[PATCH v2 05/10] security: implement domainUpdateSecurityImageLabel for SELinux
Peng Liang
liangpeng10 at huawei.com
Mon Oct 11 12:00:43 UTC 2021
Signed-off-by: Peng Liang <liangpeng10 at huawei.com>
---
src/security/security_selinux.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index cc7245332980..5c491fc131ea 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1996,6 +1996,23 @@ virSecuritySELinuxMoveImageMetadata(virSecurityManager *mgr,
}
+static int
+virSecuritySELinuxUpdateImageLabel(virSecurityManager *mgr G_GNUC_UNUSED,
+ virDomainDef *def G_GNUC_UNUSED,
+ virStorageSource *src,
+ virSecurityDomainImageLabelFlags flags G_GNUC_UNUSED)
+{
+ virStorageSource *n;
+
+ for (n = src; virStorageSourceIsBacking(n); n = n->backingStore) {
+ if (virSecurityUpdateTimestampIfexists(SECURITY_SELINUX_NAME, src->path) < 0)
+ return -1;
+ }
+
+ return 0;
+}
+
+
static int
virSecuritySELinuxSetHostdevLabelHelper(const char *file,
bool remember,
@@ -3587,6 +3604,7 @@ virSecurityDriver virSecurityDriverSELinux = {
.domainSetSecurityImageLabel = virSecuritySELinuxSetImageLabel,
.domainRestoreSecurityImageLabel = virSecuritySELinuxRestoreImageLabel,
.domainMoveImageMetadata = virSecuritySELinuxMoveImageMetadata,
+ .domainUpdateSecurityImageLabel = virSecuritySELinuxUpdateImageLabel,
.domainSetSecurityMemoryLabel = virSecuritySELinuxSetMemoryLabel,
.domainRestoreSecurityMemoryLabel = virSecuritySELinuxRestoreMemoryLabel,
--
2.31.1
More information about the libvir-list
mailing list