[PATCH v4 05/13] qemu: Properly setup the NVRAM virStorageSource
Peter Krempa
pkrempa at redhat.com
Fri Jun 3 11:48:37 UTC 2022
Use the designated helpers for virStorageSource instead using the
file-based ones with a check.
Signed-off-by: Peter Krempa <pkrempa at redhat.com>
---
src/qemu/qemu_cgroup.c | 3 +--
src/qemu/qemu_namespace.c | 5 +++--
src/security/security_dac.c | 21 +++++++++++----------
src/security/security_selinux.c | 23 +++++++++++------------
src/security/virt-aa-helper.c | 6 +++---
5 files changed, 29 insertions(+), 29 deletions(-)
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index 64baed14e6..f189ca2bb6 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -581,8 +581,7 @@ qemuSetupFirmwareCgroup(virDomainObj *vm)
return -1;
if (vm->def->os.loader->nvram &&
- virStorageSourceIsLocalStorage(vm->def->os.loader->nvram) &&
- qemuSetupImagePathCgroup(vm, vm->def->os.loader->nvram->path, false) < 0)
+ qemuSetupImageCgroup(vm, vm->def->os.loader->nvram) < 0)
return -1;
return 0;
diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
index 9e133587b7..59c6dc52ac 100644
--- a/src/qemu/qemu_namespace.c
+++ b/src/qemu/qemu_namespace.c
@@ -573,8 +573,9 @@ qemuDomainSetupLoader(virDomainObj *vm,
*paths = g_slist_prepend(*paths, g_strdup(loader->path));
if (loader->nvram &&
- virStorageSourceIsLocalStorage(loader->nvram))
- *paths = g_slist_prepend(*paths, g_strdup(loader->nvram->path));
+ qemuDomainSetupDisk(loader->nvram, paths) < 0)
+ return -1;
+
break;
case VIR_DOMAIN_LOADER_TYPE_NONE:
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 03661efda1..bb89e466e1 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1974,10 +1974,11 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr,
rc = -1;
}
- if (def->os.loader && def->os.loader->nvram &&
- virStorageSourceIsLocalStorage(def->os.loader->nvram) &&
- virSecurityDACRestoreFileLabel(mgr, def->os.loader->nvram->path) < 0)
- rc = -1;
+ if (def->os.loader && def->os.loader->nvram) {
+ if (virSecurityDACRestoreImageLabelInt(mgr, def, def->os.loader->nvram,
+ migrated) < 0)
+ rc = -1;
+ }
if (def->os.kernel &&
virSecurityDACRestoreFileLabel(mgr, def->os.kernel) < 0)
@@ -2186,12 +2187,12 @@ virSecurityDACSetAllLabel(virSecurityManager *mgr,
return -1;
}
- if (def->os.loader && def->os.loader->nvram &&
- virStorageSourceIsLocalStorage(def->os.loader->nvram) &&
- virSecurityDACSetOwnership(mgr, NULL,
- def->os.loader->nvram->path,
- user, group, true) < 0)
- return -1;
+ if (def->os.loader && def->os.loader->nvram) {
+ if (virSecurityDACSetImageLabel(mgr, def, def->os.loader->nvram,
+ VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN |
+ VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP) < 0)
+ return -1;
+ }
if (def->os.kernel &&
virSecurityDACSetOwnership(mgr, NULL,
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index e026212b13..6a9d8e7e59 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2805,10 +2805,11 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager *mgr,
rc = -1;
}
- if (def->os.loader && def->os.loader->nvram &&
- virStorageSourceIsLocalStorage(def->os.loader->nvram) &&
- virSecuritySELinuxRestoreFileLabel(mgr, def->os.loader->nvram->path, true) < 0)
- rc = -1;
+ if (def->os.loader && def->os.loader->nvram) {
+ if (virSecuritySELinuxRestoreImageLabelInt(mgr, def, def->os.loader->nvram,
+ migrated) < 0)
+ rc = -1;
+ }
if (def->os.kernel &&
virSecuritySELinuxRestoreFileLabel(mgr, def->os.kernel, true) < 0)
@@ -3210,14 +3211,12 @@ virSecuritySELinuxSetAllLabel(virSecurityManager *mgr,
return -1;
}
- /* This is different than kernel or initrd. The nvram store
- * is really a disk, qemu can read and write to it. */
- if (def->os.loader && def->os.loader->nvram &&
- virStorageSourceIsLocalStorage(def->os.loader->nvram) &&
- secdef && secdef->imagelabel &&
- virSecuritySELinuxSetFilecon(mgr, def->os.loader->nvram->path,
- secdef->imagelabel, true) < 0)
- return -1;
+ if (def->os.loader && def->os.loader->nvram) {
+ if (virSecuritySELinuxSetImageLabel(mgr, def, def->os.loader->nvram,
+ VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN |
+ VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP) < 0)
+ return -1;
+ }
if (def->os.kernel &&
virSecuritySELinuxSetFilecon(mgr, def->os.kernel,
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 2ddf293c2c..d86b0f1cc2 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1006,10 +1006,10 @@ get_files(vahControl * ctl)
if (vah_add_file(&buf, ctl->def->os.loader->path, "rk") != 0)
goto cleanup;
- if (ctl->def->os.loader && ctl->def->os.loader->nvram &&
- virStorageSourceIsLocalStorage(ctl->def->os.loader->nvram))
- if (vah_add_file(&buf, ctl->def->os.loader->nvram->path, "rwk") != 0)
+ if (ctl->def->os.loader && ctl->def->os.loader->nvram) {
+ if (storage_source_add_files(disk->src, &buf, 0) < 0)
goto cleanup;
+ }
for (i = 0; i < ctl->def->ngraphics; i++) {
virDomainGraphicsDef *graphics = ctl->def->graphics[i];
--
2.35.3
More information about the libvir-list
mailing list