From nobody Sun Feb 8 19:56:08 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1568625142; cv=none; d=zoho.com; s=zohoarc; b=nvNWrs8+6/l30kA7CyTA3r6WhoVsH/NthH2SyhIeGGvvBtuU9JLigdwKvQy1kbKk7ugrGQbZ0fC/sc3hd3723xHJncoL6q1S02jSdfNQggMXpOYM9ZQmEx9C1csJw1yhyelal7AQv8Th+viJKQM+xT7LzOySLzYyG22N4yWJB2s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1568625142; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=LtagmiUzQQr4X6mlfImkMeQOF9spYuxv4xppI7rcqJ8=; b=TnUKZNrJpqb5vbOtWAcRsMskdLznAHkaf657RBvzjGBMgN+I8Ywnut0UhQm/kZeBf1+u0w+YdIk0TXeqhNNNroqiR33Qmg55JARlTPM17SXq6EqKMtn5jh+Jbs+5rpkwyM5lz4wBwlUIKDeHKAYKxS+p1QPQs36PIc6cgyfeILg= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 156862514215651.23265629158607; Mon, 16 Sep 2019 02:12:22 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 17B52308FBB1; Mon, 16 Sep 2019 09:12:20 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DDEBB60BF3; Mon, 16 Sep 2019 09:12:19 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 89B2E4E58C; Mon, 16 Sep 2019 09:12:19 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x8G9CDVj015485 for ; Mon, 16 Sep 2019 05:12:13 -0400 Received: by smtp.corp.redhat.com (Postfix) id 92B9D5B69A; Mon, 16 Sep 2019 09:12:13 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id EA3D861559 for ; Mon, 16 Sep 2019 09:12:12 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Mon, 16 Sep 2019 11:12:04 +0200 Message-Id: <8767a56040bc80b223161e1a77bf08f63db59284.1568625088.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 1/5] security: Pass @migrated to virSecurityManagerSetAllLabel X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Mon, 16 Sep 2019 09:12:20 +0000 (UTC) Content-Type: text/plain; charset="utf-8" In upcoming commits, virSecurityManagerSetAllLabel() will perform rollback in case of failure by calling virSecurityManagerRestoreAllLabel(). But in order to do that, the former needs to have @migrated argument so that it can be passed to the latter. Signed-off-by: Michal Privoznik --- src/lxc/lxc_process.c | 2 +- src/qemu/qemu_process.c | 3 ++- src/qemu/qemu_security.c | 6 ++++-- src/qemu/qemu_security.h | 3 ++- src/security/security_apparmor.c | 3 ++- src/security/security_dac.c | 3 ++- src/security/security_driver.h | 3 ++- src/security/security_manager.c | 6 ++++-- src/security/security_manager.h | 3 ++- src/security/security_nop.c | 3 ++- src/security/security_selinux.c | 3 ++- src/security/security_stack.c | 6 ++++-- tests/qemusecuritytest.c | 2 +- tests/securityselinuxlabeltest.c | 2 +- 14 files changed, 31 insertions(+), 17 deletions(-) diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c index cbdc7b1268..65775424cb 100644 --- a/src/lxc/lxc_process.c +++ b/src/lxc/lxc_process.c @@ -1346,7 +1346,7 @@ int virLXCProcessStart(virConnectPtr conn, =20 VIR_DEBUG("Setting domain security labels"); if (virSecurityManagerSetAllLabel(driver->securityManager, - vm->def, NULL, false) < 0) + vm->def, NULL, false, false) < 0) goto cleanup; =20 VIR_DEBUG("Setting up consoles"); diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 955ba4de4c..4348a6dd36 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -6937,7 +6937,8 @@ qemuProcessLaunch(virConnectPtr conn, VIR_DEBUG("Setting domain security labels"); if (qemuSecuritySetAllLabel(driver, vm, - incoming ? incoming->path : NULL) < 0) + incoming ? incoming->path : NULL, + incoming !=3D NULL) < 0) goto cleanup; =20 /* Security manager labeled all devices, therefore diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c index 91dd34f0e7..f4e815e966 100644 --- a/src/qemu/qemu_security.c +++ b/src/qemu/qemu_security.c @@ -32,7 +32,8 @@ VIR_LOG_INIT("qemu.qemu_process"); int qemuSecuritySetAllLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, - const char *stdin_path) + const char *stdin_path, + bool migrated) { int ret =3D -1; qemuDomainObjPrivatePtr priv =3D vm->privateData; @@ -47,7 +48,8 @@ qemuSecuritySetAllLabel(virQEMUDriverPtr driver, if (virSecurityManagerSetAllLabel(driver->securityManager, vm->def, stdin_path, - priv->chardevStdioLogd) < 0) + priv->chardevStdioLogd, + migrated) < 0) goto cleanup; =20 if (virSecurityManagerTransactionCommit(driver->securityManager, diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h index 224a4d61c9..29908141ba 100644 --- a/src/qemu/qemu_security.h +++ b/src/qemu/qemu_security.h @@ -26,7 +26,8 @@ =20 int qemuSecuritySetAllLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, - const char *stdin_path); + const char *stdin_path, + bool migrated); =20 void qemuSecurityRestoreAllLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, diff --git a/src/security/security_apparmor.c b/src/security/security_appar= mor.c index 77eee9410c..699590ee00 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -488,7 +488,8 @@ static int AppArmorSetSecurityAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, const char *stdin_path, - bool chardevStdioLogd ATTRIBUTE_UNUSED) + bool chardevStdioLogd ATTRIBUTE_UNUSED, + bool migrated ATTRIBUTE_UNUSED) { virSecurityLabelDefPtr secdef =3D virDomainDefGetSecurityLabelDef(def, SECURITY_APPARMOR_NAME= ); diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 4b4afef18a..9e71513f14 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1983,7 +1983,8 @@ static int virSecurityDACSetAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, const char *stdin_path ATTRIBUTE_UNUSED, - bool chardevStdioLogd) + bool chardevStdioLogd, + bool migrated ATTRIBUTE_UNUSED) { virSecurityDACDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); virSecurityLabelDefPtr secdef; diff --git a/src/security/security_driver.h b/src/security/security_driver.h index b4ffed29ec..3353955813 100644 --- a/src/security/security_driver.h +++ b/src/security/security_driver.h @@ -83,7 +83,8 @@ typedef int (*virSecurityDomainReleaseLabel) (virSecurity= ManagerPtr mgr, typedef int (*virSecurityDomainSetAllLabel) (virSecurityManagerPtr mgr, virDomainDefPtr sec, const char *stdin_path, - bool chardevStdioLogd); + bool chardevStdioLogd, + bool migrated); typedef int (*virSecurityDomainRestoreAllLabel) (virSecurityManagerPtr mgr, virDomainDefPtr def, bool migrated, diff --git a/src/security/security_manager.c b/src/security/security_manage= r.c index 7c905f0785..a04d2d848d 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -852,13 +852,15 @@ int virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, const char *stdin_path, - bool chardevStdioLogd) + bool chardevStdioLogd, + bool migrated) { if (mgr->drv->domainSetSecurityAllLabel) { int ret; virObjectLock(mgr); ret =3D mgr->drv->domainSetSecurityAllLabel(mgr, vm, stdin_path, - chardevStdioLogd); + chardevStdioLogd, + migrated); virObjectUnlock(mgr); return ret; } diff --git a/src/security/security_manager.h b/src/security/security_manage= r.h index 0d2375b263..1d4928fae3 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -121,7 +121,8 @@ int virSecurityManagerCheckAllLabel(virSecurityManagerP= tr mgr, int virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr sec, const char *stdin_path, - bool chardevStdioLogd); + bool chardevStdioLogd, + bool migrated); int virSecurityManagerRestoreAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, bool migrated, diff --git a/src/security/security_nop.c b/src/security/security_nop.c index 966b9d41a1..96cdac03d8 100644 --- a/src/security/security_nop.c +++ b/src/security/security_nop.c @@ -136,7 +136,8 @@ static int virSecurityDomainSetAllLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virDomainDefPtr sec ATTRIBUTE_UNUSED, const char *stdin_path ATTRIBUTE_UNUSED, - bool chardevStdioLogd ATTRIBUTE_UNUSED) + bool chardevStdioLogd ATTRIBUTE_UNUSED, + bool migrated ATTRIBUTE_UNUSED) { return 0; } diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index e879fa39ab..df0523abeb 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -3104,7 +3104,8 @@ static int virSecuritySELinuxSetAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, const char *stdin_path, - bool chardevStdioLogd) + bool chardevStdioLogd, + bool migrated ATTRIBUTE_UNUSED) { size_t i; virSecuritySELinuxDataPtr data =3D virSecurityManagerGetPrivateData(mg= r); diff --git a/src/security/security_stack.c b/src/security/security_stack.c index d445c0773e..dd055075cb 100644 --- a/src/security/security_stack.c +++ b/src/security/security_stack.c @@ -316,7 +316,8 @@ static int virSecurityStackSetAllLabel(virSecurityManagerPtr mgr, virDomainDefPtr vm, const char *stdin_path, - bool chardevStdioLogd) + bool chardevStdioLogd, + bool migrated) { virSecurityStackDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); virSecurityStackItemPtr item =3D priv->itemsHead; @@ -324,7 +325,8 @@ virSecurityStackSetAllLabel(virSecurityManagerPtr mgr, =20 for (; item; item =3D item->next) { if (virSecurityManagerSetAllLabel(item->securityManager, vm, - stdin_path, chardevStdioLogd) < = 0) + stdin_path, chardevStdioLogd, + migrated) < 0) rc =3D -1; } =20 diff --git a/tests/qemusecuritytest.c b/tests/qemusecuritytest.c index 2d88979168..9efc15c105 100644 --- a/tests/qemusecuritytest.c +++ b/tests/qemusecuritytest.c @@ -116,7 +116,7 @@ testDomain(const void *opaque) if (setenv(ENVVAR, "1", 0) < 0) return -1; =20 - if (qemuSecuritySetAllLabel(data->driver, vm, NULL) < 0) + if (qemuSecuritySetAllLabel(data->driver, vm, NULL, false) < 0) goto cleanup; =20 qemuSecurityRestoreAllLabel(data->driver, vm, false); diff --git a/tests/securityselinuxlabeltest.c b/tests/securityselinuxlabelt= est.c index 8c3cb29c41..6f9b5c0e70 100644 --- a/tests/securityselinuxlabeltest.c +++ b/tests/securityselinuxlabeltest.c @@ -310,7 +310,7 @@ testSELinuxLabeling(const void *opaque) if (!(def =3D testSELinuxLoadDef(testname))) goto cleanup; =20 - if (virSecurityManagerSetAllLabel(mgr, def, NULL, false) < 0) + if (virSecurityManagerSetAllLabel(mgr, def, NULL, false, false) < 0) goto cleanup; =20 if (testSELinuxCheckLabels(files, nfiles) < 0) --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list