A simple helper function that would be used from DAC and SELinux
drivers.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
---
 src/security/security_util.c | 63 ++++++++++++++++++++++++++++++++++++
 src/security/security_util.h |  5 +++
 2 files changed, 68 insertions(+)

diff --git a/src/security/security_util.c b/src/security/security_util.c
index 3c24d7cded..ad265b0bc5 100644
--- a/src/security/security_util.c
+++ b/src/security/security_util.c
@@ -256,3 +256,66 @@ virSecuritySetRememberedLabel(const char *name,
     VIR_FREE(ref_name);
     return ret;
 }
+
+
+int
+virSecurityMoveRememberedLabel(const char *name,
+                               const char *src,
+                               const char *dst)
+{
+    VIR_AUTOFREE(char *) ref_name = NULL;
+    VIR_AUTOFREE(char *) ref_value = NULL;
+    VIR_AUTOFREE(char *) attr_name = NULL;
+    VIR_AUTOFREE(char *) attr_value = NULL;
+
+    if (!(ref_name = virSecurityGetRefCountAttrName(name)) |
+        !(attr_name = virSecurityGetAttrName(name)))
+        return -1;
+
+    if (virFileGetXAttrQuiet(src, ref_name, &ref_value) < 0) {
+        if (errno == ENOSYS || errno == ENOTSUP) {
+            return -2;
+        } else if (errno != ENODATA) {
+            virReportSystemError(errno,
+                                 _("Unable to get XATTR %s on %s"),
+                                 ref_name, src);
+            return -1;
+        }
+    }
+
+    if (virFileGetXAttrQuiet(src, attr_name, &attr_value) < 0) {
+        if (errno == ENOSYS || errno == ENOTSUP) {
+            return -2;
+        } else if (errno != ENODATA) {
+            virReportSystemError(errno,
+                                 _("Unable to get XATTR %s on %s"),
+                                 attr_name, src);
+            return -1;
+        }
+    }
+
+    if (ref_value &&
+        virFileRemoveXAttr(src, ref_name) < 0) {
+        return -1;
+    }
+
+    if (attr_value &&
+        virFileRemoveXAttr(src, attr_name) < 0) {
+        return -1;
+    }
+
+    if (dst) {
+        if (ref_value &&
+            virFileSetXAttr(dst, ref_name, ref_value) < 0) {
+            return -1;
+        }
+
+        if (attr_value &&
+            virFileSetXAttr(dst, attr_name, attr_value) < 0) {
+            ignore_value(virFileRemoveXAttr(dst, ref_name));
+            return -1;
+        }
+    }
+
+    return 0;
+}
diff --git a/src/security/security_util.h b/src/security/security_util.h
index bc977ed65d..f727e2e3e5 100644
--- a/src/security/security_util.h
+++ b/src/security/security_util.h
@@ -29,4 +29,9 @@ virSecuritySetRememberedLabel(const char *name,
                               const char *path,
                               const char *label);
 
+int
+virSecurityMoveRememberedLabel(const char *name,
+                               const char *src,
+                               const char *dst);
+
 #endif /* LIBVIRT_SECURITY_UTIL_H */
-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

On Thu, Apr 25, 2019 at 10:19:56AM +0200, Michal Privoznik wrote:
> A simple helper function that would be used from DAC and SELinux
> drivers.
> 
> Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
> Reviewed-by: Cole Robinson <crobinso@redhat.com>
> ---
>  src/security/security_util.c | 63 ++++++++++++++++++++++++++++++++++++
>  src/security/security_util.h |  5 +++
>  2 files changed, 68 insertions(+)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list