For future work it's crucial to have virLockManagerPluginPtr
stored in virSecurityDriver. Therefore, we must pass it when
creating the security driver.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/Makefile.am | 6 +++++-
src/lxc/lxc_controller.c | 2 +-
src/lxc/lxc_driver.c | 3 ++-
src/qemu/qemu_driver.c | 7 +++++--
src/security/security_manager.c | 25 ++++++++++++++++++++-----
src/security/security_manager.h | 6 +++++-
tests/Makefile.am | 1 +
tests/qemuhotplugtest.c | 2 +-
tests/seclabeltest.c | 2 +-
tests/securityselinuxlabeltest.c | 2 +-
tests/securityselinuxtest.c | 2 +-
11 files changed, 43 insertions(+), 15 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 7302abb..90a51f6 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1264,6 +1264,7 @@ libvirt_driver_qemu_impl_la_CFLAGS = \
$(LIBNL_CFLAGS) \
-I$(top_srcdir)/src/access \
-I$(top_srcdir)/src/conf \
+ -I$(top_srcdir)/src/locking \
$(AM_CFLAGS)
libvirt_driver_qemu_impl_la_LDFLAGS = $(AM_LDFLAGS)
libvirt_driver_qemu_impl_la_LIBADD = $(CAPNG_LIBS) \
@@ -1303,6 +1304,7 @@ libvirt_driver_lxc_impl_la_CFLAGS = \
$(FUSE_CFLAGS) \
-I$(top_srcdir)/src/access \
-I$(top_srcdir)/src/conf \
+ -I$(top_srcdir)/src/locking \
$(AM_CFLAGS)
libvirt_driver_lxc_impl_la_LIBADD = $(CAPNG_LIBS) $(LIBNL_LIBS) $(FUSE_LIBS)
if WITH_BLKID
@@ -1650,7 +1652,7 @@ libvirt_security_manager_la_SOURCES = $(SECURITY_DRIVER_SOURCES)
noinst_LTLIBRARIES += libvirt_security_manager.la
libvirt_la_BUILT_LIBADD += libvirt_security_manager.la
libvirt_security_manager_la_CFLAGS = \
- -I$(top_srcdir)/src/conf $(AM_CFLAGS)
+ -I$(top_srcdir)/src/conf -I$(top_srcdir)/src/locking $(AM_CFLAGS)
libvirt_security_manager_la_LDFLAGS = $(AM_LDFLAGS)
libvirt_security_manager_la_LIBADD = $(SECDRIVER_LIBS)
if WITH_SECDRIVER_SELINUX
@@ -2636,6 +2638,7 @@ endif WITH_DTRACE_PROBES
libvirt_lxc_LDADD += $(SECDRIVER_LIBS)
libvirt_lxc_CFLAGS = \
-I$(top_srcdir)/src/conf \
+ -I$(top_srcdir)/src/locking \
$(AM_CFLAGS) \
$(PIE_CFLAGS) \
$(LIBNL_CFLAGS) \
@@ -2672,6 +2675,7 @@ virt_aa_helper_LDADD += libvirt_probes.lo
endif WITH_DTRACE_PROBES
virt_aa_helper_CFLAGS = \
-I$(top_srcdir)/src/conf \
+ -I$(top_srcdir)/src/locking \
-I$(top_srcdir)/src/security \
$(AM_CFLAGS) \
$(PIE_CFLAGS) \
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index 1861dd6..eb9dea0 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -2414,7 +2414,7 @@ int main(int argc, char *argv[])
if (!(ctrl->securityManager = virSecurityManagerNew(securityDriver,
LXC_DRIVER_NAME,
- false, false, false)))
+ false, false, false, NULL)))
goto cleanup;
if (ctrl->def->seclabels) {
diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index f93360f..ccb4de9 100644
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -1539,7 +1539,8 @@ lxcSecurityInit(virLXCDriverConfigPtr cfg)
LXC_DRIVER_NAME,
false,
cfg->securityDefaultConfined,
- cfg->securityRequireConfined);
+ cfg->securityRequireConfined,
+ NULL);
if (!mgr)
goto error;
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index a8cda43..eecdb7b 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -392,7 +392,8 @@ qemuSecurityInit(virQEMUDriverPtr driver)
QEMU_DRIVER_NAME,
cfg->allowDiskFormatProbing,
cfg->securityDefaultConfined,
- cfg->securityRequireConfined)))
+ cfg->securityRequireConfined,
+ driver->lockManager)))
goto error;
if (!stack) {
if (!(stack = virSecurityManagerNewStack(mgr)))
@@ -409,7 +410,8 @@ qemuSecurityInit(virQEMUDriverPtr driver)
QEMU_DRIVER_NAME,
cfg->allowDiskFormatProbing,
cfg->securityDefaultConfined,
- cfg->securityRequireConfined)))
+ cfg->securityRequireConfined,
+ driver->lockManager)))
goto error;
if (!(stack = virSecurityManagerNewStack(mgr)))
goto error;
@@ -424,6 +426,7 @@ qemuSecurityInit(virQEMUDriverPtr driver)
cfg->securityDefaultConfined,
cfg->securityRequireConfined,
cfg->dynamicOwnership,
+ driver->lockManager,
qemuSecurityChownCallback)))
goto error;
if (!stack) {
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 8671620..bbfbfef 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -41,6 +41,7 @@ struct _virSecurityManager {
bool defaultConfined;
bool requireConfined;
const char *virtDriver;
+ virLockManagerPluginPtr lockPlugin;
void *privateData;
};
@@ -78,7 +79,8 @@ virSecurityManagerNewDriver(virSecurityDriverPtr drv,
const char *virtDriver,
bool allowDiskFormatProbing,
bool defaultConfined,
- bool requireConfined)
+ bool requireConfined,
+ virLockManagerPluginPtr lockPlugin)
{
virSecurityManagerPtr mgr;
char *privateData;
@@ -105,6 +107,7 @@ virSecurityManagerNewDriver(virSecurityDriverPtr drv,
mgr->defaultConfined = defaultConfined;
mgr->requireConfined = requireConfined;
mgr->virtDriver = virtDriver;
+ mgr->lockPlugin = lockPlugin;
mgr->privateData = privateData;
if (drv->open(mgr) < 0) {
@@ -124,7 +127,8 @@ virSecurityManagerNewStack(virSecurityManagerPtr primary)
virSecurityManagerGetDriver(primary),
virSecurityManagerGetAllowDiskFormatProbing(primary),
virSecurityManagerGetDefaultConfined(primary),
- virSecurityManagerGetRequireConfined(primary));
+ virSecurityManagerGetRequireConfined(primary),
+ virSecurityManagerGetLockPlugin(primary));
if (!mgr)
return NULL;
@@ -153,6 +157,7 @@ virSecurityManagerNewDAC(const char *virtDriver,
bool defaultConfined,
bool requireConfined,
bool dynamicOwnership,
+ virLockManagerPluginPtr lockPlugin,
virSecurityManagerDACChownCallback chownCallback)
{
virSecurityManagerPtr mgr =
@@ -160,7 +165,8 @@ virSecurityManagerNewDAC(const char *virtDriver,
virtDriver,
allowDiskFormatProbing,
defaultConfined,
- requireConfined);
+ requireConfined,
+ lockPlugin);
if (!mgr)
return NULL;
@@ -182,7 +188,8 @@ virSecurityManagerNew(const char *name,
const char *virtDriver,
bool allowDiskFormatProbing,
bool defaultConfined,
- bool requireConfined)
+ bool requireConfined,
+ virLockManagerPluginPtr lockPlugin)
{
virSecurityDriverPtr drv = virSecurityDriverLookup(name, virtDriver);
if (!drv)
@@ -212,7 +219,8 @@ virSecurityManagerNew(const char *name,
virtDriver,
allowDiskFormatProbing,
defaultConfined,
- requireConfined);
+ requireConfined,
+ lockPlugin);
}
@@ -333,6 +341,13 @@ virSecurityManagerGetRequireConfined(virSecurityManagerPtr mgr)
}
+virLockManagerPluginPtr
+virSecurityManagerGetLockPlugin(virSecurityManagerPtr mgr)
+{
+ return mgr->lockPlugin;
+}
+
+
/**
* virSecurityManagerRestoreDiskLabel:
* @mgr: security manager object
diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index 156f882..0605996 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -26,6 +26,7 @@
# include "domain_conf.h"
# include "vircommand.h"
# include "virstoragefile.h"
+# include "lock_manager.h"
typedef struct _virSecurityManager virSecurityManager;
typedef virSecurityManager *virSecurityManagerPtr;
@@ -34,7 +35,8 @@ virSecurityManagerPtr virSecurityManagerNew(const char *name,
const char *virtDriver,
bool allowDiskFormatProbing,
bool defaultConfined,
- bool requireConfined);
+ bool requireConfined,
+ virLockManagerPluginPtr lockPlugin);
virSecurityManagerPtr virSecurityManagerNewStack(virSecurityManagerPtr primary);
int virSecurityManagerStackAddNested(virSecurityManagerPtr stack,
@@ -62,6 +64,7 @@ virSecurityManagerPtr virSecurityManagerNewDAC(const char *virtDriver,
bool defaultConfined,
bool requireConfined,
bool dynamicOwnership,
+ virLockManagerPluginPtr lockPlugin,
virSecurityManagerDACChownCallback
chownCallback);
int virSecurityManagerPreFork(virSecurityManagerPtr mgr);
@@ -77,6 +80,7 @@ const char *virSecurityManagerGetBaseLabel(virSecurityManagerPtr mgr,
int virtTy
bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr);
bool virSecurityManagerGetDefaultConfined(virSecurityManagerPtr mgr);
bool virSecurityManagerGetRequireConfined(virSecurityManagerPtr mgr);
+virLockManagerPluginPtr virSecurityManagerGetLockPlugin(virSecurityManagerPtr mgr);
int virSecurityManagerRestoreDiskLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
diff --git a/tests/Makefile.am b/tests/Makefile.am
index d6c3cfb..a11b164 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -29,6 +29,7 @@ INCLUDES = \
-I$(top_builddir)/src -I$(top_srcdir)/src \
-I$(top_srcdir)/src/util \
-I$(top_srcdir)/src/conf \
+ -I$(top_srcdir)/src/locking \
$(GETTEXT_CPPFLAGS)
AM_CFLAGS = \
diff --git a/tests/qemuhotplugtest.c b/tests/qemuhotplugtest.c
index 9d39968..56ff3ba 100644
--- a/tests/qemuhotplugtest.c
+++ b/tests/qemuhotplugtest.c
@@ -358,7 +358,7 @@ mymain(void)
if (!driver.lockManager)
return EXIT_FAILURE;
- if (!(mgr = virSecurityManagerNew("none", "qemu", false, false,
false)))
+ if (!(mgr = virSecurityManagerNew("none", "qemu", false, false,
false, NULL)))
return EXIT_FAILURE;
if (!(driver.securityManager = virSecurityManagerNewStack(mgr)))
return EXIT_FAILURE;
diff --git a/tests/seclabeltest.c b/tests/seclabeltest.c
index 51765c9..3a6e7a2 100644
--- a/tests/seclabeltest.c
+++ b/tests/seclabeltest.c
@@ -17,7 +17,7 @@ main(int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED)
if (virThreadInitialize() < 0)
return EXIT_FAILURE;
- mgr = virSecurityManagerNew(NULL, "QEMU", false, true, false);
+ mgr = virSecurityManagerNew(NULL, "QEMU", false, true, false, NULL);
if (mgr == NULL) {
fprintf(stderr, "Failed to start security driver");
return EXIT_FAILURE;
diff --git a/tests/securityselinuxlabeltest.c b/tests/securityselinuxlabeltest.c
index 455eb74..dfc3bed 100644
--- a/tests/securityselinuxlabeltest.c
+++ b/tests/securityselinuxlabeltest.c
@@ -360,7 +360,7 @@ mymain(void)
if (!rc)
return EXIT_AM_SKIP;
- if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true,
false))) {
+ if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true,
false, NULL))) {
virErrorPtr err = virGetLastError();
fprintf(stderr, "Unable to initialize security driver: %s\n",
err->message);
diff --git a/tests/securityselinuxtest.c b/tests/securityselinuxtest.c
index 3b5c3e5..d0810d8 100644
--- a/tests/securityselinuxtest.c
+++ b/tests/securityselinuxtest.c
@@ -272,7 +272,7 @@ mymain(void)
int ret = 0;
virSecurityManagerPtr mgr;
- if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true,
false))) {
+ if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true,
false, NULL))) {
virErrorPtr err = virGetLastError();
fprintf(stderr, "Unable to initialize security driver: %s\n",
err->message);
--
1.8.5.5