[PATCH 2/9] security: add virSecurityManagerUpdateImageLabel

Thu Sep 9 11:01:22 UTC 2021

On 8/23/21 4:41 AM, Peng Liang wrote:
> Signed-off-by: Peng Liang <liangpeng10 at huawei.com>
> ---
>  src/libvirt_private.syms        |  1 +
>  src/security/security_driver.h  |  5 +++++
>  src/security/security_manager.c | 29 +++++++++++++++++++++++++++++
>  src/security/security_manager.h |  5 +++++
>  4 files changed, 40 insertions(+)
> 

> diff --git a/src/security/security_manager.c b/src/security/security_manager.c
> index 9906c1691d0f..b580704d3abf 100644
> --- a/src/security/security_manager.c
> +++ b/src/security/security_manager.c
> @@ -476,6 +476,35 @@ virSecurityManagerMoveImageMetadata(virSecurityManager *mgr,
>  }
>  
>  
> +/**
> + * virSecurityManagerUpdateImageLabel:
> + * @mgr: security manager object
> + * @vm: domain definition object
> + * @src: disk source definition to operate on
> + * @flags: bitwise or of 'virSecurityDomainImageLabelFlags'
> + *
> + * Update security label from @src according to @flags.
> + *
> + * Returns: 0 on success, -1 on error.
> + */
> +int
> +virSecurityManagerUpdateImageLabel(virSecurityManager *mgr,
> +                                   virDomainDef *vm,
> +                                   virStorageSource *src,
> +                                   virSecurityDomainImageLabelFlags flags)
> +{
> +    if (mgr->drv->domainUpdateSecurityImageLabel) {
> +        int ret;
> +        virObjectLock(mgr);
> +        ret = mgr->drv->domainUpdateSecurityImageLabel(mgr, vm, src, flags);
> +        virObjectUnlock(mgr);
> +        return ret;
> +    }
> +
> +    return 0;
> +}
> +
> +

Is there a reason why this needs to be inside virSecurityManager? We
already have virSecurityMoveRememberedLabel() that lives outside of it,
in security_util.c and conceptually this function belongs there.

Michal