[libvirt] [PATCH v4 1/3] security: use a single function to set DAC user and group

Friday, 18 October 2013

Merge the functions 'virSecurityDACSetUser' and
'virSecurityDACSetGroup' into 'virSecurityDACSetUserAndGroup'.

Signed-off-by: Giuseppe Scrivano <gscrivan(a)redhat.com&gt;
---
 src/security/security_dac.c     | 24 ++++++++++++++----------
 src/security/security_dac.h     |  7 +++----
 src/security/security_manager.c |  6 ++++--
 3 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 6876bd5..f16251c 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -47,22 +47,25 @@ struct _virSecurityDACData {
     gid_t *groups;
     int ngroups;
     bool dynamicOwnership;
+    char *baselabel;
 };
 
-void
-virSecurityDACSetUser(virSecurityManagerPtr mgr,
-                      uid_t user)
+/* returns -1 on error, 0 on success */
+int
+virSecurityDACSetUserAndGroup(virSecurityManagerPtr mgr,
+                              uid_t user,
+                              gid_t group)
 {
     virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
     priv->user = user;
-}
-
-void
-virSecurityDACSetGroup(virSecurityManagerPtr mgr,
-                       gid_t group)
-{
-    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
     priv->group = group;
+
+    if (virAsprintf(&priv->baselabel, "%u:%u",
+                    (unsigned int) user,
+                    (unsigned int) group) < 0)
+        return -1;
+
+    return 0;
 }
 
 void
@@ -217,6 +220,7 @@ virSecurityDACClose(virSecurityManagerPtr mgr)
 {
     virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
     VIR_FREE(priv->groups);
+    VIR_FREE(priv->baselabel);
     return 0;
 }
 
diff --git a/src/security/security_dac.h b/src/security/security_dac.h
index 02432a5..dbcf56f 100644
--- a/src/security/security_dac.h
+++ b/src/security/security_dac.h
@@ -25,10 +25,9 @@
 
 extern virSecurityDriver virSecurityDriverDAC;
 
-void virSecurityDACSetUser(virSecurityManagerPtr mgr,
-                           uid_t user);
-void virSecurityDACSetGroup(virSecurityManagerPtr mgr,
-                            gid_t group);
+int virSecurityDACSetUserAndGroup(virSecurityManagerPtr mgr,
+                                  uid_t user,
+                                  gid_t group);
 
 void virSecurityDACSetDynamicOwnership(virSecurityManagerPtr mgr,
                                        bool dynamic);
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 92fb504..0e783ee 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -146,8 +146,10 @@ virSecurityManagerPtr virSecurityManagerNewDAC(const char
*virtDriver,
     if (!mgr)
         return NULL;
 
-    virSecurityDACSetUser(mgr, user);
-    virSecurityDACSetGroup(mgr, group);
+    if (virSecurityDACSetUserAndGroup(mgr, user, group) < 0) {
+        virSecurityManagerDispose(mgr);
+        return NULL;
+    }
     virSecurityDACSetDynamicOwnership(mgr, dynamicOwnership);
 
     return mgr;
-- 
1.8.3.1


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[libvirt] [PATCH v4 1/3] security: use a single function to set DAC user and group