[PATCH v2 02/10] security: add virSecurityManagerUpdateImageLabel

Peng Liang posted 10 patches 1 month, 2 weeks ago

[PATCH v2 02/10] security: add virSecurityManagerUpdateImageLabel

Posted by Peng Liang 1 month, 2 weeks ago
After migration, some labels of images need to be updated.  So add
virSecurityManagerUpdateImageLabel to do it.

Signed-off-by: Peng Liang <liangpeng10@huawei.com>
---
 src/libvirt_private.syms        |  1 +
 src/security/security_driver.h  |  5 +++++
 src/security/security_manager.c | 29 +++++++++++++++++++++++++++++
 src/security/security_manager.h |  5 +++++
 4 files changed, 40 insertions(+)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index fd0eea0777e2..ed750de262a1 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1720,6 +1720,7 @@ virSecurityManagerStackAddNested;
 virSecurityManagerTransactionAbort;
 virSecurityManagerTransactionCommit;
 virSecurityManagerTransactionStart;
+virSecurityManagerUpdateImageLabel;
 virSecurityManagerVerify;
 
 
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index a1fc23be383f..7c1e9a5a8596 100644
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -123,6 +123,10 @@ typedef int (*virSecurityDomainMoveImageMetadata) (virSecurityManager *mgr,
                                                    pid_t pid,
                                                    virStorageSource *src,
                                                    virStorageSource *dst);
+typedef int (*virSecurityDomainUpdateImageLabel) (virSecurityManager *mgr,
+                                                  virDomainDef *def,
+                                                  virStorageSource *src,
+                                                  virSecurityDomainImageLabelFlags flags);
 typedef int (*virSecurityDomainSetMemoryLabel) (virSecurityManager *mgr,
                                                 virDomainDef *def,
                                                 virDomainMemoryDef *mem);
@@ -186,6 +190,7 @@ struct _virSecurityDriver {
     virSecurityDomainSetImageLabel domainSetSecurityImageLabel;
     virSecurityDomainRestoreImageLabel domainRestoreSecurityImageLabel;
     virSecurityDomainMoveImageMetadata domainMoveImageMetadata;
+    virSecurityDomainUpdateImageLabel domainUpdateSecurityImageLabel;
 
     virSecurityDomainSetMemoryLabel domainSetSecurityMemoryLabel;
     virSecurityDomainRestoreMemoryLabel domainRestoreSecurityMemoryLabel;
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index d8a03a19cb8b..bbdecbf41606 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -476,6 +476,35 @@ virSecurityManagerMoveImageMetadata(virSecurityManager *mgr,
 }
 
 
+/**
+ * virSecurityManagerUpdateImageLabel:
+ * @mgr: security manager object
+ * @vm: domain definition object
+ * @src: disk source definition to operate on
+ * @flags: bitwise or of 'virSecurityDomainImageLabelFlags'
+ *
+ * Update security label from @src according to @flags.
+ *
+ * Returns: 0 on success, -1 on error.
+ */
+int
+virSecurityManagerUpdateImageLabel(virSecurityManager *mgr,
+                                   virDomainDef *vm,
+                                   virStorageSource *src,
+                                   virSecurityDomainImageLabelFlags flags)
+{
+    if (mgr->drv->domainUpdateSecurityImageLabel) {
+        int ret;
+        virObjectLock(mgr);
+        ret = mgr->drv->domainUpdateSecurityImageLabel(mgr, vm, src, flags);
+        virObjectUnlock(mgr);
+        return ret;
+    }
+
+    return 0;
+}
+
+
 int
 virSecurityManagerSetDaemonSocketLabel(virSecurityManager *mgr,
                                        virDomainDef *vm)
diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index 59020b147527..365f18e2dcfd 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -175,6 +175,11 @@ int virSecurityManagerMoveImageMetadata(virSecurityManager *mgr,
                                         pid_t pid,
                                         virStorageSource *src,
                                         virStorageSource *dst);
+int
+virSecurityManagerUpdateImageLabel(virSecurityManager *mgr,
+                                   virDomainDef *vm,
+                                   virStorageSource *src,
+                                   virSecurityDomainImageLabelFlags flags);
 
 int virSecurityManagerSetMemoryLabel(virSecurityManager *mgr,
                                      virDomainDef *vm,
-- 
2.31.1