[v2] Introduce NVDIMM support

[libvirt] [PATCH v2 11/14] secdrivers: Implement memdev relabel APIs

Posted by Michal Privoznik 8 years, 11 months ago

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/security/security_dac.c     |  3 +++
 src/security/security_nop.c     | 19 +++++++++++++++++++
 src/security/security_selinux.c |  3 +++
 3 files changed, 25 insertions(+)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index b8601faa5..fb953f891 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1975,6 +1975,9 @@ virSecurityDriver virSecurityDriverDAC = {
     .domainSetSecurityImageLabel        = virSecurityDACSetImageLabel,
     .domainRestoreSecurityImageLabel    = virSecurityDACRestoreImageLabel,
 
+    .domainSetSecurityMemoryLabel       = virSecurityDACSetMemoryLabel,
+    .domainRestoreSecurityMemoryLabel   = virSecurityDACRestoreMemoryLabel,
+
     .domainSetSecurityDaemonSocketLabel = virSecurityDACSetDaemonSocketLabel,
     .domainSetSecuritySocketLabel       = virSecurityDACSetSocketLabel,
     .domainClearSecuritySocketLabel     = virSecurityDACClearSocketLabel,
diff --git a/src/security/security_nop.c b/src/security/security_nop.c
index 951125dce..0a9b51528 100644
--- a/src/security/security_nop.c
+++ b/src/security/security_nop.c
@@ -236,6 +236,22 @@ virSecurityDomainSetImageLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
     return 0;
 }
 
+static int
+virSecurityDomainSetMemoryLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+                                   virDomainDefPtr def ATTRIBUTE_UNUSED,
+                                   virDomainMemoryDefPtr mem ATTRIBUTE_UNUSED)
+{
+    return 0;
+}
+
+static int
+virSecurityDomainRestoreMemoryLabelNop(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+                                       virDomainDefPtr def ATTRIBUTE_UNUSED,
+                                       virDomainMemoryDefPtr mem ATTRIBUTE_UNUSED)
+{
+    return 0;
+}
+
 
 virSecurityDriver virSecurityDriverNop = {
     .privateDataLen                     = 0,
@@ -255,6 +271,9 @@ virSecurityDriver virSecurityDriverNop = {
     .domainSetSecurityImageLabel        = virSecurityDomainSetImageLabelNop,
     .domainRestoreSecurityImageLabel    = virSecurityDomainRestoreImageLabelNop,
 
+    .domainSetSecurityMemoryLabel       = virSecurityDomainSetMemoryLabelNop,
+    .domainRestoreSecurityMemoryLabel   = virSecurityDomainRestoreMemoryLabelNop,
+
     .domainSetSecurityDaemonSocketLabel = virSecurityDomainSetDaemonSocketLabelNop,
     .domainSetSecuritySocketLabel       = virSecurityDomainSetSocketLabelNop,
     .domainClearSecuritySocketLabel     = virSecurityDomainClearSocketLabelNop,
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 223442105..5c237a5fe 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -3007,6 +3007,9 @@ virSecurityDriver virSecurityDriverSELinux = {
     .domainSetSecurityImageLabel        = virSecuritySELinuxSetImageLabel,
     .domainRestoreSecurityImageLabel    = virSecuritySELinuxRestoreImageLabel,
 
+    .domainSetSecurityMemoryLabel       = virSecuritySELinuxSetMemoryLabel,
+    .domainRestoreSecurityMemoryLabel   = virSecuritySELinuxRestoreMemoryLabel,
+
     .domainSetSecurityDaemonSocketLabel = virSecuritySELinuxSetDaemonSocketLabel,
     .domainSetSecuritySocketLabel       = virSecuritySELinuxSetSocketLabel,
     .domainClearSecuritySocketLabel     = virSecuritySELinuxClearSocketLabel,
-- 
2.11.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH v2 11/14] secdrivers: Implement memdev relabel APIs

Posted by John Ferlan 8 years, 11 months ago

On 02/27/2017 08:19 AM, Michal Privoznik wrote:
> Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
> ---
>  src/security/security_dac.c     |  3 +++
>  src/security/security_nop.c     | 19 +++++++++++++++++++
>  src/security/security_selinux.c |  3 +++
>  3 files changed, 25 insertions(+)

It would seem this should just be merged with patch 10

Or perhaps the security_stack.c altered in 10 should be moved here.

Heck for that matter 9, 10, and 11 are all 'related'.  For the purposes
of what's needed for future patches to use this series as a model of
what needs to be done - having them all in one patch just seems like
it'd be easier.

ACK in principle for the code though

John

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list