Re: [libvirt] [PATCH 05/12] Introduce a stacked security driver impl for QEMU
On Wed, Jan 20, 2010 at 06:00:06PM +0100, Daniel Veillard wrote:
On Wed, Jan 20, 2010 at 03:15:02PM +0000, Daniel P. Berrange wrote:
> * qemu/qemu_conf.h: Add securityPrimaryDriver and
> securitySecondaryDriver fields to 'struct qemud_driver'
> * Makefile.am: Add new files
> * qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A
> simple stacked security driver
> ---
> src/Makefile.am | 4 +-
> src/qemu/qemu_conf.h | 2 +
> src/qemu/qemu_security_stacked.c | 353 ++++++++++++++++++++++++++++++++++++++
> src/qemu/qemu_security_stacked.h | 22 +++
> 4 files changed, 380 insertions(+), 1 deletions(-)
> create mode 100644 src/qemu/qemu_security_stacked.c
> create mode 100644 src/qemu/qemu_security_stacked.h
[...]
> +++ b/src/qemu/qemu_security_stacked.c
> @@ -0,0 +1,353 @@
> +/*
> + * Copyright (C) 2010 Red Hat, Inc.
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * QEMU stacked security driver
> + */
> +
> +#include <config.h>
> +#include <selinux/selinux.h>
> +#include <selinux/context.h>
Why do we need to include SELinux headers, the module content seems to
be agnostic on the underlying framework (SELinux/Apparmor)
Copy & paste error :-)
> +static int
> +qemuSecurityStackedGenLabel(virConnectPtr conn,
> + virDomainObjPtr vm)
> +{
> + int rc = 0;
> +
> + if (driver->securitySecondaryDriver &&
> + driver->securitySecondaryDriver->domainGenSecurityLabel &&
> + driver->securitySecondaryDriver->domainGenSecurityLabel(conn, vm)
< 0)
> + rc = -1;
> +
> + if (driver->securityPrimaryDriver &&
> + driver->securityPrimaryDriver->domainGenSecurityLabel &&
> + driver->securityPrimaryDriver->domainGenSecurityLabel(conn, vm) <
0)
> + rc = -1;
> +
> + return rc;
> +}
Okay, so the general pattern is that any stacked driver call will fail
if any of the subdriver entry point fail, a missing entry point not
being a failure. I'm still surprized that if both entry point are
missing we return 0 i.e. success...
If the operation being performed doesn't make sense for a driver it is
fine to skip it without error. This is actually the same semantics we
had before this refactoring, because the QEMU driver always checks for
NULL entry point & skips it without error.
Regards,
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|