Tree - rpms/libvirt - CentOS Git server

render / rpms / libvirt

Forked from rpms/libvirt 10 months ago

Source
Stats

Blame libvirt-0.8.2-06-use-disk-iterator.patch

Blob History Raw

Daniel P. Berrange	e3a592	`From 54c1bb731d2b19a46a594cf9682c022f1e1114d2 Mon Sep 17 00:00:00 2001`
Daniel P. Berrange	e3a592	`From: Daniel P. Berrange <berrange@redhat.com>`
Daniel P. Berrange	e3a592	`Date: Tue, 15 Jun 2010 16:40:47 +0100`
Daniel P. Berrange	e3a592	`Subject: [PATCH 06/11] Convert all disk backing store loops to shared helper API`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`Update the QEMU cgroups code, QEMU DAC security driver, SELinux`
Daniel P. Berrange	e3a592	`and AppArmour security drivers over to use the shared helper API`
Daniel P. Berrange	e3a592	`virDomainDiskDefForeachPath().`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`* src/qemu/qemu_driver.c, src/qemu/qemu_security_dac.c,`
Daniel P. Berrange	e3a592	`src/security/security_selinux.c, src/security/virt-aa-helper.c:`
Daniel P. Berrange	e3a592	`Convert over to use virDomainDiskDefForeachPath()`
Daniel P. Berrange	e3a592	`---`
Daniel P. Berrange	e3a592	`src/qemu/qemu_driver.c \| 161 ++++++++++++++++----------------------`
Daniel P. Berrange	e3a592	`src/qemu/qemu_security_dac.c \| 47 ++++--------`
Daniel P. Berrange	e3a592	`src/security/security_selinux.c \| 67 +++++++----------`
Daniel P. Berrange	e3a592	`src/security/virt-aa-helper.c \| 71 ++++++++----------`
Daniel P. Berrange	e3a592	`4 files changed, 142 insertions(+), 204 deletions(-)`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c`
Daniel P. Berrange	e3a592	`index 97f2990..99aeffa 100644`
Daniel P. Berrange	e3a592	`--- a/src/qemu/qemu_driver.c`
Daniel P. Berrange	e3a592	`+++ b/src/qemu/qemu_driver.c`
Daniel P. Berrange	e3a592	`@@ -3040,107 +3040,82 @@ static const char *const defaultDeviceACL[] = {`
Daniel P. Berrange	e3a592	`#define DEVICE_PTY_MAJOR 136`
Daniel P. Berrange	e3a592	`#define DEVICE_SND_MAJOR 116`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`-static int qemuSetupDiskCgroup(virCgroupPtr cgroup,`
Daniel P. Berrange	e3a592	`- virDomainObjPtr vm,`
Daniel P. Berrange	e3a592	`- virDomainDiskDefPtr disk)`
Daniel P. Berrange	e3a592	`-{`
Daniel P. Berrange	e3a592	`- char *path = disk->src;`
Daniel P. Berrange	e3a592	`- int ret = -1;`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`- while (path != NULL) {`
Daniel P. Berrange	e3a592	`- virStorageFileMetadata meta;`
Daniel P. Berrange	e3a592	`- int rc;`
Daniel P. Berrange	e3a592	`+static int qemuSetupDiskPathAllow(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,`
Daniel P. Berrange	e3a592	`+ const char *path,`
Daniel P. Berrange	e3a592	`+ size_t depth ATTRIBUTE_UNUSED,`
Daniel P. Berrange	e3a592	`+ void *opaque)`
Daniel P. Berrange	e3a592	`+{`
Daniel P. Berrange	e3a592	`+ virCgroupPtr cgroup = opaque;`
Daniel P. Berrange	e3a592	`+ int rc;`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`- VIR_DEBUG("Process path '%s' for disk", path);`
Daniel P. Berrange	e3a592	`- rc = virCgroupAllowDevicePath(cgroup, path);`
Daniel P. Berrange	e3a592	`- if (rc != 0) {`
Daniel P. Berrange	e3a592	`- /* Get this for non-block devices */`
Daniel P. Berrange	e3a592	`- if (rc == -EINVAL) {`
Daniel P. Berrange	e3a592	`- VIR_DEBUG("Ignoring EINVAL for %s", path);`
Daniel P. Berrange	e3a592	`- } else if (rc == -EACCES) { /* Get this for root squash NFS */`
Daniel P. Berrange	e3a592	`- VIR_DEBUG("Ignoring EACCES for %s", path);`
Daniel P. Berrange	e3a592	`- } else {`
Daniel P. Berrange	e3a592	`- virReportSystemError(-rc,`
Daniel P. Berrange	e3a592	`- _("Unable to allow device %s for %s"),`
Daniel P. Berrange	e3a592	`- path, vm->def->name);`
Daniel P. Berrange	e3a592	`- if (path != disk->src)`
Daniel P. Berrange	e3a592	`- VIR_FREE(path);`
Daniel P. Berrange	e3a592	`- goto cleanup;`
Daniel P. Berrange	e3a592	`- }`
Daniel P. Berrange	e3a592	`+ VIR_DEBUG("Process path %s for disk", path);`
Daniel P. Berrange	e3a592	`+ /* XXX RO vs RW */`
Daniel P. Berrange	e3a592	`+ rc = virCgroupAllowDevicePath(cgroup, path);`
Daniel P. Berrange	e3a592	`+ if (rc != 0) {`
Daniel P. Berrange	e3a592	`+ /* Get this for non-block devices */`
Daniel P. Berrange	e3a592	`+ if (rc == -EINVAL) {`
Daniel P. Berrange	e3a592	`+ VIR_DEBUG("Ignoring EINVAL for %s", path);`
Daniel P. Berrange	e3a592	`+ } else if (rc == -EACCES) { /* Get this for root squash NFS */`
Daniel P. Berrange	e3a592	`+ VIR_DEBUG("Ignoring EACCES for %s", path);`
Daniel P. Berrange	e3a592	`+ } else {`
Daniel P. Berrange	e3a592	`+ virReportSystemError(-rc,`
Daniel P. Berrange	e3a592	`+ _("Unable to allow access for disk path %s"),`
Daniel P. Berrange	e3a592	`+ path);`
Daniel P. Berrange	e3a592	`+ return -1;`
Daniel P. Berrange	e3a592	`}`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- rc = virStorageFileGetMetadata(path,`
Daniel P. Berrange	e3a592	`- VIR_STORAGE_FILE_AUTO,`
Daniel P. Berrange	e3a592	`- &meta);`
Daniel P. Berrange	e3a592	`- if (rc < 0)`
Daniel P. Berrange	e3a592	`- VIR_WARN("Unable to lookup parent image for %s", path);`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- if (path != disk->src)`
Daniel P. Berrange	e3a592	`- VIR_FREE(path);`
Daniel P. Berrange	e3a592	`- path = NULL;`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- if (rc < 0)`
Daniel P. Berrange	e3a592	`- break; /* Treating as non fatal */`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- path = meta.backingStore;`
Daniel P. Berrange	e3a592	`}`
Daniel P. Berrange	e3a592	`+ return 0;`
Daniel P. Berrange	e3a592	`+}`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`- ret = 0;`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`-cleanup:`
Daniel P. Berrange	e3a592	`- return ret;`
Daniel P. Berrange	e3a592	`+static int qemuSetupDiskCgroup(virCgroupPtr cgroup,`
Daniel P. Berrange	e3a592	`+ virDomainDiskDefPtr disk)`
Daniel P. Berrange	e3a592	`+{`
Daniel P. Berrange	e3a592	`+ return virDomainDiskDefForeachPath(disk,`
Daniel P. Berrange	e3a592	`+ true,`
Daniel P. Berrange	e3a592	`+ true,`
Daniel P. Berrange	e3a592	`+ qemuSetupDiskPathAllow,`
Daniel P. Berrange	e3a592	`+ cgroup);`
Daniel P. Berrange	e3a592	`}`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`-static int qemuTeardownDiskCgroup(virCgroupPtr cgroup,`
Daniel P. Berrange	e3a592	`- virDomainObjPtr vm,`
Daniel P. Berrange	e3a592	`- virDomainDiskDefPtr disk)`
Daniel P. Berrange	e3a592	`+static int qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,`
Daniel P. Berrange	e3a592	`+ const char *path,`
Daniel P. Berrange	e3a592	`+ size_t depth ATTRIBUTE_UNUSED,`
Daniel P. Berrange	e3a592	`+ void *opaque)`
Daniel P. Berrange	e3a592	`{`
Daniel P. Berrange	e3a592	`- char *path = disk->src;`
Daniel P. Berrange	e3a592	`- int ret = -1;`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- while (path != NULL) {`
Daniel P. Berrange	e3a592	`- virStorageFileMetadata meta;`
Daniel P. Berrange	e3a592	`- int rc;`
Daniel P. Berrange	e3a592	`+ virCgroupPtr cgroup = opaque;`
Daniel P. Berrange	e3a592	`+ int rc;`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`- VIR_DEBUG("Process path '%s' for disk", path);`
Daniel P. Berrange	e3a592	`- rc = virCgroupDenyDevicePath(cgroup, path);`
Daniel P. Berrange	e3a592	`- if (rc != 0) {`
Daniel P. Berrange	e3a592	`- /* Get this for non-block devices */`
Daniel P. Berrange	e3a592	`- if (rc == -EINVAL) {`
Daniel P. Berrange	e3a592	`- VIR_DEBUG("Ignoring EINVAL for %s", path);`
Daniel P. Berrange	e3a592	`- } else if (rc == -EACCES) { /* Get this for root squash NFS */`
Daniel P. Berrange	e3a592	`- VIR_DEBUG("Ignoring EACCES for %s", path);`
Daniel P. Berrange	e3a592	`- } else {`
Daniel P. Berrange	e3a592	`- virReportSystemError(-rc,`
Daniel P. Berrange	e3a592	`- _("Unable to deny device %s for %s"),`
Daniel P. Berrange	e3a592	`- path, vm->def->name);`
Daniel P. Berrange	e3a592	`- if (path != disk->src)`
Daniel P. Berrange	e3a592	`- VIR_FREE(path);`
Daniel P. Berrange	e3a592	`- goto cleanup;`
Daniel P. Berrange	e3a592	`- }`
Daniel P. Berrange	e3a592	`+ VIR_DEBUG("Process path %s for disk", path);`
Daniel P. Berrange	e3a592	`+ /* XXX RO vs RW */`
Daniel P. Berrange	e3a592	`+ rc = virCgroupDenyDevicePath(cgroup, path);`
Daniel P. Berrange	e3a592	`+ if (rc != 0) {`
Daniel P. Berrange	e3a592	`+ /* Get this for non-block devices */`
Daniel P. Berrange	e3a592	`+ if (rc == -EINVAL) {`
Daniel P. Berrange	e3a592	`+ VIR_DEBUG("Ignoring EINVAL for %s", path);`
Daniel P. Berrange	e3a592	`+ } else if (rc == -EACCES) { /* Get this for root squash NFS */`
Daniel P. Berrange	e3a592	`+ VIR_DEBUG("Ignoring EACCES for %s", path);`
Daniel P. Berrange	e3a592	`+ } else {`
Daniel P. Berrange	e3a592	`+ virReportSystemError(-rc,`
Daniel P. Berrange	e3a592	`+ _("Unable to allow access for disk path %s"),`
Daniel P. Berrange	e3a592	`+ path);`
Daniel P. Berrange	e3a592	`+ return -1;`
Daniel P. Berrange	e3a592	`}`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- rc = virStorageFileGetMetadata(path,`
Daniel P. Berrange	e3a592	`- VIR_STORAGE_FILE_AUTO,`
Daniel P. Berrange	e3a592	`- &meta);`
Daniel P. Berrange	e3a592	`- if (rc < 0)`
Daniel P. Berrange	e3a592	`- VIR_WARN("Unable to lookup parent image for %s", path);`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- if (path != disk->src)`
Daniel P. Berrange	e3a592	`- VIR_FREE(path);`
Daniel P. Berrange	e3a592	`- path = NULL;`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- if (rc < 0)`
Daniel P. Berrange	e3a592	`- break; /* Treating as non fatal */`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- path = meta.backingStore;`
Daniel P. Berrange	e3a592	`}`
Daniel P. Berrange	e3a592	`+ return 0;`
Daniel P. Berrange	e3a592	`+}`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`- ret = 0;`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`-cleanup:`
Daniel P. Berrange	e3a592	`- return ret;`
Daniel P. Berrange	e3a592	`+static int qemuTeardownDiskCgroup(virCgroupPtr cgroup,`
Daniel P. Berrange	e3a592	`+ virDomainDiskDefPtr disk)`
Daniel P. Berrange	e3a592	`+{`
Daniel P. Berrange	e3a592	`+ return virDomainDiskDefForeachPath(disk,`
Daniel P. Berrange	e3a592	`+ true,`
Daniel P. Berrange	e3a592	`+ true,`
Daniel P. Berrange	e3a592	`+ qemuTeardownDiskPathDeny,`
Daniel P. Berrange	e3a592	`+ cgroup);`
Daniel P. Berrange	e3a592	`}`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`@@ -3204,7 +3179,7 @@ static int qemuSetupCgroup(struct qemud_driver *driver,`
Daniel P. Berrange	e3a592	`}`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`for (i = 0; i < vm->def->ndisks ; i++) {`
Daniel P. Berrange	e3a592	`- if (qemuSetupDiskCgroup(cgroup, vm, vm->def->disks[i]) < 0)`
Daniel P. Berrange	e3a592	`+ if (qemuSetupDiskCgroup(cgroup, vm->def->disks[i]) < 0)`
Daniel P. Berrange	e3a592	`goto cleanup;`
Daniel P. Berrange	e3a592	`}`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`@@ -8035,7 +8010,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,`
Daniel P. Berrange	e3a592	`vm->def->name);`
Daniel P. Berrange	e3a592	`goto endjob;`
Daniel P. Berrange	e3a592	`}`
Daniel P. Berrange	e3a592	`- if (qemuSetupDiskCgroup(cgroup, vm, dev->data.disk) < 0)`
Daniel P. Berrange	e3a592	`+ if (qemuSetupDiskCgroup(cgroup, dev->data.disk) < 0)`
Daniel P. Berrange	e3a592	`goto endjob;`
Daniel P. Berrange	e3a592	`}`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`@@ -8080,7 +8055,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,`
Daniel P. Berrange	e3a592	`/* Fallthrough */`
Daniel P. Berrange	e3a592	`}`
Daniel P. Berrange	e3a592	`if (ret != 0 && cgroup) {`
Daniel P. Berrange	e3a592	`- if (qemuTeardownDiskCgroup(cgroup, vm, dev->data.disk) < 0)`
Daniel P. Berrange	e3a592	`+ if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)`
Daniel P. Berrange	e3a592	`VIR_WARN("Failed to teardown cgroup for disk path %s",`
Daniel P. Berrange	e3a592	`NULLSTR(dev->data.disk->src));`
Daniel P. Berrange	e3a592	`}`
Daniel P. Berrange	e3a592	`@@ -8280,7 +8255,7 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom,`
Daniel P. Berrange	e3a592	`vm->def->name);`
Daniel P. Berrange	e3a592	`goto endjob;`
Daniel P. Berrange	e3a592	`}`
Daniel P. Berrange	e3a592	`- if (qemuSetupDiskCgroup(cgroup, vm, dev->data.disk) < 0)`
Daniel P. Berrange	e3a592	`+ if (qemuSetupDiskCgroup(cgroup, dev->data.disk) < 0)`
Daniel P. Berrange	e3a592	`goto endjob;`
Daniel P. Berrange	e3a592	`}`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`@@ -8303,7 +8278,7 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom,`
Daniel P. Berrange	e3a592	`}`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`if (ret != 0 && cgroup) {`
Daniel P. Berrange	e3a592	`- if (qemuTeardownDiskCgroup(cgroup, vm, dev->data.disk) < 0)`
Daniel P. Berrange	e3a592	`+ if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)`
Daniel P. Berrange	e3a592	`VIR_WARN("Failed to teardown cgroup for disk path %s",`
Daniel P. Berrange	e3a592	`NULLSTR(dev->data.disk->src));`
Daniel P. Berrange	e3a592	`}`
Daniel P. Berrange	e3a592	`@@ -8430,7 +8405,7 @@ static int qemudDomainDetachPciDiskDevice(struct qemud_driver *driver,`
Daniel P. Berrange	e3a592	`VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`if (cgroup != NULL) {`
Daniel P. Berrange	e3a592	`- if (qemuTeardownDiskCgroup(cgroup, vm, dev->data.disk) < 0)`
Daniel P. Berrange	e3a592	`+ if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)`
Daniel P. Berrange	e3a592	`VIR_WARN("Failed to teardown cgroup for disk path %s",`
Daniel P. Berrange	e3a592	`NULLSTR(dev->data.disk->src));`
Daniel P. Berrange	e3a592	`}`
Daniel P. Berrange	e3a592	`@@ -8493,7 +8468,7 @@ static int qemudDomainDetachSCSIDiskDevice(struct qemud_driver *driver,`
Daniel P. Berrange	e3a592	`VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`if (cgroup != NULL) {`
Daniel P. Berrange	e3a592	`- if (qemuTeardownDiskCgroup(cgroup, vm, dev->data.disk) < 0)`
Daniel P. Berrange	e3a592	`+ if (qemuTeardownDiskCgroup(cgroup, dev->data.disk) < 0)`
Daniel P. Berrange	e3a592	`VIR_WARN("Failed to teardown cgroup for disk path %s",`
Daniel P. Berrange	e3a592	`NULLSTR(dev->data.disk->src));`
Daniel P. Berrange	e3a592	`}`
Daniel P. Berrange	e3a592	`diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c`
Daniel P. Berrange	e3a592	`index acfe48e..770010d 100644`
Daniel P. Berrange	e3a592	`--- a/src/qemu/qemu_security_dac.c`
Daniel P. Berrange	e3a592	`+++ b/src/qemu/qemu_security_dac.c`
Daniel P. Berrange	e3a592	`@@ -98,45 +98,28 @@ err:`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`static int`
Daniel P. Berrange	e3a592	`+qemuSecurityDACSetSecurityFileLabel(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,`
Daniel P. Berrange	e3a592	`+ const char *path,`
Daniel P. Berrange	e3a592	`+ size_t depth ATTRIBUTE_UNUSED,`
Daniel P. Berrange	e3a592	`+ void *opaque ATTRIBUTE_UNUSED)`
Daniel P. Berrange	e3a592	`+{`
Daniel P. Berrange	e3a592	`+ return qemuSecurityDACSetOwnership(path, driver->user, driver->group);`
Daniel P. Berrange	e3a592	`+}`
Daniel P. Berrange	e3a592	`+`
Daniel P. Berrange	e3a592	`+`
Daniel P. Berrange	e3a592	`+static int`
Daniel P. Berrange	e3a592	`qemuSecurityDACSetSecurityImageLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,`
Daniel P. Berrange	e3a592	`virDomainDiskDefPtr disk)`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`{`
Daniel P. Berrange	e3a592	`- const char *path;`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`if (!driver->privileged \|\| !driver->dynamicOwnership)`
Daniel P. Berrange	e3a592	`return 0;`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`- if (!disk->src)`
Daniel P. Berrange	e3a592	`- return 0;`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- path = disk->src;`
Daniel P. Berrange	e3a592	`- do {`
Daniel P. Berrange	e3a592	`- virStorageFileMetadata meta;`
Daniel P. Berrange	e3a592	`- int ret;`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- ret = virStorageFileGetMetadata(path,`
Daniel P. Berrange	e3a592	`- VIR_STORAGE_FILE_AUTO,`
Daniel P. Berrange	e3a592	`- &meta);`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- if (path != disk->src)`
Daniel P. Berrange	e3a592	`- VIR_FREE(path);`
Daniel P. Berrange	e3a592	`- path = NULL;`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- if (ret < 0)`
Daniel P. Berrange	e3a592	`- return -1;`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- if (meta.backingStore != NULL &&`
Daniel P. Berrange	e3a592	`- qemuSecurityDACSetOwnership(meta.backingStore,`
Daniel P. Berrange	e3a592	`- driver->user, driver->group) < 0) {`
Daniel P. Berrange	e3a592	`- VIR_FREE(meta.backingStore);`
Daniel P. Berrange	e3a592	`- return -1;`
Daniel P. Berrange	e3a592	`- }`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- path = meta.backingStore;`
Daniel P. Berrange	e3a592	`- } while (path != NULL);`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- return qemuSecurityDACSetOwnership(disk->src, driver->user, driver->group);`
Daniel P. Berrange	e3a592	`+ return virDomainDiskDefForeachPath(disk,`
Daniel P. Berrange	e3a592	`+ true,`
Daniel P. Berrange	e3a592	`+ false,`
Daniel P. Berrange	e3a592	`+ qemuSecurityDACSetSecurityFileLabel,`
Daniel P. Berrange	e3a592	`+ NULL);`
Daniel P. Berrange	e3a592	`}`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c`
Daniel P. Berrange	e3a592	`index 5c0f002..d191118 100644`
Daniel P. Berrange	e3a592	`--- a/src/security/security_selinux.c`
Daniel P. Berrange	e3a592	`+++ b/src/security/security_selinux.c`
Daniel P. Berrange	e3a592	`@@ -439,54 +439,43 @@ SELinuxRestoreSecurityImageLabel(virDomainObjPtr vm,`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`static int`
Daniel P. Berrange	e3a592	`+SELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,`
Daniel P. Berrange	e3a592	`+ const char *path,`
Daniel P. Berrange	e3a592	`+ size_t depth,`
Daniel P. Berrange	e3a592	`+ void *opaque)`
Daniel P. Berrange	e3a592	`+{`
Daniel P. Berrange	e3a592	`+ const virSecurityLabelDefPtr secdef = opaque;`
Daniel P. Berrange	e3a592	`+`
Daniel P. Berrange	e3a592	`+ if (depth == 0) {`
Daniel P. Berrange	e3a592	`+ if (disk->shared) {`
Daniel P. Berrange	e3a592	`+ return SELinuxSetFilecon(path, default_image_context);`
Daniel P. Berrange	e3a592	`+ } else if (disk->readonly) {`
Daniel P. Berrange	e3a592	`+ return SELinuxSetFilecon(path, default_content_context);`
Daniel P. Berrange	e3a592	`+ } else if (secdef->imagelabel) {`
Daniel P. Berrange	e3a592	`+ return SELinuxSetFilecon(path, secdef->imagelabel);`
Daniel P. Berrange	e3a592	`+ } else {`
Daniel P. Berrange	e3a592	`+ return 0;`
Daniel P. Berrange	e3a592	`+ }`
Daniel P. Berrange	e3a592	`+ } else {`
Daniel P. Berrange	e3a592	`+ return SELinuxSetFilecon(path, default_content_context);`
Daniel P. Berrange	e3a592	`+ }`
Daniel P. Berrange	e3a592	`+}`
Daniel P. Berrange	e3a592	`+`
Daniel P. Berrange	e3a592	`+static int`
Daniel P. Berrange	e3a592	`SELinuxSetSecurityImageLabel(virDomainObjPtr vm,`
Daniel P. Berrange	e3a592	`virDomainDiskDefPtr disk)`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`{`
Daniel P. Berrange	e3a592	`const virSecurityLabelDefPtr secdef = &vm->def->seclabel;`
Daniel P. Berrange	e3a592	`- const char *path;`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC)`
Daniel P. Berrange	e3a592	`return 0;`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`- if (!disk->src)`
Daniel P. Berrange	e3a592	`- return 0;`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- path = disk->src;`
Daniel P. Berrange	e3a592	`- do {`
Daniel P. Berrange	e3a592	`- virStorageFileMetadata meta;`
Daniel P. Berrange	e3a592	`- int ret;`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- ret = virStorageFileGetMetadata(path,`
Daniel P. Berrange	e3a592	`- VIR_STORAGE_FILE_AUTO,`
Daniel P. Berrange	e3a592	`- &meta);`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- if (path != disk->src)`
Daniel P. Berrange	e3a592	`- VIR_FREE(path);`
Daniel P. Berrange	e3a592	`- path = NULL;`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- if (ret < 0)`
Daniel P. Berrange	e3a592	`- break;`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- if (meta.backingStore != NULL &&`
Daniel P. Berrange	e3a592	`- SELinuxSetFilecon(meta.backingStore,`
Daniel P. Berrange	e3a592	`- default_content_context) < 0) {`
Daniel P. Berrange	e3a592	`- VIR_FREE(meta.backingStore);`
Daniel P. Berrange	e3a592	`- return -1;`
Daniel P. Berrange	e3a592	`- }`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- path = meta.backingStore;`
Daniel P. Berrange	e3a592	`- } while (path != NULL);`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- if (disk->shared) {`
Daniel P. Berrange	e3a592	`- return SELinuxSetFilecon(disk->src, default_image_context);`
Daniel P. Berrange	e3a592	`- } else if (disk->readonly) {`
Daniel P. Berrange	e3a592	`- return SELinuxSetFilecon(disk->src, default_content_context);`
Daniel P. Berrange	e3a592	`- } else if (secdef->imagelabel) {`
Daniel P. Berrange	e3a592	`- return SELinuxSetFilecon(disk->src, secdef->imagelabel);`
Daniel P. Berrange	e3a592	`- }`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- return 0;`
Daniel P. Berrange	e3a592	`+ return virDomainDiskDefForeachPath(disk,`
Daniel P. Berrange	e3a592	`+ true,`
Daniel P. Berrange	e3a592	`+ false,`
Daniel P. Berrange	e3a592	`+ SELinuxSetSecurityFileLabel,`
Daniel P. Berrange	e3a592	`+ secdef);`
Daniel P. Berrange	e3a592	`}`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c`
Daniel P. Berrange	e3a592	`index 2c045e6..9ed0cd3 100644`
Daniel P. Berrange	e3a592	`--- a/src/security/virt-aa-helper.c`
Daniel P. Berrange	e3a592	`+++ b/src/security/virt-aa-helper.c`
Daniel P. Berrange	e3a592	`@@ -36,7 +36,6 @@`
Daniel P. Berrange	e3a592	`#include "uuid.h"`
Daniel P. Berrange	e3a592	`#include "hostusb.h"`
Daniel P. Berrange	e3a592	`#include "pci.h"`
Daniel P. Berrange	e3a592	`-#include "storage_file.h"`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`static char *progname;`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`@@ -801,6 +800,28 @@ file_iterate_pci_cb(pciDevice *dev ATTRIBUTE_UNUSED,`
Daniel P. Berrange	e3a592	`}`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`static int`
Daniel P. Berrange	e3a592	`+add_file_path(virDomainDiskDefPtr disk,`
Daniel P. Berrange	e3a592	`+ const char *path,`
Daniel P. Berrange	e3a592	`+ size_t depth,`
Daniel P. Berrange	e3a592	`+ void *opaque)`
Daniel P. Berrange	e3a592	`+{`
Daniel P. Berrange	e3a592	`+ virBufferPtr buf = opaque;`
Daniel P. Berrange	e3a592	`+ int ret;`
Daniel P. Berrange	e3a592	`+`
Daniel P. Berrange	e3a592	`+ if (depth == 0) {`
Daniel P. Berrange	e3a592	`+ if (disk->readonly)`
Daniel P. Berrange	e3a592	`+ ret = vah_add_file(buf, path, "r");`
Daniel P. Berrange	e3a592	`+ else`
Daniel P. Berrange	e3a592	`+ ret = vah_add_file(buf, path, "rw");`
Daniel P. Berrange	e3a592	`+ } else {`
Daniel P. Berrange	e3a592	`+ ret = vah_add_file(buf, path, "r");`
Daniel P. Berrange	e3a592	`+ }`
Daniel P. Berrange	e3a592	`+`
Daniel P. Berrange	e3a592	`+ return ret;`
Daniel P. Berrange	e3a592	`+}`
Daniel P. Berrange	e3a592	`+`
Daniel P. Berrange	e3a592	`+`
Daniel P. Berrange	e3a592	`+static int`
Daniel P. Berrange	e3a592	`get_files(vahControl * ctl)`
Daniel P. Berrange	e3a592	`{`
Daniel P. Berrange	e3a592	`virBuffer buf = VIR_BUFFER_INITIALIZER;`
Daniel P. Berrange	e3a592	`@@ -821,45 +842,15 @@ get_files(vahControl * ctl)`
Daniel P. Berrange	e3a592	`goto clean;`
Daniel P. Berrange	e3a592	`}`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`- for (i = 0; i < ctl->def->ndisks; i++)`
Daniel P. Berrange	e3a592	`- if (ctl->def->disks[i] && ctl->def->disks[i]->src) {`
Daniel P. Berrange	e3a592	`- int ret;`
Daniel P. Berrange	e3a592	`- const char *path;`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- path = ctl->def->disks[i]->src;`
Daniel P. Berrange	e3a592	`- do {`
Daniel P. Berrange	e3a592	`- virStorageFileMetadata meta;`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- ret = virStorageFileGetMetadata(path,`
Daniel P. Berrange	e3a592	`- VIR_STORAGE_FILE_AUTO,`
Daniel P. Berrange	e3a592	`- &meta);`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- if (path != ctl->def->disks[i]->src)`
Daniel P. Berrange	e3a592	`- VIR_FREE(path);`
Daniel P. Berrange	e3a592	`- path = NULL;`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- if (ret < 0) {`
Daniel P. Berrange	e3a592	`- vah_warning("could not open path, skipping");`
Daniel P. Berrange	e3a592	`- continue;`
Daniel P. Berrange	e3a592	`- }`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- if (meta.backingStore != NULL &&`
Daniel P. Berrange	e3a592	`- (ret = vah_add_file(&buf, meta.backingStore, "rw")) != 0) {`
Daniel P. Berrange	e3a592	`- VIR_FREE(meta.backingStore);`
Daniel P. Berrange	e3a592	`- goto clean;`
Daniel P. Berrange	e3a592	`- }`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- path = meta.backingStore;`
Daniel P. Berrange	e3a592	`- } while (path != NULL);`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- if (ctl->def->disks[i]->readonly)`
Daniel P. Berrange	e3a592	`- ret = vah_add_file(&buf, ctl->def->disks[i]->src, "r");`
Daniel P. Berrange	e3a592	`- else`
Daniel P. Berrange	e3a592	`- ret = vah_add_file(&buf, ctl->def->disks[i]->src, "rw");`
Daniel P. Berrange	e3a592	`-`
Daniel P. Berrange	e3a592	`- if (ret != 0)`
Daniel P. Berrange	e3a592	`- goto clean;`
Daniel P. Berrange	e3a592	`- }`
Daniel P. Berrange	e3a592	`+ for (i = 0; i < ctl->def->ndisks; i++) {`
Daniel P. Berrange	e3a592	`+ int ret = virDomainDiskDefForeachPath(ctl->def->disks[i],`
Daniel P. Berrange	e3a592	`+ true,`
Daniel P. Berrange	e3a592	`+ false,`
Daniel P. Berrange	e3a592	`+ add_file_path,`
Daniel P. Berrange	e3a592	`+ &buf;;`
Daniel P. Berrange	e3a592	`+ if (ret != 0)`
Daniel P. Berrange	e3a592	`+ goto clean;`
Daniel P. Berrange	e3a592	`+ }`
Daniel P. Berrange	e3a592
Daniel P. Berrange	e3a592	`for (i = 0; i < ctl->def->nserials; i++)`
Daniel P. Berrange	e3a592	`if (ctl->def->serials[i] && ctl->def->serials[i]->data.file.path)`
Daniel P. Berrange	e3a592	`--`
Daniel P. Berrange	e3a592	`1.7.1.1`
Daniel P. Berrange	e3a592

render / rpms / libvirt

Source Code

Blame libvirt-0.8.2-06-use-disk-iterator.patch