From nobody Fri Dec 19 22:07:04 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1548259888541135.4534008183217; Wed, 23 Jan 2019 08:11:28 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D65A87F7B5; Wed, 23 Jan 2019 16:11:25 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8EAE56714B; Wed, 23 Jan 2019 16:11:25 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3044C3F607; Wed, 23 Jan 2019 16:11:25 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x0NGBJCO014068 for ; Wed, 23 Jan 2019 11:11:19 -0500 Received: by smtp.corp.redhat.com (Postfix) id 8FF5E5D739; Wed, 23 Jan 2019 16:11:19 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.229]) by smtp.corp.redhat.com (Postfix) with ESMTP id 154EE5D6A6 for ; Wed, 23 Jan 2019 16:11:18 +0000 (UTC) From: Peter Krempa To: libvir-list@redhat.com Date: Wed, 23 Jan 2019 17:11:02 +0100 Message-Id: <74baa3acb5f05cfae8bed970143dd3dc34b51836.1548259711.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 07/11] security: Remove disk labelling functions and fix callers X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Wed, 23 Jan 2019 16:11:26 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Now that we have replacement in the form of the image labelling function we can drop the unnecessary functions by replacing all callers. Signed-off-by: Peter Krempa Reviewed-by: John Ferlan --- src/libvirt_private.syms | 2 -- src/lxc/lxc_controller.c | 3 +- src/lxc/lxc_driver.c | 4 +-- src/security/security_manager.c | 58 --------------------------------- src/security/security_manager.h | 6 ---- 5 files changed, 4 insertions(+), 69 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index c3d6306809..599b97569a 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1354,7 +1354,6 @@ virSecurityManagerReleaseLabel; virSecurityManagerReserveLabel; virSecurityManagerRestoreAllLabel; virSecurityManagerRestoreChardevLabel; -virSecurityManagerRestoreDiskLabel; virSecurityManagerRestoreHostdevLabel; virSecurityManagerRestoreImageLabel; virSecurityManagerRestoreInputLabel; @@ -1365,7 +1364,6 @@ virSecurityManagerSetAllLabel; virSecurityManagerSetChardevLabel; virSecurityManagerSetChildProcessLabel; virSecurityManagerSetDaemonSocketLabel; -virSecurityManagerSetDiskLabel; virSecurityManagerSetHostdevLabel; virSecurityManagerSetImageFDLabel; virSecurityManagerSetImageLabel; diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index 2bec8846aa..790ff65b0e 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -1932,7 +1932,8 @@ static int virLXCControllerSetupDisk(virLXCController= Ptr ctrl, /* Labelling normally operates on src, but we need * to actually label the dst here, so hack the config */ def->src->path =3D dst; - if (virSecurityManagerSetDiskLabel(securityDriver, ctrl->def, def) < 0) + if (virSecurityManagerSetImageLabel(securityDriver, ctrl->def, + def->src, true) < 0) goto cleanup; ret =3D 0; diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index df15a0da50..f03c6af691 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -3636,8 +3636,8 @@ lxcDomainAttachDeviceMknodHelper(pid_t pid ATTRIBUTE_= UNUSED, virDomainDiskDefPtr def =3D data->def->data.disk; char *tmpsrc =3D def->src->path; def->src->path =3D data->file; - if (virSecurityManagerSetDiskLabel(data->driver->securityManager, - data->vm->def, def) < 0) { + if (virSecurityManagerSetImageLabel(data->driver->securityManager, + data->vm->def, def->src, true)= < 0) { def->src->path =3D tmpsrc; goto cleanup; } diff --git a/src/security/security_manager.c b/src/security/security_manage= r.c index 5493f0f66b..72081ac586 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -402,35 +402,6 @@ virSecurityManagerGetPrivileged(virSecurityManagerPtr = mgr) } -/** - * virSecurityManagerRestoreDiskLabel: - * @mgr: security manager object - * @vm: domain definition object - * @disk: disk definition to operate on - * - * Removes security label from the source image of the disk. Note that this - * function doesn't restore labels on backing chain elements of @disk. - * - * Returns: 0 on success, -1 on error. - */ -int -virSecurityManagerRestoreDiskLabel(virSecurityManagerPtr mgr, - virDomainDefPtr vm, - virDomainDiskDefPtr disk) -{ - if (mgr->drv->domainRestoreSecurityImageLabel) { - int ret; - virObjectLock(mgr); - ret =3D mgr->drv->domainRestoreSecurityImageLabel(mgr, vm, disk->s= rc, true); - virObjectUnlock(mgr); - return ret; - } - - virReportUnsupportedError(); - return -1; -} - - /** * virSecurityManagerRestoreImageLabel: * @mgr: security manager object @@ -512,35 +483,6 @@ virSecurityManagerClearSocketLabel(virSecurityManagerP= tr mgr, } -/** - * virSecurityManagerSetDiskLabel: - * @mgr: security manager object - * @vm: domain definition object - * @disk: disk definition to operate on - * - * Labels the disk image and all images in the backing chain with the conf= igured - * security label. - * - * Returns: 0 on success, -1 on error. - */ -int -virSecurityManagerSetDiskLabel(virSecurityManagerPtr mgr, - virDomainDefPtr vm, - virDomainDiskDefPtr disk) -{ - if (mgr->drv->domainSetSecurityImageLabel) { - int ret; - virObjectLock(mgr); - ret =3D mgr->drv->domainSetSecurityImageLabel(mgr, vm, disk->src, = true); - virObjectUnlock(mgr); - return ret; - } - - virReportUnsupportedError(); - return -1; -} - - /** * virSecurityManagerSetImageLabel: * @mgr: security manager object diff --git a/src/security/security_manager.h b/src/security/security_manage= r.h index 0207113b14..8e1fb3b3c9 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -90,18 +90,12 @@ bool virSecurityManagerGetDefaultConfined(virSecurityMa= nagerPtr mgr); bool virSecurityManagerGetRequireConfined(virSecurityManagerPtr mgr); bool virSecurityManagerGetPrivileged(virSecurityManagerPtr mgr); -int virSecurityManagerRestoreDiskLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainDiskDefPtr disk); int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm); int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr, virDomainDefPtr def); int virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr, virDomainDefPtr def); -int virSecurityManagerSetDiskLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - virDomainDiskDefPtr disk); int virSecurityManagerRestoreHostdevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, virDomainHostdevDefPtr dev, --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list