From 47dd73a795f67459851f20af3f9dded334f3a941 Mon Sep 17 00:00:00 2001

Message-Id: <47dd73a795f67459851f20af3f9dded334f3a941@dist-git>

From: Martin Kletzander <mkletzan@redhat.com>

Date: Mon, 24 Aug 2015 13:04:47 +0200

Subject: [PATCH] security: Add virSecurityDomainSetDirLabel

https://bugzilla.redhat.com/show_bug.cgi?id=1146886

That function can be used for setting security labels on arbitrary

directories.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>

(cherry picked from commit f65a2a12f4b9ab6144a979774f0486cdc4f7a60a)

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>

---

 src/libvirt_private.syms        |  1 +

 src/security/security_driver.h  |  5 +++++

 src/security/security_manager.c | 17 +++++++++++++++++

 src/security/security_manager.h |  4 ++++

 4 files changed, 27 insertions(+)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms

index be85c6b..434bbf3 100644

--- a/src/libvirt_private.syms

+++ b/src/libvirt_private.syms

@@ -1022,6 +1022,7 @@ virSecurityDriverLookup;

 # security/security_manager.h

 virSecurityManagerCheckAllLabel;

 virSecurityManagerClearSocketLabel;

+virSecurityManagerDomainSetDirLabel;

 virSecurityManagerGenLabel;

 virSecurityManagerGetBaseLabel;

 virSecurityManagerGetDOI;

diff --git a/src/security/security_driver.h b/src/security/security_driver.h

index f0dca09..784b0de 100644

--- a/src/security/security_driver.h

+++ b/src/security/security_driver.h

@@ -118,6 +118,9 @@ typedef int (*virSecurityDomainSetImageLabel) (virSecurityManagerPtr mgr,

 typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManagerPtr mgr,

                                                    virDomainDefPtr def,

                                                    virStorageSourcePtr src);

+typedef int (*virSecurityDomainSetDirLabel) (virSecurityManagerPtr mgr,

+                                             virDomainDefPtr def,

+                                             const char *path);

 struct _virSecurityDriver {

@@ -168,6 +171,8 @@ struct _virSecurityDriver {

     virSecurityDomainSetHugepages domainSetSecurityHugepages;

     virSecurityDriverGetBaseLabel getBaseLabel;

+

+    virSecurityDomainSetDirLabel domainSetDirLabel;

 };

 virSecurityDriverPtr virSecurityDriverLookup(const char *name,

diff --git a/src/security/security_manager.c b/src/security/security_manager.c

index b0cd9e8..1098558 100644

--- a/src/security/security_manager.c

+++ b/src/security/security_manager.c

@@ -991,3 +991,20 @@ virSecurityManagerSetHugepages(virSecurityManagerPtr mgr,

     return 0;

 }

+

+

+int

+virSecurityManagerDomainSetDirLabel(virSecurityManagerPtr mgr,

+                                    virDomainDefPtr vm,

+                                    const char *path)

+{

+    if (mgr->drv->domainSetDirLabel) {

+        int ret;

+        virObjectLock(mgr);

+        ret = mgr->drv->domainSetDirLabel(mgr, vm, path);

+        virObjectUnlock(mgr);

+        return ret;

+    }

+

+    return 0;

+}

diff --git a/src/security/security_manager.h b/src/security/security_manager.h

index 13468db..78f34a0 100644

--- a/src/security/security_manager.h

+++ b/src/security/security_manager.h

@@ -150,4 +150,8 @@ int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,

                                         virDomainDefPtr vm,

                                         virStorageSourcePtr src);

+int virSecurityManagerDomainSetDirLabel(virSecurityManagerPtr mgr,

+                                        virDomainDefPtr vm,

+                                        const char *path);

+

 #endif /* VIR_SECURITY_MANAGER_H__ */

-- 

2.5.1