[libvirt] [PATCHv2 0/3] security: misc cleanups
v1: https://www.redhat.com/archives/libvir-list/2015-November/msg00781.html new in v2: * split by security driver * more functions renamed Ján Tomko (3): security_dac: remove extra Security from function names security_selinux: remove extra Security from function names security_stack: : remove extra security from function names src/security/security_dac.c | 242 +++++++++++++------------- src/security/security_selinux.c | 375 ++++++++++++++++++++-------------------- src/security/security_stack.c | 68 ++++---- 3 files changed, 338 insertions(+), 347 deletions(-) -- 2.4.6
Many of the functions follow the pattern: virSecurity.*Security.*Label Remove the second 'Security' from the names, it should be obvious that the virSecurity* functions deal with security labels even without it. --- src/security/security_dac.c | 242 ++++++++++++++++++++++---------------------- 1 file changed, 121 insertions(+), 121 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 6cb4839..80709fe 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -376,9 +376,9 @@ virSecurityDACSetOwnership(virSecurityDACDataPtr priv, static int -virSecurityDACRestoreSecurityFileLabelInternal(virSecurityDACDataPtr priv, - virStorageSourcePtr src, - const char *path) +virSecurityDACRestoreFileLabelInternal(virSecurityDACDataPtr priv, + virStorageSourcePtr src, + const char *path) { int rv; uid_t uid = 0; /* By default return to root:root */ @@ -404,17 +404,17 @@ virSecurityDACRestoreSecurityFileLabelInternal(virSecurityDACDataPtr priv, static int -virSecurityDACRestoreSecurityFileLabel(virSecurityDACDataPtr priv, - const char *path) +virSecurityDACRestoreFileLabel(virSecurityDACDataPtr priv, + const char *path) { - return virSecurityDACRestoreSecurityFileLabelInternal(priv, NULL, path); + return virSecurityDACRestoreFileLabelInternal(priv, NULL, path); } static int -virSecurityDACSetSecurityImageLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virStorageSourcePtr src) +virSecurityDACSetImageLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virStorageSourcePtr src) { virSecurityLabelDefPtr secdef; virSecurityDeviceLabelDefPtr disk_seclabel; @@ -447,15 +447,15 @@ virSecurityDACSetSecurityImageLabel(virSecurityManagerPtr mgr, static int -virSecurityDACSetSecurityDiskLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainDiskDefPtr disk) +virSecurityDACSetDiskLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainDiskDefPtr disk) { virStorageSourcePtr next; for (next = disk->src; next; next = next->backingStore) { - if (virSecurityDACSetSecurityImageLabel(mgr, def, next) < 0) + if (virSecurityDACSetImageLabel(mgr, def, next) < 0) return -1; } @@ -464,10 +464,10 @@ virSecurityDACSetSecurityDiskLabel(virSecurityManagerPtr mgr, static int -virSecurityDACRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virStorageSourcePtr src, - bool migrated) +virSecurityDACRestoreImageLabelInt(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virStorageSourcePtr src, + bool migrated) { virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr); virSecurityLabelDefPtr secdef; @@ -514,31 +514,31 @@ virSecurityDACRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr, } } - return virSecurityDACRestoreSecurityFileLabelInternal(priv, src, NULL); + return virSecurityDACRestoreFileLabelInternal(priv, src, NULL); } static int -virSecurityDACRestoreSecurityImageLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virStorageSourcePtr src) +virSecurityDACRestoreImageLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virStorageSourcePtr src) { - return virSecurityDACRestoreSecurityImageLabelInt(mgr, def, src, false); + return virSecurityDACRestoreImageLabelInt(mgr, def, src, false); } static int -virSecurityDACRestoreSecurityDiskLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainDiskDefPtr disk) +virSecurityDACRestoreDiskLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainDiskDefPtr disk) { - return virSecurityDACRestoreSecurityImageLabelInt(mgr, def, disk->src, false); + return virSecurityDACRestoreImageLabelInt(mgr, def, disk->src, false); } static int -virSecurityDACSetSecurityHostdevLabelHelper(const char *file, - void *opaque) +virSecurityDACSetHostdevLabelHelper(const char *file, + void *opaque) { virSecurityDACCallbackDataPtr cbdata = opaque; virSecurityManagerPtr mgr = cbdata->manager; @@ -555,37 +555,37 @@ virSecurityDACSetSecurityHostdevLabelHelper(const char *file, static int -virSecurityDACSetSecurityPCILabel(virPCIDevicePtr dev ATTRIBUTE_UNUSED, - const char *file, - void *opaque) +virSecurityDACSetPCILabel(virPCIDevicePtr dev ATTRIBUTE_UNUSED, + const char *file, + void *opaque) { - return virSecurityDACSetSecurityHostdevLabelHelper(file, opaque); + return virSecurityDACSetHostdevLabelHelper(file, opaque); } static int -virSecurityDACSetSecurityUSBLabel(virUSBDevicePtr dev ATTRIBUTE_UNUSED, - const char *file, - void *opaque) +virSecurityDACSetUSBLabel(virUSBDevicePtr dev ATTRIBUTE_UNUSED, + const char *file, + void *opaque) { - return virSecurityDACSetSecurityHostdevLabelHelper(file, opaque); + return virSecurityDACSetHostdevLabelHelper(file, opaque); } static int -virSecurityDACSetSecuritySCSILabel(virSCSIDevicePtr dev ATTRIBUTE_UNUSED, - const char *file, - void *opaque) +virSecurityDACSetSCSILabel(virSCSIDevicePtr dev ATTRIBUTE_UNUSED, + const char *file, + void *opaque) { - return virSecurityDACSetSecurityHostdevLabelHelper(file, opaque); + return virSecurityDACSetHostdevLabelHelper(file, opaque); } static int -virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainHostdevDefPtr dev, - const char *vroot) +virSecurityDACSetHostdevLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainHostdevDefPtr dev, + const char *vroot) { virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr); virSecurityDACCallbackData cbdata; @@ -600,7 +600,7 @@ virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr, if (dev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS) return 0; - /* Like virSecurityDACSetSecurityImageLabel() for a networked disk, + /* Like virSecurityDACSetImageLabel() for a networked disk, * do nothing for an iSCSI hostdev */ if (dev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI && @@ -624,7 +624,7 @@ virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr, goto done; ret = virUSBDeviceFileIterate(usb, - virSecurityDACSetSecurityUSBLabel, + virSecurityDACSetUSBLabel, &cbdata); virUSBDeviceFree(usb); break; @@ -645,11 +645,11 @@ virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr, virPCIDeviceFree(pci); goto done; } - ret = virSecurityDACSetSecurityPCILabel(pci, vfioGroupDev, &cbdata); + ret = virSecurityDACSetPCILabel(pci, vfioGroupDev, &cbdata); VIR_FREE(vfioGroupDev); } else { ret = virPCIDeviceFileIterate(pci, - virSecurityDACSetSecurityPCILabel, + virSecurityDACSetPCILabel, &cbdata); } @@ -669,7 +669,7 @@ virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr, goto done; ret = virSCSIDeviceFileIterate(scsi, - virSecurityDACSetSecuritySCSILabel, + virSecurityDACSetSCSILabel, &cbdata); virSCSIDeviceFree(scsi); @@ -687,43 +687,43 @@ virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr, static int -virSecurityDACRestoreSecurityPCILabel(virPCIDevicePtr dev ATTRIBUTE_UNUSED, - const char *file, - void *opaque) +virSecurityDACRestorePCILabel(virPCIDevicePtr dev ATTRIBUTE_UNUSED, + const char *file, + void *opaque) { virSecurityManagerPtr mgr = opaque; virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr); - return virSecurityDACRestoreSecurityFileLabel(priv, file); + return virSecurityDACRestoreFileLabel(priv, file); } static int -virSecurityDACRestoreSecurityUSBLabel(virUSBDevicePtr dev ATTRIBUTE_UNUSED, - const char *file, - void *opaque) +virSecurityDACRestoreUSBLabel(virUSBDevicePtr dev ATTRIBUTE_UNUSED, + const char *file, + void *opaque) { virSecurityManagerPtr mgr = opaque; virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr); - return virSecurityDACRestoreSecurityFileLabel(priv, file); + return virSecurityDACRestoreFileLabel(priv, file); } static int -virSecurityDACRestoreSecuritySCSILabel(virSCSIDevicePtr dev ATTRIBUTE_UNUSED, - const char *file, - void *opaque) +virSecurityDACRestoreSCSILabel(virSCSIDevicePtr dev ATTRIBUTE_UNUSED, + const char *file, + void *opaque) { virSecurityManagerPtr mgr = opaque; virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr); - return virSecurityDACRestoreSecurityFileLabel(priv, file); + return virSecurityDACRestoreFileLabel(priv, file); } static int -virSecurityDACRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainHostdevDefPtr dev, - const char *vroot) +virSecurityDACRestoreHostdevLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainHostdevDefPtr dev, + const char *vroot) { virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr); @@ -741,7 +741,7 @@ virSecurityDACRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr, if (dev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS) return 0; - /* Like virSecurityDACRestoreSecurityImageLabelInt() for a networked disk, + /* Like virSecurityDACRestoreImageLabelInt() for a networked disk, * do nothing for an iSCSI hostdev */ if (dev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI && @@ -758,7 +758,7 @@ virSecurityDACRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr, if (!(usb = virUSBDeviceNew(usbsrc->bus, usbsrc->device, vroot))) goto done; - ret = virUSBDeviceFileIterate(usb, virSecurityDACRestoreSecurityUSBLabel, mgr); + ret = virUSBDeviceFileIterate(usb, virSecurityDACRestoreUSBLabel, mgr); virUSBDeviceFree(usb); break; @@ -779,10 +779,10 @@ virSecurityDACRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr, virPCIDeviceFree(pci); goto done; } - ret = virSecurityDACRestoreSecurityPCILabel(pci, vfioGroupDev, mgr); + ret = virSecurityDACRestorePCILabel(pci, vfioGroupDev, mgr); VIR_FREE(vfioGroupDev); } else { - ret = virPCIDeviceFileIterate(pci, virSecurityDACRestoreSecurityPCILabel, mgr); + ret = virPCIDeviceFileIterate(pci, virSecurityDACRestorePCILabel, mgr); } virPCIDeviceFree(pci); break; @@ -799,7 +799,7 @@ virSecurityDACRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr, if (!scsi) goto done; - ret = virSCSIDeviceFileIterate(scsi, virSecurityDACRestoreSecuritySCSILabel, mgr); + ret = virSCSIDeviceFileIterate(scsi, virSecurityDACRestoreSCSILabel, mgr); virSCSIDeviceFree(scsi); break; @@ -922,7 +922,7 @@ virSecurityDACRestoreChardevLabel(virSecurityManagerPtr mgr, switch ((virDomainChrType) dev_source->type) { case VIR_DOMAIN_CHR_TYPE_DEV: case VIR_DOMAIN_CHR_TYPE_FILE: - ret = virSecurityDACRestoreSecurityFileLabel(priv, dev_source->data.file.path); + ret = virSecurityDACRestoreFileLabel(priv, dev_source->data.file.path); break; case VIR_DOMAIN_CHR_TYPE_PIPE: @@ -930,10 +930,10 @@ virSecurityDACRestoreChardevLabel(virSecurityManagerPtr mgr, virAsprintf(&in, "%s.in", dev_source->data.file.path) < 0) goto done; if (virFileExists(in) && virFileExists(out)) { - if (virSecurityDACRestoreSecurityFileLabel(priv, out) < 0 || - virSecurityDACRestoreSecurityFileLabel(priv, in) < 0) + if (virSecurityDACRestoreFileLabel(priv, out) < 0 || + virSecurityDACRestoreFileLabel(priv, in) < 0) goto done; - } else if (virSecurityDACRestoreSecurityFileLabel(priv, dev_source->data.file.path) < 0) { + } else if (virSecurityDACRestoreFileLabel(priv, dev_source->data.file.path) < 0) { goto done; } ret = 0; @@ -973,9 +973,9 @@ virSecurityDACRestoreChardevCallback(virDomainDefPtr def, static int -virSecurityDACSetSecurityTPMFileLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainTPMDefPtr tpm) +virSecurityDACSetTPMFileLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainTPMDefPtr tpm) { int ret = 0; @@ -993,9 +993,9 @@ virSecurityDACSetSecurityTPMFileLabel(virSecurityManagerPtr mgr, static int -virSecurityDACRestoreSecurityTPMFileLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainTPMDefPtr tpm) +virSecurityDACRestoreTPMFileLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainTPMDefPtr tpm) { int ret = 0; @@ -1057,7 +1057,7 @@ virSecurityDACRestoreInputLabel(virSecurityManagerPtr mgr, switch ((virDomainInputType) input->type) { case VIR_DOMAIN_INPUT_TYPE_PASSTHROUGH: - ret = virSecurityDACRestoreSecurityFileLabel(priv, input->source.evdev); + ret = virSecurityDACRestoreFileLabel(priv, input->source.evdev); break; case VIR_DOMAIN_INPUT_TYPE_MOUSE: @@ -1073,9 +1073,9 @@ virSecurityDACRestoreInputLabel(virSecurityManagerPtr mgr, static int -virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - bool migrated) +virSecurityDACRestoreAllLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + bool migrated) { virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr); virSecurityLabelDefPtr secdef; @@ -1091,10 +1091,10 @@ virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr, def->name, migrated); for (i = 0; i < def->nhostdevs; i++) { - if (virSecurityDACRestoreSecurityHostdevLabel(mgr, - def, - def->hostdevs[i], - NULL) < 0) + if (virSecurityDACRestoreHostdevLabel(mgr, + def, + def->hostdevs[i], + NULL) < 0) rc = -1; } @@ -1104,10 +1104,10 @@ virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr, } for (i = 0; i < def->ndisks; i++) { - if (virSecurityDACRestoreSecurityImageLabelInt(mgr, - def, - def->disks[i]->src, - migrated) < 0) + if (virSecurityDACRestoreImageLabelInt(mgr, + def, + def->disks[i]->src, + migrated) < 0) rc = -1; } @@ -1118,26 +1118,26 @@ virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr, rc = -1; if (def->tpm) { - if (virSecurityDACRestoreSecurityTPMFileLabel(mgr, - def, - def->tpm) < 0) + if (virSecurityDACRestoreTPMFileLabel(mgr, + def, + def->tpm) < 0) rc = -1; } if (def->os.loader && def->os.loader->nvram && - virSecurityDACRestoreSecurityFileLabel(priv, def->os.loader->nvram) < 0) + virSecurityDACRestoreFileLabel(priv, def->os.loader->nvram) < 0) rc = -1; if (def->os.kernel && - virSecurityDACRestoreSecurityFileLabel(priv, def->os.kernel) < 0) + virSecurityDACRestoreFileLabel(priv, def->os.kernel) < 0) rc = -1; if (def->os.initrd && - virSecurityDACRestoreSecurityFileLabel(priv, def->os.initrd) < 0) + virSecurityDACRestoreFileLabel(priv, def->os.initrd) < 0) rc = -1; if (def->os.dtb && - virSecurityDACRestoreSecurityFileLabel(priv, def->os.dtb) < 0) + virSecurityDACRestoreFileLabel(priv, def->os.dtb) < 0) rc = -1; return rc; @@ -1156,9 +1156,9 @@ virSecurityDACSetChardevCallback(virDomainDefPtr def, static int -virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - const char *stdin_path ATTRIBUTE_UNUSED) +virSecurityDACSetAllLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + const char *stdin_path ATTRIBUTE_UNUSED) { virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr); virSecurityLabelDefPtr secdef; @@ -1175,9 +1175,9 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr, /* XXX fixme - we need to recursively label the entire tree :-( */ if (virDomainDiskGetType(def->disks[i]) == VIR_STORAGE_TYPE_DIR) continue; - if (virSecurityDACSetSecurityDiskLabel(mgr, - def, - def->disks[i]) < 0) + if (virSecurityDACSetDiskLabel(mgr, + def, + def->disks[i]) < 0) return -1; } @@ -1187,10 +1187,10 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr, } for (i = 0; i < def->nhostdevs; i++) { - if (virSecurityDACSetSecurityHostdevLabel(mgr, - def, - def->hostdevs[i], - NULL) < 0) + if (virSecurityDACSetHostdevLabel(mgr, + def, + def->hostdevs[i], + NULL) < 0) return -1; } @@ -1201,9 +1201,9 @@ virSecurityDACSetSecurityAllLabel(virSecurityManagerPtr mgr, return -1; if (def->tpm) { - if (virSecurityDACSetSecurityTPMFileLabel(mgr, - def, - def->tpm) < 0) + if (virSecurityDACSetTPMFileLabel(mgr, + def, + def->tpm) < 0) return -1; } @@ -1263,7 +1263,7 @@ virSecurityDACRestoreSavedStateLabel(virSecurityManagerPtr mgr, if (!priv->dynamicOwnership) return 0; - return virSecurityDACRestoreSecurityFileLabel(priv, savefile); + return virSecurityDACRestoreFileLabel(priv, savefile); } @@ -1585,11 +1585,11 @@ virSecurityDriver virSecurityDriverDAC = { .domainSecurityVerify = virSecurityDACVerify, - .domainSetSecurityDiskLabel = virSecurityDACSetSecurityDiskLabel, - .domainRestoreSecurityDiskLabel = virSecurityDACRestoreSecurityDiskLabel, + .domainSetSecurityDiskLabel = virSecurityDACSetDiskLabel, + .domainRestoreSecurityDiskLabel = virSecurityDACRestoreDiskLabel, - .domainSetSecurityImageLabel = virSecurityDACSetSecurityImageLabel, - .domainRestoreSecurityImageLabel = virSecurityDACRestoreSecurityImageLabel, + .domainSetSecurityImageLabel = virSecurityDACSetImageLabel, + .domainRestoreSecurityImageLabel = virSecurityDACRestoreImageLabel, .domainSetSecurityDaemonSocketLabel = virSecurityDACSetDaemonSocketLabel, .domainSetSecuritySocketLabel = virSecurityDACSetSocketLabel, @@ -1603,11 +1603,11 @@ virSecurityDriver virSecurityDriverDAC = { .domainSetSecurityProcessLabel = virSecurityDACSetProcessLabel, .domainSetSecurityChildProcessLabel = virSecurityDACSetChildProcessLabel, - .domainSetSecurityAllLabel = virSecurityDACSetSecurityAllLabel, - .domainRestoreSecurityAllLabel = virSecurityDACRestoreSecurityAllLabel, + .domainSetSecurityAllLabel = virSecurityDACSetAllLabel, + .domainRestoreSecurityAllLabel = virSecurityDACRestoreAllLabel, - .domainSetSecurityHostdevLabel = virSecurityDACSetSecurityHostdevLabel, - .domainRestoreSecurityHostdevLabel = virSecurityDACRestoreSecurityHostdevLabel, + .domainSetSecurityHostdevLabel = virSecurityDACSetHostdevLabel, + .domainRestoreSecurityHostdevLabel = virSecurityDACRestoreHostdevLabel, .domainSetSavedStateLabel = virSecurityDACSetSavedStateLabel, .domainRestoreSavedStateLabel = virSecurityDACRestoreSavedStateLabel, -- 2.4.6
Many of the functions follow the pattern: virSecurity.*Security.*Label Remove the second 'Security' from the names, it should be obvious that the virSecurity* functions deal with security labels even without it. --- src/security/security_selinux.c | 375 ++++++++++++++++++++-------------------- 1 file changed, 183 insertions(+), 192 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 11609f7..721c451 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -81,9 +81,9 @@ struct _virSecuritySELinuxCallbackData { #define SECURITY_SELINUX_NAME "selinux" static int -virSecuritySELinuxRestoreSecurityTPMFileLabelInt(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainTPMDefPtr tpm); +virSecuritySELinuxRestoreTPMFileLabelInt(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainTPMDefPtr tpm); /* @@ -570,8 +570,8 @@ virSecuritySELinuxInitialize(virSecurityManagerPtr mgr) static int -virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def) +virSecuritySELinuxGenLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def) { int rc = -1; char *mcs = NULL; @@ -729,9 +729,9 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr, } static int -virSecuritySELinuxReserveSecurityLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - pid_t pid) +virSecuritySELinuxReserveLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + pid_t pid) { security_context_t pctx; context_t ctx = NULL; @@ -845,10 +845,10 @@ virSecuritySELinuxSecurityGetDOI(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED) } static int -virSecuritySELinuxGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainDefPtr def ATTRIBUTE_UNUSED, - pid_t pid, - virSecurityLabelPtr sec) +virSecuritySELinuxGetProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, + virDomainDefPtr def ATTRIBUTE_UNUSED, + pid_t pid, + virSecurityLabelPtr sec) { security_context_t ctx; @@ -1015,8 +1015,8 @@ getContext(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, /* This method shouldn't raise errors, since they'll overwrite * errors that the caller(s) are already dealing with */ static int -virSecuritySELinuxRestoreSecurityFileLabel(virSecurityManagerPtr mgr, - const char *path) +virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr, + const char *path) { struct stat buf; security_context_t fcon = NULL; @@ -1098,8 +1098,7 @@ virSecuritySELinuxRestoreInputLabel(virSecurityManagerPtr mgr, switch ((virDomainInputType) input->type) { case VIR_DOMAIN_INPUT_TYPE_PASSTHROUGH: - rc = virSecuritySELinuxRestoreSecurityFileLabel(mgr, - input->source.evdev); + rc = virSecuritySELinuxRestoreFileLabel(mgr, input->source.evdev); break; case VIR_DOMAIN_INPUT_TYPE_MOUSE: @@ -1114,9 +1113,9 @@ virSecuritySELinuxRestoreInputLabel(virSecurityManagerPtr mgr, static int -virSecuritySELinuxSetSecurityTPMFileLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainTPMDefPtr tpm) +virSecuritySELinuxSetTPMFileLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainTPMDefPtr tpm) { int rc; virSecurityLabelDefPtr seclabel; @@ -1140,8 +1139,7 @@ virSecuritySELinuxSetSecurityTPMFileLabel(virSecurityManagerPtr mgr, seclabel->imagelabel); VIR_FREE(cancel_path); if (rc < 0) { - virSecuritySELinuxRestoreSecurityTPMFileLabelInt(mgr, def, - tpm); + virSecuritySELinuxRestoreTPMFileLabelInt(mgr, def, tpm); return -1; } } else { @@ -1157,9 +1155,9 @@ virSecuritySELinuxSetSecurityTPMFileLabel(virSecurityManagerPtr mgr, static int -virSecuritySELinuxRestoreSecurityTPMFileLabelInt(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainTPMDefPtr tpm) +virSecuritySELinuxRestoreTPMFileLabelInt(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainTPMDefPtr tpm) { int rc = 0; virSecurityLabelDefPtr seclabel; @@ -1173,11 +1171,10 @@ virSecuritySELinuxRestoreSecurityTPMFileLabelInt(virSecurityManagerPtr mgr, switch (tpm->type) { case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: tpmdev = tpm->data.passthrough.source.data.file.path; - rc = virSecuritySELinuxRestoreSecurityFileLabel(mgr, tpmdev); + rc = virSecuritySELinuxRestoreFileLabel(mgr, tpmdev); if ((cancel_path = virTPMCreateCancelPath(tpmdev)) != NULL) { - if (virSecuritySELinuxRestoreSecurityFileLabel(mgr, - cancel_path) < 0) + if (virSecuritySELinuxRestoreFileLabel(mgr, cancel_path) < 0) rc = -1; VIR_FREE(cancel_path); } @@ -1191,10 +1188,10 @@ virSecuritySELinuxRestoreSecurityTPMFileLabelInt(virSecurityManagerPtr mgr, static int -virSecuritySELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virStorageSourcePtr src, - bool migrated) +virSecuritySELinuxRestoreImageLabelInt(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virStorageSourcePtr src, + bool migrated) { virSecurityLabelDefPtr seclabel; virSecurityDeviceLabelDefPtr disk_seclabel; @@ -1242,34 +1239,34 @@ virSecuritySELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr, } } - return virSecuritySELinuxRestoreSecurityFileLabel(mgr, src->path); + return virSecuritySELinuxRestoreFileLabel(mgr, src->path); } static int -virSecuritySELinuxRestoreSecurityDiskLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainDiskDefPtr disk) +virSecuritySELinuxRestoreDiskLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainDiskDefPtr disk) { - return virSecuritySELinuxRestoreSecurityImageLabelInt(mgr, def, disk->src, - false); + return virSecuritySELinuxRestoreImageLabelInt(mgr, def, disk->src, + false); } static int -virSecuritySELinuxRestoreSecurityImageLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virStorageSourcePtr src) +virSecuritySELinuxRestoreImageLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virStorageSourcePtr src) { - return virSecuritySELinuxRestoreSecurityImageLabelInt(mgr, def, src, false); + return virSecuritySELinuxRestoreImageLabelInt(mgr, def, src, false); } static int -virSecuritySELinuxSetSecurityImageLabelInternal(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virStorageSourcePtr src, - bool first) +virSecuritySELinuxSetImageLabelInternal(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virStorageSourcePtr src, + bool first) { virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr); virSecurityLabelDefPtr secdef; @@ -1333,26 +1330,25 @@ virSecuritySELinuxSetSecurityImageLabelInternal(virSecurityManagerPtr mgr, static int -virSecuritySELinuxSetSecurityImageLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virStorageSourcePtr src) +virSecuritySELinuxSetImageLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virStorageSourcePtr src) { - return virSecuritySELinuxSetSecurityImageLabelInternal(mgr, def, src, true); + return virSecuritySELinuxSetImageLabelInternal(mgr, def, src, true); } static int -virSecuritySELinuxSetSecurityDiskLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainDiskDefPtr disk) +virSecuritySELinuxSetDiskLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainDiskDefPtr disk) { bool first = true; virStorageSourcePtr next; for (next = disk->src; next; next = next->backingStore) { - if (virSecuritySELinuxSetSecurityImageLabelInternal(mgr, def, next, - first) < 0) + if (virSecuritySELinuxSetImageLabelInternal(mgr, def, next, first) < 0) return -1; first = false; @@ -1362,7 +1358,7 @@ virSecuritySELinuxSetSecurityDiskLabel(virSecurityManagerPtr mgr, } static int -virSecuritySELinuxSetSecurityHostdevLabelHelper(const char *file, void *opaque) +virSecuritySELinuxSetHostdevLabelHelper(const char *file, void *opaque) { virSecurityLabelDefPtr secdef; virSecuritySELinuxCallbackDataPtr data = opaque; @@ -1376,22 +1372,22 @@ virSecuritySELinuxSetSecurityHostdevLabelHelper(const char *file, void *opaque) } static int -virSecuritySELinuxSetSecurityPCILabel(virPCIDevicePtr dev ATTRIBUTE_UNUSED, - const char *file, void *opaque) +virSecuritySELinuxSetPCILabel(virPCIDevicePtr dev ATTRIBUTE_UNUSED, + const char *file, void *opaque) { - return virSecuritySELinuxSetSecurityHostdevLabelHelper(file, opaque); + return virSecuritySELinuxSetHostdevLabelHelper(file, opaque); } static int -virSecuritySELinuxSetSecurityUSBLabel(virUSBDevicePtr dev ATTRIBUTE_UNUSED, - const char *file, void *opaque) +virSecuritySELinuxSetUSBLabel(virUSBDevicePtr dev ATTRIBUTE_UNUSED, + const char *file, void *opaque) { - return virSecuritySELinuxSetSecurityHostdevLabelHelper(file, opaque); + return virSecuritySELinuxSetHostdevLabelHelper(file, opaque); } static int -virSecuritySELinuxSetSecuritySCSILabel(virSCSIDevicePtr dev, - const char *file, void *opaque) +virSecuritySELinuxSetSCSILabel(virSCSIDevicePtr dev, + const char *file, void *opaque) { virSecurityLabelDefPtr secdef; virSecuritySELinuxCallbackDataPtr ptr = opaque; @@ -1414,10 +1410,10 @@ virSecuritySELinuxSetSecuritySCSILabel(virSCSIDevicePtr dev, } static int -virSecuritySELinuxSetSecurityHostdevSubsysLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainHostdevDefPtr dev, - const char *vroot) +virSecuritySELinuxSetHostdevSubsysLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainHostdevDefPtr dev, + const char *vroot) { virDomainHostdevSubsysUSBPtr usbsrc = &dev->source.subsys.u.usb; @@ -1427,7 +1423,7 @@ virSecuritySELinuxSetSecurityHostdevSubsysLabel(virSecurityManagerPtr mgr, int ret = -1; - /* Like virSecuritySELinuxSetSecurityImageLabelInternal() for a networked + /* Like virSecuritySELinuxSetImageLabelInternal() for a networked * disk, do nothing for an iSCSI hostdev */ if (dev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI && @@ -1447,7 +1443,7 @@ virSecuritySELinuxSetSecurityHostdevSubsysLabel(virSecurityManagerPtr mgr, if (!usb) goto done; - ret = virUSBDeviceFileIterate(usb, virSecuritySELinuxSetSecurityUSBLabel, &data); + ret = virUSBDeviceFileIterate(usb, virSecuritySELinuxSetUSBLabel, &data); virUSBDeviceFree(usb); break; } @@ -1467,10 +1463,10 @@ virSecuritySELinuxSetSecurityHostdevSubsysLabel(virSecurityManagerPtr mgr, virPCIDeviceFree(pci); goto done; } - ret = virSecuritySELinuxSetSecurityPCILabel(pci, vfioGroupDev, &data); + ret = virSecuritySELinuxSetPCILabel(pci, vfioGroupDev, &data); VIR_FREE(vfioGroupDev); } else { - ret = virPCIDeviceFileIterate(pci, virSecuritySELinuxSetSecurityPCILabel, &data); + ret = virPCIDeviceFileIterate(pci, virSecuritySELinuxSetPCILabel, &data); } virPCIDeviceFree(pci); break; @@ -1489,7 +1485,7 @@ virSecuritySELinuxSetSecurityHostdevSubsysLabel(virSecurityManagerPtr mgr, goto done; ret = virSCSIDeviceFileIterate(scsi, - virSecuritySELinuxSetSecuritySCSILabel, + virSecuritySELinuxSetSCSILabel, &data); virSCSIDeviceFree(scsi); @@ -1507,10 +1503,10 @@ virSecuritySELinuxSetSecurityHostdevSubsysLabel(virSecurityManagerPtr mgr, static int -virSecuritySELinuxSetSecurityHostdevCapsLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainHostdevDefPtr dev, - const char *vroot) +virSecuritySELinuxSetHostdevCapsLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainHostdevDefPtr dev, + const char *vroot) { int ret = -1; virSecurityLabelDefPtr secdef; @@ -1559,10 +1555,10 @@ virSecuritySELinuxSetSecurityHostdevCapsLabel(virSecurityManagerPtr mgr, static int -virSecuritySELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainHostdevDefPtr dev, - const char *vroot) +virSecuritySELinuxSetHostdevLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainHostdevDefPtr dev, + const char *vroot) { virSecurityLabelDefPtr secdef; @@ -1573,12 +1569,10 @@ virSecuritySELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr, switch (dev->mode) { case VIR_DOMAIN_HOSTDEV_MODE_SUBSYS: - return virSecuritySELinuxSetSecurityHostdevSubsysLabel(mgr, def, - dev, vroot); + return virSecuritySELinuxSetHostdevSubsysLabel(mgr, def, dev, vroot); case VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES: - return virSecuritySELinuxSetSecurityHostdevCapsLabel(mgr, def, - dev, vroot); + return virSecuritySELinuxSetHostdevCapsLabel(mgr, def, dev, vroot); default: return 0; @@ -1586,30 +1580,30 @@ virSecuritySELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr, } static int -virSecuritySELinuxRestoreSecurityPCILabel(virPCIDevicePtr dev ATTRIBUTE_UNUSED, - const char *file, - void *opaque) +virSecuritySELinuxRestorePCILabel(virPCIDevicePtr dev ATTRIBUTE_UNUSED, + const char *file, + void *opaque) { virSecurityManagerPtr mgr = opaque; - return virSecuritySELinuxRestoreSecurityFileLabel(mgr, file); + return virSecuritySELinuxRestoreFileLabel(mgr, file); } static int -virSecuritySELinuxRestoreSecurityUSBLabel(virUSBDevicePtr dev ATTRIBUTE_UNUSED, - const char *file, - void *opaque) +virSecuritySELinuxRestoreUSBLabel(virUSBDevicePtr dev ATTRIBUTE_UNUSED, + const char *file, + void *opaque) { virSecurityManagerPtr mgr = opaque; - return virSecuritySELinuxRestoreSecurityFileLabel(mgr, file); + return virSecuritySELinuxRestoreFileLabel(mgr, file); } static int -virSecuritySELinuxRestoreSecuritySCSILabel(virSCSIDevicePtr dev, - const char *file, - void *opaque) +virSecuritySELinuxRestoreSCSILabel(virSCSIDevicePtr dev, + const char *file, + void *opaque) { virSecurityManagerPtr mgr = opaque; @@ -1619,13 +1613,13 @@ virSecuritySELinuxRestoreSecuritySCSILabel(virSCSIDevicePtr dev, if (virSCSIDeviceGetShareable(dev) || virSCSIDeviceGetReadonly(dev)) return 0; - return virSecuritySELinuxRestoreSecurityFileLabel(mgr, file); + return virSecuritySELinuxRestoreFileLabel(mgr, file); } static int -virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(virSecurityManagerPtr mgr, - virDomainHostdevDefPtr dev, - const char *vroot) +virSecuritySELinuxRestoreHostdevSubsysLabel(virSecurityManagerPtr mgr, + virDomainHostdevDefPtr dev, + const char *vroot) { virDomainHostdevSubsysUSBPtr usbsrc = &dev->source.subsys.u.usb; @@ -1633,7 +1627,7 @@ virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(virSecurityManagerPtr mgr, virDomainHostdevSubsysSCSIPtr scsisrc = &dev->source.subsys.u.scsi; int ret = -1; - /* Like virSecuritySELinuxRestoreSecurityImageLabelInt() for a networked + /* Like virSecuritySELinuxRestoreImageLabelInt() for a networked * disk, do nothing for an iSCSI hostdev */ if (dev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI && @@ -1653,7 +1647,7 @@ virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(virSecurityManagerPtr mgr, if (!usb) goto done; - ret = virUSBDeviceFileIterate(usb, virSecuritySELinuxRestoreSecurityUSBLabel, mgr); + ret = virUSBDeviceFileIterate(usb, virSecuritySELinuxRestoreUSBLabel, mgr); virUSBDeviceFree(usb); break; @@ -1674,10 +1668,10 @@ virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(virSecurityManagerPtr mgr, virPCIDeviceFree(pci); goto done; } - ret = virSecuritySELinuxRestoreSecurityPCILabel(pci, vfioGroupDev, mgr); + ret = virSecuritySELinuxRestorePCILabel(pci, vfioGroupDev, mgr); VIR_FREE(vfioGroupDev); } else { - ret = virPCIDeviceFileIterate(pci, virSecuritySELinuxRestoreSecurityPCILabel, mgr); + ret = virPCIDeviceFileIterate(pci, virSecuritySELinuxRestorePCILabel, mgr); } virPCIDeviceFree(pci); break; @@ -1694,7 +1688,7 @@ virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(virSecurityManagerPtr mgr, if (!scsi) goto done; - ret = virSCSIDeviceFileIterate(scsi, virSecuritySELinuxRestoreSecuritySCSILabel, mgr); + ret = virSCSIDeviceFileIterate(scsi, virSecuritySELinuxRestoreSCSILabel, mgr); virSCSIDeviceFree(scsi); break; @@ -1711,9 +1705,9 @@ virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(virSecurityManagerPtr mgr, static int -virSecuritySELinuxRestoreSecurityHostdevCapsLabel(virSecurityManagerPtr mgr, - virDomainHostdevDefPtr dev, - const char *vroot) +virSecuritySELinuxRestoreHostdevCapsLabel(virSecurityManagerPtr mgr, + virDomainHostdevDefPtr dev, + const char *vroot) { int ret = -1; char *path; @@ -1728,7 +1722,7 @@ virSecuritySELinuxRestoreSecurityHostdevCapsLabel(virSecurityManagerPtr mgr, if (VIR_STRDUP(path, dev->source.caps.u.storage.block) < 0) return -1; } - ret = virSecuritySELinuxRestoreSecurityFileLabel(mgr, path); + ret = virSecuritySELinuxRestoreFileLabel(mgr, path); VIR_FREE(path); break; } @@ -1742,7 +1736,7 @@ virSecuritySELinuxRestoreSecurityHostdevCapsLabel(virSecurityManagerPtr mgr, if (VIR_STRDUP(path, dev->source.caps.u.misc.chardev) < 0) return -1; } - ret = virSecuritySELinuxRestoreSecurityFileLabel(mgr, path); + ret = virSecuritySELinuxRestoreFileLabel(mgr, path); VIR_FREE(path); break; } @@ -1757,10 +1751,10 @@ virSecuritySELinuxRestoreSecurityHostdevCapsLabel(virSecurityManagerPtr mgr, static int -virSecuritySELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainHostdevDefPtr dev, - const char *vroot) +virSecuritySELinuxRestoreHostdevLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainHostdevDefPtr dev, + const char *vroot) { virSecurityLabelDefPtr secdef; @@ -1771,10 +1765,10 @@ virSecuritySELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr, switch (dev->mode) { case VIR_DOMAIN_HOSTDEV_MODE_SUBSYS: - return virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(mgr, dev, vroot); + return virSecuritySELinuxRestoreHostdevSubsysLabel(mgr, dev, vroot); case VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES: - return virSecuritySELinuxRestoreSecurityHostdevCapsLabel(mgr, dev, vroot); + return virSecuritySELinuxRestoreHostdevCapsLabel(mgr, dev, vroot); default: return 0; @@ -1783,10 +1777,10 @@ virSecuritySELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr, static int -virSecuritySELinuxSetSecurityChardevLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainChrDefPtr dev, - virDomainChrSourceDefPtr dev_source) +virSecuritySELinuxSetChardevLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainChrDefPtr dev, + virDomainChrSourceDefPtr dev_source) { virSecurityLabelDefPtr seclabel; @@ -1858,10 +1852,10 @@ virSecuritySELinuxSetSecurityChardevLabel(virSecurityManagerPtr mgr, } static int -virSecuritySELinuxRestoreSecurityChardevLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainChrDefPtr dev, - virDomainChrSourceDefPtr dev_source) +virSecuritySELinuxRestoreChardevLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainChrDefPtr dev, + virDomainChrSourceDefPtr dev_source) { virSecurityLabelDefPtr seclabel; @@ -1882,14 +1876,14 @@ virSecuritySELinuxRestoreSecurityChardevLabel(virSecurityManagerPtr mgr, switch (dev_source->type) { case VIR_DOMAIN_CHR_TYPE_DEV: case VIR_DOMAIN_CHR_TYPE_FILE: - if (virSecuritySELinuxRestoreSecurityFileLabel(mgr, dev_source->data.file.path) < 0) + if (virSecuritySELinuxRestoreFileLabel(mgr, dev_source->data.file.path) < 0) goto done; ret = 0; break; case VIR_DOMAIN_CHR_TYPE_UNIX: if (!dev_source->data.nix.listen) { - if (virSecuritySELinuxRestoreSecurityFileLabel(mgr, dev_source->data.file.path) < 0) + if (virSecuritySELinuxRestoreFileLabel(mgr, dev_source->data.file.path) < 0) goto done; } ret = 0; @@ -1900,11 +1894,11 @@ virSecuritySELinuxRestoreSecurityChardevLabel(virSecurityManagerPtr mgr, (virAsprintf(&in, "%s.in", dev_source->data.file.path) < 0)) goto done; if (virFileExists(in) && virFileExists(out)) { - if ((virSecuritySELinuxRestoreSecurityFileLabel(mgr, out) < 0) || - (virSecuritySELinuxRestoreSecurityFileLabel(mgr, in) < 0)) { + if ((virSecuritySELinuxRestoreFileLabel(mgr, out) < 0) || + (virSecuritySELinuxRestoreFileLabel(mgr, in) < 0)) { goto done; } - } else if (virSecuritySELinuxRestoreSecurityFileLabel(mgr, dev_source->data.file.path) < 0) { + } else if (virSecuritySELinuxRestoreFileLabel(mgr, dev_source->data.file.path) < 0) { goto done; } ret = 0; @@ -1934,8 +1928,7 @@ virSecuritySELinuxRestoreSecurityChardevCallback(virDomainDefPtr def, dev->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL) return 0; - return virSecuritySELinuxRestoreSecurityChardevLabel(mgr, def, dev, - &dev->source); + return virSecuritySELinuxRestoreChardevLabel(mgr, def, dev, &dev->source); } @@ -1955,10 +1948,10 @@ virSecuritySELinuxRestoreSecuritySmartcardCallback(virDomainDefPtr def, database = dev->data.cert.database; if (!database) database = VIR_DOMAIN_SMARTCARD_DEFAULT_DATABASE; - return virSecuritySELinuxRestoreSecurityFileLabel(mgr, database); + return virSecuritySELinuxRestoreFileLabel(mgr, database); case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH: - return virSecuritySELinuxRestoreSecurityChardevLabel(mgr, def, NULL, &dev->data.passthru); + return virSecuritySELinuxRestoreChardevLabel(mgr, def, NULL, &dev->data.passthru); default: virReportError(VIR_ERR_INTERNAL_ERROR, @@ -1983,9 +1976,9 @@ virSecuritySELinuxGetBaseLabel(virSecurityManagerPtr mgr, int virtType) static int -virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - bool migrated) +virSecuritySELinuxRestoreAllLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + bool migrated) { virSecurityLabelDefPtr secdef; virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr); @@ -2000,16 +1993,15 @@ virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr, return 0; if (def->tpm) { - if (virSecuritySELinuxRestoreSecurityTPMFileLabelInt(mgr, def, - def->tpm) < 0) + if (virSecuritySELinuxRestoreTPMFileLabelInt(mgr, def, def->tpm) < 0) rc = -1; } for (i = 0; i < def->nhostdevs; i++) { - if (virSecuritySELinuxRestoreSecurityHostdevLabel(mgr, - def, - def->hostdevs[i], - NULL) < 0) + if (virSecuritySELinuxRestoreHostdevLabel(mgr, + def, + def->hostdevs[i], + NULL) < 0) rc = -1; } @@ -2021,8 +2013,8 @@ virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr, for (i = 0; i < def->ndisks; i++) { virDomainDiskDefPtr disk = def->disks[i]; - if (virSecuritySELinuxRestoreSecurityImageLabelInt(mgr, def, disk->src, - migrated) < 0) + if (virSecuritySELinuxRestoreImageLabelInt(mgr, def, disk->src, + migrated) < 0) rc = -1; } @@ -2039,27 +2031,27 @@ virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr, rc = -1; if (def->os.loader && def->os.loader->nvram && - virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.loader->nvram) < 0) + virSecuritySELinuxRestoreFileLabel(mgr, def->os.loader->nvram) < 0) rc = -1; if (def->os.kernel && - virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.kernel) < 0) + virSecuritySELinuxRestoreFileLabel(mgr, def->os.kernel) < 0) rc = -1; if (def->os.initrd && - virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.initrd) < 0) + virSecuritySELinuxRestoreFileLabel(mgr, def->os.initrd) < 0) rc = -1; if (def->os.dtb && - virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.dtb) < 0) + virSecuritySELinuxRestoreFileLabel(mgr, def->os.dtb) < 0) rc = -1; return rc; } static int -virSecuritySELinuxReleaseSecurityLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def) +virSecuritySELinuxReleaseLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def) { virSecurityLabelDefPtr secdef; @@ -2111,7 +2103,7 @@ virSecuritySELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr, if (!secdef || !secdef->relabel) return 0; - return virSecuritySELinuxRestoreSecurityFileLabel(mgr, savefile); + return virSecuritySELinuxRestoreFileLabel(mgr, savefile); } @@ -2145,8 +2137,8 @@ virSecuritySELinuxSecurityVerify(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, } static int -virSecuritySELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainDefPtr def) +virSecuritySELinuxSetProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, + virDomainDefPtr def) { /* TODO: verify DOI */ virSecurityLabelDefPtr secdef; @@ -2178,9 +2170,9 @@ virSecuritySELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UN } static int -virSecuritySELinuxSetSecurityChildProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainDefPtr def, - virCommandPtr cmd) +virSecuritySELinuxSetChildProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, + virDomainDefPtr def, + virCommandPtr cmd) { /* TODO: verify DOI */ virSecurityLabelDefPtr secdef; @@ -2206,8 +2198,8 @@ virSecuritySELinuxSetSecurityChildProcessLabel(virSecurityManagerPtr mgr ATTRIBU } static int -virSecuritySELinuxSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainDefPtr def) +virSecuritySELinuxSetDaemonSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, + virDomainDefPtr def) { /* TODO: verify DOI */ virSecurityLabelDefPtr secdef; @@ -2256,8 +2248,8 @@ virSecuritySELinuxSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr ATTRIBU } static int -virSecuritySELinuxSetSecuritySocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainDefPtr vm) +virSecuritySELinuxSetSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, + virDomainDefPtr vm) { virSecurityLabelDefPtr secdef; int rc = -1; @@ -2294,8 +2286,8 @@ virSecuritySELinuxSetSecuritySocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNU } static int -virSecuritySELinuxClearSecuritySocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainDefPtr def) +virSecuritySELinuxClearSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, + virDomainDefPtr def) { /* TODO: verify DOI */ virSecurityLabelDefPtr secdef; @@ -2337,7 +2329,7 @@ virSecuritySELinuxSetSecurityChardevCallback(virDomainDefPtr def, dev->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL) return 0; - return virSecuritySELinuxSetSecurityChardevLabel(mgr, def, dev, &dev->source); + return virSecuritySELinuxSetChardevLabel(mgr, def, dev, &dev->source); } @@ -2361,8 +2353,8 @@ virSecuritySELinuxSetSecuritySmartcardCallback(virDomainDefPtr def, return virSecuritySELinuxSetFilecon(mgr, database, data->content_context); case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH: - return virSecuritySELinuxSetSecurityChardevLabel(mgr, def, NULL, - &dev->data.passthru); + return virSecuritySELinuxSetChardevLabel(mgr, def, NULL, + &dev->data.passthru); default: virReportError(VIR_ERR_INTERNAL_ERROR, @@ -2376,9 +2368,9 @@ virSecuritySELinuxSetSecuritySmartcardCallback(virDomainDefPtr def, static int -virSecuritySELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - const char *stdin_path) +virSecuritySELinuxSetAllLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + const char *stdin_path) { size_t i; virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr); @@ -2397,17 +2389,17 @@ virSecuritySELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr, def->disks[i]->dst); continue; } - if (virSecuritySELinuxSetSecurityDiskLabel(mgr, - def, def->disks[i]) < 0) + if (virSecuritySELinuxSetDiskLabel(mgr, + def, def->disks[i]) < 0) return -1; } /* XXX fixme process def->fss if relabel == true */ for (i = 0; i < def->nhostdevs; i++) { - if (virSecuritySELinuxSetSecurityHostdevLabel(mgr, - def, - def->hostdevs[i], - NULL) < 0) + if (virSecuritySELinuxSetHostdevLabel(mgr, + def, + def->hostdevs[i], + NULL) < 0) return -1; } @@ -2417,8 +2409,7 @@ virSecuritySELinuxSetSecurityAllLabel(virSecurityManagerPtr mgr, } if (def->tpm) { - if (virSecuritySELinuxSetSecurityTPMFileLabel(mgr, def, - def->tpm) < 0) + if (virSecuritySELinuxSetTPMFileLabel(mgr, def, def->tpm) < 0) return -1; } @@ -2632,29 +2623,29 @@ virSecurityDriver virSecurityDriverSELinux = { .domainSecurityVerify = virSecuritySELinuxSecurityVerify, - .domainSetSecurityDiskLabel = virSecuritySELinuxSetSecurityDiskLabel, - .domainRestoreSecurityDiskLabel = virSecuritySELinuxRestoreSecurityDiskLabel, + .domainSetSecurityDiskLabel = virSecuritySELinuxSetDiskLabel, + .domainRestoreSecurityDiskLabel = virSecuritySELinuxRestoreDiskLabel, - .domainSetSecurityImageLabel = virSecuritySELinuxSetSecurityImageLabel, - .domainRestoreSecurityImageLabel = virSecuritySELinuxRestoreSecurityImageLabel, + .domainSetSecurityImageLabel = virSecuritySELinuxSetImageLabel, + .domainRestoreSecurityImageLabel = virSecuritySELinuxRestoreImageLabel, - .domainSetSecurityDaemonSocketLabel = virSecuritySELinuxSetSecurityDaemonSocketLabel, - .domainSetSecuritySocketLabel = virSecuritySELinuxSetSecuritySocketLabel, - .domainClearSecuritySocketLabel = virSecuritySELinuxClearSecuritySocketLabel, + .domainSetSecurityDaemonSocketLabel = virSecuritySELinuxSetDaemonSocketLabel, + .domainSetSecuritySocketLabel = virSecuritySELinuxSetSocketLabel, + .domainClearSecuritySocketLabel = virSecuritySELinuxClearSocketLabel, - .domainGenSecurityLabel = virSecuritySELinuxGenSecurityLabel, - .domainReserveSecurityLabel = virSecuritySELinuxReserveSecurityLabel, - .domainReleaseSecurityLabel = virSecuritySELinuxReleaseSecurityLabel, + .domainGenSecurityLabel = virSecuritySELinuxGenLabel, + .domainReserveSecurityLabel = virSecuritySELinuxReserveLabel, + .domainReleaseSecurityLabel = virSecuritySELinuxReleaseLabel, - .domainGetSecurityProcessLabel = virSecuritySELinuxGetSecurityProcessLabel, - .domainSetSecurityProcessLabel = virSecuritySELinuxSetSecurityProcessLabel, - .domainSetSecurityChildProcessLabel = virSecuritySELinuxSetSecurityChildProcessLabel, + .domainGetSecurityProcessLabel = virSecuritySELinuxGetProcessLabel, + .domainSetSecurityProcessLabel = virSecuritySELinuxSetProcessLabel, + .domainSetSecurityChildProcessLabel = virSecuritySELinuxSetChildProcessLabel, - .domainSetSecurityAllLabel = virSecuritySELinuxSetSecurityAllLabel, - .domainRestoreSecurityAllLabel = virSecuritySELinuxRestoreSecurityAllLabel, + .domainSetSecurityAllLabel = virSecuritySELinuxSetAllLabel, + .domainRestoreSecurityAllLabel = virSecuritySELinuxRestoreAllLabel, - .domainSetSecurityHostdevLabel = virSecuritySELinuxSetSecurityHostdevLabel, - .domainRestoreSecurityHostdevLabel = virSecuritySELinuxRestoreSecurityHostdevLabel, + .domainSetSecurityHostdevLabel = virSecuritySELinuxSetHostdevLabel, + .domainRestoreSecurityHostdevLabel = virSecuritySELinuxRestoreHostdevLabel, .domainSetSavedStateLabel = virSecuritySELinuxSetSavedStateLabel, .domainRestoreSavedStateLabel = virSecuritySELinuxRestoreSavedStateLabel, -- 2.4.6
Many of the functions follow the pattern: virSecurity.*Security.*Label Remove the second 'Security' from the names, it should be obvious that the virSecurity* functions deal with security labels even without it. --- src/security/security_stack.c | 68 +++++++++++++++++++++---------------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/src/security/security_stack.c b/src/security/security_stack.c index 8d9560d..00d1fa7 100644 --- a/src/security/security_stack.c +++ b/src/security/security_stack.c @@ -222,9 +222,9 @@ virSecurityStackReserveLabel(virSecurityManagerPtr mgr, static int -virSecurityStackSetSecurityDiskLabel(virSecurityManagerPtr mgr, - virDomainDefPtr vm, - virDomainDiskDefPtr disk) +virSecurityStackSetDiskLabel(virSecurityManagerPtr mgr, + virDomainDefPtr vm, + virDomainDiskDefPtr disk) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); virSecurityStackItemPtr item = priv->itemsHead; @@ -240,9 +240,9 @@ virSecurityStackSetSecurityDiskLabel(virSecurityManagerPtr mgr, static int -virSecurityStackRestoreSecurityDiskLabel(virSecurityManagerPtr mgr, - virDomainDefPtr vm, - virDomainDiskDefPtr disk) +virSecurityStackRestoreDiskLabel(virSecurityManagerPtr mgr, + virDomainDefPtr vm, + virDomainDiskDefPtr disk) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); virSecurityStackItemPtr item = priv->itemsHead; @@ -258,10 +258,10 @@ virSecurityStackRestoreSecurityDiskLabel(virSecurityManagerPtr mgr, static int -virSecurityStackSetSecurityHostdevLabel(virSecurityManagerPtr mgr, - virDomainDefPtr vm, - virDomainHostdevDefPtr dev, - const char *vroot) +virSecurityStackSetHostdevLabel(virSecurityManagerPtr mgr, + virDomainDefPtr vm, + virDomainHostdevDefPtr dev, + const char *vroot) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); @@ -281,10 +281,10 @@ virSecurityStackSetSecurityHostdevLabel(virSecurityManagerPtr mgr, static int -virSecurityStackRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr, - virDomainDefPtr vm, - virDomainHostdevDefPtr dev, - const char *vroot) +virSecurityStackRestoreHostdevLabel(virSecurityManagerPtr mgr, + virDomainDefPtr vm, + virDomainHostdevDefPtr dev, + const char *vroot) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); virSecurityStackItemPtr item = priv->itemsHead; @@ -303,9 +303,9 @@ virSecurityStackRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr, static int -virSecurityStackSetSecurityAllLabel(virSecurityManagerPtr mgr, - virDomainDefPtr vm, - const char *stdin_path) +virSecurityStackSetAllLabel(virSecurityManagerPtr mgr, + virDomainDefPtr vm, + const char *stdin_path) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); virSecurityStackItemPtr item = priv->itemsHead; @@ -321,9 +321,9 @@ virSecurityStackSetSecurityAllLabel(virSecurityManagerPtr mgr, static int -virSecurityStackRestoreSecurityAllLabel(virSecurityManagerPtr mgr, - virDomainDefPtr vm, - bool migrated) +virSecurityStackRestoreAllLabel(virSecurityManagerPtr mgr, + virDomainDefPtr vm, + bool migrated) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); virSecurityStackItemPtr item = priv->itemsHead; @@ -565,9 +565,9 @@ virSecurityStackGetBaseLabel(virSecurityManagerPtr mgr, int virtType) } static int -virSecurityStackSetSecurityImageLabel(virSecurityManagerPtr mgr, - virDomainDefPtr vm, - virStorageSourcePtr src) +virSecurityStackSetImageLabel(virSecurityManagerPtr mgr, + virDomainDefPtr vm, + virStorageSourcePtr src) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); virSecurityStackItemPtr item = priv->itemsHead; @@ -582,9 +582,9 @@ virSecurityStackSetSecurityImageLabel(virSecurityManagerPtr mgr, } static int -virSecurityStackRestoreSecurityImageLabel(virSecurityManagerPtr mgr, - virDomainDefPtr vm, - virStorageSourcePtr src) +virSecurityStackRestoreImageLabel(virSecurityManagerPtr mgr, + virDomainDefPtr vm, + virStorageSourcePtr src) { virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); virSecurityStackItemPtr item = priv->itemsHead; @@ -631,11 +631,11 @@ virSecurityDriver virSecurityDriverStack = { .domainSecurityVerify = virSecurityStackVerify, - .domainSetSecurityDiskLabel = virSecurityStackSetSecurityDiskLabel, - .domainRestoreSecurityDiskLabel = virSecurityStackRestoreSecurityDiskLabel, + .domainSetSecurityDiskLabel = virSecurityStackSetDiskLabel, + .domainRestoreSecurityDiskLabel = virSecurityStackRestoreDiskLabel, - .domainSetSecurityImageLabel = virSecurityStackSetSecurityImageLabel, - .domainRestoreSecurityImageLabel = virSecurityStackRestoreSecurityImageLabel, + .domainSetSecurityImageLabel = virSecurityStackSetImageLabel, + .domainRestoreSecurityImageLabel = virSecurityStackRestoreImageLabel, .domainSetSecurityDaemonSocketLabel = virSecurityStackSetDaemonSocketLabel, .domainSetSecuritySocketLabel = virSecurityStackSetSocketLabel, @@ -649,11 +649,11 @@ virSecurityDriver virSecurityDriverStack = { .domainSetSecurityProcessLabel = virSecurityStackSetProcessLabel, .domainSetSecurityChildProcessLabel = virSecurityStackSetChildProcessLabel, - .domainSetSecurityAllLabel = virSecurityStackSetSecurityAllLabel, - .domainRestoreSecurityAllLabel = virSecurityStackRestoreSecurityAllLabel, + .domainSetSecurityAllLabel = virSecurityStackSetAllLabel, + .domainRestoreSecurityAllLabel = virSecurityStackRestoreAllLabel, - .domainSetSecurityHostdevLabel = virSecurityStackSetSecurityHostdevLabel, - .domainRestoreSecurityHostdevLabel = virSecurityStackRestoreSecurityHostdevLabel, + .domainSetSecurityHostdevLabel = virSecurityStackSetHostdevLabel, + .domainRestoreSecurityHostdevLabel = virSecurityStackRestoreHostdevLabel, .domainSetSavedStateLabel = virSecurityStackSetSavedStateLabel, .domainRestoreSavedStateLabel = virSecurityStackRestoreSavedStateLabel, -- 2.4.6
On 12/09/2015 08:50 AM, Ján Tomko wrote:
v1: https://www.redhat.com/archives/libvir-list/2015-November/msg00781.html new in v2: * split by security driver * more functions renamed
Ján Tomko (3): security_dac: remove extra Security from function names security_selinux: remove extra Security from function names security_stack: : remove extra security from function names
src/security/security_dac.c | 242 +++++++++++++------------- src/security/security_selinux.c | 375 ++++++++++++++++++++-------------------- src/security/security_stack.c | 68 ++++---- 3 files changed, 338 insertions(+), 347 deletions(-)
ACK series John
On Mon, Dec 14, 2015 at 01:36:43PM -0500, John Ferlan wrote:
On 12/09/2015 08:50 AM, Ján Tomko wrote:
v1: https://www.redhat.com/archives/libvir-list/2015-November/msg00781.html new in v2: * split by security driver * more functions renamed
Ján Tomko (3): security_dac: remove extra Security from function names security_selinux: remove extra Security from function names security_stack: : remove extra security from function names
src/security/security_dac.c | 242 +++++++++++++------------- src/security/security_selinux.c | 375 ++++++++++++++++++++-------------------- src/security/security_stack.c | 68 ++++---- 3 files changed, 338 insertions(+), 347 deletions(-)
ACK series
Now pushed. Thank you. Jan
participants (2)
-
John Ferlan -
Ján Tomko