[libvirt] [PATCH v2 08/10] security: Introduce internal APIs for memdev labelling
Michal Privoznik
mprivozn at redhat.com
Thu Aug 11 13:26:29 UTC 2016
These APIs will be used whenever we are hot (un-)plugging a
memdev.
Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
---
src/libvirt_private.syms | 2 ++
src/security/security_driver.h | 9 +++++++
src/security/security_manager.c | 56 +++++++++++++++++++++++++++++++++++++++++
src/security/security_manager.h | 7 ++++++
src/security/security_stack.c | 38 ++++++++++++++++++++++++++++
5 files changed, 112 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 024c3e6..86e6afd 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1130,6 +1130,7 @@ virSecurityManagerRestoreAllLabel;
virSecurityManagerRestoreDiskLabel;
virSecurityManagerRestoreHostdevLabel;
virSecurityManagerRestoreImageLabel;
+virSecurityManagerRestoreMemoryLabel;
virSecurityManagerRestoreSavedStateLabel;
virSecurityManagerSetAllLabel;
virSecurityManagerSetChildProcessLabel;
@@ -1139,6 +1140,7 @@ virSecurityManagerSetHostdevLabel;
virSecurityManagerSetHugepages;
virSecurityManagerSetImageFDLabel;
virSecurityManagerSetImageLabel;
+virSecurityManagerSetMemoryLabel;
virSecurityManagerSetProcessLabel;
virSecurityManagerSetSavedStateLabel;
virSecurityManagerSetSocketLabel;
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index 7cb62f0..90b4e2e 100644
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -118,6 +118,12 @@ typedef int (*virSecurityDomainSetImageLabel) (virSecurityManagerPtr mgr,
typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
virStorageSourcePtr src);
+typedef int (*virSecurityDomainSetMemoryLabel) (virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virDomainMemoryDefPtr mem);
+typedef int (*virSecurityDomainRestoreMemoryLabel) (virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virDomainMemoryDefPtr mem);
typedef int (*virSecurityDomainSetPathLabel) (virSecurityManagerPtr mgr,
virDomainDefPtr def,
const char *path);
@@ -143,6 +149,9 @@ struct _virSecurityDriver {
virSecurityDomainSetImageLabel domainSetSecurityImageLabel;
virSecurityDomainRestoreImageLabel domainRestoreSecurityImageLabel;
+ virSecurityDomainSetMemoryLabel domainSetSecurityMemoryLabel;
+ virSecurityDomainRestoreMemoryLabel domainRestoreSecurityMemoryLabel;
+
virSecurityDomainSetDaemonSocketLabel domainSetSecurityDaemonSocketLabel;
virSecurityDomainSetSocketLabel domainSetSecuritySocketLabel;
virSecurityDomainClearSocketLabel domainClearSecuritySocketLabel;
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index ecb4a40..92c09ba 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -1001,3 +1001,59 @@ virSecurityManagerDomainSetPathLabel(virSecurityManagerPtr mgr,
return 0;
}
+
+
+/**
+ * virSecurityManagerSetMemoryLabel:
+ * @mgr: security manager object
+ * @vm: domain definition object
+ * @mem: memory module to operate on
+ *
+ * Labels the host part of a memory module.
+ *
+ * Returns: 0 on success, -1 on error.
+ */
+int
+virSecurityManagerSetMemoryLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ virDomainMemoryDefPtr mem)
+{
+ if (mgr->drv->domainSetSecurityMemoryLabel) {
+ int ret;
+ virObjectLock(mgr);
+ ret = mgr->drv->domainSetSecurityMemoryLabel(mgr, vm, mem);
+ virObjectUnlock(mgr);
+ return ret;
+ }
+
+ virReportUnsupportedError();
+ return -1;
+}
+
+
+/**
+ * virSecurityManagerRestoreMemoryLabel:
+ * @mgr: security manager object
+ * @vm: domain definition object
+ * @mem: memory module to operate on
+ *
+ * Removes security label from the host part of a memory module.
+ *
+ * Returns: 0 on success, -1 on error.
+ */
+int
+virSecurityManagerRestoreMemoryLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ virDomainMemoryDefPtr mem)
+{
+ if (mgr->drv->domainRestoreSecurityMemoryLabel) {
+ int ret;
+ virObjectLock(mgr);
+ ret = mgr->drv->domainRestoreSecurityMemoryLabel(mgr, vm, mem);
+ virObjectUnlock(mgr);
+ return ret;
+ }
+
+ virReportUnsupportedError();
+ return -1;
+}
diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index 4cbc2d8..97be3f6 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -160,6 +160,13 @@ int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
virStorageSourcePtr src);
+int virSecurityManagerSetMemoryLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ virDomainMemoryDefPtr mem);
+int virSecurityManagerRestoreMemoryLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ virDomainMemoryDefPtr mem);
+
int virSecurityManagerDomainSetPathLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
const char *path);
diff --git a/src/security/security_stack.c b/src/security/security_stack.c
index 3ea2751..7727153 100644
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -600,6 +600,41 @@ virSecurityStackRestoreImageLabel(virSecurityManagerPtr mgr,
}
static int
+virSecurityStackSetMemoryLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ virDomainMemoryDefPtr mem)
+{
+ virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+ virSecurityStackItemPtr item = priv->itemsHead;
+ int rc = 0;
+
+ for (; item; item = item->next) {
+ if (virSecurityManagerSetMemoryLabel(item->securityManager, vm, mem) < 0)
+ rc = -1;
+ }
+
+ return rc;
+}
+
+static int
+virSecurityStackRestoreMemoryLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr vm,
+ virDomainMemoryDefPtr mem)
+{
+ virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+ virSecurityStackItemPtr item = priv->itemsHead;
+ int rc = 0;
+
+ for (; item; item = item->next) {
+ if (virSecurityManagerRestoreMemoryLabel(item->securityManager,
+ vm, mem) < 0)
+ rc = -1;
+ }
+
+ return rc;
+}
+
+static int
virSecurityStackDomainSetPathLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm,
const char *path)
@@ -637,6 +672,9 @@ virSecurityDriver virSecurityDriverStack = {
.domainSetSecurityImageLabel = virSecurityStackSetImageLabel,
.domainRestoreSecurityImageLabel = virSecurityStackRestoreImageLabel,
+ .domainSetSecurityMemoryLabel = virSecurityStackSetMemoryLabel,
+ .domainRestoreSecurityMemoryLabel = virSecurityStackRestoreMemoryLabel,
+
.domainSetSecurityDaemonSocketLabel = virSecurityStackSetDaemonSocketLabel,
.domainSetSecuritySocketLabel = virSecurityStackSetSocketLabel,
.domainClearSecuritySocketLabel = virSecurityStackClearSocketLabel,
--
2.8.4
More information about the libvir-list
mailing list