From patchwork Mon Oct  7 21:49:42 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Cole Robinson <crobinso@redhat.com>
X-Patchwork-Id: 175442
Delivered-To: patch@linaro.org
Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp4853830ill;
 Mon, 7 Oct 2019 14:58:50 -0700 (PDT)
X-Google-Smtp-Source: APXvYqymnO1S6xj9omiuRAiTLpcNujTAWY+dviwhr00wIXRqrANjDsTjK9sPN8hZWKXFGSgTKlXS
X-Received: by 2002:a02:9443:: with SMTP id a61mr28297700jai.35.1570485530366; 
 Mon, 07 Oct 2019 14:58:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1570485530; cv=none;
 d=google.com; s=arc-20160816;
 b=Edi+XG+U9AZKZQlguXvoJ+5kRqKy/OEHhxmdWDsvpVbXr2BJUmNH5zc1KqhlNJKf3O
 kolD0OBIatmlCsJBt1pk70LZscOG3YAwCOS7Fu4KriO4fUE7ns87skSFz6flc0GNFm2N
 LR+uFeD6qpXDuhrfLGqlcZrYHQZeGZEVcsBtq0E5WHCqISsuvWSjot8+9T+9psLE4KAX
 Z/w9ONWeOBcc+K8D/+PTWpkku6QHa9Vif+1vlnqbNFPG2qHGQS37LhsBr4jDRFEarVQR
 RkAMSteqd891M+9WVhu9HC/uiJrVitx/9gn/kjO3S2XM60ipJBowpekM74CIypyhlAeK
 lyAw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help
 :list-post:list-archive:list-unsubscribe:list-id:precedence:subject
 :mime-version:references:in-reply-to:message-id:date:to:from
 :delivered-to;
 bh=jJK2skjo1YdlDYOa3A8T4jZD8Cm5XBBLnG7sOyUfMp4=;
 b=RxqC4V3j/a/3Z8AtaeNwabp/ae/GEzY1uUtci9iHyWV8CIokXmHm6wQ+IV1vJ0YDjp
 8zAj43JRUmoFAfYoMugsN6oVEamRuZ6SfR6eSj4Mj4lhy0PiyAFfMmBb43kYDgd32/im
 rRYnnW7PinvIRw7EpCu6lPQ1xtvU2OAD4QOM+b3TMADOVNlDqOIGxpoD34lV6/rhfvAo
 K3n85UQGBSEDrBNv8gycCk5alVqbj+/hZMwWZxgMiTescinxdaU+j+wSowFJnD7fRgJR
 6WucGn3RIpjDRhr30pbofg4oSgOVdxxkdthUPTiIgX2zAL1crVUu+ebTZOT4DDjAmwLZ
 oLOw==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: domain of libvir-list-bounces@redhat.com
 designates 209.132.183.28 as permitted sender)
 smtp.mailfrom=libvir-list-bounces@redhat.com; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com. [209.132.183.28])
 by mx.google.com with ESMTPS id
 d22si16909129ios.77.2019.10.07.14.58.50
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Mon, 07 Oct 2019 14:58:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of libvir-list-bounces@redhat.com
 designates 209.132.183.28 as permitted sender)
 client-ip=209.132.183.28; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: domain of libvir-list-bounces@redhat.com
 designates 209.132.183.28 as permitted sender)
 smtp.mailfrom=libvir-list-bounces@redhat.com; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from smtp.corp.redhat.com
 (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 268BD81F2F;
 Mon,  7 Oct 2019 21:58:49 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id F065F60C05;
 Mon,  7 Oct 2019 21:58:48 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
 by colo-mx.corp.redhat.com (Postfix) with ESMTP id A5F464EE97;
 Mon,  7 Oct 2019 21:58:48 +0000 (UTC)
Received: from smtp.corp.redhat.com
 (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16])
 by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with
 ESMTP
 id x97LovUb015186 for <libvir-list@listman.util.phx.redhat.com>;
 Mon, 7 Oct 2019 17:50:57 -0400
Received: by smtp.corp.redhat.com (Postfix)
 id 3C67E5C231; Mon,  7 Oct 2019 21:50:57 +0000 (UTC)
Delivered-To: libvir-list@redhat.com
Received: from worklaptop.redhat.com (ovpn-123-156.rdu2.redhat.com
 [10.10.123.156])
 by smtp.corp.redhat.com (Postfix) with ESMTP id D32545C1D4;
 Mon,  7 Oct 2019 21:50:56 +0000 (UTC)
From: Cole Robinson <crobinso@redhat.com>
To: libvir-list@redhat.com
Date: Mon,  7 Oct 2019 17:49:42 -0400
Message-Id: <5e3bee35fbc3bd400f062f0ec6179dd02309db65.1570482718.git.crobinso@redhat.com>
In-Reply-To: <cover.1570482718.git.crobinso@redhat.com>
References: <cover.1570482718.git.crobinso@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 28/30] security: selinux: Restore image label for
 externalDataStore
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.27]);
 Mon, 07 Oct 2019 21:58:49 +0000 (UTC)

Rename the existing virSecuritySELinuxRestoreImageLabelInt
to virSecuritySELinuxRestoreImageLabelSingle, and extend the new
ImageLabelInt handle externalDataStore

Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
 src/security/security_selinux.c | 28 ++++++++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)

-- 
2.23.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index fd7dd080c1..c0bfb581e3 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1747,10 +1747,10 @@ virSecuritySELinuxRestoreTPMFileLabelInt(virSecurityManagerPtr mgr,
 
 
 static int
-virSecuritySELinuxRestoreImageLabelInt(virSecurityManagerPtr mgr,
-                                       virDomainDefPtr def,
-                                       virStorageSourcePtr src,
-                                       bool migrated)
+virSecuritySELinuxRestoreImageLabelSingle(virSecurityManagerPtr mgr,
+                                          virDomainDefPtr def,
+                                          virStorageSourcePtr src,
+                                          bool migrated)
 {
     virSecurityLabelDefPtr seclabel;
     virSecurityDeviceLabelDefPtr disk_seclabel;
@@ -1802,6 +1802,26 @@ virSecuritySELinuxRestoreImageLabelInt(virSecurityManagerPtr mgr,
 }
 
 
+static int
+virSecuritySELinuxRestoreImageLabelInt(virSecurityManagerPtr mgr,
+                                       virDomainDefPtr def,
+                                       virStorageSourcePtr src,
+                                       bool migrated)
+{
+    if (virSecuritySELinuxRestoreImageLabelSingle(mgr, def, src, migrated) < 0)
+        return -1;
+
+    if (src->externalDataStore &&
+        virSecuritySELinuxRestoreImageLabelSingle(mgr,
+                                                  def,
+                                                  src->externalDataStore,
+                                                  migrated) < 0)
+        return -1;
+
+    return 0;
+}
+
+
 static int
 virSecuritySELinuxRestoreImageLabel(virSecurityManagerPtr mgr,
                                     virDomainDefPtr def,