[PATCH v2 03/10] security: implement domainUpdateSecurityImageLabel for stack
Peng Liang
liangpeng10 at huawei.com
Mon Oct 11 12:00:41 UTC 2021
Signed-off-by: Peng Liang <liangpeng10 at huawei.com>
---
src/security/security_stack.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/src/security/security_stack.c b/src/security/security_stack.c
index 3c2239910aa5..7712cac3b542 100644
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -706,6 +706,25 @@ virSecurityStackMoveImageMetadata(virSecurityManager *mgr,
return rc;
}
+static int
+virSecurityStackUpdateImageLabel(virSecurityManager *mgr,
+ virDomainDef *vm,
+ virStorageSource *src,
+ virSecurityDomainImageLabelFlags flags)
+{
+ virSecurityStackData *priv = virSecurityManagerGetPrivateData(mgr);
+ virSecurityStackItem *item = priv->itemsHead;
+ int rc = 0;
+
+ for (; item; item = item->next) {
+ if (virSecurityManagerUpdateImageLabel(item->securityManager,
+ vm, src, flags) < 0)
+ rc = -1;
+ }
+
+ return rc;
+}
+
static int
virSecurityStackSetMemoryLabel(virSecurityManager *mgr,
virDomainDef *vm,
@@ -1033,6 +1052,7 @@ virSecurityDriver virSecurityDriverStack = {
.domainSetSecurityImageLabel = virSecurityStackSetImageLabel,
.domainRestoreSecurityImageLabel = virSecurityStackRestoreImageLabel,
.domainMoveImageMetadata = virSecurityStackMoveImageMetadata,
+ .domainUpdateSecurityImageLabel = virSecurityStackUpdateImageLabel,
.domainSetSecurityMemoryLabel = virSecurityStackSetMemoryLabel,
.domainRestoreSecurityMemoryLabel = virSecurityStackRestoreMemoryLabel,
--
2.31.1
More information about the libvir-list
mailing list