[libvirt] [PATCH v2 06/10] security_dac: Label host side of NVDIMM

[Michal Privoznik]

When domain is being started up, we ought to relabel the host
side of NVDIMM so qemu has access to it.

Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
---
 src/security/security_dac.c | 73 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 442ce70..253cbbf 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1073,6 +1073,30 @@ virSecurityDACRestoreInputLabel(virSecurityManagerPtr mgr,
 
 
 static int
+virSecurityDACRestoreMemoryLabel(virSecurityManagerPtr mgr,
+                                 virDomainDefPtr def ATTRIBUTE_UNUSED,
+                                 virDomainMemoryDefPtr mem)
+{
+    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+    int ret = -1;
+
+    switch ((virDomainMemoryModel) mem->model) {
+    case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+        ret = virSecurityDACRestoreFileLabel(priv, mem->path);
+        break;
+
+    case VIR_DOMAIN_MEMORY_MODEL_DIMM:
+    case VIR_DOMAIN_MEMORY_MODEL_LAST:
+    case VIR_DOMAIN_MEMORY_MODEL_NONE:
+        ret = 0;
+        break;
+    }
+
+    return ret;
+}
+
+
+static int
 virSecurityDACRestoreAllLabel(virSecurityManagerPtr mgr,
                               virDomainDefPtr def,
                               bool migrated)
@@ -1111,6 +1135,13 @@ virSecurityDACRestoreAllLabel(virSecurityManagerPtr mgr,
             rc = -1;
     }
 
+    for (i = 0; i < def->nmems; i++) {
+        if (virSecurityDACRestoreMemoryLabel(mgr,
+                                             def,
+                                             def->mems[i]) < 0)
+            rc = -1;
+    }
+
     if (virDomainChrDefForeach(def,
                                false,
                                virSecurityDACRestoreChardevCallback,
@@ -1144,6 +1175,41 @@ virSecurityDACSetChardevCallback(virDomainDefPtr def,
 
 
 static int
+virSecurityDACSetMemoryLabel(virSecurityManagerPtr mgr,
+                             virDomainDefPtr def,
+                             virDomainMemoryDefPtr mem)
+
+{
+    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+    virSecurityLabelDefPtr seclabel;
+    int ret = -1;
+    uid_t user;
+    gid_t group;
+
+    seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
+    if (seclabel && !seclabel->relabel)
+        return 0;
+
+    switch ((virDomainMemoryModel) mem->model) {
+    case VIR_DOMAIN_MEMORY_MODEL_NVDIMM:
+        if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < 0)
+            return -1;
+
+        ret = virSecurityDACSetOwnership(priv, NULL, mem->path, user, group);
+        break;
+
+    case VIR_DOMAIN_MEMORY_MODEL_DIMM:
+    case VIR_DOMAIN_MEMORY_MODEL_LAST:
+    case VIR_DOMAIN_MEMORY_MODEL_NONE:
+        ret = 0;
+        break;
+    }
+
+    return ret;
+}
+
+
+static int
 virSecurityDACSetAllLabel(virSecurityManagerPtr mgr,
                           virDomainDefPtr def,
                           const char *stdin_path ATTRIBUTE_UNUSED)
@@ -1182,6 +1248,13 @@ virSecurityDACSetAllLabel(virSecurityManagerPtr mgr,
             return -1;
     }
 
+    for (i = 0; i < def->nmems; i++) {
+        if (virSecurityDACSetMemoryLabel(mgr,
+                                         def,
+                                         def->mems[i]) < 0)
+            return -1;
+    }
+
     if (virDomainChrDefForeach(def,
                                true,
                                virSecurityDACSetChardevCallback,
-- 
2.8.4