command through the security management.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> --- src/qemu/qemu_security.c | 22 ++++++++++++++++++++++ src/qemu/qemu_security.h | 6 ++++++ 2 files changed, 28 insertions(+)
diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c index 3cd6d9bd3d..f8b53e06b3 100644 --- a/src/qemu/qemu_security.c +++ b/src/qemu/qemu_security.c @@ -632,3 +632,25 @@ qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver, virSecurityManagerTransactionAbort(driver->securityManager); return ret; } + + +int +qemuSecurityCommandRun(virQEMUDriverPtr driver, + virDomainObjPtr vm, + virCommandPtr cmd, + int *exitstatus, + int *cmdret) +{ + if (virSecurityManagerSetChildProcessLabel(driver->securityManager, + vm->def, cmd) < 0) + return -1; + + if (virSecurityManagerPreFork(driver->securityManager) < 0) + return -1; + + *cmdret = virCommandRun(cmd, exitstatus); + + virSecurityManagerPostFork(driver->securityManager); + + return 0; +} diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h index 68e377f418..8cf4ab0721 100644 --- a/src/qemu/qemu_security.h +++ b/src/qemu/qemu_security.h @@ -101,6 +101,12 @@ int qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, const char *savefile);
+int qemuSecurityCommandRun(virQEMUDriverPtr driver, + virDomainObjPtr vm, + virCommandPtr cmd, + int *exitstatus, + int *cmdret); + /* Please note that for these APIs there is no wrapper yet. Do NOT blindly add * new APIs here. If an API can touch a file add a proper wrapper instead. */
Since this is copied from qemuSecurityStartTPMEmulator() I'd expect some lines to be removed there. And also document what this function does and describe arguments. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Michal