[libvirt] [PATCH v3 1/2] security: add new internal function "virSecurityManagerGetBaseLabel"

Daniel P. Berrange berrange at redhat.com
Thu Oct 17 13:13:50 UTC 2013 

On Fri, Sep 06, 2013 at 06:29:55PM +0200, Giuseppe Scrivano wrote:
> virSecurityManagerGetBaseLabel queries the default settings used by
> a security model.
> 
> Signed-off-by: Giuseppe Scrivano <gscrivan at redhat.com>
> ---
>  src/libvirt_private.syms         |  1 +
>  src/security/security_apparmor.c |  8 ++++++++
>  src/security/security_dac.c      | 34 ++++++++++++++++++++++++----------
>  src/security/security_dac.h      |  7 +++----
>  src/security/security_driver.h   |  4 ++++
>  src/security/security_manager.c  | 22 ++++++++++++++++++++--
>  src/security/security_manager.h  |  2 ++
>  src/security/security_nop.c      | 10 ++++++++++
>  src/security/security_selinux.c  | 12 ++++++++++++
>  src/security/security_stack.c    |  9 +++++++++
>  10 files changed, 93 insertions(+), 16 deletions(-)
> diff --git a/src/security/security_manager.c b/src/security/security_manager.c
> index 92fb504..c4b8f10 100644
> --- a/src/security/security_manager.c
> +++ b/src/security/security_manager.c
> @@ -273,6 +275,22 @@ virSecurityManagerGetModel(virSecurityManagerPtr mgr)
>      return NULL;
>  }
>  
> +/* return NULL if a base label is not present */
> +const char *
> +virSecurityManagerGetBaseLabel(virSecurityManagerPtr mgr, int virtType)
> +{
> +    if (mgr->drv->getBaseLabel) {
> +        const char *ret;
> +        virObjectLock(mgr);
> +        ret = mgr->drv->getBaseLabel(mgr, virtType);
> +        virObjectUnlock(mgr);
> +        return ret;
> +    }
> +
> +    virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
> +    return NULL;

Per my reply to the 2nd patch, we need to remove thie virReportError
method call. It is valid to not implement this method if no baselabel
is required.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the libvir-list mailing list