7:36 a.m.
This is new internal class that is going to remember
<device,[array of seclabels]> pairs. Moreover, it is going to be
able to flush the pairs into a file so that a helper (which is
introduced later in the series) can look into the file and answer
question: "Is this path in use by libvirt and if so what security
labels should it have?"
You can say that we already have security drivers for that. And
you would be right. But unfortunately on a Linux system, some
processes running in it reset security labels sometimes, possibly
cutting of a running domain. For instance udev. There has been a
problem (race you can say), where libvirt set seclabels on a disk
device, and wanted to start a domain but meanwhile udev came and
restored the seclabels.
With this module we can have a small helper that could be used by
udev to find out what seclabels should a device have.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/Makefile.am | 1 +
src/libvirt_private.syms | 4 +++
src/util/virudev.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++
src/util/virudev.h | 31 ++++++++++++++++++++++
4 files changed, 104 insertions(+)
create mode 100644 src/util/virudev.c
create mode 100644 src/util/virudev.h
diff --git a/src/Makefile.am b/src/Makefile.am
index 8ee5567..2ea6f2b 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -179,6 +179,7 @@ UTIL_SOURCES = \
util/virtime.h util/virtime.c \
util/virtpm.h util/virtpm.c \
util/virtypedparam.c util/virtypedparam.h \
+ util/virudev.c util/virudev.h \
util/virusb.c util/virusb.h \
util/viruri.h util/viruri.c \
util/virutil.c util/virutil.h \
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index bec2628..5ae8037 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2573,6 +2573,10 @@ virTypedParamsSerialize;
virTypedParamsValidate;
+# util/virudev.h
+virUdevMgrNew;
+
+
# util/viruri.h
virURIFormat;
virURIFormatParams;
diff --git a/src/util/virudev.c b/src/util/virudev.c
new file mode 100644
index 0000000..66b5a58
--- /dev/null
+++ b/src/util/virudev.c
@@ -0,0 +1,68 @@
+/*
+ * virudev.c: udev rules engine
+ *
+ * Copyright (C) 2016 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * <http://www.gnu.org/licenses/>;.
+ *
+ * Author: Michal Privoznik <mprivozn(a)redhat.com>
+ */
+
+#include <config.h>
+
+#include "virudev.h"
+#include "virobject.h"
+
+struct _virUdevMgr {
+ virObjectLockable parent;
+};
+
+static virClassPtr virUdevMgrClass;
+
+
+static void
+virUdevMgrDispose(void *obj ATTRIBUTE_UNUSED)
+{
+ /* nada */
+}
+
+
+static int virUdevMgrOnceInit(void)
+{
+ if (!(virUdevMgrClass = virClassNew(virClassForObjectLockable(),
+ "virUdevMgr",
+ sizeof(virUdevMgr),
+ virUdevMgrDispose)))
+ return -1;
+
+ return 0;
+}
+
+
+VIR_ONCE_GLOBAL_INIT(virUdevMgr)
+
+
+virUdevMgrPtr virUdevMgrNew(void)
+{
+ virUdevMgrPtr mgr;
+
+ if (virUdevMgrInitialize() < 0)
+ return NULL;
+
+ if (!(mgr = virObjectLockableNew(virUdevMgrClass)))
+ return NULL;
+
+ return mgr;
+}
diff --git a/src/util/virudev.h b/src/util/virudev.h
new file mode 100644
index 0000000..28e336f
--- /dev/null
+++ b/src/util/virudev.h
@@ -0,0 +1,31 @@
+/*
+ * virudev.h: udev rules engine
+ *
+ * Copyright (C) 2016 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * <http://www.gnu.org/licenses/>;.
+ *
+ * Author: Michal Privoznik <mprivozn(a)redhat.com>
+ */
+
+#ifndef __VIR_UDEV_H__
+# define __VIR_UDEV_H__
+
+typedef struct _virUdevMgr virUdevMgr;
+typedef virUdevMgr *virUdevMgrPtr;
+
+virUdevMgrPtr virUdevMgrNew(void);
+
+#endif
--
2.8.4