From nobody Fri Dec 19 18:47:34 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1548259892136241.40375675463736; Wed, 23 Jan 2019 08:11:32 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A02143E2A4; Wed, 23 Jan 2019 16:11:29 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 508D8104C53E; Wed, 23 Jan 2019 16:11:29 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 02BBD18033A0; Wed, 23 Jan 2019 16:11:29 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x0NGBIvM014055 for ; Wed, 23 Jan 2019 11:11:18 -0500 Received: by smtp.corp.redhat.com (Postfix) id BB71D5D739; Wed, 23 Jan 2019 16:11:18 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.229]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4256D5D6A6 for ; Wed, 23 Jan 2019 16:11:18 +0000 (UTC) From: Peter Krempa To: libvir-list@redhat.com Date: Wed, 23 Jan 2019 17:11:01 +0100 Message-Id: <9b56b79fa24e57c5c35da667540c86684bc56122.1548259711.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 06/11] qemu: security: Replace and remove qemuSecurity[Set|Restore]DiskLabel X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Wed, 23 Jan 2019 16:11:30 +0000 (UTC) Content-Type: text/plain; charset="utf-8" The same can be achieved by using qemuSecurity[Set|Restore]ImageLabel. Signed-off-by: Peter Krempa Reviewed-by: John Ferlan --- src/qemu/qemu_driver.c | 2 +- src/qemu/qemu_hotplug.c | 4 +-- src/qemu/qemu_security.c | 62 ---------------------------------------- src/qemu/qemu_security.h | 8 ------ 4 files changed, 3 insertions(+), 73 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index fbc2a20915..025acec6af 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -17190,7 +17190,7 @@ qemuDomainBlockPivot(virQEMUDriverPtr driver, disk->mirror->format !=3D VIR_STORAGE_FILE_RAW && (qemuDomainNamespaceSetupDisk(vm, disk->src) < 0 || qemuSetupImageChainCgroup(vm, disk->src) < 0 || - qemuSecuritySetDiskLabel(driver, vm, disk) < 0)) + qemuSecuritySetImageLabel(driver, vm, disk->src, true) < 0)) goto cleanup; disk->src =3D oldsrc; diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 000102ac3f..015f1837ab 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -113,7 +113,7 @@ qemuHotplugPrepareDiskAccess(virQEMUDriverPtr driver, if (qemuDomainNamespaceSetupDisk(vm, disk->src) < 0) goto rollback_lock; - if (qemuSecuritySetDiskLabel(driver, vm, disk) < 0) + if (qemuSecuritySetImageLabel(driver, vm, disk->src, true) < 0) goto rollback_namespace; if (qemuSetupImageChainCgroup(vm, disk->src) < 0) @@ -127,7 +127,7 @@ qemuHotplugPrepareDiskAccess(virQEMUDriverPtr driver, VIR_WARN("Unable to tear down cgroup access on %s", NULLSTR(virDomainDiskGetSource(disk))); rollback_label: - if (qemuSecurityRestoreDiskLabel(driver, vm, disk) < 0) + if (qemuSecurityRestoreImageLabel(driver, vm, disk->src, true) < 0) VIR_WARN("Unable to restore security label on %s", NULLSTR(virDomainDiskGetSource(disk))); diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c index fed15e90e9..c15ca24f21 100644 --- a/src/qemu/qemu_security.c +++ b/src/qemu/qemu_security.c @@ -92,68 +92,6 @@ qemuSecurityRestoreAllLabel(virQEMUDriverPtr driver, } -int -qemuSecuritySetDiskLabel(virQEMUDriverPtr driver, - virDomainObjPtr vm, - virDomainDiskDefPtr disk) -{ - qemuDomainObjPrivatePtr priv =3D vm->privateData; - pid_t pid =3D -1; - int ret =3D -1; - - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) - pid =3D vm->pid; - - if (virSecurityManagerTransactionStart(driver->securityManager) < 0) - goto cleanup; - - if (virSecurityManagerSetDiskLabel(driver->securityManager, - vm->def, - disk) < 0) - goto cleanup; - - if (virSecurityManagerTransactionCommit(driver->securityManager, - pid, priv->rememberOwner) < 0) - goto cleanup; - - ret =3D 0; - cleanup: - virSecurityManagerTransactionAbort(driver->securityManager); - return ret; -} - - -int -qemuSecurityRestoreDiskLabel(virQEMUDriverPtr driver, - virDomainObjPtr vm, - virDomainDiskDefPtr disk) -{ - qemuDomainObjPrivatePtr priv =3D vm->privateData; - pid_t pid =3D -1; - int ret =3D -1; - - if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) - pid =3D vm->pid; - - if (virSecurityManagerTransactionStart(driver->securityManager) < 0) - goto cleanup; - - if (virSecurityManagerRestoreDiskLabel(driver->securityManager, - vm->def, - disk) < 0) - goto cleanup; - - if (virSecurityManagerTransactionCommit(driver->securityManager, - pid, priv->rememberOwner) < 0) - goto cleanup; - - ret =3D 0; - cleanup: - virSecurityManagerTransactionAbort(driver->securityManager); - return ret; -} - - int qemuSecuritySetImageLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h index 2a916f5169..546a66f284 100644 --- a/src/qemu/qemu_security.h +++ b/src/qemu/qemu_security.h @@ -34,14 +34,6 @@ void qemuSecurityRestoreAllLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, bool migrated); -int qemuSecuritySetDiskLabel(virQEMUDriverPtr driver, - virDomainObjPtr vm, - virDomainDiskDefPtr disk); - -int qemuSecurityRestoreDiskLabel(virQEMUDriverPtr driver, - virDomainObjPtr vm, - virDomainDiskDefPtr disk); - int qemuSecuritySetImageLabel(virQEMUDriverPtr driver, virDomainObjPtr vm, virStorageSourcePtr src, --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list