[libvirt] [PATCHv5 16/28] security: selinux: Implement per-image seclabel set
Eric Blake
eblake at redhat.com
Tue Jul 8 22:49:31 UTC 2014
On 07/04/2014 05:29 AM, Peter Krempa wrote:
> Refactor the code and reuse it to implement the functionality.
> ---
> src/security/security_selinux.c | 91 ++++++++++++++++++++++++-----------------
> 1 file changed, 53 insertions(+), 38 deletions(-)
>
> static int
> virSecuritySELinuxSetSecurityDiskLabel(virSecurityManagerPtr mgr,
> virDomainDefPtr def,
> virDomainDiskDefPtr disk)
>
> {
> - virSecuritySELinuxCallbackData cbdata;
> - cbdata.manager = mgr;
> - cbdata.secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
> + bool first = true;
> + virStorageSourcePtr next;
>
> - if (!cbdata.secdef || cbdata.secdef->norelabel)
> - return 0;
> + for (next = disk->src; next; next = next->backingStore) {
> + if (virSecuritySELinuxSetSecurityImageLabelInternal(mgr, def, next,
> + first) < 0)
> + return -1;
Similar question to earlier patches about pre-existing design - if we
fail partway through, should we undo our earlier labels on the exit
path? But as before, that would be a separate patch (this one is
focusing on the refactor with no semantic change, while that patch would
be an intentional behavior change).
ACK.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 604 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20140708/f21ce817/attachment-0001.sig>
More information about the libvir-list
mailing list