qemu: Labelling cleanup and fix labelling for block copy pivot (blockdev-add saga)

[libvirt] [PATCH 05/11] qemu: security: Add 'backingChain' flag to qemuSecurity[Set|Restore]ImageLabel

Posted by Peter Krempa 6 years, 10 months ago

Allow callers use the new flag.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
 src/qemu/qemu_domain.c   |  4 ++--
 src/qemu/qemu_security.c | 10 ++++++----
 src/qemu/qemu_security.h |  6 ++++--
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 9ec30099a1..2853337316 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -9122,7 +9122,7 @@ qemuDomainDiskChainElementRevoke(virQEMUDriverPtr driver,
         VIR_WARN("Failed to teardown cgroup for disk path %s",
                  NULLSTR(elem->path));

-    if (qemuSecurityRestoreImageLabel(driver, vm, elem) < 0)
+    if (qemuSecurityRestoreImageLabel(driver, vm, elem, false) < 0)
         VIR_WARN("Unable to restore security label on %s", NULLSTR(elem->path));

     if (qemuDomainNamespaceTeardownDisk(vm, elem) < 0)
@@ -9173,7 +9173,7 @@ qemuDomainDiskChainElementPrepare(virQEMUDriverPtr driver,
     if (qemuSetupImageCgroup(vm, elem) < 0)
         goto cleanup;

-    if (qemuSecuritySetImageLabel(driver, vm, elem) < 0)
+    if (qemuSecuritySetImageLabel(driver, vm, elem, false) < 0)
         goto cleanup;

     ret = 0;
diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index 4940195216..fed15e90e9 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -157,7 +157,8 @@ qemuSecurityRestoreDiskLabel(virQEMUDriverPtr driver,
 int
 qemuSecuritySetImageLabel(virQEMUDriverPtr driver,
                           virDomainObjPtr vm,
-                          virStorageSourcePtr src)
+                          virStorageSourcePtr src,
+                          bool backingChain)
 {
     qemuDomainObjPrivatePtr priv = vm->privateData;
     pid_t pid = -1;
@@ -170,7 +171,7 @@ qemuSecuritySetImageLabel(virQEMUDriverPtr driver,
         goto cleanup;

     if (virSecurityManagerSetImageLabel(driver->securityManager,
-                                        vm->def, src, false) < 0)
+                                        vm->def, src, backingChain) < 0)
         goto cleanup;

     if (virSecurityManagerTransactionCommit(driver->securityManager,
@@ -187,7 +188,8 @@ qemuSecuritySetImageLabel(virQEMUDriverPtr driver,
 int
 qemuSecurityRestoreImageLabel(virQEMUDriverPtr driver,
                               virDomainObjPtr vm,
-                              virStorageSourcePtr src)
+                              virStorageSourcePtr src,
+                              bool backingChain)
 {
     qemuDomainObjPrivatePtr priv = vm->privateData;
     pid_t pid = -1;
@@ -200,7 +202,7 @@ qemuSecurityRestoreImageLabel(virQEMUDriverPtr driver,
         goto cleanup;

     if (virSecurityManagerRestoreImageLabel(driver->securityManager,
-                                            vm->def, src, false) < 0)
+                                            vm->def, src, backingChain) < 0)
         goto cleanup;

     if (virSecurityManagerTransactionCommit(driver->securityManager,
diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
index 5b4fe6eb8f..2a916f5169 100644
--- a/src/qemu/qemu_security.h
+++ b/src/qemu/qemu_security.h
@@ -44,11 +44,13 @@ int qemuSecurityRestoreDiskLabel(virQEMUDriverPtr driver,

 int qemuSecuritySetImageLabel(virQEMUDriverPtr driver,
                               virDomainObjPtr vm,
-                              virStorageSourcePtr src);
+                              virStorageSourcePtr src,
+                              bool backingChain);

 int qemuSecurityRestoreImageLabel(virQEMUDriverPtr driver,
                                   virDomainObjPtr vm,
-                                  virStorageSourcePtr src);
+                                  virStorageSourcePtr src,
+                                  bool backingChain);

 int qemuSecuritySetHostdevLabel(virQEMUDriverPtr driver,
                                 virDomainObjPtr vm,
-- 
2.20.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 05/11] qemu: security: Add 'backingChain' flag to qemuSecurity[Set|Restore]ImageLabel

Posted by John Ferlan 6 years, 10 months ago


On 1/23/19 11:11 AM, Peter Krempa wrote:
> Allow callers use the new flag.
> 
> Signed-off-by: Peter Krempa <pkrempa@redhat.com>
> ---
>  src/qemu/qemu_domain.c   |  4 ++--
>  src/qemu/qemu_security.c | 10 ++++++----
>  src/qemu/qemu_security.h |  6 ++++--
>  3 files changed, 12 insertions(+), 8 deletions(-)
> 

Assuming previous comment/adjustment request to use int instead of
flag.... The "false"'s change to 0 and 'bool backingChain' to unsigned
int flags...

Reviewed-by: John Ferlan <jferlan@redhat.com>

John

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 05/11] qemu: security: Add 'backingChain' flag to qemuSecurity[Set|Restore]ImageLabel

Posted by Peter Krempa 6 years, 10 months ago

On Mon, Jan 28, 2019 at 09:27:51 -0500, John Ferlan wrote:
> 
> 
> On 1/23/19 11:11 AM, Peter Krempa wrote:
> > Allow callers use the new flag.
> > 
> > Signed-off-by: Peter Krempa <pkrempa@redhat.com>
> > ---
> >  src/qemu/qemu_domain.c   |  4 ++--
> >  src/qemu/qemu_security.c | 10 ++++++----
> >  src/qemu/qemu_security.h |  6 ++++--
> >  3 files changed, 12 insertions(+), 8 deletions(-)
> > 
> 
> Assuming previous comment/adjustment request to use int instead of
> flag.... The "false"'s change to 0 and 'bool backingChain' to unsigned
> int flags...

Passing in the flags of the security driver at this level would be weird.
At this point I'll keep the flag in the function header and convert it
to the appropriate flags.

I don't really see a point in adding yet another set of flags for the
qemu_security stuff.
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list