Tree - rpms/libvirt - CentOS Git server

render / rpms / libvirt

Forked from rpms/libvirt 11 months ago

Source
Stats

Blame SOURCES/libvirt-qemu_security-Fully-implement-qemuSecurityDomainSetPathLabel.patch

Blob History Raw

Pablo Greco	40546a	`From 86f741bf77f39d4af3698b71797e430c2a6989c3 Mon Sep 17 00:00:00 2001`
Pablo Greco	40546a	`Message-Id: <86f741bf77f39d4af3698b71797e430c2a6989c3@dist-git>`
Pablo Greco	40546a	`From: Michal Privoznik <mprivozn@redhat.com>`
Pablo Greco	40546a	`Date: Thu, 3 Jan 2019 10:03:44 +0100`
Pablo Greco	40546a	`Subject: [PATCH] qemu_security: Fully implement qemuSecurityDomainSetPathLabel`
Pablo Greco	40546a
Pablo Greco	40546a	`Even though the current use of the function does not require full`
Pablo Greco	40546a	`implementation with transactions (none of the callers pass a path`
Pablo Greco	40546a	`somewhere under /dev), it doesn't hurt either. Moreover, in`
Pablo Greco	40546a	`future patches the paradigm is going to shift so that any API`
Pablo Greco	40546a	`that touches a file is required to use transactions.`
Pablo Greco	40546a
Pablo Greco	40546a	`Signed-off-by: Michal Privoznik <mprivozn@redhat.com>`
Pablo Greco	40546a	`Reviewed-by: John Ferlan <jferlan@redhat.com>`
Pablo Greco	40546a	`(cherry picked from commit da24db2d30352c094f76dffb523e7f344ff8e30d)`
Pablo Greco	40546a
Pablo Greco	40546a	`https://bugzilla.redhat.com/show_bug.cgi?id=1658112`
Pablo Greco	40546a
Pablo Greco	40546a	`Signed-off-by: Erik Skultety <eskultet@redhat.com>`
Pablo Greco	40546a	`Message-Id: <4de2beabd9868259f1856f7eafcc835b5b2a3d6b.1546506016.git.eskultet@redhat.com>`
Pablo Greco	40546a	`Reviewed-by: Jiri Denemark <jdenemar@redhat.com>`
Pablo Greco	40546a	`---`
Pablo Greco	40546a	`src/qemu/qemu_domain.c \| 3 +--`
Pablo Greco	40546a	`src/qemu/qemu_process.c \| 15 ++++++---------`
Pablo Greco	40546a	`src/qemu/qemu_security.c \| 30 ++++++++++++++++++++++++++++++`
Pablo Greco	40546a	`src/qemu/qemu_security.h \| 6 +++++-`
Pablo Greco	40546a	`4 files changed, 42 insertions(+), 12 deletions(-)`
Pablo Greco	40546a
Pablo Greco	40546a	`diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c`
Pablo Greco	40546a	`index 95b84af78a..c9899b9e6d 100644`
Pablo Greco	40546a	`--- a/src/qemu/qemu_domain.c`
Pablo Greco	40546a	`+++ b/src/qemu/qemu_domain.c`
Pablo Greco	40546a	`@@ -801,8 +801,7 @@ qemuDomainWriteMasterKeyFile(virQEMUDriverPtr driver,`
Pablo Greco	40546a	`goto cleanup;`
Pablo Greco	40546a	`}`
Pablo Greco	40546a
Pablo Greco	40546a	`- if (qemuSecurityDomainSetPathLabel(driver->securityManager,`
Pablo Greco	40546a	`- vm->def, path, false) < 0)`
Pablo Greco	40546a	`+ if (qemuSecurityDomainSetPathLabel(driver, vm, path, false) < 0)`
Pablo Greco	40546a	`goto cleanup;`
Pablo Greco	40546a
Pablo Greco	40546a	`ret = 0;`
Pablo Greco	40546a	`diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c`
Pablo Greco	40546a	`index 34aac69afc..c0f95dd5f1 100644`
Pablo Greco	40546a	`--- a/src/qemu/qemu_process.c`
Pablo Greco	40546a	`+++ b/src/qemu/qemu_process.c`
Pablo Greco	40546a	`@@ -2778,8 +2778,7 @@ qemuProcessStartManagedPRDaemon(virDomainObjPtr vm)`
Pablo Greco	40546a	`virCgroupAddMachineTask(priv->cgroup, cpid) < 0)`
Pablo Greco	40546a	`goto cleanup;`
Pablo Greco	40546a
Pablo Greco	40546a	`- if (qemuSecurityDomainSetPathLabel(driver->securityManager,`
Pablo Greco	40546a	`- vm->def, socketPath, true) < 0)`
Pablo Greco	40546a	`+ if (qemuSecurityDomainSetPathLabel(driver, vm, socketPath, true) < 0)`
Pablo Greco	40546a	`goto cleanup;`
Pablo Greco	40546a
Pablo Greco	40546a	`priv->prDaemonRunning = true;`
Pablo Greco	40546a	`@@ -3656,7 +3655,7 @@ qemuProcessNeedMemoryBackingPath(virDomainDefPtr def,`
Pablo Greco	40546a
Pablo Greco	40546a	`static int`
Pablo Greco	40546a	`qemuProcessBuildDestroyMemoryPathsImpl(virQEMUDriverPtr driver,`
Pablo Greco	40546a	`- virDomainDefPtr def,`
Pablo Greco	40546a	`+ virDomainObjPtr vm,`
Pablo Greco	40546a	`const char *path,`
Pablo Greco	40546a	`bool build)`
Pablo Greco	40546a	`{`
Pablo Greco	40546a	`@@ -3671,8 +3670,7 @@ qemuProcessBuildDestroyMemoryPathsImpl(virQEMUDriverPtr driver,`
Pablo Greco	40546a	`return -1;`
Pablo Greco	40546a	`}`
Pablo Greco	40546a
Pablo Greco	40546a	`- if (qemuSecurityDomainSetPathLabel(driver->securityManager,`
Pablo Greco	40546a	`- def, path, true) < 0)`
Pablo Greco	40546a	`+ if (qemuSecurityDomainSetPathLabel(driver, vm, path, true) < 0)`
Pablo Greco	40546a	`return -1;`
Pablo Greco	40546a	`} else {`
Pablo Greco	40546a	`if (virFileDeleteTree(path) < 0)`
Pablo Greco	40546a	`@@ -3708,7 +3706,7 @@ qemuProcessBuildDestroyMemoryPaths(virQEMUDriverPtr driver,`
Pablo Greco	40546a	`if (!path)`
Pablo Greco	40546a	`goto cleanup;`
Pablo Greco	40546a
Pablo Greco	40546a	`- if (qemuProcessBuildDestroyMemoryPathsImpl(driver, vm->def,`
Pablo Greco	40546a	`+ if (qemuProcessBuildDestroyMemoryPathsImpl(driver, vm,`
Pablo Greco	40546a	`path, build) < 0)`
Pablo Greco	40546a	`goto cleanup;`
Pablo Greco	40546a
Pablo Greco	40546a	`@@ -3720,7 +3718,7 @@ qemuProcessBuildDestroyMemoryPaths(virQEMUDriverPtr driver,`
Pablo Greco	40546a	`if (qemuGetMemoryBackingDomainPath(vm->def, cfg, &path) < 0)`
Pablo Greco	40546a	`goto cleanup;`
Pablo Greco	40546a
Pablo Greco	40546a	`- if (qemuProcessBuildDestroyMemoryPathsImpl(driver, vm->def,`
Pablo Greco	40546a	`+ if (qemuProcessBuildDestroyMemoryPathsImpl(driver, vm,`
Pablo Greco	40546a	`path, build) < 0)`
Pablo Greco	40546a	`goto cleanup;`
Pablo Greco	40546a
Pablo Greco	40546a	`@@ -4904,8 +4902,7 @@ qemuProcessMakeDir(virQEMUDriverPtr driver,`
Pablo Greco	40546a	`goto cleanup;`
Pablo Greco	40546a	`}`
Pablo Greco	40546a
Pablo Greco	40546a	`- if (qemuSecurityDomainSetPathLabel(driver->securityManager,`
Pablo Greco	40546a	`- vm->def, path, true) < 0)`
Pablo Greco	40546a	`+ if (qemuSecurityDomainSetPathLabel(driver, vm, path, true) < 0)`
Pablo Greco	40546a	`goto cleanup;`
Pablo Greco	40546a
Pablo Greco	40546a	`ret = 0;`
Pablo Greco	40546a	`diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c`
Pablo Greco	40546a	`index af3be42854..268def309a 100644`
Pablo Greco	40546a	`--- a/src/qemu/qemu_security.c`
Pablo Greco	40546a	`+++ b/src/qemu/qemu_security.c`
Pablo Greco	40546a	`@@ -493,3 +493,33 @@ qemuSecurityCleanupTPMEmulator(virQEMUDriverPtr driver,`
Pablo Greco	40546a	`{`
Pablo Greco	40546a	`virSecurityManagerRestoreTPMLabels(driver->securityManager, def);`
Pablo Greco	40546a	`}`
Pablo Greco	40546a	`+`
Pablo Greco	40546a	`+`
Pablo Greco	40546a	`+int`
Pablo Greco	40546a	`+qemuSecurityDomainSetPathLabel(virQEMUDriverPtr driver,`
Pablo Greco	40546a	`+ virDomainObjPtr vm,`
Pablo Greco	40546a	`+ const char *path,`
Pablo Greco	40546a	`+ bool allowSubtree)`
Pablo Greco	40546a	`+{`
Pablo Greco	40546a	`+ int ret = -1;`
Pablo Greco	40546a	`+`
Pablo Greco	40546a	`+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&`
Pablo Greco	40546a	`+ virSecurityManagerTransactionStart(driver->securityManager) < 0)`
Pablo Greco	40546a	`+ goto cleanup;`
Pablo Greco	40546a	`+`
Pablo Greco	40546a	`+ if (virSecurityManagerDomainSetPathLabel(driver->securityManager,`
Pablo Greco	40546a	`+ vm->def,`
Pablo Greco	40546a	`+ path,`
Pablo Greco	40546a	`+ allowSubtree) < 0)`
Pablo Greco	40546a	`+ goto cleanup;`
Pablo Greco	40546a	`+`
Pablo Greco	40546a	`+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT) &&`
Pablo Greco	40546a	`+ virSecurityManagerTransactionCommit(driver->securityManager,`
Pablo Greco	40546a	`+ vm->pid) < 0)`
Pablo Greco	40546a	`+ goto cleanup;`
Pablo Greco	40546a	`+`
Pablo Greco	40546a	`+ ret = 0;`
Pablo Greco	40546a	`+ cleanup:`
Pablo Greco	40546a	`+ virSecurityManagerTransactionAbort(driver->securityManager);`
Pablo Greco	40546a	`+ return ret;`
Pablo Greco	40546a	`+}`
Pablo Greco	40546a	`diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h`
Pablo Greco	40546a	`index a189b63828..fd11fbdd9d 100644`
Pablo Greco	40546a	`--- a/src/qemu/qemu_security.h`
Pablo Greco	40546a	`+++ b/src/qemu/qemu_security.h`
Pablo Greco	40546a	`@@ -95,12 +95,16 @@ int qemuSecurityStartTPMEmulator(virQEMUDriverPtr driver,`
Pablo Greco	40546a	`void qemuSecurityCleanupTPMEmulator(virQEMUDriverPtr driver,`
Pablo Greco	40546a	`virDomainDefPtr def);`
Pablo Greco	40546a
Pablo Greco	40546a	`+int qemuSecurityDomainSetPathLabel(virQEMUDriverPtr driver,`
Pablo Greco	40546a	`+ virDomainObjPtr vm,`
Pablo Greco	40546a	`+ const char *path,`
Pablo Greco	40546a	`+ bool allowSubtree);`
Pablo Greco	40546a	`+`
Pablo Greco	40546a	`/* Please note that for these APIs there is no wrapper yet. Do NOT blindly add`
Pablo Greco	40546a	`* new APIs here. If an API can touch a /dev file add a proper wrapper instead.`
Pablo Greco	40546a	`*/`
Pablo Greco	40546a	`# define qemuSecurityCheckAllLabel virSecurityManagerCheckAllLabel`
Pablo Greco	40546a	`# define qemuSecurityClearSocketLabel virSecurityManagerClearSocketLabel`
Pablo Greco	40546a	`-# define qemuSecurityDomainSetPathLabel virSecurityManagerDomainSetPathLabel`
Pablo Greco	40546a	`# define qemuSecurityGenLabel virSecurityManagerGenLabel`
Pablo Greco	40546a	`# define qemuSecurityGetBaseLabel virSecurityManagerGetBaseLabel`
Pablo Greco	40546a	`# define qemuSecurityGetDOI virSecurityManagerGetDOI`
Pablo Greco	40546a	`--`
Pablo Greco	40546a	`2.22.0`
Pablo Greco	40546a

render / rpms / libvirt

Source Code

Blame SOURCES/libvirt-qemu_security-Fully-implement-qemuSecurityDomainSetPathLabel.patch