mirror of
https://github.com/libvirt/libvirt.git
synced 2025-02-25 18:55:26 -06:00
security: Rename SetSocketLabel APIs to SetDaemonSocketLabel
The APIs are designed to label a socket in a way that the libvirt daemon itself is able to access it (i.e., in SELinux the label is virtd_t based as opposed to svirt_* we use for labeling resources that need to be accessed by a vm). The new name reflects this.
This commit is contained in:
Jiri Denemark
@@ -904,13 +904,13 @@ virSecurityManagerRestoreAllLabel;
|
||||
virSecurityManagerRestoreHostdevLabel;
|
||||
virSecurityManagerRestoreSavedStateLabel;
|
||||
virSecurityManagerSetAllLabel;
|
||||
virSecurityManagerSetDaemonSocketLabel;
|
||||
virSecurityManagerSetImageFDLabel;
|
||||
virSecurityManagerSetImageLabel;
|
||||
virSecurityManagerSetHostdevLabel;
|
||||
virSecurityManagerSetProcessFDLabel;
|
||||
virSecurityManagerSetProcessLabel;
|
||||
virSecurityManagerSetSavedStateLabel;
|
||||
virSecurityManagerSetSocketLabel;
|
||||
virSecurityManagerVerify;
|
||||
|
||||
# sexpr.h
|
||||
|
||||
@@ -821,7 +821,8 @@ qemuConnectMonitor(struct qemud_driver *driver, virDomainObjPtr vm)
|
||||
qemuDomainObjPrivatePtr priv = vm->privateData;
|
||||
int ret = -1;
|
||||
|
||||
if (virSecurityManagerSetSocketLabel(driver->securityManager, vm) < 0) {
|
||||
if (virSecurityManagerSetDaemonSocketLabel(driver->securityManager,
|
||||
vm) < 0) {
|
||||
VIR_ERROR(_("Failed to set security context for monitor for %s"),
|
||||
vm->def->name);
|
||||
goto error;
|
||||
|
||||
@@ -578,7 +578,7 @@ AppArmorSetSecurityProcessLabel(virSecurityManagerPtr mgr, virDomainObjPtr vm)
|
||||
}
|
||||
|
||||
static int
|
||||
AppArmorSetSecuritySocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||
AppArmorSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||
virDomainObjPtr vm ATTRIBUTE_UNUSED)
|
||||
{
|
||||
return 0;
|
||||
@@ -835,7 +835,7 @@ virSecurityDriver virAppArmorSecurityDriver = {
|
||||
AppArmorSetSecurityImageLabel,
|
||||
AppArmorRestoreSecurityImageLabel,
|
||||
|
||||
AppArmorSetSecuritySocketLabel,
|
||||
AppArmorSetSecurityDaemonSocketLabel,
|
||||
AppArmorClearSecuritySocketLabel,
|
||||
|
||||
AppArmorGenSecurityLabel,
|
||||
|
||||
@@ -667,7 +667,7 @@ virSecurityDACGetProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||
}
|
||||
|
||||
static int
|
||||
virSecurityDACSetSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||
virSecurityDACSetDaemonSocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||
virDomainObjPtr vm ATTRIBUTE_UNUSED)
|
||||
{
|
||||
return 0;
|
||||
@@ -714,7 +714,7 @@ virSecurityDriver virSecurityDriverDAC = {
|
||||
virSecurityDACSetSecurityImageLabel,
|
||||
virSecurityDACRestoreSecurityImageLabel,
|
||||
|
||||
virSecurityDACSetSocketLabel,
|
||||
virSecurityDACSetDaemonSocketLabel,
|
||||
virSecurityDACClearSocketLabel,
|
||||
|
||||
virSecurityDACGenLabel,
|
||||
|
||||
@@ -41,7 +41,7 @@ typedef const char *(*virSecurityDriverGetDOI) (virSecurityManagerPtr mgr);
|
||||
typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManagerPtr mgr,
|
||||
virDomainObjPtr vm,
|
||||
virDomainDiskDefPtr disk);
|
||||
typedef int (*virSecurityDomainSetSocketLabel) (virSecurityManagerPtr mgr,
|
||||
typedef int (*virSecurityDomainSetDaemonSocketLabel)(virSecurityManagerPtr mgr,
|
||||
virDomainObjPtr vm);
|
||||
typedef int (*virSecurityDomainClearSocketLabel)(virSecurityManagerPtr mgr,
|
||||
virDomainObjPtr vm);
|
||||
@@ -101,7 +101,7 @@ struct _virSecurityDriver {
|
||||
virSecurityDomainSetImageLabel domainSetSecurityImageLabel;
|
||||
virSecurityDomainRestoreImageLabel domainRestoreSecurityImageLabel;
|
||||
|
||||
virSecurityDomainSetSocketLabel domainSetSecuritySocketLabel;
|
||||
virSecurityDomainSetDaemonSocketLabel domainSetSecurityDaemonSocketLabel;
|
||||
virSecurityDomainClearSocketLabel domainClearSecuritySocketLabel;
|
||||
|
||||
virSecurityDomainGenLabel domainGenSecurityLabel;
|
||||
|
||||
@@ -160,11 +160,11 @@ int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
|
||||
return -1;
|
||||
}
|
||||
|
||||
int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr,
|
||||
int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr,
|
||||
virDomainObjPtr vm)
|
||||
{
|
||||
if (mgr->drv->domainSetSecuritySocketLabel)
|
||||
return mgr->drv->domainSetSecuritySocketLabel(mgr, vm);
|
||||
if (mgr->drv->domainSetSecurityDaemonSocketLabel)
|
||||
return mgr->drv->domainSetSecurityDaemonSocketLabel(mgr, vm);
|
||||
|
||||
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
|
||||
return -1;
|
||||
|
||||
@@ -53,7 +53,7 @@ bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr);
|
||||
int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
|
||||
virDomainObjPtr vm,
|
||||
virDomainDiskDefPtr disk);
|
||||
int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr,
|
||||
int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr,
|
||||
virDomainObjPtr vm);
|
||||
int virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr,
|
||||
virDomainObjPtr vm);
|
||||
|
||||
@@ -53,7 +53,7 @@ static int virSecurityDomainRestoreImageLabelNop(virSecurityManagerPtr mgr ATTRI
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int virSecurityDomainSetSocketLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||
static int virSecurityDomainSetDaemonSocketLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||
virDomainObjPtr vm ATTRIBUTE_UNUSED)
|
||||
{
|
||||
return 0;
|
||||
@@ -171,7 +171,7 @@ virSecurityDriver virSecurityDriverNop = {
|
||||
virSecurityDomainSetImageLabelNop,
|
||||
virSecurityDomainRestoreImageLabelNop,
|
||||
|
||||
virSecurityDomainSetSocketLabelNop,
|
||||
virSecurityDomainSetDaemonSocketLabelNop,
|
||||
virSecurityDomainClearSocketLabelNop,
|
||||
|
||||
virSecurityDomainGenLabelNop,
|
||||
|
||||
@@ -1066,7 +1066,7 @@ SELinuxSetSecurityProcessLabel(virSecurityManagerPtr mgr,
|
||||
}
|
||||
|
||||
static int
|
||||
SELinuxSetSecuritySocketLabel(virSecurityManagerPtr mgr,
|
||||
SELinuxSetSecurityDaemonSocketLabel(virSecurityManagerPtr mgr,
|
||||
virDomainObjPtr vm)
|
||||
{
|
||||
/* TODO: verify DOI */
|
||||
@@ -1312,7 +1312,7 @@ virSecurityDriver virSecurityDriverSELinux = {
|
||||
SELinuxSetSecurityImageLabel,
|
||||
SELinuxRestoreSecurityImageLabel,
|
||||
|
||||
SELinuxSetSecuritySocketLabel,
|
||||
SELinuxSetSecurityDaemonSocketLabel,
|
||||
SELinuxClearSecuritySocketLabel,
|
||||
|
||||
SELinuxGenSecurityLabel,
|
||||
|
||||
@@ -339,15 +339,15 @@ virSecurityStackGetProcessLabel(virSecurityManagerPtr mgr,
|
||||
|
||||
|
||||
static int
|
||||
virSecurityStackSetSocketLabel(virSecurityManagerPtr mgr,
|
||||
virSecurityStackSetDaemonSocketLabel(virSecurityManagerPtr mgr,
|
||||
virDomainObjPtr vm)
|
||||
{
|
||||
virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
||||
int rc = 0;
|
||||
|
||||
if (virSecurityManagerSetSocketLabel(priv->secondary, vm) < 0)
|
||||
if (virSecurityManagerSetDaemonSocketLabel(priv->secondary, vm) < 0)
|
||||
rc = -1;
|
||||
if (virSecurityManagerSetSocketLabel(priv->primary, vm) < 0)
|
||||
if (virSecurityManagerSetDaemonSocketLabel(priv->primary, vm) < 0)
|
||||
rc = -1;
|
||||
|
||||
return rc;
|
||||
@@ -418,7 +418,7 @@ virSecurityDriver virSecurityDriverStack = {
|
||||
virSecurityStackSetSecurityImageLabel,
|
||||
virSecurityStackRestoreSecurityImageLabel,
|
||||
|
||||
virSecurityStackSetSocketLabel,
|
||||
virSecurityStackSetDaemonSocketLabel,
|
||||
virSecurityStackClearSocketLabel,
|
||||
|
||||
virSecurityStackGenLabel,
|
||||
|
||||
Reference in New Issue
Block a user