Re: [PATCH 2/9] security: add virSecurityManagerUpdateImageLabel

On 8/23/21 4:41 AM, Peng Liang wrote: > Signed-off-by: Peng Liang <liangpeng10(a)huawei.com&gt; > --- > src/libvirt_private.syms | 1 + > src/security/security_driver.h | 5 +++++ > src/security/security_manager.c | 29 +++++++++++++++++++++++++++++ > src/security/security_manager.h | 5 +++++ > 4 files changed, 40 insertions(+) > > diff --git a/src/security/security_manager.c b/src/security/security_manager.c > index 9906c1691d0f..b580704d3abf 100644 > --- a/src/security/security_manager.c > +++ b/src/security/security_manager.c > @@ -476,6 +476,35 @@ virSecurityManagerMoveImageMetadata(virSecurityManager *mgr, > } > > > +/** > + * virSecurityManagerUpdateImageLabel: > + * @mgr: security manager object > + * @vm: domain definition object > + * @src: disk source definition to operate on > + * @flags: bitwise or of 'virSecurityDomainImageLabelFlags' > + * > + * Update security label from @src according to @flags. > + * > + * Returns: 0 on success, -1 on error. > + */ > +int > +virSecurityManagerUpdateImageLabel(virSecurityManager *mgr, > + virDomainDef *vm, > + virStorageSource *src, > + virSecurityDomainImageLabelFlags flags) > +{ > + if (mgr->drv->domainUpdateSecurityImageLabel) { > + int ret; > + virObjectLock(mgr); > + ret = mgr->drv->domainUpdateSecurityImageLabel(mgr, vm, src, flags); > + virObjectUnlock(mgr); > + return ret; > + } > + > + return 0; > +} > + > + Is there a reason why this needs to be inside virSecurityManager? We already have virSecurityMoveRememberedLabel() that lives outside of it, in security_util.c and conceptually this function belongs there. Michal .