rpms / libvirt

Clone
Source Code
GIT

Blame SOURCES/libvirt-security-Introduce-functions-for-input-device-hot-un-plug.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-rhel c8-sig-altarch-stream-rhel c8-stream-rhel c8s-sig-hyperscale c8s-stream-rhel c9 c9-beta c9s-sig-hyperscale
  1.   4045070f10f01f317ba25faccfcf2b43fdc80169
  2.   SOURCES
  3.   libvirt-security-Introduce-functions-for-input-device-hot-un-plug.patch
Blob History Raw
404507 
From 52568bd61d6fcf0ac32fea4db57527f9fe28c9a5 Mon Sep 17 00:00:00 2001
404507 
Message-Id: <52568bd61d6fcf0ac32fea4db57527f9fe28c9a5@dist-git>
404507 
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
404507 
Date: Mon, 27 Nov 2017 14:20:59 +0100
404507 
Subject: [PATCH] security: Introduce functions for input device hot(un)plug
404507 
MIME-Version: 1.0
404507 
Content-Type: text/plain; charset=UTF-8
404507 
Content-Transfer-Encoding: 8bit
404507
404507 
Export the existing DAC and SELinux for separate use and introduce
404507 
functions for stack, nop and the security manager.
404507
404507 
(cherry picked from commit d8116b5a0a6364b29e9774323d9aa442ad8c561d)
404507
404507 
https://bugzilla.redhat.com/show_bug.cgi?id=1509866
404507
404507 
Signed-off-by: Ján Tomko <jtomko@redhat.com>
404507 
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
404507 
---
404507 
 src/libvirt_private.syms        |  2 ++
404507 
 src/security/security_dac.c     |  3 +++
404507 
 src/security/security_driver.h  |  9 +++++++++
404507 
 src/security/security_manager.c | 36 ++++++++++++++++++++++++++++++++++++
404507 
 src/security/security_manager.h |  8 ++++++++
404507 
 src/security/security_nop.c     | 11 +++++++++++
404507 
 src/security/security_selinux.c |  3 +++
404507 
 src/security/security_stack.c   | 38 ++++++++++++++++++++++++++++++++++++++
404507 
 8 files changed, 110 insertions(+)
404507
404507 
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
404507 
index 3e0bc8730c..65b1143c9b 100644
404507 
--- a/src/libvirt_private.syms
404507 
+++ b/src/libvirt_private.syms
404507 
@@ -1267,6 +1267,7 @@ virSecurityManagerRestoreAllLabel;
404507 
 virSecurityManagerRestoreDiskLabel;
404507 
 virSecurityManagerRestoreHostdevLabel;
404507 
 virSecurityManagerRestoreImageLabel;
404507 
+virSecurityManagerRestoreInputLabel;
404507 
 virSecurityManagerRestoreMemoryLabel;
404507 
 virSecurityManagerRestoreSavedStateLabel;
404507 
 virSecurityManagerSetAllLabel;
404507 
@@ -1276,6 +1277,7 @@ virSecurityManagerSetDiskLabel;
404507 
 virSecurityManagerSetHostdevLabel;
404507 
 virSecurityManagerSetImageFDLabel;
404507 
 virSecurityManagerSetImageLabel;
404507 
+virSecurityManagerSetInputLabel;
404507 
 virSecurityManagerSetMemoryLabel;
404507 
 virSecurityManagerSetProcessLabel;
404507 
 virSecurityManagerSetSavedStateLabel;
404507 
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
404507 
index 244b300a9f..24d9264216 100644
404507 
--- a/src/security/security_dac.c
404507 
+++ b/src/security/security_dac.c
404507 
@@ -2103,6 +2103,9 @@ virSecurityDriver virSecurityDriverDAC = {
404507 
     .domainSetSecurityMemoryLabel       = virSecurityDACSetMemoryLabel,
404507 
     .domainRestoreSecurityMemoryLabel   = virSecurityDACRestoreMemoryLabel,
404507
404507 
+    .domainSetSecurityInputLabel        = virSecurityDACSetInputLabel,
404507 
+    .domainRestoreSecurityInputLabel    = virSecurityDACRestoreInputLabel,
404507 
+
404507 
     .domainSetSecurityDaemonSocketLabel = virSecurityDACSetDaemonSocketLabel,
404507 
     .domainSetSecuritySocketLabel       = virSecurityDACSetSocketLabel,
404507 
     .domainClearSecuritySocketLabel     = virSecurityDACClearSocketLabel,
404507 
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
404507 
index 0b3b452486..1b3070d06d 100644
404507 
--- a/src/security/security_driver.h
404507 
+++ b/src/security/security_driver.h
404507 
@@ -131,6 +131,12 @@ typedef int (*virSecurityDomainSetMemoryLabel) (virSecurityManagerPtr mgr,
404507 
 typedef int (*virSecurityDomainRestoreMemoryLabel) (virSecurityManagerPtr mgr,
404507 
                                                     virDomainDefPtr def,
404507 
                                                     virDomainMemoryDefPtr mem);
404507 
+typedef int (*virSecurityDomainSetInputLabel) (virSecurityManagerPtr mgr,
404507 
+                                               virDomainDefPtr def,
404507 
+                                               virDomainInputDefPtr input);
404507 
+typedef int (*virSecurityDomainRestoreInputLabel) (virSecurityManagerPtr mgr,
404507 
+                                                   virDomainDefPtr def,
404507 
+                                                   virDomainInputDefPtr input);
404507 
 typedef int (*virSecurityDomainSetPathLabel) (virSecurityManagerPtr mgr,
404507 
                                               virDomainDefPtr def,
404507 
                                               const char *path);
404507 
@@ -163,6 +169,9 @@ struct _virSecurityDriver {
404507 
     virSecurityDomainSetMemoryLabel domainSetSecurityMemoryLabel;
404507 
     virSecurityDomainRestoreMemoryLabel domainRestoreSecurityMemoryLabel;
404507
404507 
+    virSecurityDomainSetInputLabel domainSetSecurityInputLabel;
404507 
+    virSecurityDomainRestoreInputLabel domainRestoreSecurityInputLabel;
404507 
+
404507 
     virSecurityDomainSetDaemonSocketLabel domainSetSecurityDaemonSocketLabel;
404507 
     virSecurityDomainSetSocketLabel domainSetSecuritySocketLabel;
404507 
     virSecurityDomainClearSocketLabel domainClearSecuritySocketLabel;
404507 
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
404507 
index 60cfc92e77..3cf12188a0 100644
404507 
--- a/src/security/security_manager.c
404507 
+++ b/src/security/security_manager.c
404507 
@@ -1116,3 +1116,39 @@ virSecurityManagerRestoreMemoryLabel(virSecurityManagerPtr mgr,
404507 
     virReportUnsupportedError();
404507 
     return -1;
404507 
 }
404507 
+
404507 
+
404507 
+int
404507 
+virSecurityManagerSetInputLabel(virSecurityManagerPtr mgr,
404507 
+                                virDomainDefPtr vm,
404507 
+                                virDomainInputDefPtr input)
404507 
+{
404507 
+    if (mgr->drv->domainSetSecurityInputLabel) {
404507 
+        int ret;
404507 
+        virObjectLock(mgr);
404507 
+        ret = mgr->drv->domainSetSecurityInputLabel(mgr, vm, input);
404507 
+        virObjectUnlock(mgr);
404507 
+        return ret;
404507 
+    }
404507 
+
404507 
+    virReportUnsupportedError();
404507 
+    return -1;
404507 
+}
404507 
+
404507 
+
404507 
+int
404507 
+virSecurityManagerRestoreInputLabel(virSecurityManagerPtr mgr,
404507 
+                                    virDomainDefPtr vm,
404507 
+                                    virDomainInputDefPtr input)
404507 
+{
404507 
+    if (mgr->drv->domainRestoreSecurityInputLabel) {
404507 
+        int ret;
404507 
+        virObjectLock(mgr);
404507 
+        ret = mgr->drv->domainRestoreSecurityInputLabel(mgr, vm, input);
404507 
+        virObjectUnlock(mgr);
404507 
+        return ret;
404507 
+    }
404507 
+
404507 
+    virReportUnsupportedError();
404507 
+    return -1;
404507 
+}
404507 
diff --git a/src/security/security_manager.h b/src/security/security_manager.h
404507 
index 08fb89203a..87fe890692 100644
404507 
--- a/src/security/security_manager.h
404507 
+++ b/src/security/security_manager.h
404507 
@@ -172,6 +172,14 @@ int virSecurityManagerRestoreMemoryLabel(virSecurityManagerPtr mgr,
404507 
                                         virDomainDefPtr vm,
404507 
                                         virDomainMemoryDefPtr mem);
404507
404507 
+int virSecurityManagerSetInputLabel(virSecurityManagerPtr mgr,
404507 
+                                    virDomainDefPtr vm,
404507 
+                                    virDomainInputDefPtr input);
404507 
+int virSecurityManagerRestoreInputLabel(virSecurityManagerPtr mgr,
404507 
+                                        virDomainDefPtr vm,
404507 
+                                        virDomainInputDefPtr input);
404507 
+
404507 
+
404507 
 int virSecurityManagerDomainSetPathLabel(virSecurityManagerPtr mgr,
404507 
                                          virDomainDefPtr vm,
404507 
                                          const char *path);
404507 
diff --git a/src/security/security_nop.c b/src/security/security_nop.c
404507 
index 527be11e5a..cfb032c686 100644
404507 
--- a/src/security/security_nop.c
404507 
+++ b/src/security/security_nop.c
404507 
@@ -254,6 +254,14 @@ virSecurityDomainRestoreMemoryLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSE
404507 
     return 0;
404507 
 }
404507
404507 
+static int
404507 
+virSecurityDomainInputLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
404507 
+                               virDomainDefPtr def ATTRIBUTE_UNUSED,
404507 
+                               virDomainInputDefPtr input ATTRIBUTE_UNUSED)
404507 
+{
404507 
+    return 0;
404507 
+}
404507 
+
404507
404507 
 virSecurityDriver virSecurityDriverNop = {
404507 
     .privateDataLen                     = 0,
404507 
@@ -276,6 +284,9 @@ virSecurityDriver virSecurityDriverNop = {
404507 
     .domainSetSecurityMemoryLabel       = virSecurityDomainSetMemoryLabelNop,
404507 
     .domainRestoreSecurityMemoryLabel   = virSecurityDomainRestoreMemoryLabelNop,
404507
404507 
+    .domainSetSecurityInputLabel        = virSecurityDomainInputLabelNop,
404507 
+    .domainRestoreSecurityInputLabel    = virSecurityDomainInputLabelNop,
404507 
+
404507 
     .domainSetSecurityDaemonSocketLabel = virSecurityDomainSetDaemonSocketLabelNop,
404507 
     .domainSetSecuritySocketLabel       = virSecurityDomainSetSocketLabelNop,
404507 
     .domainClearSecuritySocketLabel     = virSecurityDomainClearSocketLabelNop,
404507 
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
404507 
index cd3e411931..d44de72e02 100644
404507 
--- a/src/security/security_selinux.c
404507 
+++ b/src/security/security_selinux.c
404507 
@@ -3058,6 +3058,9 @@ virSecurityDriver virSecurityDriverSELinux = {
404507 
     .domainSetSecurityMemoryLabel       = virSecuritySELinuxSetMemoryLabel,
404507 
     .domainRestoreSecurityMemoryLabel   = virSecuritySELinuxRestoreMemoryLabel,
404507
404507 
+    .domainSetSecurityInputLabel        = virSecuritySELinuxSetInputLabel,
404507 
+    .domainRestoreSecurityInputLabel    = virSecuritySELinuxRestoreInputLabel,
404507 
+
404507 
     .domainSetSecurityDaemonSocketLabel = virSecuritySELinuxSetDaemonSocketLabel,
404507 
     .domainSetSecuritySocketLabel       = virSecuritySELinuxSetSocketLabel,
404507 
     .domainClearSecuritySocketLabel     = virSecuritySELinuxClearSocketLabel,
404507 
diff --git a/src/security/security_stack.c b/src/security/security_stack.c
404507 
index 53eee1692f..cd916382b2 100644
404507 
--- a/src/security/security_stack.c
404507 
+++ b/src/security/security_stack.c
404507 
@@ -666,6 +666,41 @@ virSecurityStackRestoreMemoryLabel(virSecurityManagerPtr mgr,
404507 
     return rc;
404507 
 }
404507
404507 
+static int
404507 
+virSecurityStackSetInputLabel(virSecurityManagerPtr mgr,
404507 
+                              virDomainDefPtr vm,
404507 
+                              virDomainInputDefPtr input)
404507 
+{
404507 
+    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
404507 
+    virSecurityStackItemPtr item = priv->itemsHead;
404507 
+    int rc = 0;
404507 
+
404507 
+    for (; item; item = item->next) {
404507 
+        if (virSecurityManagerSetInputLabel(item->securityManager, vm, input) < 0)
404507 
+            rc = -1;
404507 
+    }
404507 
+
404507 
+    return rc;
404507 
+}
404507 
+
404507 
+static int
404507 
+virSecurityStackRestoreInputLabel(virSecurityManagerPtr mgr,
404507 
+                                  virDomainDefPtr vm,
404507 
+                                  virDomainInputDefPtr input)
404507 
+{
404507 
+    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
404507 
+    virSecurityStackItemPtr item = priv->itemsHead;
404507 
+    int rc = 0;
404507 
+
404507 
+    for (; item; item = item->next) {
404507 
+        if (virSecurityManagerRestoreInputLabel(item->securityManager,
404507 
+                                                vm, input) < 0)
404507 
+            rc = -1;
404507 
+    }
404507 
+
404507 
+    return rc;
404507 
+}
404507 
+
404507 
 static int
404507 
 virSecurityStackDomainSetPathLabel(virSecurityManagerPtr mgr,
404507 
                                    virDomainDefPtr vm,
404507 
@@ -711,6 +746,9 @@ virSecurityDriver virSecurityDriverStack = {
404507 
     .domainSetSecurityMemoryLabel       = virSecurityStackSetMemoryLabel,
404507 
     .domainRestoreSecurityMemoryLabel   = virSecurityStackRestoreMemoryLabel,
404507
404507 
+    .domainSetSecurityInputLabel        = virSecurityStackSetInputLabel,
404507 
+    .domainRestoreSecurityInputLabel    = virSecurityStackRestoreInputLabel,
404507 
+
404507 
     .domainSetSecurityDaemonSocketLabel = virSecurityStackSetDaemonSocketLabel,
404507 
     .domainSetSecuritySocketLabel       = virSecurityStackSetSocketLabel,
404507 
     .domainClearSecuritySocketLabel     = virSecurityStackClearSocketLabel,
404507 
--
404507 
2.15.1
404507

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation