From nobody Wed May  8 06:26:20 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 205.139.110.61 as permitted sender) client-ip=205.139.110.61;
 envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1592393773; cv=none;
	d=zohomail.com; s=zohoarc;
	b=RBD1SkOjYoEsREQjQds+9Yjjkkv57HnOAYe0SXBcTuRg+FfGs7PpMkOuo+7ei6CuT/kBvZ2FT6L6TPEvU/HrPy558VapFCcap33m0Jao05J3nQpWWIIo5yByws636tZmZKj/jD3mWpkd+K3qd+Li2Ja0lGuC2GpQaSA5tkKFEz8=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1592393773;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=J2zcRSumDWZrvPwcFJGvT+BO0Hi8PnBq28JC8ybAiPs=;
	b=fZwOTSM1IN4z66tUGCdLRvl3nTua0PRFlP2HNWlpxloudu3Fac8iq+GBnOk7ni1bMj2F3nH9OIsjUD2TixeEdZWc23eSJrN7mO4zNulg2xKmNBUYMWUKmTiN9u/ldHwj7v+5arP9H5hDgiMWSIx74zuScTjkxpUEkHcNFYYH/7Q=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mprivozn@redhat.com> (p=none dis=none)
 header.from=<mprivozn@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com
 [205.139.110.61]) by mx.zohomail.com
	with SMTPS id 15923937731541009.5420122832784;
 Wed, 17 Jun 2020 04:36:13 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-12-eRGCZ9ROMauM46cnMoXT-Q-1; Wed, 17 Jun 2020 07:36:09 -0400
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id F13968730E8;
	Wed, 17 Jun 2020 11:36:02 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id D29377CAA7;
	Wed, 17 Jun 2020 11:36:02 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 998671806B0B;
	Wed, 17 Jun 2020 11:36:02 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 05HBZkBa006725 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 17 Jun 2020 07:35:46 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id CC2AD7BA1A; Wed, 17 Jun 2020 11:35:46 +0000 (UTC)
Received: from localhost.localdomain (unknown [10.40.194.160])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 4D7867BA19
	for <libvir-list@redhat.com>; Wed, 17 Jun 2020 11:35:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1592393771;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=J2zcRSumDWZrvPwcFJGvT+BO0Hi8PnBq28JC8ybAiPs=;
	b=eIv+aWjCSWtNJLl1wTGHmvV9jVRFzaAKNcjoqFSWnTFj5fUNri4AVfBLeX7qxo8vk91uA3
	w2JjR6ZciR+d49FB1mSBYoREzrJY8eYsfnMJsGQBcxjasofP5PMG+rECPdm21YMN5I2eki
	0nSILRhaLVf78KO5xFqhpuYchyJeNqI=
X-MC-Unique: eRGCZ9ROMauM46cnMoXT-Q-1
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH 1/6] qemu: Use qemuSecurityDomainSetPathLabel() to set
	seclabes on not saved state files
Date: Wed, 17 Jun 2020 13:35:35 +0200
Message-Id: 
 <e3ab63d4d0cc90be2b11ea9bb981bcfd1d7c379e.1592393425.git.mprivozn@redhat.com>
In-Reply-To: <cover.1592393425.git.mprivozn@redhat.com>
References: <cover.1592393425.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
Content-Type: text/plain; charset="utf-8"

There are two places within qemu driver that misuse
qemuSecuritySetSavedStateLabel() to set seclabels on tempfiles
that are not state files: qemuDomainScreenshot() and
qemuDomainMemoryPeek(). They are doing so because of lack of
qemuSecurityDomainSetPathLabel() at the time of their
introduction.

In all three secdrivers (well, four if you count NOP driver) the
implementation of .domainSetSavedStateLabel and
.domainSetPathLabel callbacks is the same anyway.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
---
 src/qemu/qemu_driver.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index e482d08f3a..3fad440272 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -4064,7 +4064,7 @@ qemuDomainScreenshot(virDomainPtr dom,
     }
     unlink_tmp =3D true;
=20
-    qemuSecuritySetSavedStateLabel(driver, vm, tmp);
+    qemuSecurityDomainSetPathLabel(driver, vm, tmp, false);
=20
     qemuDomainObjEnterMonitor(driver, vm);
     if (qemuMonitorScreendump(priv->mon, videoAlias, screen, tmp) < 0) {
@@ -11666,7 +11666,7 @@ qemuDomainMemoryPeek(virDomainPtr dom,
         goto endjob;
     }
=20
-    qemuSecuritySetSavedStateLabel(driver, vm, tmp);
+    qemuSecurityDomainSetPathLabel(driver, vm, tmp, false);
=20
     priv =3D vm->privateData;
     qemuDomainObjEnterMonitor(driver, vm);
--=20
2.26.2

From nobody Wed May  8 06:26:20 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 205.139.110.120 as permitted sender) client-ip=205.139.110.120;
 envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1592393761; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Uhn2HZo4Z8OhKQCzuyELwCrYTXSraTZX64LxuBCIEHPSONig6nJaxjYuweDm4+4APTvr324qs2Io8cH+uTRd4bdjvOh/tWbR4OxAoFoGZwDT1Z3MVvKKi48eLpmjiRHeY9XDpSy7c0QIkg3ZaWwrdHvYnb7XKYvuCyw8hFqZ3Ks=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1592393761;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=wlO8Vq5eSBkl8XoPJ1ryPCbAQTZsIsGNSOAeoEz41IE=;
	b=fDfg4lFOKjDKiCoF1LwgbzA0OJjKek87GTQtd9HrmzCTw1nmlsjMoSHCmGvAmebS6+Mh9FcdGiuw0Dz5dGXCd5sXW3ZMAeCOVDt/ZboKAJNJf/usmDK/AUvELIAryZx8KG2AbSYNFwNKlaq8K9rq2i8TIlndlIIrDkNmt3iykQE=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mprivozn@redhat.com> (p=none dis=none)
 header.from=<mprivozn@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
 [205.139.110.120]) by mx.zohomail.com
	with SMTPS id 1592393761402784.6515550271074;
 Wed, 17 Jun 2020 04:36:01 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-254-sXWrbCmkPP6lFIaANknrBQ-1; Wed, 17 Jun 2020 07:35:57 -0400
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 11C608035D2;
	Wed, 17 Jun 2020 11:35:52 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 8214D19C79;
	Wed, 17 Jun 2020 11:35:51 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id EF324180954D;
	Wed, 17 Jun 2020 11:35:48 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 05HBZlBc006736 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 17 Jun 2020 07:35:47 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id AC7FB80885; Wed, 17 Jun 2020 11:35:47 +0000 (UTC)
Received: from localhost.localdomain (unknown [10.40.194.160])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 29F5F7BA19
	for <libvir-list@redhat.com>; Wed, 17 Jun 2020 11:35:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1592393760;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=wlO8Vq5eSBkl8XoPJ1ryPCbAQTZsIsGNSOAeoEz41IE=;
	b=DdRwtfB2KkFEnLDkMzFcFC54pDOdZNwtCBQ3IxVLKMC2seoBna1hR7vEFXNobXLOBaj0jH
	cxte639ml+m6aSYnJMfJWasGrSuYeoxFyUyOmvrD+eu+XcxiLEann8yddyvFQ8mjeiHinj
	ApCMBjwZy996Wrs7RXlGOrdf9WoSGA4=
X-MC-Unique: sXWrbCmkPP6lFIaANknrBQ-1
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH 2/6] qemu: Drop unused qemuSecuritySetSavedStateLabel()
Date: Wed, 17 Jun 2020 13:35:36 +0200
Message-Id: 
 <14286f0e7a29b4a8572e6a9559023cf71902ed6e.1592393425.git.mprivozn@redhat.com>
In-Reply-To: <cover.1592393425.git.mprivozn@redhat.com>
References: <cover.1592393425.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
Content-Type: text/plain; charset="utf-8"

After previous commit this function is used no more.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
---
 src/qemu/qemu_security.c | 31 -------------------------------
 src/qemu/qemu_security.h |  4 ----
 2 files changed, 35 deletions(-)

diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index 61b9e4f0e3..d47f4cc3c0 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -614,37 +614,6 @@ qemuSecurityDomainSetPathLabel(virQEMUDriverPtr driver,
 }
=20
=20
-int
-qemuSecuritySetSavedStateLabel(virQEMUDriverPtr driver,
-                                   virDomainObjPtr vm,
-                                   const char *savefile)
-{
-    qemuDomainObjPrivatePtr priv =3D vm->privateData;
-    pid_t pid =3D -1;
-    int ret =3D -1;
-
-    if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
-        pid =3D vm->pid;
-
-    if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
-        goto cleanup;
-
-    if (virSecurityManagerSetSavedStateLabel(driver->securityManager,
-                                             vm->def,
-                                             savefile) < 0)
-        goto cleanup;
-
-    if (virSecurityManagerTransactionCommit(driver->securityManager,
-                                            pid, priv->rememberOwner) < 0)
-        goto cleanup;
-
-    ret =3D 0;
- cleanup:
-    virSecurityManagerTransactionAbort(driver->securityManager);
-    return ret;
-}
-
-
 int
 qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver,
                                        virDomainObjPtr vm,
diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
index c8516005ac..4e701221cd 100644
--- a/src/qemu/qemu_security.h
+++ b/src/qemu/qemu_security.h
@@ -101,10 +101,6 @@ int qemuSecurityDomainSetPathLabel(virQEMUDriverPtr dr=
iver,
                                    const char *path,
                                    bool allowSubtree);
=20
-int qemuSecuritySetSavedStateLabel(virQEMUDriverPtr driver,
-                                   virDomainObjPtr vm,
-                                   const char *savefile);
-
 int qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver,
                                        virDomainObjPtr vm,
                                        const char *savefile);
--=20
2.26.2

From nobody Wed May  8 06:26:20 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 205.139.110.120 as permitted sender) client-ip=205.139.110.120;
 envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1592393775; cv=none;
	d=zohomail.com; s=zohoarc;
	b=aBBhN/zfIABkDAyZ/iQwe0+Kn8rhR+BnNKWBFH7p5qj50njDDWvucmn5uCJAuPgjliYrPyJrID4PCp9eMWYwWNEJA49NhQQDYun/jdL24CpuLKeyWAp8nuEFzZ5M6za9+mtSaEGrFVrIARykrgxP+1qtonlbtfS2SgJEHD9HYtI=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1592393775;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=Tm9T5UcqzFUk0uuWgyEYn5Hu9Nq6rtxW7KmfFK7LTPY=;
	b=O1oTFq2JKEuUrxCxUTa1xEqm8rxO8lNwpWT9bf3XiwloICxWmegWQ6BMJhYXaGNZDC7icXTI5bNWC2GbHXz7LBttu1+s4Ggwnb9Hg0+PjVqBHQwHPFSqNrzNRIL5deDR5Ta29j6Xq/VqWRW31r/YnhG5f42pt5FZDHQ+HPqf4JA=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mprivozn@redhat.com> (p=none dis=none)
 header.from=<mprivozn@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
 [205.139.110.120]) by mx.zohomail.com
	with SMTPS id 1592393775541665.7014903601722;
 Wed, 17 Jun 2020 04:36:15 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-280-HDZIWcAFPaih2LTPDDC7Jg-1; Wed, 17 Jun 2020 07:36:11 -0400
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D5F52879514;
	Wed, 17 Jun 2020 11:36:04 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id AE7CE100238E;
	Wed, 17 Jun 2020 11:36:04 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 82BCF833CD;
	Wed, 17 Jun 2020 11:36:04 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 05HBZmIe006751 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 17 Jun 2020 07:35:48 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id B03337A029; Wed, 17 Jun 2020 11:35:48 +0000 (UTC)
Received: from localhost.localdomain (unknown [10.40.194.160])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 08080867F4
	for <libvir-list@redhat.com>; Wed, 17 Jun 2020 11:35:47 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1592393774;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=Tm9T5UcqzFUk0uuWgyEYn5Hu9Nq6rtxW7KmfFK7LTPY=;
	b=CYt3Vo8JKXvnzR98x0KVyNojpUdG9P3Hm4E9hjbneNFLDHy2pUJvIuimqmrcHv7yG2g3Jf
	fbch839l5I/sRe7V9fXJHy9lv2nil/jhDYtYVqoaS4KDVAo10Ewhkek7BRPLcagCYZIvTo
	RK3E2laccnpirCFRZFXBTrgYL5iBOoQ=
X-MC-Unique: HDZIWcAFPaih2LTPDDC7Jg-1
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH 3/6] security: Drop unused
	virSecurityManagerSetSavedStateLabel()
Date: Wed, 17 Jun 2020 13:35:37 +0200
Message-Id: 
 <c6e8793b9374a270f4f32a20a103abd699c92dbb.1592393425.git.mprivozn@redhat.com>
In-Reply-To: <cover.1592393425.git.mprivozn@redhat.com>
References: <cover.1592393425.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
Content-Type: text/plain; charset="utf-8"

After previous commit this function is used no more.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
---
 src/libvirt_private.syms         |  1 -
 src/security/security_apparmor.c |  9 ---------
 src/security/security_dac.c      | 20 --------------------
 src/security/security_driver.h   |  4 ----
 src/security/security_manager.c  | 17 -----------------
 src/security/security_manager.h  |  3 ---
 src/security/security_nop.c      |  9 ---------
 src/security/security_selinux.c  | 16 ----------------
 src/security/security_stack.c    | 32 --------------------------------
 9 files changed, 111 deletions(-)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index fc7406f2b7..b93e05b43c 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1569,7 +1569,6 @@ virSecurityManagerSetImageLabel;
 virSecurityManagerSetInputLabel;
 virSecurityManagerSetMemoryLabel;
 virSecurityManagerSetProcessLabel;
-virSecurityManagerSetSavedStateLabel;
 virSecurityManagerSetSocketLabel;
 virSecurityManagerSetTapFDLabel;
 virSecurityManagerSetTPMLabels;
diff --git a/src/security/security_apparmor.c b/src/security/security_appar=
mor.c
index 7c8fd39584..30f7701975 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -1048,14 +1048,6 @@ AppArmorRestoreChardevLabel(virSecurityManagerPtr mg=
r,
     return reload_profile(mgr, def, NULL, false);
 }
=20
-static int
-AppArmorSetSavedStateLabel(virSecurityManagerPtr mgr,
-                           virDomainDefPtr def,
-                           const char *savefile)
-{
-    return reload_profile(mgr, def, savefile, true);
-}
-
 static int
 AppArmorSetPathLabel(virSecurityManagerPtr mgr,
                            virDomainDefPtr def,
@@ -1165,7 +1157,6 @@ virSecurityDriver virAppArmorSecurityDriver =3D {
     .domainSetSecurityHostdevLabel      =3D AppArmorSetSecurityHostdevLabe=
l,
     .domainRestoreSecurityHostdevLabel  =3D AppArmorRestoreSecurityHostdev=
Label,
=20
-    .domainSetSavedStateLabel           =3D AppArmorSetSavedStateLabel,
     .domainRestoreSavedStateLabel       =3D AppArmorRestoreSavedStateLabel,
=20
     .domainSetPathLabel                 =3D AppArmorSetPathLabel,
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 7e65b78fbe..2f531cb86b 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -2257,25 +2257,6 @@ virSecurityDACSetAllLabel(virSecurityManagerPtr mgr,
 }
=20
=20
-static int
-virSecurityDACSetSavedStateLabel(virSecurityManagerPtr mgr,
-                                 virDomainDefPtr def,
-                                 const char *savefile)
-{
-    virSecurityDACDataPtr priv =3D virSecurityManagerGetPrivateData(mgr);
-    virSecurityLabelDefPtr secdef;
-    uid_t user;
-    gid_t group;
-
-    secdef =3D virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
-
-    if (virSecurityDACGetImageIds(secdef, priv, &user, &group) < 0)
-        return -1;
-
-    return virSecurityDACSetOwnership(mgr, NULL, savefile, user, group, tr=
ue);
-}
-
-
 static int
 virSecurityDACRestoreSavedStateLabel(virSecurityManagerPtr mgr,
                                      virDomainDefPtr def G_GNUC_UNUSED,
@@ -2635,7 +2616,6 @@ virSecurityDriver virSecurityDriverDAC =3D {
     .domainSetSecurityHostdevLabel      =3D virSecurityDACSetHostdevLabel,
     .domainRestoreSecurityHostdevLabel  =3D virSecurityDACRestoreHostdevLa=
bel,
=20
-    .domainSetSavedStateLabel           =3D virSecurityDACSetSavedStateLab=
el,
     .domainRestoreSavedStateLabel       =3D virSecurityDACRestoreSavedStat=
eLabel,
=20
     .domainSetSecurityImageFDLabel      =3D virSecurityDACSetImageFDLabel,
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index d23b64668d..33887f4c16 100644
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -67,9 +67,6 @@ typedef int (*virSecurityDomainSetHostdevLabel) (virSecur=
ityManagerPtr mgr,
                                                  virDomainDefPtr def,
                                                  virDomainHostdevDefPtr de=
v,
                                                  const char *vroot);
-typedef int (*virSecurityDomainSetSavedStateLabel) (virSecurityManagerPtr =
mgr,
-                                                    virDomainDefPtr def,
-                                                    const char *savefile);
 typedef int (*virSecurityDomainRestoreSavedStateLabel) (virSecurityManager=
Ptr mgr,
                                                         virDomainDefPtr de=
f,
                                                         const char *savefi=
le);
@@ -203,7 +200,6 @@ struct _virSecurityDriver {
     virSecurityDomainSetHostdevLabel domainSetSecurityHostdevLabel;
     virSecurityDomainRestoreHostdevLabel domainRestoreSecurityHostdevLabel;
=20
-    virSecurityDomainSetSavedStateLabel domainSetSavedStateLabel;
     virSecurityDomainRestoreSavedStateLabel domainRestoreSavedStateLabel;
=20
     virSecurityDomainSetImageFDLabel domainSetSecurityImageFDLabel;
diff --git a/src/security/security_manager.c b/src/security/security_manage=
r.c
index b1237d63b6..b2f3f1a6bb 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -596,23 +596,6 @@ virSecurityManagerSetHostdevLabel(virSecurityManagerPt=
r mgr,
 }
=20
=20
-int
-virSecurityManagerSetSavedStateLabel(virSecurityManagerPtr mgr,
-                                     virDomainDefPtr vm,
-                                     const char *savefile)
-{
-    if (mgr->drv->domainSetSavedStateLabel) {
-        int ret;
-        virObjectLock(mgr);
-        ret =3D mgr->drv->domainSetSavedStateLabel(mgr, vm, savefile);
-        virObjectUnlock(mgr);
-        return ret;
-    }
-
-    virReportUnsupportedError();
-    return -1;
-}
-
 int
 virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr,
                                          virDomainDefPtr vm,
diff --git a/src/security/security_manager.h b/src/security/security_manage=
r.h
index 2c5fa3ee15..ac50100f0f 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -104,9 +104,6 @@ int virSecurityManagerSetHostdevLabel(virSecurityManage=
rPtr mgr,
                                       virDomainDefPtr def,
                                       virDomainHostdevDefPtr dev,
                                       const char *vroot);
-int virSecurityManagerSetSavedStateLabel(virSecurityManagerPtr mgr,
-                                         virDomainDefPtr def,
-                                         const char *savefile);
 int virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr,
                                              virDomainDefPtr def,
                                              const char *savefile);
diff --git a/src/security/security_nop.c b/src/security/security_nop.c
index c1856eb421..d5720ee495 100644
--- a/src/security/security_nop.c
+++ b/src/security/security_nop.c
@@ -94,14 +94,6 @@ virSecurityDomainSetHostdevLabelNop(virSecurityManagerPt=
r mgr G_GNUC_UNUSED,
     return 0;
 }
=20
-static int
-virSecurityDomainSetSavedStateLabelNop(virSecurityManagerPtr mgr G_GNUC_UN=
USED,
-                                       virDomainDefPtr vm G_GNUC_UNUSED,
-                                       const char *savefile G_GNUC_UNUSED)
-{
-    return 0;
-}
-
 static int
 virSecurityDomainRestoreSavedStateLabelNop(virSecurityManagerPtr mgr G_GNU=
C_UNUSED,
                                            virDomainDefPtr vm G_GNUC_UNUSE=
D,
@@ -316,7 +308,6 @@ virSecurityDriver virSecurityDriverNop =3D {
     .domainSetSecurityHostdevLabel      =3D virSecurityDomainSetHostdevLab=
elNop,
     .domainRestoreSecurityHostdevLabel  =3D virSecurityDomainRestoreHostde=
vLabelNop,
=20
-    .domainSetSavedStateLabel           =3D virSecurityDomainSetSavedState=
LabelNop,
     .domainRestoreSavedStateLabel       =3D virSecurityDomainRestoreSavedS=
tateLabelNop,
=20
     .domainSetSecurityImageFDLabel      =3D virSecurityDomainSetFDLabelNop,
diff --git a/src/security/security_selinux.c b/src/security/security_selinu=
x.c
index 7359a45a96..02b1100420 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2858,21 +2858,6 @@ virSecuritySELinuxReleaseLabel(virSecurityManagerPtr=
 mgr,
 }
=20
=20
-static int
-virSecuritySELinuxSetSavedStateLabel(virSecurityManagerPtr mgr,
-                                     virDomainDefPtr def,
-                                     const char *savefile)
-{
-    virSecurityLabelDefPtr secdef;
-
-    secdef =3D virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
-    if (!secdef || !secdef->relabel)
-        return 0;
-
-    return virSecuritySELinuxSetFilecon(mgr, savefile, secdef->imagelabel,=
 true);
-}
-
-
 static int
 virSecuritySELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr,
                                          virDomainDefPtr def,
@@ -3635,7 +3620,6 @@ virSecurityDriver virSecurityDriverSELinux =3D {
     .domainSetSecurityHostdevLabel      =3D virSecuritySELinuxSetHostdevLa=
bel,
     .domainRestoreSecurityHostdevLabel  =3D virSecuritySELinuxRestoreHostd=
evLabel,
=20
-    .domainSetSavedStateLabel           =3D virSecuritySELinuxSetSavedStat=
eLabel,
     .domainRestoreSavedStateLabel       =3D virSecuritySELinuxRestoreSaved=
StateLabel,
=20
     .domainSetSecurityImageFDLabel      =3D virSecuritySELinuxSetImageFDLa=
bel,
diff --git a/src/security/security_stack.c b/src/security/security_stack.c
index 165303a1f8..8e04b4fcfe 100644
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -394,37 +394,6 @@ virSecurityStackRestoreAllLabel(virSecurityManagerPtr =
mgr,
 }
=20
=20
-static int
-virSecurityStackSetSavedStateLabel(virSecurityManagerPtr mgr,
-                                   virDomainDefPtr vm,
-                                   const char *savefile)
-{
-    virSecurityStackDataPtr priv =3D virSecurityManagerGetPrivateData(mgr);
-    virSecurityStackItemPtr item =3D priv->itemsHead;
-
-    for (; item; item =3D item->next) {
-        if (virSecurityManagerSetSavedStateLabel(item->securityManager, vm=
, savefile) < 0)
-            goto rollback;
-    }
-
-    return 0;
-
- rollback:
-    for (item =3D item->prev; item; item =3D item->prev) {
-        if (virSecurityManagerRestoreSavedStateLabel(item->securityManager,
-                                                     vm,
-                                                     savefile) < 0) {
-            VIR_WARN("Unable to restore saved state label after failed set=
 "
-                     "label call virDriver=3D%s driver=3D%s savefile=3D%s",
-                     virSecurityManagerGetVirtDriver(mgr),
-                     virSecurityManagerGetDriver(item->securityManager),
-                     savefile);
-        }
-    }
-    return -1;
-}
-
-
 static int
 virSecurityStackRestoreSavedStateLabel(virSecurityManagerPtr mgr,
                                        virDomainDefPtr vm,
@@ -994,7 +963,6 @@ virSecurityDriver virSecurityDriverStack =3D {
     .domainSetSecurityHostdevLabel      =3D virSecurityStackSetHostdevLabe=
l,
     .domainRestoreSecurityHostdevLabel  =3D virSecurityStackRestoreHostdev=
Label,
=20
-    .domainSetSavedStateLabel           =3D virSecurityStackSetSavedStateL=
abel,
     .domainRestoreSavedStateLabel       =3D virSecurityStackRestoreSavedSt=
ateLabel,
=20
     .domainSetSecurityImageFDLabel      =3D virSecurityStackSetImageFDLabe=
l,
--=20
2.26.2

From nobody Wed May  8 06:26:20 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 205.139.110.61 as permitted sender) client-ip=205.139.110.61;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-1.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1592393766; cv=none;
	d=zohomail.com; s=zohoarc;
	b=f6R1iPqNTw6KeWBuWT3wbWhi6IjQp4JUlInjPzHr1Leltf6TDgS2f8NuRxNgYT2D1MrPo+E6BYDl2XK7dWKdzh/NUHzT8QkF1w8MpQjBEM+XppmxhitfffWMDKQrNzZaMaBCVks8zy+8lbCP1fELjyw3RmC14JASEi5se9HZerU=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1592393766;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=Hd3cV5X7f3QmJSV7g/1wjjVsNgjzVGBV59AKdYAkggU=;
	b=hW3ezUjsd0Wz+3+A7FLv0VMVCnor+AZ7QRhhSt2dk/CgTyga4TxzeuOUp8U/NPHTfzg585HSTsVXP/twOsSW/MBprRLed6RM3vSt8EqYzge2AIpGkeC6oFWqVbhy1Tr+cwhGSaPfkDp6e+VHKVm8ZlKFlRFQfJVq55vJCoEGAt4=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mprivozn@redhat.com> (p=none dis=none)
 header.from=<mprivozn@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com
 [205.139.110.61]) by mx.zohomail.com
	with SMTPS id 1592393766675206.62021752784017;
 Wed, 17 Jun 2020 04:36:06 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-312-lFoEfvoVNOyRF4FXa-ES5g-1; Wed, 17 Jun 2020 07:35:59 -0400
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id BDE7181CBF3;
	Wed, 17 Jun 2020 11:35:54 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 9AB7C19C79;
	Wed, 17 Jun 2020 11:35:54 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 69D13833C9;
	Wed, 17 Jun 2020 11:35:54 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 05HBZn62006760 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 17 Jun 2020 07:35:49 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id B59247BA14; Wed, 17 Jun 2020 11:35:49 +0000 (UTC)
Received: from localhost.localdomain (unknown [10.40.194.160])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 0E1F77A029
	for <libvir-list@redhat.com>; Wed, 17 Jun 2020 11:35:48 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1592393765;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=Hd3cV5X7f3QmJSV7g/1wjjVsNgjzVGBV59AKdYAkggU=;
	b=E52uD036tGw89opip+ScHqZMCecL65L+3hFaj0u5bXVIUbn0kPk4skBa6fD8sgTmMT7PD8
	o2JLVaC+qOKIWxYdqzblm+o6C80SEejJ2SRuzbSXq8OytLCgpmZpkpvUyj1W4y/hR6vCkY
	PkPCZ+0W3FTNy2dJUPD4HLs6SXQ1Fpk=
X-MC-Unique: lFoEfvoVNOyRF4FXa-ES5g-1
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH 4/6] security: Rename
	virSecurityManagerRestoreSavedStateLabel()
Date: Wed, 17 Jun 2020 13:35:38 +0200
Message-Id: 
 <282773573651df7f543aebec35f5eb84003bd85e.1592393425.git.mprivozn@redhat.com>
In-Reply-To: <cover.1592393425.git.mprivozn@redhat.com>
References: <cover.1592393425.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
Content-Type: text/plain; charset="utf-8"

The new name is virSecurityManagerDomainRestorePathLabel().

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
---
 src/libvirt_private.syms         |  2 +-
 src/qemu/qemu_security.c         |  2 +-
 src/security/security_apparmor.c |  9 +++----
 src/security/security_dac.c      | 26 +++++++-----------
 src/security/security_driver.h   |  9 +++----
 src/security/security_manager.c  | 46 +++++++++++++++++++-------------
 src/security/security_manager.h  |  8 +++---
 src/security/security_nop.c      | 10 -------
 src/security/security_selinux.c  | 33 +++++++++++------------
 src/security/security_stack.c    | 40 +++++++++++++--------------
 10 files changed, 89 insertions(+), 96 deletions(-)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index b93e05b43c..30f8a7421e 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1534,6 +1534,7 @@ virSecurityDriverLookup;
 # security/security_manager.h
 virSecurityManagerCheckAllLabel;
 virSecurityManagerClearSocketLabel;
+virSecurityManagerDomainRestorePathLabel;
 virSecurityManagerDomainSetPathLabel;
 virSecurityManagerDomainSetPathLabelRO;
 virSecurityManagerGenLabel;
@@ -1557,7 +1558,6 @@ virSecurityManagerRestoreHostdevLabel;
 virSecurityManagerRestoreImageLabel;
 virSecurityManagerRestoreInputLabel;
 virSecurityManagerRestoreMemoryLabel;
-virSecurityManagerRestoreSavedStateLabel;
 virSecurityManagerRestoreTPMLabels;
 virSecurityManagerSetAllLabel;
 virSecurityManagerSetChardevLabel;
diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index d47f4cc3c0..de4df23847 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -629,7 +629,7 @@ qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr dri=
ver,
     if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
         goto cleanup;
=20
-    if (virSecurityManagerRestoreSavedStateLabel(driver->securityManager,
+    if (virSecurityManagerDomainRestorePathLabel(driver->securityManager,
                                                  vm->def,
                                                  savefile) < 0)
         goto cleanup;
diff --git a/src/security/security_apparmor.c b/src/security/security_appar=
mor.c
index 30f7701975..583e872614 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -1069,9 +1069,9 @@ AppArmorSetPathLabel(virSecurityManagerPtr mgr,
 }
=20
 static int
-AppArmorRestoreSavedStateLabel(virSecurityManagerPtr mgr,
-                               virDomainDefPtr def,
-                               const char *savefile G_GNUC_UNUSED)
+AppArmorRestorePathLabel(virSecurityManagerPtr mgr,
+                         virDomainDefPtr def,
+                         const char *path G_GNUC_UNUSED)
 {
     return reload_profile(mgr, def, NULL, false);
 }
@@ -1157,9 +1157,8 @@ virSecurityDriver virAppArmorSecurityDriver =3D {
     .domainSetSecurityHostdevLabel      =3D AppArmorSetSecurityHostdevLabe=
l,
     .domainRestoreSecurityHostdevLabel  =3D AppArmorRestoreSecurityHostdev=
Label,
=20
-    .domainRestoreSavedStateLabel       =3D AppArmorRestoreSavedStateLabel,
-
     .domainSetPathLabel                 =3D AppArmorSetPathLabel,
+    .domainRestorePathLabel             =3D AppArmorRestorePathLabel,
=20
     .domainSetSecurityChardevLabel      =3D AppArmorSetChardevLabel,
     .domainRestoreSecurityChardevLabel  =3D AppArmorRestoreChardevLabel,
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 2f531cb86b..afc0a9fcb9 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -2257,20 +2257,6 @@ virSecurityDACSetAllLabel(virSecurityManagerPtr mgr,
 }
=20
=20
-static int
-virSecurityDACRestoreSavedStateLabel(virSecurityManagerPtr mgr,
-                                     virDomainDefPtr def G_GNUC_UNUSED,
-                                     const char *savefile)
-{
-    virSecurityDACDataPtr priv =3D virSecurityManagerGetPrivateData(mgr);
-
-    if (!priv->dynamicOwnership)
-        return 0;
-
-    return virSecurityDACRestoreFileLabel(mgr, savefile);
-}
-
-
 static int
 virSecurityDACSetProcessLabel(virSecurityManagerPtr mgr,
                               virDomainDefPtr def)
@@ -2570,6 +2556,15 @@ virSecurityDACDomainSetPathLabel(virSecurityManagerP=
tr mgr,
     return virSecurityDACSetOwnership(mgr, NULL, path, user, group, true);
 }
=20
+static int
+virSecurityDACDomainRestorePathLabel(virSecurityManagerPtr mgr,
+                                     virDomainDefPtr def G_GNUC_UNUSED,
+                                     const char *path)
+{
+    return virSecurityDACRestoreFileLabel(mgr, path);
+}
+
+
 virSecurityDriver virSecurityDriverDAC =3D {
     .privateDataLen                     =3D sizeof(virSecurityDACData),
     .name                               =3D SECURITY_DAC_NAME,
@@ -2616,8 +2611,6 @@ virSecurityDriver virSecurityDriverDAC =3D {
     .domainSetSecurityHostdevLabel      =3D virSecurityDACSetHostdevLabel,
     .domainRestoreSecurityHostdevLabel  =3D virSecurityDACRestoreHostdevLa=
bel,
=20
-    .domainRestoreSavedStateLabel       =3D virSecurityDACRestoreSavedStat=
eLabel,
-
     .domainSetSecurityImageFDLabel      =3D virSecurityDACSetImageFDLabel,
     .domainSetSecurityTapFDLabel        =3D virSecurityDACSetTapFDLabel,
=20
@@ -2626,6 +2619,7 @@ virSecurityDriver virSecurityDriverDAC =3D {
     .getBaseLabel                       =3D virSecurityDACGetBaseLabel,
=20
     .domainSetPathLabel                 =3D virSecurityDACDomainSetPathLab=
el,
+    .domainRestorePathLabel             =3D virSecurityDACDomainRestorePat=
hLabel,
=20
     .domainSetSecurityChardevLabel      =3D virSecurityDACSetChardevLabel,
     .domainRestoreSecurityChardevLabel  =3D virSecurityDACRestoreChardevLa=
bel,
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index 33887f4c16..bfff789552 100644
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -67,9 +67,6 @@ typedef int (*virSecurityDomainSetHostdevLabel) (virSecur=
ityManagerPtr mgr,
                                                  virDomainDefPtr def,
                                                  virDomainHostdevDefPtr de=
v,
                                                  const char *vroot);
-typedef int (*virSecurityDomainRestoreSavedStateLabel) (virSecurityManager=
Ptr mgr,
-                                                        virDomainDefPtr de=
f,
-                                                        const char *savefi=
le);
 typedef int (*virSecurityDomainGenLabel) (virSecurityManagerPtr mgr,
                                           virDomainDefPtr sec);
 typedef int (*virSecurityDomainReserveLabel) (virSecurityManagerPtr mgr,
@@ -140,6 +137,9 @@ typedef int (*virSecurityDomainSetPathLabel) (virSecuri=
tyManagerPtr mgr,
 typedef int (*virSecurityDomainSetPathLabelRO) (virSecurityManagerPtr mgr,
                                                 virDomainDefPtr def,
                                                 const char *path);
+typedef int (*virSecurityDomainRestorePathLabel) (virSecurityManagerPtr mg=
r,
+                                                  virDomainDefPtr def,
+                                                  const char *path);
 typedef int (*virSecurityDomainSetChardevLabel) (virSecurityManagerPtr mgr,
                                                  virDomainDefPtr def,
                                                  virDomainChrSourceDefPtr =
dev_source,
@@ -200,8 +200,6 @@ struct _virSecurityDriver {
     virSecurityDomainSetHostdevLabel domainSetSecurityHostdevLabel;
     virSecurityDomainRestoreHostdevLabel domainRestoreSecurityHostdevLabel;
=20
-    virSecurityDomainRestoreSavedStateLabel domainRestoreSavedStateLabel;
-
     virSecurityDomainSetImageFDLabel domainSetSecurityImageFDLabel;
     virSecurityDomainSetTapFDLabel domainSetSecurityTapFDLabel;
=20
@@ -211,6 +209,7 @@ struct _virSecurityDriver {
=20
     virSecurityDomainSetPathLabel domainSetPathLabel;
     virSecurityDomainSetPathLabelRO domainSetPathLabelRO;
+    virSecurityDomainRestorePathLabel domainRestorePathLabel;
=20
     virSecurityDomainSetChardevLabel domainSetSecurityChardevLabel;
     virSecurityDomainRestoreChardevLabel domainRestoreSecurityChardevLabel;
diff --git a/src/security/security_manager.c b/src/security/security_manage=
r.c
index b2f3f1a6bb..ad1938caeb 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -596,24 +596,6 @@ virSecurityManagerSetHostdevLabel(virSecurityManagerPt=
r mgr,
 }
=20
=20
-int
-virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr,
-                                         virDomainDefPtr vm,
-                                         const char *savefile)
-{
-    if (mgr->drv->domainRestoreSavedStateLabel) {
-        int ret;
-        virObjectLock(mgr);
-        ret =3D mgr->drv->domainRestoreSavedStateLabel(mgr, vm, savefile);
-        virObjectUnlock(mgr);
-        return ret;
-    }
-
-    virReportUnsupportedError();
-    return -1;
-}
-
-
 int
 virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
                            virDomainDefPtr vm)
@@ -1087,6 +1069,34 @@ virSecurityManagerDomainSetPathLabelRO(virSecurityMa=
nagerPtr mgr,
     return 0;
 }
=20
+/**
+ * virSecurityManagerDomainRestorePathLabel:
+ * @mgr: security manager object
+ * @vm: domain definition object
+ * @path: path to restore labels one
+ *
+ * This function is a counterpart to virSecurityManagerDomainSetPathLabel(=
) and
+ * virSecurityManagerDomainSetPathLabelRO() as it restores any labels set =
by them.
+ *
+ * Returns: 0 on success, -1 on error.
+ */
+int
+virSecurityManagerDomainRestorePathLabel(virSecurityManagerPtr mgr,
+                                         virDomainDefPtr vm,
+                                         const char *path)
+{
+    if (mgr->drv->domainRestorePathLabel) {
+        int ret;
+        virObjectLock(mgr);
+        ret =3D mgr->drv->domainRestorePathLabel(mgr, vm, path);
+        virObjectUnlock(mgr);
+        return ret;
+    }
+
+    return 0;
+}
+
+
=20
 /**
  * virSecurityManagerSetMemoryLabel:
diff --git a/src/security/security_manager.h b/src/security/security_manage=
r.h
index ac50100f0f..999752ce09 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -104,9 +104,6 @@ int virSecurityManagerSetHostdevLabel(virSecurityManage=
rPtr mgr,
                                       virDomainDefPtr def,
                                       virDomainHostdevDefPtr dev,
                                       const char *vroot);
-int virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr,
-                                             virDomainDefPtr def,
-                                             const char *savefile);
 int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
                                virDomainDefPtr sec);
 int virSecurityManagerReserveLabel(virSecurityManagerPtr mgr,
@@ -190,6 +187,11 @@ int virSecurityManagerDomainSetPathLabelRO(virSecurity=
ManagerPtr mgr,
                                            virDomainDefPtr vm,
                                            const char *path);
=20
+int virSecurityManagerDomainRestorePathLabel(virSecurityManagerPtr mgr,
+                                             virDomainDefPtr def,
+                                             const char *path);
+
+
 int virSecurityManagerSetChardevLabel(virSecurityManagerPtr mgr,
                                       virDomainDefPtr def,
                                       virDomainChrSourceDefPtr dev_source,
diff --git a/src/security/security_nop.c b/src/security/security_nop.c
index d5720ee495..de5da1ee1c 100644
--- a/src/security/security_nop.c
+++ b/src/security/security_nop.c
@@ -94,14 +94,6 @@ virSecurityDomainSetHostdevLabelNop(virSecurityManagerPt=
r mgr G_GNUC_UNUSED,
     return 0;
 }
=20
-static int
-virSecurityDomainRestoreSavedStateLabelNop(virSecurityManagerPtr mgr G_GNU=
C_UNUSED,
-                                           virDomainDefPtr vm G_GNUC_UNUSE=
D,
-                                           const char *savefile G_GNUC_UNU=
SED)
-{
-    return 0;
-}
-
 static int
 virSecurityDomainGenLabelNop(virSecurityManagerPtr mgr G_GNUC_UNUSED,
                              virDomainDefPtr sec G_GNUC_UNUSED)
@@ -308,8 +300,6 @@ virSecurityDriver virSecurityDriverNop =3D {
     .domainSetSecurityHostdevLabel      =3D virSecurityDomainSetHostdevLab=
elNop,
     .domainRestoreSecurityHostdevLabel  =3D virSecurityDomainRestoreHostde=
vLabelNop,
=20
-    .domainRestoreSavedStateLabel       =3D virSecurityDomainRestoreSavedS=
tateLabelNop,
-
     .domainSetSecurityImageFDLabel      =3D virSecurityDomainSetFDLabelNop,
     .domainSetSecurityTapFDLabel        =3D virSecurityDomainSetFDLabelNop,
=20
diff --git a/src/security/security_selinux.c b/src/security/security_selinu=
x.c
index 02b1100420..4cc2707c3b 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2858,21 +2858,6 @@ virSecuritySELinuxReleaseLabel(virSecurityManagerPtr=
 mgr,
 }
=20
=20
-static int
-virSecuritySELinuxRestoreSavedStateLabel(virSecurityManagerPtr mgr,
-                                         virDomainDefPtr def,
-                                         const char *savefile)
-{
-    virSecurityLabelDefPtr secdef;
-
-    secdef =3D virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
-    if (!secdef || !secdef->relabel)
-        return 0;
-
-    return virSecuritySELinuxRestoreFileLabel(mgr, savefile, true);
-}
-
-
 static int
 virSecuritySELinuxVerify(virSecurityManagerPtr mgr G_GNUC_UNUSED,
                          virDomainDefPtr def)
@@ -3428,6 +3413,21 @@ virSecuritySELinuxDomainSetPathLabelRO(virSecurityMa=
nagerPtr mgr,
     return virSecuritySELinuxSetFilecon(mgr, path, data->content_context, =
false);
 }
=20
+static int
+virSecuritySELinuxDomainRestorePathLabel(virSecurityManagerPtr mgr,
+                                         virDomainDefPtr def,
+                                         const char *path)
+{
+    virSecurityLabelDefPtr secdef;
+
+    secdef =3D virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+    if (!secdef || !secdef->relabel)
+        return 0;
+
+    return virSecuritySELinuxRestoreFileLabel(mgr, path, true);
+}
+
+
 /*
  * virSecuritySELinuxSetFileLabels:
  *
@@ -3620,8 +3620,6 @@ virSecurityDriver virSecurityDriverSELinux =3D {
     .domainSetSecurityHostdevLabel      =3D virSecuritySELinuxSetHostdevLa=
bel,
     .domainRestoreSecurityHostdevLabel  =3D virSecuritySELinuxRestoreHostd=
evLabel,
=20
-    .domainRestoreSavedStateLabel       =3D virSecuritySELinuxRestoreSaved=
StateLabel,
-
     .domainSetSecurityImageFDLabel      =3D virSecuritySELinuxSetImageFDLa=
bel,
     .domainSetSecurityTapFDLabel        =3D virSecuritySELinuxSetTapFDLabe=
l,
=20
@@ -3630,6 +3628,7 @@ virSecurityDriver virSecurityDriverSELinux =3D {
=20
     .domainSetPathLabel                 =3D virSecuritySELinuxDomainSetPat=
hLabel,
     .domainSetPathLabelRO               =3D virSecuritySELinuxDomainSetPat=
hLabelRO,
+    .domainRestorePathLabel             =3D virSecuritySELinuxDomainRestor=
ePathLabel,
=20
     .domainSetSecurityChardevLabel      =3D virSecuritySELinuxSetChardevLa=
bel,
     .domainRestoreSecurityChardevLabel  =3D virSecuritySELinuxRestoreChard=
evLabel,
diff --git a/src/security/security_stack.c b/src/security/security_stack.c
index 8e04b4fcfe..379c9302bc 100644
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -394,24 +394,6 @@ virSecurityStackRestoreAllLabel(virSecurityManagerPtr =
mgr,
 }
=20
=20
-static int
-virSecurityStackRestoreSavedStateLabel(virSecurityManagerPtr mgr,
-                                       virDomainDefPtr vm,
-                                       const char *savefile)
-{
-    virSecurityStackDataPtr priv =3D virSecurityManagerGetPrivateData(mgr);
-    virSecurityStackItemPtr item =3D priv->itemsHead;
-    int rc =3D 0;
-
-    for (; item; item =3D item->next) {
-        if (virSecurityManagerRestoreSavedStateLabel(item->securityManager=
, vm, savefile) < 0)
-            rc =3D -1;
-    }
-
-    return rc;
-}
-
-
 static int
 virSecurityStackSetProcessLabel(virSecurityManagerPtr mgr,
                                 virDomainDefPtr vm)
@@ -814,6 +796,25 @@ virSecurityStackDomainSetPathLabelRO(virSecurityManage=
rPtr mgr,
 }
=20
=20
+static int
+virSecurityStackDomainRestorePathLabel(virSecurityManagerPtr mgr,
+                                       virDomainDefPtr vm,
+                                       const char *path)
+{
+    virSecurityStackDataPtr priv =3D virSecurityManagerGetPrivateData(mgr);
+    virSecurityStackItemPtr item =3D priv->itemsHead;
+    int rc =3D 0;
+
+    for (; item; item =3D item->next) {
+        if (virSecurityManagerDomainRestorePathLabel(item->securityManager,
+                                                     vm, path) < 0)
+            rc =3D -1;
+    }
+
+    return rc;
+}
+
+
 static int
 virSecurityStackDomainSetChardevLabel(virSecurityManagerPtr mgr,
                                       virDomainDefPtr def,
@@ -963,8 +964,6 @@ virSecurityDriver virSecurityDriverStack =3D {
     .domainSetSecurityHostdevLabel      =3D virSecurityStackSetHostdevLabe=
l,
     .domainRestoreSecurityHostdevLabel  =3D virSecurityStackRestoreHostdev=
Label,
=20
-    .domainRestoreSavedStateLabel       =3D virSecurityStackRestoreSavedSt=
ateLabel,
-
     .domainSetSecurityImageFDLabel      =3D virSecurityStackSetImageFDLabe=
l,
     .domainSetSecurityTapFDLabel        =3D virSecurityStackSetTapFDLabel,
=20
@@ -974,6 +973,7 @@ virSecurityDriver virSecurityDriverStack =3D {
=20
     .domainSetPathLabel                 =3D virSecurityStackDomainSetPathL=
abel,
     .domainSetPathLabelRO               =3D virSecurityStackDomainSetPathL=
abelRO,
+    .domainRestorePathLabel             =3D virSecurityStackDomainRestoreP=
athLabel,
=20
     .domainSetSecurityChardevLabel      =3D virSecurityStackDomainSetChard=
evLabel,
     .domainRestoreSecurityChardevLabel  =3D virSecurityStackDomainRestoreC=
hardevLabel,
--=20
2.26.2

From nobody Wed May  8 06:26:20 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 207.211.31.81 as permitted sender) client-ip=207.211.31.81;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-1.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1592393824; cv=none;
	d=zohomail.com; s=zohoarc;
	b=OLoiQ3RZPHcYX7JiVMP8N9WOcSUHHiv3qGxwrfGvpWW74UoEMc13kbxVduxFlmcV+tqE7EHipPbruHYR3Qh8rPPsVEEDKhvwFnSaxVFrU5/BsIzgGc+9zkIkIVK/iSrJ/yn502xOeq99TqQm1Azc4jy66soms+nMTpGQT3oZ/hc=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1592393824;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=PaW0X9hiOAkDbWJs7VIyE1uONZRi1GIO/iyIo8OXe1I=;
	b=EifF6UZ231K2ioGNPE7qWLTffeslCOMUecKuXvNmMr+z6H6HgShfBzoptle+iBMss2yhwB305IX1nLt9zVKxtkHgo+CL3QzmrGZJ45/KQNbKmGobZKslE8wwDZzzETHuCYpcJNe/bj41M+KVvJvGYbvesl2ygE3uvtfMKDSExGY=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mprivozn@redhat.com> (p=none dis=none)
 header.from=<mprivozn@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com
 [207.211.31.81]) by mx.zohomail.com
	with SMTPS id 1592393824056349.6553222778882;
 Wed, 17 Jun 2020 04:37:04 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-143-Q6bjHGU1MHqJd3BpCh9Gqg-1; Wed, 17 Jun 2020 07:36:11 -0400
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7D502134D5;
	Wed, 17 Jun 2020 11:36:05 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 5BC3F6106A;
	Wed, 17 Jun 2020 11:36:05 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2DCAE833D0;
	Wed, 17 Jun 2020 11:36:05 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 05HBZoDg006767 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 17 Jun 2020 07:35:50 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 929A77BA14; Wed, 17 Jun 2020 11:35:50 +0000 (UTC)
Received: from localhost.localdomain (unknown [10.40.194.160])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 139207A029
	for <libvir-list@redhat.com>; Wed, 17 Jun 2020 11:35:49 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1592393822;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=PaW0X9hiOAkDbWJs7VIyE1uONZRi1GIO/iyIo8OXe1I=;
	b=A+4XwbaU3PQTyZheAKAgrHEJWrDfHmZVq9F2zM0m5HxnZVuTrcuKsIqtVGzr6P+yrJDVDD
	K2Gg06xssc7Km4DLcoiQAM9iZHilB70Xya/5jhX2R/vLnkuUNsQTwGnMP0rAYo/eY13CGb
	U9hd/7G3KUJhYxwl7asIScy/JYnAnpw=
X-MC-Unique: Q6bjHGU1MHqJd3BpCh9Gqg-1
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH 5/6] qemu: Rename qemuSecurityRestoreSavedStateLabel()
Date: Wed, 17 Jun 2020 13:35:39 +0200
Message-Id: 
 <adeb65ade9166a8e8c8020168241b4b62e234719.1592393425.git.mprivozn@redhat.com>
In-Reply-To: <cover.1592393425.git.mprivozn@redhat.com>
References: <cover.1592393425.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
Content-Type: text/plain; charset="utf-8"

The function calls virSecurityManagerDomainRestorePathLabel()
after all.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
---
 src/qemu/qemu_driver.c   | 2 +-
 src/qemu/qemu_security.c | 8 ++++----
 src/qemu/qemu_security.h | 4 ++--
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 3fad440272..80648f1d32 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -6953,7 +6953,7 @@ qemuDomainSaveImageStartVM(virConnectPtr conn,
         qemuProcessStop(driver, vm, VIR_DOMAIN_SHUTOFF_FAILED,
                         asyncJob, VIR_QEMU_PROCESS_STOP_MIGRATED);
     }
-    if (qemuSecurityRestoreSavedStateLabel(driver, vm, path) < 0)
+    if (qemuSecurityDomainRestorePathLabel(driver, vm, path) < 0)
         VIR_WARN("failed to restore save state label on %s", path);
     return ret;
 }
diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index de4df23847..98f973ab12 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -615,9 +615,9 @@ qemuSecurityDomainSetPathLabel(virQEMUDriverPtr driver,
=20
=20
 int
-qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver,
-                                       virDomainObjPtr vm,
-                                       const char *savefile)
+qemuSecurityDomainRestorePathLabel(virQEMUDriverPtr driver,
+                                   virDomainObjPtr vm,
+                                   const char *path)
 {
     qemuDomainObjPrivatePtr priv =3D vm->privateData;
     pid_t pid =3D -1;
@@ -631,7 +631,7 @@ qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr dri=
ver,
=20
     if (virSecurityManagerDomainRestorePathLabel(driver->securityManager,
                                                  vm->def,
-                                                 savefile) < 0)
+                                                 path) < 0)
         goto cleanup;
=20
     if (virSecurityManagerTransactionCommit(driver->securityManager,
diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
index 4e701221cd..ed6b762662 100644
--- a/src/qemu/qemu_security.h
+++ b/src/qemu/qemu_security.h
@@ -101,9 +101,9 @@ int qemuSecurityDomainSetPathLabel(virQEMUDriverPtr dri=
ver,
                                    const char *path,
                                    bool allowSubtree);
=20
-int qemuSecurityRestoreSavedStateLabel(virQEMUDriverPtr driver,
+int qemuSecurityDomainRestorePathLabel(virQEMUDriverPtr driver,
                                        virDomainObjPtr vm,
-                                       const char *savefile);
+                                       const char *path);
=20
 int qemuSecurityCommandRun(virQEMUDriverPtr driver,
                            virDomainObjPtr vm,
--=20
2.26.2

From nobody Wed May  8 06:26:20 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 207.211.31.120 as permitted sender) client-ip=207.211.31.120;
 envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1592393771; cv=none;
	d=zohomail.com; s=zohoarc;
	b=XdMbH5lF4sfXEmx4+XpRcSzXLYuGebMWUOGX+msc57TDzS1WFuoYnoRLdpKzKzSsYEQ8+Fkx2FQCGpPe5XpuYZzNsN+UOTQwzfUp6ZxJBICvr+4dUkGuF7PVZ5isz0maEssDv57E0aO3dDexNfn+iUxIV3ROLLd93qBQJ/Oa/O8=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1592393771;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=H7g7gfcTpRYFhGqpXW3VKu2Z5YEQlxLqUo9PLAGEdPw=;
	b=eFiLuz6QiDyX2yYwv+k58BqRCu4hv+Ql17xQs8K0aSe2usCH/ex0NKUJL3+9Sy1p6DRLjJBKTZGsK1mC+DP3ke9QsX2mDAFBwOf/HofHP+69F0aYfvsp7qi1hS8APVUDGObM9YaWkaMT3kI2ynIvuJNvMc86PeQlQGoy9H27fes=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mprivozn@redhat.com> (p=none dis=none)
 header.from=<mprivozn@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
 [207.211.31.120]) by mx.zohomail.com
	with SMTPS id 1592393771073372.00865408317634;
 Wed, 17 Jun 2020 04:36:11 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-451-V_XTuNsONwqiHNNfeBXANw-1; Wed, 17 Jun 2020 07:36:07 -0400
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A1255801504;
	Wed, 17 Jun 2020 11:36:01 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 7E0BC610FD;
	Wed, 17 Jun 2020 11:36:01 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4A1C6180043E;
	Wed, 17 Jun 2020 11:36:01 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 05HBZpKR006780 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 17 Jun 2020 07:35:51 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 6F3FF7BA14; Wed, 17 Jun 2020 11:35:51 +0000 (UTC)
Received: from localhost.localdomain (unknown [10.40.194.160])
	by smtp.corp.redhat.com (Postfix) with ESMTP id E4DBB7A029
	for <libvir-list@redhat.com>; Wed, 17 Jun 2020 11:35:50 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1592393769;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=H7g7gfcTpRYFhGqpXW3VKu2Z5YEQlxLqUo9PLAGEdPw=;
	b=A/Bbc+m15Oocmll2baBTi0wph33Pr/Vu4eEDrPIGZblNOywmHhWt1P3Na2BlmpHOeQLJqg
	T2ajGJ6c9QtnlvahNgRQehD6nAOTnCyypiomEdQ06R8ubk8iN3tx5Iz/x01l/1RxB7S+60
	B9Hs/QTvQJsDjw+lKO9MiYZPpUnhjD8=
X-MC-Unique: V_XTuNsONwqiHNNfeBXANw-1
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH 6/6] qemuSecurityDomainRestorePathLabel: Introduce @ignoreNS
	argument
Date: Wed, 17 Jun 2020 13:35:40 +0200
Message-Id: 
 <3d71bf861c7d8c8437b640cc1d40c92a850b7fc7.1592393425.git.mprivozn@redhat.com>
In-Reply-To: <cover.1592393425.git.mprivozn@redhat.com>
References: <cover.1592393425.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
Content-Type: text/plain; charset="utf-8"

In a few cases we might set seclabels on a path outside of
namespaces. For instance, when restoring a domain from a file,
the file is opened, relabelled and only then the namespace is
created and the FD is passed to QEMU (see v6.3.0-rc1~108 for more
info). Therefore, when restoring the label on the restore file,
we must ignore domain namespaces and restore the label directly
in the host.

This bug demonstrates itself when restoring a domain from a block
device. We don't create the block device inside the domain
namespace and thus the following error is reported at the end of
(otherwise successful) restore:

error : virProcessRunInFork:1236 : internal error: child reported (status=
=3D125): unable to stat: /dev/sda: No such file or directory
error : virProcessRunInFork:1240 : unable to stat: /dev/sda: No such file o=
r directory

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
---
 src/qemu/qemu_driver.c   | 2 +-
 src/qemu/qemu_security.c | 6 ++++--
 src/qemu/qemu_security.h | 3 ++-
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 80648f1d32..4f62b5c838 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -6953,7 +6953,7 @@ qemuDomainSaveImageStartVM(virConnectPtr conn,
         qemuProcessStop(driver, vm, VIR_DOMAIN_SHUTOFF_FAILED,
                         asyncJob, VIR_QEMU_PROCESS_STOP_MIGRATED);
     }
-    if (qemuSecurityDomainRestorePathLabel(driver, vm, path) < 0)
+    if (qemuSecurityDomainRestorePathLabel(driver, vm, path, true) < 0)
         VIR_WARN("failed to restore save state label on %s", path);
     return ret;
 }
diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index 98f973ab12..f49c0890f2 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -617,13 +617,15 @@ qemuSecurityDomainSetPathLabel(virQEMUDriverPtr drive=
r,
 int
 qemuSecurityDomainRestorePathLabel(virQEMUDriverPtr driver,
                                    virDomainObjPtr vm,
-                                   const char *path)
+                                   const char *path,
+                                   bool ignoreNS)
 {
     qemuDomainObjPrivatePtr priv =3D vm->privateData;
     pid_t pid =3D -1;
     int ret =3D -1;
=20
-    if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
+    if (!ignoreNS &&
+        qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
         pid =3D vm->pid;
=20
     if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
index ed6b762662..df34820af8 100644
--- a/src/qemu/qemu_security.h
+++ b/src/qemu/qemu_security.h
@@ -103,7 +103,8 @@ int qemuSecurityDomainSetPathLabel(virQEMUDriverPtr dri=
ver,
=20
 int qemuSecurityDomainRestorePathLabel(virQEMUDriverPtr driver,
                                        virDomainObjPtr vm,
-                                       const char *path);
+                                       const char *path,
+                                       bool ignoreNS);
=20
 int qemuSecurityCommandRun(virQEMUDriverPtr driver,
                            virDomainObjPtr vm,
--=20
2.26.2