[PATCH 4/6] security: Rename virSecurityManagerRestoreSavedStateLabel()

Michal Privoznik mprivozn at redhat.com
Wed Jun 17 11:35:38 UTC 2020


The new name is virSecurityManagerDomainRestorePathLabel().

Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
---
 src/libvirt_private.syms         |  2 +-
 src/qemu/qemu_security.c         |  2 +-
 src/security/security_apparmor.c |  9 +++----
 src/security/security_dac.c      | 26 +++++++-----------
 src/security/security_driver.h   |  9 +++----
 src/security/security_manager.c  | 46 +++++++++++++++++++-------------
 src/security/security_manager.h  |  8 +++---
 src/security/security_nop.c      | 10 -------
 src/security/security_selinux.c  | 33 +++++++++++------------
 src/security/security_stack.c    | 40 +++++++++++++--------------
 10 files changed, 89 insertions(+), 96 deletions(-)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index b93e05b43c..30f8a7421e 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1534,6 +1534,7 @@ virSecurityDriverLookup;
 # security/security_manager.h
 virSecurityManagerCheckAllLabel;
 virSecurityManagerClearSocketLabel;
+virSecurityManagerDomainRestorePathLabel;
 virSecurityManagerDomainSetPathLabel;
 virSecurityManagerDomainSetPathLabelRO;
 virSecurityManagerGenLabel;
@@ -1557,7 +1558,6 @@ virSecurityManagerRestoreHostdevLabel;
 virSecurityManagerRestoreImageLabel;
 virSecurityManagerRestoreInputLabel;
 virSecurityManagerRestoreMemoryLabel;
-virSecurityManagerRestoreSavedStateLabel;
 virSecurityManagerRestoreTPMLabels;
 virSecurityManagerSetAllLabel;
 virSecurityManagerSetChardevLabel;
diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index d47f4cc3c0..de4df23847 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -629,7 +629,7 @@ qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver,
     if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
         goto cleanup;
 
-    if (virSecurityManagerRestoreSavedStateLabel(driver->securityManager,
+    if (virSecurityManagerDomainRestorePathLabel(driver->securityManager,
                                                  vm->def,
                                                  savefile) < 0)
         goto cleanup;
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 30f7701975..583e872614 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -1069,9 +1069,9 @@ AppArmorSetPathLabel(virSecurityManagerPtr mgr,
 }
 
 static int
-AppArmorRestoreSavedStateLabel(virSecurityManagerPtr mgr,
-                               virDomainDefPtr def,
-                               const char *savefile G_GNUC_UNUSED)
+AppArmorRestorePathLabel(virSecurityManagerPtr mgr,
+                         virDomainDefPtr def,
+                         const char *path G_GNUC_UNUSED)
 {
     return reload_profile(mgr, def, NULL, false);
 }
@@ -1157,9 +1157,8 @@ virSecurityDriver virAppArmorSecurityDriver = {
     .domainSetSecurityHostdevLabel      = AppArmorSetSecurityHostdevLabel,
     .domainRestoreSecurityHostdevLabel  = AppArmorRestoreSecurityHostdevLabel,
 
-    .domainRestoreSavedStateLabel       = AppArmorRestoreSavedStateLabel,
-
     .domainSetPathLabel                 = AppArmorSetPathLabel,
+    .domainRestorePathLabel             = AppArmorRestorePathLabel,
 
     .domainSetSecurityChardevLabel      = AppArmorSetChardevLabel,
     .domainRestoreSecurityChardevLabel  = AppArmorRestoreChardevLabel,
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 2f531cb86b..afc0a9fcb9 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -2257,20 +2257,6 @@ virSecurityDACSetAllLabel(virSecurityManagerPtr mgr,
 }
 
 
-static int
-virSecurityDACRestoreSavedStateLabel(virSecurityManagerPtr mgr,
-                                     virDomainDefPtr def G_GNUC_UNUSED,
-                                     const char *savefile)
-{
-    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
-
-    if (!priv->dynamicOwnership)
-        return 0;
-
-    return virSecurityDACRestoreFileLabel(mgr, savefile);
-}
-
-
 static int
 virSecurityDACSetProcessLabel(virSecurityManagerPtr mgr,
                               virDomainDefPtr def)
@@ -2570,6 +2556,15 @@ virSecurityDACDomainSetPathLabel(virSecurityManagerPtr mgr,
     return virSecurityDACSetOwnership(mgr, NULL, path, user, group, true);
 }
 
+static int
+virSecurityDACDomainRestorePathLabel(virSecurityManagerPtr mgr,
+                                     virDomainDefPtr def G_GNUC_UNUSED,
+                                     const char *path)
+{
+    return virSecurityDACRestoreFileLabel(mgr, path);
+}
+
+
 virSecurityDriver virSecurityDriverDAC = {
     .privateDataLen                     = sizeof(virSecurityDACData),
     .name                               = SECURITY_DAC_NAME,
@@ -2616,8 +2611,6 @@ virSecurityDriver virSecurityDriverDAC = {
     .domainSetSecurityHostdevLabel      = virSecurityDACSetHostdevLabel,
     .domainRestoreSecurityHostdevLabel  = virSecurityDACRestoreHostdevLabel,
 
-    .domainRestoreSavedStateLabel       = virSecurityDACRestoreSavedStateLabel,
-
     .domainSetSecurityImageFDLabel      = virSecurityDACSetImageFDLabel,
     .domainSetSecurityTapFDLabel        = virSecurityDACSetTapFDLabel,
 
@@ -2626,6 +2619,7 @@ virSecurityDriver virSecurityDriverDAC = {
     .getBaseLabel                       = virSecurityDACGetBaseLabel,
 
     .domainSetPathLabel                 = virSecurityDACDomainSetPathLabel,
+    .domainRestorePathLabel             = virSecurityDACDomainRestorePathLabel,
 
     .domainSetSecurityChardevLabel      = virSecurityDACSetChardevLabel,
     .domainRestoreSecurityChardevLabel  = virSecurityDACRestoreChardevLabel,
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index 33887f4c16..bfff789552 100644
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -67,9 +67,6 @@ typedef int (*virSecurityDomainSetHostdevLabel) (virSecurityManagerPtr mgr,
                                                  virDomainDefPtr def,
                                                  virDomainHostdevDefPtr dev,
                                                  const char *vroot);
-typedef int (*virSecurityDomainRestoreSavedStateLabel) (virSecurityManagerPtr mgr,
-                                                        virDomainDefPtr def,
-                                                        const char *savefile);
 typedef int (*virSecurityDomainGenLabel) (virSecurityManagerPtr mgr,
                                           virDomainDefPtr sec);
 typedef int (*virSecurityDomainReserveLabel) (virSecurityManagerPtr mgr,
@@ -140,6 +137,9 @@ typedef int (*virSecurityDomainSetPathLabel) (virSecurityManagerPtr mgr,
 typedef int (*virSecurityDomainSetPathLabelRO) (virSecurityManagerPtr mgr,
                                                 virDomainDefPtr def,
                                                 const char *path);
+typedef int (*virSecurityDomainRestorePathLabel) (virSecurityManagerPtr mgr,
+                                                  virDomainDefPtr def,
+                                                  const char *path);
 typedef int (*virSecurityDomainSetChardevLabel) (virSecurityManagerPtr mgr,
                                                  virDomainDefPtr def,
                                                  virDomainChrSourceDefPtr dev_source,
@@ -200,8 +200,6 @@ struct _virSecurityDriver {
     virSecurityDomainSetHostdevLabel domainSetSecurityHostdevLabel;
     virSecurityDomainRestoreHostdevLabel domainRestoreSecurityHostdevLabel;
 
-    virSecurityDomainRestoreSavedStateLabel domainRestoreSavedStateLabel;
-
     virSecurityDomainSetImageFDLabel domainSetSecurityImageFDLabel;
     virSecurityDomainSetTapFDLabel domainSetSecurityTapFDLabel;
 
@@ -211,6 +209,7 @@ struct _virSecurityDriver {
 
     virSecurityDomainSetPathLabel domainSetPathLabel;
     virSecurityDomainSetPathLabelRO domainSetPathLabelRO;
+    virSecurityDomainRestorePathLabel domainRestorePathLabel;
 
     virSecurityDomainSetChardevLabel domainSetSecurityChardevLabel;
     virSecurityDomainRestoreChardevLabel domainRestoreSecurityChardevLabel;
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index b2f3f1a6bb..ad1938caeb 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -596,24 +596,6 @@ virSecurityManagerSetHostdevLabel(virSecurityManagerPtr mgr,
 }
 
 
-int
-virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr,
-                                         virDomainDefPtr vm,
-                                         const char *savefile)
-{
-    if (mgr->drv->domainRestoreSavedStateLabel) {
-        int ret;
-        virObjectLock(mgr);
-        ret = mgr->drv->domainRestoreSavedStateLabel(mgr, vm, savefile);
-        virObjectUnlock(mgr);
-        return ret;
-    }
-
-    virReportUnsupportedError();
-    return -1;
-}
-
-
 int
 virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
                            virDomainDefPtr vm)
@@ -1087,6 +1069,34 @@ virSecurityManagerDomainSetPathLabelRO(virSecurityManagerPtr mgr,
     return 0;
 }
 
+/**
+ * virSecurityManagerDomainRestorePathLabel:
+ * @mgr: security manager object
+ * @vm: domain definition object
+ * @path: path to restore labels one
+ *
+ * This function is a counterpart to virSecurityManagerDomainSetPathLabel() and
+ * virSecurityManagerDomainSetPathLabelRO() as it restores any labels set by them.
+ *
+ * Returns: 0 on success, -1 on error.
+ */
+int
+virSecurityManagerDomainRestorePathLabel(virSecurityManagerPtr mgr,
+                                         virDomainDefPtr vm,
+                                         const char *path)
+{
+    if (mgr->drv->domainRestorePathLabel) {
+        int ret;
+        virObjectLock(mgr);
+        ret = mgr->drv->domainRestorePathLabel(mgr, vm, path);
+        virObjectUnlock(mgr);
+        return ret;
+    }
+
+    return 0;
+}
+
+
 
 /**
  * virSecurityManagerSetMemoryLabel:
diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index ac50100f0f..999752ce09 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -104,9 +104,6 @@ int virSecurityManagerSetHostdevLabel(virSecurityManagerPtr mgr,
                                       virDomainDefPtr def,
                                       virDomainHostdevDefPtr dev,
                                       const char *vroot);
-int virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr,
-                                             virDomainDefPtr def,
-                                             const char *savefile);
 int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
                                virDomainDefPtr sec);
 int virSecurityManagerReserveLabel(virSecurityManagerPtr mgr,
@@ -190,6 +187,11 @@ int virSecurityManagerDomainSetPathLabelRO(virSecurityManagerPtr mgr,
                                            virDomainDefPtr vm,
                                            const char *path);
 
+int virSecurityManagerDomainRestorePathLabel(virSecurityManagerPtr mgr,
+                                             virDomainDefPtr def,
+                                             const char *path);
+
+
 int virSecurityManagerSetChardevLabel(virSecurityManagerPtr mgr,
                                       virDomainDefPtr def,
                                       virDomainChrSourceDefPtr dev_source,
diff --git a/src/security/security_nop.c b/src/security/security_nop.c
index d5720ee495..de5da1ee1c 100644
--- a/src/security/security_nop.c
+++ b/src/security/security_nop.c
@@ -94,14 +94,6 @@ virSecurityDomainSetHostdevLabelNop(virSecurityManagerPtr mgr G_GNUC_UNUSED,
     return 0;
 }
 
-static int
-virSecurityDomainRestoreSavedStateLabelNop(virSecurityManagerPtr mgr G_GNUC_UNUSED,
-                                           virDomainDefPtr vm G_GNUC_UNUSED,
-                                           const char *savefile G_GNUC_UNUSED)
-{
-    return 0;
-}
-
 static int
 virSecurityDomainGenLabelNop(virSecurityManagerPtr mgr G_GNUC_UNUSED,
                              virDomainDefPtr sec G_GNUC_UNUSED)
@@ -308,8 +300,6 @@ virSecurityDriver virSecurityDriverNop = {
     .domainSetSecurityHostdevLabel      = virSecurityDomainSetHostdevLabelNop,
     .domainRestoreSecurityHostdevLabel  = virSecurityDomainRestoreHostdevLabelNop,
 
-    .domainRestoreSavedStateLabel       = virSecurityDomainRestoreSavedStateLabelNop,
-
     .domainSetSecurityImageFDLabel      = virSecurityDomainSetFDLabelNop,
     .domainSetSecurityTapFDLabel        = virSecurityDomainSetFDLabelNop,
 
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 02b1100420..4cc2707c3b 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2858,21 +2858,6 @@ virSecuritySELinuxReleaseLabel(virSecurityManagerPtr mgr,
 }
 
 
-static int
-virSecuritySELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr,
-                                         virDomainDefPtr def,
-                                         const char *savefile)
-{
-    virSecurityLabelDefPtr secdef;
-
-    secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
-    if (!secdef || !secdef->relabel)
-        return 0;
-
-    return virSecuritySELinuxRestoreFileLabel(mgr, savefile, true);
-}
-
-
 static int
 virSecuritySELinuxVerify(virSecurityManagerPtr mgr G_GNUC_UNUSED,
                          virDomainDefPtr def)
@@ -3428,6 +3413,21 @@ virSecuritySELinuxDomainSetPathLabelRO(virSecurityManagerPtr mgr,
     return virSecuritySELinuxSetFilecon(mgr, path, data->content_context, false);
 }
 
+static int
+virSecuritySELinuxDomainRestorePathLabel(virSecurityManagerPtr mgr,
+                                         virDomainDefPtr def,
+                                         const char *path)
+{
+    virSecurityLabelDefPtr secdef;
+
+    secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+    if (!secdef || !secdef->relabel)
+        return 0;
+
+    return virSecuritySELinuxRestoreFileLabel(mgr, path, true);
+}
+
+
 /*
  * virSecuritySELinuxSetFileLabels:
  *
@@ -3620,8 +3620,6 @@ virSecurityDriver virSecurityDriverSELinux = {
     .domainSetSecurityHostdevLabel      = virSecuritySELinuxSetHostdevLabel,
     .domainRestoreSecurityHostdevLabel  = virSecuritySELinuxRestoreHostdevLabel,
 
-    .domainRestoreSavedStateLabel       = virSecuritySELinuxRestoreSavedStateLabel,
-
     .domainSetSecurityImageFDLabel      = virSecuritySELinuxSetImageFDLabel,
     .domainSetSecurityTapFDLabel        = virSecuritySELinuxSetTapFDLabel,
 
@@ -3630,6 +3628,7 @@ virSecurityDriver virSecurityDriverSELinux = {
 
     .domainSetPathLabel                 = virSecuritySELinuxDomainSetPathLabel,
     .domainSetPathLabelRO               = virSecuritySELinuxDomainSetPathLabelRO,
+    .domainRestorePathLabel             = virSecuritySELinuxDomainRestorePathLabel,
 
     .domainSetSecurityChardevLabel      = virSecuritySELinuxSetChardevLabel,
     .domainRestoreSecurityChardevLabel  = virSecuritySELinuxRestoreChardevLabel,
diff --git a/src/security/security_stack.c b/src/security/security_stack.c
index 8e04b4fcfe..379c9302bc 100644
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -394,24 +394,6 @@ virSecurityStackRestoreAllLabel(virSecurityManagerPtr mgr,
 }
 
 
-static int
-virSecurityStackRestoreSavedStateLabel(virSecurityManagerPtr mgr,
-                                       virDomainDefPtr vm,
-                                       const char *savefile)
-{
-    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
-    virSecurityStackItemPtr item = priv->itemsHead;
-    int rc = 0;
-
-    for (; item; item = item->next) {
-        if (virSecurityManagerRestoreSavedStateLabel(item->securityManager, vm, savefile) < 0)
-            rc = -1;
-    }
-
-    return rc;
-}
-
-
 static int
 virSecurityStackSetProcessLabel(virSecurityManagerPtr mgr,
                                 virDomainDefPtr vm)
@@ -814,6 +796,25 @@ virSecurityStackDomainSetPathLabelRO(virSecurityManagerPtr mgr,
 }
 
 
+static int
+virSecurityStackDomainRestorePathLabel(virSecurityManagerPtr mgr,
+                                       virDomainDefPtr vm,
+                                       const char *path)
+{
+    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
+    virSecurityStackItemPtr item = priv->itemsHead;
+    int rc = 0;
+
+    for (; item; item = item->next) {
+        if (virSecurityManagerDomainRestorePathLabel(item->securityManager,
+                                                     vm, path) < 0)
+            rc = -1;
+    }
+
+    return rc;
+}
+
+
 static int
 virSecurityStackDomainSetChardevLabel(virSecurityManagerPtr mgr,
                                       virDomainDefPtr def,
@@ -963,8 +964,6 @@ virSecurityDriver virSecurityDriverStack = {
     .domainSetSecurityHostdevLabel      = virSecurityStackSetHostdevLabel,
     .domainRestoreSecurityHostdevLabel  = virSecurityStackRestoreHostdevLabel,
 
-    .domainRestoreSavedStateLabel       = virSecurityStackRestoreSavedStateLabel,
-
     .domainSetSecurityImageFDLabel      = virSecurityStackSetImageFDLabel,
     .domainSetSecurityTapFDLabel        = virSecurityStackSetTapFDLabel,
 
@@ -974,6 +973,7 @@ virSecurityDriver virSecurityDriverStack = {
 
     .domainSetPathLabel                 = virSecurityStackDomainSetPathLabel,
     .domainSetPathLabelRO               = virSecurityStackDomainSetPathLabelRO,
+    .domainRestorePathLabel             = virSecurityStackDomainRestorePathLabel,
 
     .domainSetSecurityChardevLabel      = virSecurityStackDomainSetChardevLabel,
     .domainRestoreSecurityChardevLabel  = virSecurityStackDomainRestoreChardevLabel,
-- 
2.26.2




More information about the libvir-list mailing list