A simple helper function that would be used from DAC and SELinux
drivers.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/security/security_util.c | 75 ++++++++++++++++++++++++++++++++++++
src/security/security_util.h | 5 +++
2 files changed, 80 insertions(+)
diff --git a/src/security/security_util.c b/src/security/security_util.c
index 3c24d7cded..64039ad4a4 100644
--- a/src/security/security_util.c
+++ b/src/security/security_util.c
@@ -256,3 +256,78 @@ virSecuritySetRememberedLabel(const char *name,
VIR_FREE(ref_name);
return ret;
}
+
+
+int
+virSecurityMoveRememberedLabel(const char *name,
+ const char *src,
+ const char *dst)
+{
+ VIR_AUTOFREE(char *) ref_name = NULL;
+ VIR_AUTOFREE(char *) ref_value = NULL;
+ VIR_AUTOFREE(char *) attr_name = NULL;
+ VIR_AUTOFREE(char *) attr_value = NULL;
+
+ if (!(ref_name = virSecurityGetRefCountAttrName(name)) |
+ !(attr_name = virSecurityGetAttrName(name)))
+ return -1;
+
+ if (virFileGetXAttr(src, ref_name, &ref_value) < 0) {
+ if (errno == ENOSYS || errno == ENOTSUP) {
+ return -2;
+ } else if (errno != ENODATA) {
+ virReportSystemError(errno,
+ _("Unable to get XATTR %s on %s"),
+ ref_name, src);
+ return -1;
+ }
+ }
+
+ if (virFileGetXAttr(src, attr_name, &attr_value) < 0) {
+ if (errno == ENOSYS || errno == ENOTSUP) {
+ return -2;
+ } else if (errno != ENODATA) {
+ virReportSystemError(errno,
+ _("Unable to get XATTR %s on %s"),
+ attr_name, src);
+ return -1;
+ }
+ }
+
+ if (ref_value &&
+ virFileRemoveXAttr(src, ref_name) < 0) {
+ virReportSystemError(errno,
+ _("Unable to remove XATTR %s on %s"),
+ ref_name, src);
+ return -1;
+ }
+
+ if (attr_value &&
+ virFileRemoveXAttr(src, attr_name) < 0) {
+ virReportSystemError(errno,
+ _("Unable to remove XATTR %s on %s"),
+ attr_name, src);
+ return -1;
+ }
+
+ if (dst) {
+ if (ref_value &&
+ virFileSetXAttr(dst, ref_name, ref_value) < 0) {
+ virReportSystemError(errno,
+ _("Unable to set XATTR %s on %s"),
+ ref_name, dst);
+ return -1;
+ }
+
+ if (attr_value &&
+ virFileSetXAttr(dst, attr_name, attr_value) < 0) {
+ virReportSystemError(errno,
+ _("Unable to set XATTR %s on %s"),
+ attr_name, dst);
+ ignore_value(virFileRemoveXAttr(dst, ref_name));
+ return -1;
+ }
+ }
+
+ return 0;
+}
diff --git a/src/security/security_util.h b/src/security/security_util.h
index bc977ed65d..f727e2e3e5 100644
--- a/src/security/security_util.h
+++ b/src/security/security_util.h
@@ -29,4 +29,9 @@ virSecuritySetRememberedLabel(const char *name,
const char *path,
const char *label);
+int
+virSecurityMoveRememberedLabel(const char *name,
+ const char *src,
+ const char *dst);
+
#endif /* LIBVIRT_SECURITY_UTIL_H */
--
2.19.2