From nobody Tue Feb 10 04:03:05 2026 Delivered-To: importer@patchew.org Received-SPF: none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain of lists.libvirt.org) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; spf=none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain of lists.libvirt.org) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 171092682561841.18844146621802; Wed, 20 Mar 2024 02:27:05 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 5BAF9219A; Wed, 20 Mar 2024 05:27:04 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 766071F10; Wed, 20 Mar 2024 05:20:06 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id CF3781BCE; Wed, 20 Mar 2024 05:19:33 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 49D0C1B62 for ; Wed, 20 Mar 2024 05:19:31 -0400 (EDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-454-3KTGP3RcNh6TmvuodDME_w-1; Wed, 20 Mar 2024 05:19:28 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 37C58811E81; Wed, 20 Mar 2024 09:19:28 +0000 (UTC) Received: from harajuku.usersys.redhat.com (unknown [10.45.225.41]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 51BD3C1576F; Wed, 20 Mar 2024 09:19:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.4 X-MC-Unique: 3KTGP3RcNh6TmvuodDME_w-1 From: Andrea Bolognani To: devel@lists.libvirt.org Subject: [PATCH 07/10] qemu: Propagate shared_filesystems Date: Wed, 20 Mar 2024 10:19:12 +0100 Message-ID: <20240320091915.369391-8-abologna@redhat.com> In-Reply-To: <20240320091915.369391-1-abologna@redhat.com> References: <20240320091915.369391-1-abologna@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Message-ID-Hash: M2WIJE5WIMRRLWDKBHH72RGBOYFE2SSL X-Message-ID-Hash: M2WIJE5WIMRRLWDKBHH72RGBOYFE2SSL X-MailFrom: abologna@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: Content-Type: text/plain; charset="utf-8"; x-default="true" Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1710926827315100001 virFileIsSharedFS() is the function that ultimately decides whether a filesystem should be considered shared, but the list of manually configured shared filesystems is part of the QEMU driver's configuration, so we need to pass the information through several layers in order to make use of it. Note that with this change the list is propagated all the way through, but its contents are still ignored, so the behavior remains the same for now. Signed-off-by: Andrea Bolognani --- src/lxc/lxc_controller.c | 2 +- src/lxc/lxc_driver.c | 2 +- src/lxc/lxc_process.c | 4 ++-- src/qemu/qemu_domain.c | 2 +- src/qemu/qemu_extdevice.c | 2 +- src/qemu/qemu_migration.c | 12 ++++++++---- src/qemu/qemu_security.c | 14 ++++++++++++-- src/qemu/qemu_tpm.c | 27 ++++++++++++++++++--------- src/qemu/qemu_tpm.h | 8 +++++--- src/security/security_apparmor.c | 2 ++ src/security/security_dac.c | 17 +++++++++++++---- src/security/security_driver.h | 4 ++++ src/security/security_manager.c | 20 ++++++++++++++------ src/security/security_manager.h | 4 ++++ src/security/security_nop.c | 4 ++++ src/security/security_selinux.c | 18 +++++++++++++++--- src/security/security_stack.c | 16 ++++++++++++---- src/util/virfile.c | 5 +++-- src/util/virfile.h | 3 ++- tests/securityselinuxlabeltest.c | 2 +- tests/virfiletest.c | 2 +- 21 files changed, 124 insertions(+), 46 deletions(-) diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index 505b71d05e..0b82fb9624 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -1919,7 +1919,7 @@ static int virLXCControllerSetupDisk(virLXCController= *ctrl, /* Labelling normally operates on src, but we need * to actually label the dst here, so hack the config */ def->src->path =3D dst; - if (virSecurityManagerSetImageLabel(securityDriver, ctrl->def, def->sr= c, + if (virSecurityManagerSetImageLabel(securityDriver, ctrl->def, def->sr= c, NULL, VIR_SECURITY_DOMAIN_IMAGE_LABEL_BA= CKING_CHAIN) < 0) goto cleanup; =20 diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index 39992bdf96..701d22efef 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -3260,7 +3260,7 @@ lxcDomainAttachDeviceMknodHelper(pid_t pid G_GNUC_UNU= SED, char *tmpsrc =3D def->src->path; def->src->path =3D data->file; if (virSecurityManagerSetImageLabel(data->driver->securityManager, - data->vm->def, def->src, + data->vm->def, def->src, NULL, VIR_SECURITY_DOMAIN_IMAGE_LABE= L_BACKING_CHAIN) < 0) { def->src->path =3D tmpsrc; goto cleanup; diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c index bfdcefd01b..a426d915ab 100644 --- a/src/lxc/lxc_process.c +++ b/src/lxc/lxc_process.c @@ -171,7 +171,7 @@ static void virLXCProcessCleanup(virLXCDriver *driver, =20 if (flags & VIR_LXC_PROCESS_CLEANUP_RESTORE_SECLABEL) { virSecurityManagerRestoreAllLabel(driver->securityManager, - vm->def, false, false); + vm->def, NULL, false, false); } =20 if (flags & VIR_LXC_PROCESS_CLEANUP_RELEASE_SECLABEL) { @@ -1327,7 +1327,7 @@ int virLXCProcessStart(virLXCDriver * driver, =20 VIR_DEBUG("Setting domain security labels"); if (virSecurityManagerSetAllLabel(driver->securityManager, - vm->def, NULL, false, false) < 0) + vm->def, NULL, NULL, false, false) <= 0) goto cleanup; stopFlags |=3D VIR_LXC_PROCESS_CLEANUP_RESTORE_SECLABEL; =20 diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index bc6cf133d4..a2f22dafe8 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -11877,7 +11877,7 @@ virQEMUFileOpenAs(uid_t fallback_uid, bool need_unlink =3D false; unsigned int vfoflags =3D 0; int fd =3D -1; - int path_shared =3D virFileIsSharedFS(path); + int path_shared =3D virFileIsSharedFS(path, NULL); uid_t uid =3D geteuid(); gid_t gid =3D getegid(); =20 diff --git a/src/qemu/qemu_extdevice.c b/src/qemu/qemu_extdevice.c index ed5976d1f7..dc1bb56237 100644 --- a/src/qemu/qemu_extdevice.c +++ b/src/qemu/qemu_extdevice.c @@ -165,7 +165,7 @@ qemuExtDevicesCleanupHost(virQEMUDriver *driver, virDomainTPMDef *tpm =3D def->tpms[i]; =20 if (tpm->type =3D=3D VIR_DOMAIN_TPM_TYPE_EMULATOR) - qemuExtTPMCleanupHost(tpm, flags, outgoingMigration); + qemuExtTPMCleanupHost(driver, tpm, flags, outgoingMigration); } } =20 diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index 1faab5dd23..330efb069b 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -1429,6 +1429,8 @@ qemuMigrationSrcIsAllowed(virDomainObj *vm, unsigned int flags) { qemuDomainObjPrivate *priv =3D vm->privateData; + virQEMUDriver *driver =3D priv->driver; + g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver); int nsnapshots; int pauseReason; size_t i; @@ -1599,7 +1601,7 @@ qemuMigrationSrcIsAllowed(virDomainObj *vm, } } =20 - if (qemuTPMHasSharedStorage(vm->def)&& + if (qemuTPMHasSharedStorage(vm->def, cfg->sharedFilesystems) && !qemuTPMCanMigrateSharedStorage(vm->def)) { virReportError(VIR_ERR_NO_SUPPORT, "%s", _("the running swtpm does not support migration= with shared storage")); @@ -1612,6 +1614,7 @@ qemuMigrationSrcIsAllowed(virDomainObj *vm, =20 static bool qemuMigrationSrcIsSafe(virDomainDef *def, + virQEMUDriverConfig *cfg, virQEMUCaps *qemuCaps, size_t nmigrate_disks, const char **migrate_disks, @@ -1643,7 +1646,7 @@ qemuMigrationSrcIsSafe(virDomainDef *def, /* However, disks on local FS (e.g. ext4) are not safe. */ switch (actualType) { case VIR_STORAGE_TYPE_FILE: - if ((rc =3D virFileIsSharedFS(src)) < 0) { + if ((rc =3D virFileIsSharedFS(src, cfg->sharedFilesystems)) < = 0) { return false; } else if (rc =3D=3D 0) { unsafe =3D true; @@ -2582,6 +2585,7 @@ qemuMigrationSrcBeginPhase(virQEMUDriver *driver, const char **migrate_disks, unsigned int flags) { + g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver); qemuDomainObjPrivate *priv =3D vm->privateData; unsigned int cookieFlags =3D QEMU_MIGRATION_COOKIE_LOCKSTATE; =20 @@ -2604,7 +2608,7 @@ qemuMigrationSrcBeginPhase(virQEMUDriver *driver, return NULL; =20 if (!(flags & (VIR_MIGRATE_UNSAFE | VIR_MIGRATE_OFFLINE)) && - !qemuMigrationSrcIsSafe(vm->def, priv->qemuCaps, + !qemuMigrationSrcIsSafe(vm->def, cfg, priv->qemuCaps, nmigrate_disks, migrate_disks, flags)) return NULL; =20 @@ -6091,7 +6095,7 @@ qemuMigrationSrcPerformJob(virQEMUDriver *driver, goto endjob; =20 if (!(flags & (VIR_MIGRATE_UNSAFE | VIR_MIGRATE_OFFLINE)) && - !qemuMigrationSrcIsSafe(vm->def, priv->qemuCaps, + !qemuMigrationSrcIsSafe(vm->def, cfg, priv->qemuCaps, nmigrate_disks, migrate_disks, flags)) goto endjob; =20 diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c index 4aaa863ae9..3aaa93a76c 100644 --- a/src/qemu/qemu_security.c +++ b/src/qemu/qemu_security.c @@ -38,6 +38,7 @@ qemuSecuritySetAllLabel(virQEMUDriver *driver, { int ret =3D -1; qemuDomainObjPrivate *priv =3D vm->privateData; + g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver); pid_t pid =3D -1; =20 if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) @@ -48,6 +49,7 @@ qemuSecuritySetAllLabel(virQEMUDriver *driver, =20 if (virSecurityManagerSetAllLabel(driver->securityManager, vm->def, + cfg->sharedFilesystems, incomingPath, priv->chardevStdioLogd, migrated) < 0) @@ -70,6 +72,7 @@ qemuSecurityRestoreAllLabel(virQEMUDriver *driver, bool migrated) { qemuDomainObjPrivate *priv =3D vm->privateData; + g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver); bool transactionStarted =3D false; =20 /* In contrast to qemuSecuritySetAllLabel, do not use vm->pid @@ -83,6 +86,7 @@ qemuSecurityRestoreAllLabel(virQEMUDriver *driver, =20 virSecurityManagerRestoreAllLabel(driver->securityManager, vm->def, + cfg->sharedFilesystems, migrated, priv->chardevStdioLogd); =20 @@ -103,6 +107,7 @@ qemuSecuritySetImageLabel(virQEMUDriver *driver, bool chainTop) { qemuDomainObjPrivate *priv =3D vm->privateData; + g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver); pid_t pid =3D -1; int ret =3D -1; virSecurityDomainImageLabelFlags labelFlags =3D 0; @@ -120,7 +125,9 @@ qemuSecuritySetImageLabel(virQEMUDriver *driver, goto cleanup; =20 if (virSecurityManagerSetImageLabel(driver->securityManager, - vm->def, src, labelFlags) < 0) + vm->def, src, + cfg->sharedFilesystems, + labelFlags) < 0) goto cleanup; =20 if (virSecurityManagerTransactionCommit(driver->securityManager, @@ -141,6 +148,7 @@ qemuSecurityRestoreImageLabel(virQEMUDriver *driver, bool backingChain) { qemuDomainObjPrivate *priv =3D vm->privateData; + g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver); pid_t pid =3D -1; int ret =3D -1; virSecurityDomainImageLabelFlags labelFlags =3D 0; @@ -155,7 +163,9 @@ qemuSecurityRestoreImageLabel(virQEMUDriver *driver, goto cleanup; =20 if (virSecurityManagerRestoreImageLabel(driver->securityManager, - vm->def, src, labelFlags) < 0) + vm->def, src, + cfg->sharedFilesystems, + labelFlags) < 0) goto cleanup; =20 if (virSecurityManagerTransactionCommit(driver->securityManager, diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index bf0c6bcb0d..f1b4283a70 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -538,6 +538,7 @@ qemuTPMEmulatorReconfigure(const char *storagepath, * @privileged: whether we are running in privileged mode * @swtpm_user: The uid for the swtpm to run as (drop privileges to from r= oot) * @swtpm_group: The gid for the swtpm to run as + * @sharedFilesystems: list of filesystem to consider shared * @incomingMigration: whether we have an incoming migration * * Create the virCommand use for starting the emulator @@ -551,6 +552,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, bool privileged, uid_t swtpm_user, gid_t swtpm_group, + char *const *sharedFilesystems, bool incomingMigration) { g_autoptr(virCommand) cmd =3D NULL; @@ -568,7 +570,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, /* Do not create storage and run swtpm_setup on incoming migration over * shared storage */ - on_shared_storage =3D virFileIsSharedFS(tpm->data.emulator.storagepath= ) =3D=3D 1; + on_shared_storage =3D virFileIsSharedFS(tpm->data.emulator.storagepath= , sharedFilesystems) =3D=3D 1; if (incomingMigration && on_shared_storage) create_storage =3D false; =20 @@ -734,6 +736,7 @@ qemuTPMEmulatorInitPaths(virDomainTPMDef *tpm, =20 /** * qemuTPMEmulatorCleanupHost: + * @driver: QEMU driver * @tpm: TPM definition * @flags: flags indicating whether to keep or remove TPM persistent state * @outgoingMigration: whether cleanup is due to an outgoing migration @@ -741,15 +744,18 @@ qemuTPMEmulatorInitPaths(virDomainTPMDef *tpm, * Clean up persistent storage for the swtpm. */ static void -qemuTPMEmulatorCleanupHost(virDomainTPMDef *tpm, +qemuTPMEmulatorCleanupHost(virQEMUDriver *driver, + virDomainTPMDef *tpm, virDomainUndefineFlagsValues flags, bool outgoingMigration) { + g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver); + /* Never remove the state in case of outgoing migration with shared * storage. */ if (outgoingMigration && - virFileIsSharedFS(tpm->data.emulator.storagepath) =3D=3D 1) + virFileIsSharedFS(tpm->data.emulator.storagepath, cfg->sharedFiles= ystems) =3D=3D 1) return; =20 /* @@ -935,6 +941,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver, driver->privileged, cfg->swtpm_user, cfg->swtpm_group, + cfg->sharedFilesystems, incomingMigration))) return -1; =20 @@ -950,7 +957,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver, virCommandSetErrorFD(cmd, &errfd); =20 if (incomingMigration && - virFileIsSharedFS(tpm->data.emulator.storagepath) =3D=3D 1) { + virFileIsSharedFS(tpm->data.emulator.storagepath, cfg->sharedFiles= ystems) =3D=3D 1) { /* security labels must have been set up on source already */ setTPMStateLabel =3D false; } @@ -1010,7 +1017,8 @@ qemuTPMEmulatorStart(virQEMUDriver *driver, =20 =20 bool -qemuTPMHasSharedStorage(virDomainDef *def) +qemuTPMHasSharedStorage(virDomainDef *def, + char *const *sharedFilesystems) { size_t i; =20 @@ -1019,7 +1027,7 @@ qemuTPMHasSharedStorage(virDomainDef *def) =20 switch (tpm->type) { case VIR_DOMAIN_TPM_TYPE_EMULATOR: - return virFileIsSharedFS(tpm->data.emulator.storagepath) =3D= =3D 1; + return virFileIsSharedFS(tpm->data.emulator.storagepath, share= dFilesystems) =3D=3D 1; case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: case VIR_DOMAIN_TPM_TYPE_EXTERNAL: case VIR_DOMAIN_TPM_TYPE_LAST: @@ -1097,11 +1105,12 @@ qemuExtTPMPrepareHost(virQEMUDriver *driver, =20 =20 void -qemuExtTPMCleanupHost(virDomainTPMDef *tpm, +qemuExtTPMCleanupHost(virQEMUDriver *driver, + virDomainTPMDef *tpm, virDomainUndefineFlagsValues flags, bool outgoingMigration) { - qemuTPMEmulatorCleanupHost(tpm, flags, outgoingMigration); + qemuTPMEmulatorCleanupHost(driver, tpm, flags, outgoingMigration); } =20 =20 @@ -1133,7 +1142,7 @@ qemuExtTPMStop(virQEMUDriver *driver, return; =20 qemuTPMEmulatorStop(cfg->swtpmStateDir, shortName); - if (outgoingMigration && qemuTPMHasSharedStorage(vm->def)) + if (outgoingMigration && qemuTPMHasSharedStorage(vm->def, cfg->sharedF= ilesystems)) restoreTPMStateLabel =3D false; =20 if (qemuSecurityRestoreTPMLabels(driver, vm, restoreTPMStateLabel) < 0) diff --git a/src/qemu/qemu_tpm.h b/src/qemu/qemu_tpm.h index 33ba5d2268..709e956fce 100644 --- a/src/qemu/qemu_tpm.h +++ b/src/qemu/qemu_tpm.h @@ -35,10 +35,11 @@ int qemuExtTPMPrepareHost(virQEMUDriver *driver, ATTRIBUTE_NONNULL(3) G_GNUC_WARN_UNUSED_RESULT; =20 -void qemuExtTPMCleanupHost(virDomainTPMDef *tpm, +void qemuExtTPMCleanupHost(virQEMUDriver *driver, + virDomainTPMDef *tpm, virDomainUndefineFlagsValues flags, bool outgoingMigration) - ATTRIBUTE_NONNULL(1); + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2); =20 int qemuExtTPMStart(virQEMUDriver *driver, virDomainObj *vm, @@ -59,7 +60,8 @@ int qemuExtTPMSetupCgroup(virQEMUDriver *driver, ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3) G_GNUC_WARN_UNUSED_RESULT; =20 -bool qemuTPMHasSharedStorage(virDomainDef *def) +bool qemuTPMHasSharedStorage(virDomainDef *def, + char *const *sharedFilesystems) ATTRIBUTE_NONNULL(1) G_GNUC_WARN_UNUSED_RESULT; =20 diff --git a/src/security/security_apparmor.c b/src/security/security_appar= mor.c index c1dc859751..8746c96275 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -508,6 +508,7 @@ AppArmorReleaseSecurityLabel(virSecurityManager *mgr G_= GNUC_UNUSED, static int AppArmorRestoreSecurityAllLabel(virSecurityManager *mgr G_GNUC_UNUSED, virDomainDef *def, + char *const *sharedFilesystems G_GNUC_UNUS= ED, bool migrated G_GNUC_UNUSED, bool chardevStdioLogd G_GNUC_UNUSED) { @@ -627,6 +628,7 @@ static int AppArmorRestoreSecurityImageLabel(virSecurityManager *mgr, virDomainDef *def, virStorageSource *src, + char *const *sharedFilesystems G_GNUC_UN= USED, virSecurityDomainImageLabelFlags flags G= _GNUC_UNUSED) { if (!virStorageSourceIsLocalStorage(src)) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 567be4bd23..376b364beb 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -864,6 +864,7 @@ virSecurityDACSetImageLabelInternal(virSecurityManager = *mgr, virDomainDef *def, virStorageSource *src, virStorageSource *parent, + char *const *sharedFilesystems G_GNUC_= UNUSED, bool isChainTop) { virSecurityLabelDef *secdef; @@ -942,6 +943,7 @@ static int virSecurityDACSetImageLabel(virSecurityManager *mgr, virDomainDef *def, virStorageSource *src, + char *const *sharedFilesystems, virSecurityDomainImageLabelFlags flags) { virStorageSource *parent =3D src; @@ -950,7 +952,7 @@ virSecurityDACSetImageLabel(virSecurityManager *mgr, for (n =3D src; virStorageSourceIsBacking(n); n =3D n->backingStore) { const bool isChainTop =3D flags & VIR_SECURITY_DOMAIN_IMAGE_PARENT= _CHAIN_TOP; =20 - if (virSecurityDACSetImageLabelInternal(mgr, def, n, parent, isCha= inTop) < 0) + if (virSecurityDACSetImageLabelInternal(mgr, def, n, parent, share= dFilesystems, isChainTop) < 0) return -1; =20 if (!(flags & VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN)) @@ -966,6 +968,7 @@ static int virSecurityDACRestoreImageLabelInt(virSecurityManager *mgr, virDomainDef *def, virStorageSource *src, + char *const *sharedFilesystems, bool migrated) { virSecurityDACData *priv =3D virSecurityManagerGetPrivateData(mgr); @@ -1006,7 +1009,7 @@ virSecurityDACRestoreImageLabelInt(virSecurityManager= *mgr, if (!src->path) return 0; =20 - if ((rc =3D virFileIsSharedFS(src->path)) < 0) + if ((rc =3D virFileIsSharedFS(src->path, sharedFilesystems)) <= 0) return -1; } =20 @@ -1042,9 +1045,10 @@ static int virSecurityDACRestoreImageLabel(virSecurityManager *mgr, virDomainDef *def, virStorageSource *src, + char *const *sharedFilesystems, virSecurityDomainImageLabelFlags flags G_G= NUC_UNUSED) { - return virSecurityDACRestoreImageLabelInt(mgr, def, src, false); + return virSecurityDACRestoreImageLabelInt(mgr, def, src, sharedFilesys= tems, false); } =20 =20 @@ -1886,6 +1890,7 @@ virSecurityDACRestoreSysinfoLabel(virSecurityManager = *mgr, static int virSecurityDACRestoreAllLabel(virSecurityManager *mgr, virDomainDef *def, + char *const *sharedFilesystems, bool migrated, bool chardevStdioLogd) { @@ -1911,6 +1916,7 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr, if (virSecurityDACRestoreImageLabelInt(mgr, def, def->disks[i]->src, + sharedFilesystems, migrated) < 0) rc =3D -1; } @@ -1967,7 +1973,7 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr, =20 if (def->os.loader && def->os.loader->nvram) { if (virSecurityDACRestoreImageLabelInt(mgr, def, def->os.loader->n= vram, - migrated) < 0) + sharedFilesystems, migrated= ) < 0) rc =3D -1; } =20 @@ -2109,6 +2115,7 @@ virSecurityDACSetSysinfoLabel(virSecurityManager *mgr, static int virSecurityDACSetAllLabel(virSecurityManager *mgr, virDomainDef *def, + char *const *sharedFilesystems, const char *incomingPath G_GNUC_UNUSED, bool chardevStdioLogd, bool migrated G_GNUC_UNUSED) @@ -2134,6 +2141,7 @@ virSecurityDACSetAllLabel(virSecurityManager *mgr, if (virDomainDiskGetType(def->disks[i]) =3D=3D VIR_STORAGE_TYPE_DI= R) continue; if (virSecurityDACSetImageLabel(mgr, def, def->disks[i]->src, + sharedFilesystems, VIR_SECURITY_DOMAIN_IMAGE_LABEL_BA= CKING_CHAIN | VIR_SECURITY_DOMAIN_IMAGE_PARENT_C= HAIN_TOP) < 0) return -1; @@ -2193,6 +2201,7 @@ virSecurityDACSetAllLabel(virSecurityManager *mgr, =20 if (def->os.loader && def->os.loader->nvram) { if (virSecurityDACSetImageLabel(mgr, def, def->os.loader->nvram, + sharedFilesystems, VIR_SECURITY_DOMAIN_IMAGE_LABEL_BA= CKING_CHAIN | VIR_SECURITY_DOMAIN_IMAGE_PARENT_C= HAIN_TOP) < 0) return -1; diff --git a/src/security/security_driver.h b/src/security/security_driver.h index aa1fb2125d..ea990d7210 100644 --- a/src/security/security_driver.h +++ b/src/security/security_driver.h @@ -81,11 +81,13 @@ typedef int (*virSecurityDomainReleaseLabel) (virSecuri= tyManager *mgr, virDomainDef *sec); typedef int (*virSecurityDomainSetAllLabel) (virSecurityManager *mgr, virDomainDef *sec, + char *const *sharedFilesystem= s, const char *incomingPath, bool chardevStdioLogd, bool migrated); typedef int (*virSecurityDomainRestoreAllLabel) (virSecurityManager *mgr, virDomainDef *def, + char *const *sharedFilesy= stems, bool migrated, bool chardevStdioLogd); typedef int (*virSecurityDomainGetProcessLabel) (virSecurityManager *mgr, @@ -115,10 +117,12 @@ typedef int (*virSecurityDomainSetHugepages) (virSecu= rityManager *mgr, typedef int (*virSecurityDomainSetImageLabel) (virSecurityManager *mgr, virDomainDef *def, virStorageSource *src, + char *const *sharedFilesyst= ems, virSecurityDomainImageLabel= Flags flags); typedef int (*virSecurityDomainRestoreImageLabel) (virSecurityManager *mgr, virDomainDef *def, virStorageSource *src, + char *const *sharedFile= systems, virSecurityDomainImageL= abelFlags flags); typedef int (*virSecurityDomainMoveImageMetadata) (virSecurityManager *mgr, pid_t pid, diff --git a/src/security/security_manager.c b/src/security/security_manage= r.c index 24f2f3d3dc..57de40ef65 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -404,6 +404,7 @@ virSecurityManagerGetPrivileged(virSecurityManager *mgr) * @mgr: security manager object * @vm: domain definition object * @src: disk source definition to operate on + * @sharedFilesystems: list of filesystem to consider shared * @flags: bitwise or of 'virSecurityDomainImageLabelFlags' * * Removes security label from @src according to @flags. @@ -414,6 +415,7 @@ int virSecurityManagerRestoreImageLabel(virSecurityManager *mgr, virDomainDef *vm, virStorageSource *src, + char *const *sharedFilesystems, virSecurityDomainImageLabelFlags flags) { VIR_LOCK_GUARD lock =3D virObjectLockGuard(mgr); @@ -423,7 +425,7 @@ virSecurityManagerRestoreImageLabel(virSecurityManager = *mgr, return -1; } =20 - return mgr->drv->domainRestoreSecurityImageLabel(mgr, vm, src, flags); + return mgr->drv->domainRestoreSecurityImageLabel(mgr, vm, src, sharedF= ilesystems, flags); } =20 =20 @@ -512,6 +514,7 @@ virSecurityManagerClearSocketLabel(virSecurityManager *= mgr, * @mgr: security manager object * @vm: domain definition object * @src: disk source definition to operate on + * @sharedFilesystems: list of filesystem to consider shared * @flags: bitwise or of 'virSecurityDomainImageLabelFlags' * * Labels a storage image with the configured security label according to = @flags. @@ -522,6 +525,7 @@ int virSecurityManagerSetImageLabel(virSecurityManager *mgr, virDomainDef *vm, virStorageSource *src, + char *const *sharedFilesystems, virSecurityDomainImageLabelFlags flags) { VIR_LOCK_GUARD lock =3D virObjectLockGuard(mgr); @@ -531,7 +535,8 @@ virSecurityManagerSetImageLabel(virSecurityManager *mgr, return -1; } =20 - return mgr->drv->domainSetSecurityImageLabel(mgr, vm, src, flags); + return mgr->drv->domainSetSecurityImageLabel(mgr, vm, src, + sharedFilesystems, flags); } =20 =20 @@ -817,6 +822,7 @@ int virSecurityManagerCheckAllLabel(virSecurityManager = *mgr, int virSecurityManagerSetAllLabel(virSecurityManager *mgr, virDomainDef *vm, + char *const *sharedFilesystems, const char *incomingPath, bool chardevStdioLogd, bool migrated) @@ -828,7 +834,8 @@ virSecurityManagerSetAllLabel(virSecurityManager *mgr, return -1; } =20 - return mgr->drv->domainSetSecurityAllLabel(mgr, vm, incomingPath, + return mgr->drv->domainSetSecurityAllLabel(mgr, vm, sharedFilesystems, + incomingPath, chardevStdioLogd, migrated); } =20 @@ -836,6 +843,7 @@ virSecurityManagerSetAllLabel(virSecurityManager *mgr, int virSecurityManagerRestoreAllLabel(virSecurityManager *mgr, virDomainDef *vm, + char *const *sharedFilesystems, bool migrated, bool chardevStdioLogd) { @@ -846,8 +854,8 @@ virSecurityManagerRestoreAllLabel(virSecurityManager *m= gr, return -1; } =20 - return mgr->drv->domainRestoreSecurityAllLabel(mgr, vm, migrated, - chardevStdioLogd); + return mgr->drv->domainRestoreSecurityAllLabel(mgr, vm, sharedFilesyst= ems, + migrated, chardevStdioL= ogd); } =20 int @@ -1355,7 +1363,7 @@ virSecurityManagerMetadataLock(virSecurityManager *mg= r G_GNUC_UNUSED, } #endif /* !WIN32 */ =20 - if (virFileIsSharedFS(p)) { + if (virFileIsSharedFS(p, NULL)) { /* Probably a root squashed NFS. */ continue; } diff --git a/src/security/security_manager.h b/src/security/security_manage= r.h index a416af3215..da2ab7f584 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -130,11 +130,13 @@ int virSecurityManagerCheckAllLabel(virSecurityManage= r *mgr, virDomainDef *sec); int virSecurityManagerSetAllLabel(virSecurityManager *mgr, virDomainDef *sec, + char *const *sharedFilesystems, const char *incomingPath, bool chardevStdioLogd, bool migrated); int virSecurityManagerRestoreAllLabel(virSecurityManager *mgr, virDomainDef *def, + char *const *sharedFilesystems, bool migrated, bool chardevStdioLogd); int virSecurityManagerGetProcessLabel(virSecurityManager *mgr, @@ -170,10 +172,12 @@ typedef enum { int virSecurityManagerSetImageLabel(virSecurityManager *mgr, virDomainDef *vm, virStorageSource *src, + char *const *sharedFilesystems, virSecurityDomainImageLabelFlags flags= ); int virSecurityManagerRestoreImageLabel(virSecurityManager *mgr, virDomainDef *vm, virStorageSource *src, + char *const *sharedFilesystems, virSecurityDomainImageLabelFlags f= lags); int virSecurityManagerMoveImageMetadata(virSecurityManager *mgr, pid_t pid, diff --git a/src/security/security_nop.c b/src/security/security_nop.c index 1413f43d57..f9c0d3cad1 100644 --- a/src/security/security_nop.c +++ b/src/security/security_nop.c @@ -117,6 +117,7 @@ virSecurityDomainReleaseLabelNop(virSecurityManager *mg= r G_GNUC_UNUSED, static int virSecurityDomainSetAllLabelNop(virSecurityManager *mgr G_GNUC_UNUSED, virDomainDef *sec G_GNUC_UNUSED, + char *const *sharedFilesystems G_GNUC_UNUS= ED, const char *incomingPath G_GNUC_UNUSED, bool chardevStdioLogd G_GNUC_UNUSED, bool migrated G_GNUC_UNUSED) @@ -127,6 +128,7 @@ virSecurityDomainSetAllLabelNop(virSecurityManager *mgr= G_GNUC_UNUSED, static int virSecurityDomainRestoreAllLabelNop(virSecurityManager *mgr G_GNUC_UNUSED, virDomainDef *vm G_GNUC_UNUSED, + char *const *sharedFilesystems G_GNUC_= UNUSED, bool migrated G_GNUC_UNUSED, bool chardevStdioLogd G_GNUC_UNUSED) { @@ -191,6 +193,7 @@ static int virSecurityDomainRestoreImageLabelNop(virSecurityManager *mgr G_GNUC_UNUSE= D, virDomainDef *def G_GNUC_UNUSED, virStorageSource *src G_GNUC_UNUSED, + char *const *sharedFilesystems G_GNU= C_UNUSED, virSecurityDomainImageLabelFlags fla= gs G_GNUC_UNUSED) { return 0; @@ -200,6 +203,7 @@ static int virSecurityDomainSetImageLabelNop(virSecurityManager *mgr G_GNUC_UNUSED, virDomainDef *def G_GNUC_UNUSED, virStorageSource *src G_GNUC_UNUSED, + char *const *sharedFilesystems G_GNUC_UN= USED, virSecurityDomainImageLabelFlags flags G= _GNUC_UNUSED) { return 0; diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index b49af26e49..a891ad5839 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1777,6 +1777,7 @@ static int virSecuritySELinuxRestoreImageLabelInt(virSecurityManager *mgr, virDomainDef *def, virStorageSource *src, + char *const *sharedFilesystems, bool migrated) { virSecurityLabelDef *seclabel; @@ -1833,7 +1834,7 @@ virSecuritySELinuxRestoreImageLabelInt(virSecurityMan= ager *mgr, if (!src->path) return 0; =20 - if ((rc =3D virFileIsSharedFS(src->path)) < 0) + if ((rc =3D virFileIsSharedFS(src->path, sharedFilesystems)) <= 0) return -1; } =20 @@ -1867,9 +1868,10 @@ static int virSecuritySELinuxRestoreImageLabel(virSecurityManager *mgr, virDomainDef *def, virStorageSource *src, + char *const *sharedFilesystems, virSecurityDomainImageLabelFlags flags= G_GNUC_UNUSED) { - return virSecuritySELinuxRestoreImageLabelInt(mgr, def, src, false); + return virSecuritySELinuxRestoreImageLabelInt(mgr, def, src, sharedFil= esystems, false); } =20 =20 @@ -1878,6 +1880,7 @@ virSecuritySELinuxSetImageLabelInternal(virSecurityMa= nager *mgr, virDomainDef *def, virStorageSource *src, virStorageSource *parent, + char *const *sharedFilesystems G_G= NUC_UNUSED, bool isChainTop) { virSecuritySELinuxData *data =3D virSecurityManagerGetPrivateData(mgr); @@ -1983,6 +1986,7 @@ static int virSecuritySELinuxSetImageLabel(virSecurityManager *mgr, virDomainDef *def, virStorageSource *src, + char *const *sharedFilesystems, virSecurityDomainImageLabelFlags flags) { virStorageSource *parent =3D src; @@ -1991,7 +1995,9 @@ virSecuritySELinuxSetImageLabel(virSecurityManager *m= gr, for (n =3D src; virStorageSourceIsBacking(n); n =3D n->backingStore) { const bool isChainTop =3D flags & VIR_SECURITY_DOMAIN_IMAGE_PARENT= _CHAIN_TOP; =20 - if (virSecuritySELinuxSetImageLabelInternal(mgr, def, n, parent, i= sChainTop) < 0) + if (virSecuritySELinuxSetImageLabelInternal(mgr, def, n, parent, + sharedFilesystems, + isChainTop) < 0) return -1; =20 if (!(flags & VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN)) @@ -2819,6 +2825,7 @@ virSecuritySELinuxRestoreSysinfoLabel(virSecurityMana= ger *mgr, static int virSecuritySELinuxRestoreAllLabel(virSecurityManager *mgr, virDomainDef *def, + char *const *sharedFilesystems, bool migrated, bool chardevStdioLogd) { @@ -2843,6 +2850,7 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager = *mgr, virDomainDiskDef *disk =3D def->disks[i]; =20 if (virSecuritySELinuxRestoreImageLabelInt(mgr, def, disk->src, + sharedFilesystems, migrated) < 0) rc =3D -1; } @@ -2889,6 +2897,7 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager = *mgr, =20 if (def->os.loader && def->os.loader->nvram) { if (virSecuritySELinuxRestoreImageLabelInt(mgr, def, def->os.loade= r->nvram, + sharedFilesystems, migrated) < 0) rc =3D -1; } @@ -3231,6 +3240,7 @@ virSecuritySELinuxSetSysinfoLabel(virSecurityManager = *mgr, static int virSecuritySELinuxSetAllLabel(virSecurityManager *mgr, virDomainDef *def, + char *const *sharedFilesystems, const char *incomingPath G_GNUC_UNUSED, bool chardevStdioLogd, bool migrated G_GNUC_UNUSED) @@ -3258,6 +3268,7 @@ virSecuritySELinuxSetAllLabel(virSecurityManager *mgr, continue; } if (virSecuritySELinuxSetImageLabel(mgr, def, def->disks[i]->src, + sharedFilesystems, VIR_SECURITY_DOMAIN_IMAGE_LABE= L_BACKING_CHAIN | VIR_SECURITY_DOMAIN_IMAGE_PARE= NT_CHAIN_TOP) < 0) return -1; @@ -3308,6 +3319,7 @@ virSecuritySELinuxSetAllLabel(virSecurityManager *mgr, =20 if (def->os.loader && def->os.loader->nvram) { if (virSecuritySELinuxSetImageLabel(mgr, def, def->os.loader->nvra= m, + sharedFilesystems, VIR_SECURITY_DOMAIN_IMAGE_LABE= L_BACKING_CHAIN | VIR_SECURITY_DOMAIN_IMAGE_PARE= NT_CHAIN_TOP) < 0) return -1; diff --git a/src/security/security_stack.c b/src/security/security_stack.c index 369b5dd3a6..dc52df0bff 100644 --- a/src/security/security_stack.c +++ b/src/security/security_stack.c @@ -338,6 +338,7 @@ virSecurityStackRestoreHostdevLabel(virSecurityManager = *mgr, static int virSecurityStackSetAllLabel(virSecurityManager *mgr, virDomainDef *vm, + char *const *sharedFilesystems, const char *incomingPath, bool chardevStdioLogd, bool migrated) @@ -347,8 +348,8 @@ virSecurityStackSetAllLabel(virSecurityManager *mgr, =20 for (; item; item =3D item->next) { if (virSecurityManagerSetAllLabel(item->securityManager, vm, - incomingPath, chardevStdioLogd, - migrated) < 0) + sharedFilesystems, incomingPath, + chardevStdioLogd, migrated) < 0) goto rollback; } =20 @@ -358,6 +359,7 @@ virSecurityStackSetAllLabel(virSecurityManager *mgr, for (item =3D item->prev; item; item =3D item->prev) { if (virSecurityManagerRestoreAllLabel(item->securityManager, vm, + sharedFilesystems, migrated, chardevStdioLogd) < 0) { VIR_WARN("Unable to restore all labels after failed set label = call " @@ -374,6 +376,7 @@ virSecurityStackSetAllLabel(virSecurityManager *mgr, static int virSecurityStackRestoreAllLabel(virSecurityManager *mgr, virDomainDef *vm, + char *const *sharedFilesystems, bool migrated, bool chardevStdioLogd) { @@ -383,6 +386,7 @@ virSecurityStackRestoreAllLabel(virSecurityManager *mgr, =20 for (; item; item =3D item->next) { if (virSecurityManagerRestoreAllLabel(item->securityManager, vm, + sharedFilesystems, migrated, chardevStdioLogd) = < 0) rc =3D -1; } @@ -640,6 +644,7 @@ static int virSecurityStackSetImageLabel(virSecurityManager *mgr, virDomainDef *vm, virStorageSource *src, + char *const *sharedFilesystems, virSecurityDomainImageLabelFlags flags) { virSecurityStackData *priv =3D virSecurityManagerGetPrivateData(mgr); @@ -647,7 +652,7 @@ virSecurityStackSetImageLabel(virSecurityManager *mgr, =20 for (; item; item =3D item->next) { if (virSecurityManagerSetImageLabel(item->securityManager, vm, src, - flags) < 0) + sharedFilesystems, flags) < 0) goto rollback; } =20 @@ -658,6 +663,7 @@ virSecurityStackSetImageLabel(virSecurityManager *mgr, if (virSecurityManagerRestoreImageLabel(item->securityManager, vm, src, + sharedFilesystems, flags) < 0) { VIR_WARN("Unable to restore image label after failed set label= " "call virDriver=3D%s driver=3D%s domain=3D%s src=3D%p= (path=3D%s) " @@ -674,6 +680,7 @@ static int virSecurityStackRestoreImageLabel(virSecurityManager *mgr, virDomainDef *vm, virStorageSource *src, + char *const *sharedFilesystems, virSecurityDomainImageLabelFlags flags) { virSecurityStackData *priv =3D virSecurityManagerGetPrivateData(mgr); @@ -682,7 +689,8 @@ virSecurityStackRestoreImageLabel(virSecurityManager *m= gr, =20 for (; item; item =3D item->next) { if (virSecurityManagerRestoreImageLabel(item->securityManager, - vm, src, flags) < 0) + vm, src, sharedFilesystems, + flags) < 0) rc =3D -1; } =20 diff --git a/src/util/virfile.c b/src/util/virfile.c index deaf4555fd..a6a7de9829 100644 --- a/src/util/virfile.c +++ b/src/util/virfile.c @@ -2598,7 +2598,7 @@ virFileOpenAs(const char *path, int openflags, mode_t= mode, =20 /* On Linux we can also verify the FS-type of the * directory. (this is a NOP on other platforms). */ - if (virFileIsSharedFS(path) <=3D 0) + if (virFileIsSharedFS(path, NULL) <=3D 0) goto error; } =20 @@ -3795,7 +3795,8 @@ virFileGetDefaultHugepage(virHugeTLBFS *fs, return NULL; } =20 -int virFileIsSharedFS(const char *path) +int virFileIsSharedFS(const char *path, + char *const *overrides G_GNUC_UNUSED) { return virFileIsSharedFSType(path, VIR_FILE_SHFS_NFS | diff --git a/src/util/virfile.h b/src/util/virfile.h index 56fe309bce..3fdd7f526c 100644 --- a/src/util/virfile.h +++ b/src/util/virfile.h @@ -235,7 +235,8 @@ enum { }; =20 int virFileIsSharedFSType(const char *path, unsigned int fstypes) ATTRIBUT= E_NONNULL(1); -int virFileIsSharedFS(const char *path) ATTRIBUTE_NONNULL(1); +int virFileIsSharedFS(const char *path, + char *const *overrides) ATTRIBUTE_NONNULL(1); int virFileIsClusterFS(const char *path) ATTRIBUTE_NONNULL(1); int virFileIsMountPoint(const char *file) ATTRIBUTE_NONNULL(1); int virFileIsCDROM(const char *path) diff --git a/tests/securityselinuxlabeltest.c b/tests/securityselinuxlabelt= est.c index 04bffe4356..f23772dcde 100644 --- a/tests/securityselinuxlabeltest.c +++ b/tests/securityselinuxlabeltest.c @@ -270,7 +270,7 @@ testSELinuxLabeling(const void *opaque) if (!(def =3D testSELinuxLoadDef(testname))) goto cleanup; =20 - if (virSecurityManagerSetAllLabel(mgr, def, NULL, false, false) < 0) + if (virSecurityManagerSetAllLabel(mgr, def, NULL, NULL, false, false) = < 0) goto cleanup; =20 if (testSELinuxCheckLabels(files, nfiles) < 0) diff --git a/tests/virfiletest.c b/tests/virfiletest.c index 9fbfc37e56..e05925a321 100644 --- a/tests/virfiletest.c +++ b/tests/virfiletest.c @@ -313,7 +313,7 @@ testFileIsSharedFSType(const void *opaque G_GNUC_UNUSED) goto cleanup; } =20 - actual =3D virFileIsSharedFS(data->filename); + actual =3D virFileIsSharedFS(data->filename, NULL); =20 if (actual !=3D data->expected) { fprintf(stderr, "Unexpected FS type. Expected %d got %d\n", --=20 2.44.0 _______________________________________________ Devel mailing list -- devel@lists.libvirt.org To unsubscribe send an email to devel-leave@lists.libvirt.org