From nobody Fri May 16 10:37:32 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1496068320733898.7224658406654; Mon, 29 May 2017 07:32:00 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4E40780F7C; Mon, 29 May 2017 14:31:58 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id F250C17A40; Mon, 29 May 2017 14:31:57 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2306D180BAF4; Mon, 29 May 2017 14:31:57 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v4TEVsE9016352 for ; Mon, 29 May 2017 10:31:54 -0400 Received: by smtp.corp.redhat.com (Postfix) id 518621850C; Mon, 29 May 2017 14:31:54 +0000 (UTC) Received: from antique-work.brq.redhat.com (dhcp129-230.brq.redhat.com [10.34.129.230]) by smtp.corp.redhat.com (Postfix) with ESMTP id 932771866D for ; Mon, 29 May 2017 14:31:53 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 4E40780F7C Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 4E40780F7C From: Pavel Hrdina To: libvir-list@redhat.com Date: Mon, 29 May 2017 16:31:47 +0200 Message-Id: <521246c7ed5df1ee9f8d7194a1c4833d6f8020b0.1496068215.git.phrdina@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 1/4] conf: move seclabel for chardev source to the correct sturcture X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Mon, 29 May 2017 14:31:59 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Signed-off-by: Pavel Hrdina Reviewed-by: John Ferlan --- Notes: new in v2 src/conf/domain_conf.c | 46 +++++++++++++++++++------------------= ---- src/conf/domain_conf.h | 9 ++++---- src/security/security_dac.c | 26 ++++++++++------------- src/security/security_manager.c | 4 ++-- src/security/security_selinux.c | 24 +++++++++------------ 5 files changed, 49 insertions(+), 60 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index c7e20b8ba1..68dc2832cb 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -2076,12 +2076,21 @@ virDomainChrSourceDefCopy(virDomainChrSourceDefPtr = dest, =20 void virDomainChrSourceDefFree(virDomainChrSourceDefPtr def) { + size_t i; + if (!def) return; =20 virDomainChrSourceDefClear(def); virObjectUnref(def->privateData); =20 + if (def->seclabels) { + for (i =3D 0; i < def->nseclabels; i++) + virSecurityDeviceLabelDefFree(def->seclabels[i]); + VIR_FREE(def->seclabels); + } + + VIR_FREE(def); } =20 @@ -2150,8 +2159,6 @@ virDomainChrSourceDefIsEqual(const virDomainChrSource= Def *src, =20 void virDomainChrDefFree(virDomainChrDefPtr def) { - size_t i; - if (!def) return; =20 @@ -2176,12 +2183,6 @@ void virDomainChrDefFree(virDomainChrDefPtr def) virDomainChrSourceDefFree(def->source); virDomainDeviceInfoClear(&def->info); =20 - if (def->seclabels) { - for (i =3D 0; i < def->nseclabels; i++) - virSecurityDeviceLabelDefFree(def->seclabels[i]); - VIR_FREE(def->seclabels); - } - VIR_FREE(def); } =20 @@ -10688,8 +10689,8 @@ virDomainChrSourceDefParseXML(virDomainChrSourceDef= Ptr def, if (chr_def) { xmlNodePtr saved_node =3D ctxt->node; ctxt->node =3D cur; - if (virSecurityDeviceLabelDefParseXML(&chr_def->seclab= els, - &chr_def->nsecla= bels, + if (virSecurityDeviceLabelDefParseXML(&def->seclabels, + &def->nseclabels, vmSeclabels, nvmSeclabels, ctxt, @@ -22399,19 +22400,11 @@ virDomainNetDefFormat(virBufferPtr buf, * output at " type=3D'type'>". */ static int virDomainChrSourceDefFormat(virBufferPtr buf, - virDomainChrDefPtr chr_def, virDomainChrSourceDefPtr def, bool tty_compat, unsigned int flags) { const char *type =3D virDomainChrTypeToString(def->type); - size_t nseclabels =3D 0; - virSecurityDeviceLabelDefPtr *seclabels =3D NULL; - - if (chr_def) { - nseclabels =3D chr_def->nseclabels; - seclabels =3D chr_def->seclabels; - } =20 if (!type) { virReportError(VIR_ERR_INTERNAL_ERROR, @@ -22449,7 +22442,8 @@ virDomainChrSourceDefFormat(virBufferPtr buf, def->data.file.append !=3D VIR_TRISTATE_SWITCH_ABSENT) virBufferAsprintf(buf, " append=3D'%s'", virTristateSwitchTypeToString(def->data.file.append)); - virDomainSourceDefFormatSeclabel(buf, nseclabels, seclabels, f= lags); + virDomainSourceDefFormatSeclabel(buf, def->nseclabels, + def->seclabels, flags); } break; =20 @@ -22504,7 +22498,8 @@ virDomainChrSourceDefFormat(virBufferPtr buf, virBufferAsprintf(buf, "data.nix.listen ? "bind" : "connect"); virBufferEscapeString(buf, " path=3D'%s'", def->data.nix.path); - virDomainSourceDefFormatSeclabel(buf, nseclabels, seclabels, f= lags); + virDomainSourceDefFormatSeclabel(buf, def->nseclabels, + def->seclabels, flags); } break; =20 @@ -22553,7 +22548,7 @@ virDomainChrDefFormat(virBufferPtr buf, def->source->type =3D=3D VIR_DOMAIN_CHR_TYPE_PTY && !(flags & VIR_DOMAIN_DEF_FORMAT_INACTIVE) && def->source->data.file.path); - if (virDomainChrSourceDefFormat(buf, def, def->source, tty_compat, fla= gs) < 0) + if (virDomainChrSourceDefFormat(buf, def->source, tty_compat, flags) <= 0) return -1; =20 /* Format block */ @@ -22675,7 +22670,7 @@ virDomainSmartcardDefFormat(virBufferPtr buf, break; =20 case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH: - if (virDomainChrSourceDefFormat(buf, NULL, def->data.passthru, fal= se, + if (virDomainChrSourceDefFormat(buf, def->data.passthru, false, flags) < 0) return -1; break; @@ -22981,7 +22976,7 @@ virDomainRNGDefFormat(virBufferPtr buf, =20 case VIR_DOMAIN_RNG_BACKEND_EGD: virBufferAdjustIndent(buf, 2); - if (virDomainChrSourceDefFormat(buf, NULL, def->source.chardev, + if (virDomainChrSourceDefFormat(buf, def->source.chardev, false, flags) < 0) return -1; virBufferAdjustIndent(buf, -2); @@ -23797,7 +23792,7 @@ virDomainRedirdevDefFormat(virBufferPtr buf, =20 virBufferAsprintf(buf, "source, false, flags) = < 0) + if (virDomainChrSourceDefFormat(buf, def->source, false, flags) < 0) return -1; if (virDomainDeviceInfoFormat(buf, &def->info, flags | VIR_DOMAIN_DEF_FORMAT_ALLOW_BOOT= ) < 0) @@ -26195,7 +26190,8 @@ virDomainDefGetSecurityLabelDef(virDomainDefPtr def= , const char *model) =20 =20 virSecurityDeviceLabelDefPtr -virDomainChrDefGetSecurityLabelDef(virDomainChrDefPtr def, const char *mod= el) +virDomainChrSourceDefGetSecurityLabelDef(virDomainChrSourceDefPtr def, + const char *model) { size_t i; =20 diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 83e0672691..1951ba74bb 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -1166,6 +1166,9 @@ struct _virDomainChrSourceDef { } data; char *logfile; int logappend; + + size_t nseclabels; + virSecurityDeviceLabelDefPtr *seclabels; }; =20 /* A complete character device, both host and domain views. */ @@ -1188,9 +1191,6 @@ struct _virDomainChrDef { virDomainChrSourceDefPtr source; =20 virDomainDeviceInfo info; - - size_t nseclabels; - virSecurityDeviceLabelDefPtr *seclabels; }; =20 typedef enum { @@ -3068,7 +3068,8 @@ virSecurityLabelDefPtr virDomainDefGetSecurityLabelDef(virDomainDefPtr def, const char *model); =20 virSecurityDeviceLabelDefPtr -virDomainChrDefGetSecurityLabelDef(virDomainChrDefPtr def, const char *mod= el); +virDomainChrSourceDefGetSecurityLabelDef(virDomainChrSourceDefPtr def, + const char *model); =20 typedef const char* (*virEventActionToStringFunc)(int type); typedef int (*virEventActionFromStringFunc)(const char *type); diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 7dcf4c15f7..fd4d8f5047 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1159,7 +1159,6 @@ virSecurityDACRestoreHostdevLabel(virSecurityManagerP= tr mgr, static int virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - virDomainChrDefPtr dev, virDomainChrSourceDefPtr dev_source) =20 { @@ -1173,9 +1172,8 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr m= gr, =20 seclabel =3D virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME); =20 - if (dev) - chr_seclabel =3D virDomainChrDefGetSecurityLabelDef(dev, - SECURITY_DAC_NAM= E); + chr_seclabel =3D virDomainChrSourceDefGetSecurityLabelDef(dev_source, + SECURITY_DAC_N= AME); =20 if (chr_seclabel && !chr_seclabel->relabel) return 0; @@ -1245,7 +1243,6 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr m= gr, static int virSecurityDACRestoreChardevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def ATTRIBUTE_UNUSED, - virDomainChrDefPtr dev, virDomainChrSourceDefPtr dev_source) { virSecurityDACDataPtr priv =3D virSecurityManagerGetPrivateData(mgr); @@ -1253,9 +1250,8 @@ virSecurityDACRestoreChardevLabel(virSecurityManagerP= tr mgr, char *in =3D NULL, *out =3D NULL; int ret =3D -1; =20 - if (dev) - chr_seclabel =3D virDomainChrDefGetSecurityLabelDef(dev, - SECURITY_DAC_NAM= E); + chr_seclabel =3D virDomainChrSourceDefGetSecurityLabelDef(dev_source, + SECURITY_DAC_N= AME); =20 if (chr_seclabel && !chr_seclabel->relabel) return 0; @@ -1304,12 +1300,12 @@ virSecurityDACRestoreChardevLabel(virSecurityManage= rPtr mgr, =20 static int virSecurityDACRestoreChardevCallback(virDomainDefPtr def, - virDomainChrDefPtr dev, + virDomainChrDefPtr dev ATTRIBUTE_UNUS= ED, void *opaque) { virSecurityManagerPtr mgr =3D opaque; =20 - return virSecurityDACRestoreChardevLabel(mgr, def, dev, dev->source); + return virSecurityDACRestoreChardevLabel(mgr, def, dev->source); } =20 =20 @@ -1322,7 +1318,7 @@ virSecurityDACSetTPMFileLabel(virSecurityManagerPtr m= gr, =20 switch (tpm->type) { case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: - ret =3D virSecurityDACSetChardevLabel(mgr, def, NULL, + ret =3D virSecurityDACSetChardevLabel(mgr, def, &tpm->data.passthrough.source); break; case VIR_DOMAIN_TPM_TYPE_LAST: @@ -1342,8 +1338,8 @@ virSecurityDACRestoreTPMFileLabel(virSecurityManagerP= tr mgr, =20 switch (tpm->type) { case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: - ret =3D virSecurityDACRestoreChardevLabel(mgr, def, NULL, - &tpm->data.passthrough.source); + ret =3D virSecurityDACRestoreChardevLabel(mgr, def, + &tpm->data.passthrough.sou= rce); break; case VIR_DOMAIN_TPM_TYPE_LAST: break; @@ -1506,12 +1502,12 @@ virSecurityDACRestoreAllLabel(virSecurityManagerPtr= mgr, =20 static int virSecurityDACSetChardevCallback(virDomainDefPtr def, - virDomainChrDefPtr dev, + virDomainChrDefPtr dev ATTRIBUTE_UNUSED, void *opaque) { virSecurityManagerPtr mgr =3D opaque; =20 - return virSecurityDACSetChardevLabel(mgr, def, dev, dev->source); + return virSecurityDACSetChardevLabel(mgr, def, dev->source); } =20 =20 diff --git a/src/security/security_manager.c b/src/security/security_manage= r.c index 6c777db1e6..90d491c1bc 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -811,8 +811,8 @@ virSecurityManagerCheckChardevLabel(virSecurityManagerP= tr mgr, { size_t i; =20 - for (i =3D 0; i < dev->nseclabels; i++) { - if (virSecurityManagerCheckModel(mgr, dev->seclabels[i]->model) < = 0) + for (i =3D 0; i < dev->source->nseclabels; i++) { + if (virSecurityManagerCheckModel(mgr, dev->source->seclabels[i]->m= odel) < 0) return -1; } =20 diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 9504a4be34..75f387b3fa 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -2179,7 +2179,6 @@ virSecuritySELinuxRestoreHostdevLabel(virSecurityMana= gerPtr mgr, static int virSecuritySELinuxSetChardevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - virDomainChrDefPtr dev, virDomainChrSourceDefPtr dev_source) =20 { @@ -2193,9 +2192,8 @@ virSecuritySELinuxSetChardevLabel(virSecurityManagerP= tr mgr, if (!seclabel || !seclabel->relabel) return 0; =20 - if (dev) - chr_seclabel =3D virDomainChrDefGetSecurityLabelDef(dev, - SECURITY_SELINUX= _NAME); + chr_seclabel =3D virDomainChrSourceDefGetSecurityLabelDef(dev_source, + SECURITY_SELIN= UX_NAME); =20 if (chr_seclabel && !chr_seclabel->relabel) return 0; @@ -2254,7 +2252,6 @@ virSecuritySELinuxSetChardevLabel(virSecurityManagerP= tr mgr, static int virSecuritySELinuxRestoreChardevLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, - virDomainChrDefPtr dev, virDomainChrSourceDefPtr dev_source) =20 { @@ -2267,9 +2264,8 @@ virSecuritySELinuxRestoreChardevLabel(virSecurityMana= gerPtr mgr, if (!seclabel || !seclabel->relabel) return 0; =20 - if (dev) - chr_seclabel =3D virDomainChrDefGetSecurityLabelDef(dev, - SECURITY_SELINUX= _NAME); + chr_seclabel =3D virDomainChrSourceDefGetSecurityLabelDef(dev_source, + SECURITY_SELIN= UX_NAME); if (chr_seclabel && !chr_seclabel->relabel) return 0; =20 @@ -2318,12 +2314,12 @@ virSecuritySELinuxRestoreChardevLabel(virSecurityMa= nagerPtr mgr, =20 static int virSecuritySELinuxRestoreSecurityChardevCallback(virDomainDefPtr def, - virDomainChrDefPtr dev, + virDomainChrDefPtr dev AT= TRIBUTE_UNUSED, void *opaque) { virSecurityManagerPtr mgr =3D opaque; =20 - return virSecuritySELinuxRestoreChardevLabel(mgr, def, dev, dev->sourc= e); + return virSecuritySELinuxRestoreChardevLabel(mgr, def, dev->source); } =20 =20 @@ -2346,7 +2342,7 @@ virSecuritySELinuxRestoreSecuritySmartcardCallback(vi= rDomainDefPtr def, return virSecuritySELinuxRestoreFileLabel(mgr, database); =20 case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH: - return virSecuritySELinuxRestoreChardevLabel(mgr, def, NULL, dev->= data.passthru); + return virSecuritySELinuxRestoreChardevLabel(mgr, def, dev->data.p= assthru); =20 default: virReportError(VIR_ERR_INTERNAL_ERROR, @@ -2707,12 +2703,12 @@ virSecuritySELinuxClearSocketLabel(virSecurityManag= erPtr mgr ATTRIBUTE_UNUSED, =20 static int virSecuritySELinuxSetSecurityChardevCallback(virDomainDefPtr def, - virDomainChrDefPtr dev, + virDomainChrDefPtr dev ATTRIB= UTE_UNUSED, void *opaque) { virSecurityManagerPtr mgr =3D opaque; =20 - return virSecuritySELinuxSetChardevLabel(mgr, def, dev, dev->source); + return virSecuritySELinuxSetChardevLabel(mgr, def, dev->source); } =20 =20 @@ -2736,7 +2732,7 @@ virSecuritySELinuxSetSecuritySmartcardCallback(virDom= ainDefPtr def, return virSecuritySELinuxSetFilecon(mgr, database, data->content_c= ontext); =20 case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH: - return virSecuritySELinuxSetChardevLabel(mgr, def, NULL, + return virSecuritySELinuxSetChardevLabel(mgr, def, dev->data.passthru); =20 default: --=20 2.13.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list