[libvirt] [PATCH 07/23] Refactor SELinux security driver hostdev labelling

Daniel P. Berrange berrange at redhat.com
Fri Nov 30 20:26:21 UTC 2012


From: "Daniel P. Berrange" <berrange at redhat.com>

Prepare to support different types of hostdevs by refactoring
the current SELinux security driver code

Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
---
 src/security/security_selinux.c | 89 +++++++++++++++++++++++++++--------------
 1 file changed, 59 insertions(+), 30 deletions(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 9070ff9..ad13490 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1118,26 +1118,15 @@ virSecuritySELinuxSetSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
     return virSecuritySELinuxSetFilecon(file, secdef->imagelabel);
 }
 
+
 static int
-virSecuritySELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
-                                          virDomainDefPtr def,
-                                          virDomainHostdevDefPtr dev,
-                                          const char *vroot)
+virSecuritySELinuxSetSecurityHostdevSubsysLabel(virDomainDefPtr def,
+                                                virDomainHostdevDefPtr dev,
+                                                const char *vroot)
 
 {
-    virSecurityLabelDefPtr secdef;
     int ret = -1;
 
-    secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
-    if (secdef == NULL)
-        return -1;
-
-    if (secdef->norelabel)
-        return 0;
-
-    if (dev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
-        return 0;
-
     switch (dev->source.subsys.type) {
     case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: {
         usbDevice *usb;
@@ -1182,6 +1171,32 @@ done:
 
 
 static int
+virSecuritySELinuxSetSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+                                          virDomainDefPtr def,
+                                          virDomainHostdevDefPtr dev,
+                                          const char *vroot)
+
+{
+    virSecurityLabelDefPtr secdef;
+
+    secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+    if (secdef == NULL)
+        return -1;
+
+    if (secdef->norelabel)
+        return 0;
+
+    switch (dev->mode) {
+    case VIR_DOMAIN_HOSTDEV_MODE_SUBSYS:
+        return virSecuritySELinuxSetSecurityHostdevSubsysLabel(def, dev, vroot);
+
+    default:
+        return 0;
+    }
+}
+
+
+static int
 virSecuritySELinuxRestoreSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED,
                                           const char *file,
                                           void *opaque ATTRIBUTE_UNUSED)
@@ -1197,26 +1212,14 @@ virSecuritySELinuxRestoreSecurityUSBLabel(usbDevice *dev ATTRIBUTE_UNUSED,
     return virSecuritySELinuxRestoreSecurityFileLabel(file);
 }
 
+
 static int
-virSecuritySELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
-                                              virDomainDefPtr def,
-                                              virDomainHostdevDefPtr dev,
-                                              const char *vroot)
+virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(virDomainHostdevDefPtr dev,
+                                                    const char *vroot)
 
 {
-    virSecurityLabelDefPtr secdef;
     int ret = -1;
 
-    secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
-    if (secdef == NULL)
-        return -1;
-
-    if (secdef->norelabel)
-        return 0;
-
-    if (dev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
-        return 0;
-
     switch (dev->source.subsys.type) {
     case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: {
         usbDevice *usb;
@@ -1262,6 +1265,32 @@ done:
 
 
 static int
+virSecuritySELinuxRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+                                              virDomainDefPtr def,
+                                              virDomainHostdevDefPtr dev,
+                                              const char *vroot)
+
+{
+    virSecurityLabelDefPtr secdef;
+
+    secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+    if (secdef == NULL)
+        return -1;
+
+    if (secdef->norelabel)
+        return 0;
+
+    switch (dev->mode) {
+    case VIR_DOMAIN_HOSTDEV_MODE_SUBSYS:
+        return virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(dev, vroot);
+
+    default:
+        return 0;
+    }
+}
+
+
+static int
 virSecuritySELinuxSetSecurityChardevLabel(virDomainDefPtr def,
                                           virDomainChrDefPtr dev,
                                           virDomainChrSourceDefPtr dev_source)
-- 
1.8.0.1




More information about the libvir-list mailing list