[PATCH v2 05/10] security: implement domainUpdateSecurityImageLabel for SELinux

Monday, 11 October 2021

Signed-off-by: Peng Liang <liangpeng10(a)huawei.com&gt;
---
 src/security/security_selinux.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index cc7245332980..5c491fc131ea 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1996,6 +1996,23 @@ virSecuritySELinuxMoveImageMetadata(virSecurityManager *mgr,
 }
 
 
+static int
+virSecuritySELinuxUpdateImageLabel(virSecurityManager *mgr G_GNUC_UNUSED,
+                                   virDomainDef *def G_GNUC_UNUSED,
+                                   virStorageSource *src,
+                                   virSecurityDomainImageLabelFlags flags G_GNUC_UNUSED)
+{
+    virStorageSource *n;
+
+    for (n = src; virStorageSourceIsBacking(n); n = n->backingStore) {
+        if (virSecurityUpdateTimestampIfexists(SECURITY_SELINUX_NAME, src->path) <
0)
+            return -1;
+    }
+
+    return 0;
+}
+
+
 static int
 virSecuritySELinuxSetHostdevLabelHelper(const char *file,
                                         bool remember,
@@ -3587,6 +3604,7 @@ virSecurityDriver virSecurityDriverSELinux = {
     .domainSetSecurityImageLabel        = virSecuritySELinuxSetImageLabel,
     .domainRestoreSecurityImageLabel    = virSecuritySELinuxRestoreImageLabel,
     .domainMoveImageMetadata            = virSecuritySELinuxMoveImageMetadata,
+    .domainUpdateSecurityImageLabel     = virSecuritySELinuxUpdateImageLabel,
 
     .domainSetSecurityMemoryLabel       = virSecuritySELinuxSetMemoryLabel,
     .domainRestoreSecurityMemoryLabel   = virSecuritySELinuxRestoreMemoryLabel,
-- 
2.31.1



    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[PATCH v2 05/10] security: implement domainUpdateSecurityImageLabel for SELinux