From patchwork Tue Oct 8 16:22:21 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cole Robinson X-Patchwork-Id: 175517 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp5920362ill; Tue, 8 Oct 2019 09:24:57 -0700 (PDT) X-Google-Smtp-Source: APXvYqxJ3DwACo1hpYZZkWGzYGBztCwX5V8/JQI2yBUaCDVoQYMAuM0jFrzHTUNDDK5idYclwOyS X-Received: by 2002:a92:5c0c:: with SMTP id q12mr37340743ilb.111.1570551897339; Tue, 08 Oct 2019 09:24:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570551897; cv=none; d=google.com; s=arc-20160816; b=dfV96o+WMeKxFSDkVCqGSX7OqzYkF3LK7Nw9zZhcdxBe4Ii9U+tGruXBEFx6c4eUGp dmsN/0v4pdqukRqmYaxRrEEkXAhXBS7DQnitAgK7iov0rSneeSQy0tSp0mbMFntypsds zQNJv1f6S/xruxLxPWRn6wZpfN8mFIbkpNtXffuqQgTCfeHpIorbeso69xDRzXQ+yXOX TIMg1Wdn7csWiBK1IoN6MXzLLnRgGJFw2TU+A4bRGly5jQlO3pNCqxhYroZTazbwnNJl SE/6j+fioGjc+dvO4gLZt6WrzbvCs/gt22Eh+xjHYlArgRStD2ZJkE3vqfP2c6n8HWis YdAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :cc:mime-version:references:in-reply-to:message-id:date:to:from :delivered-to; bh=es76ZI2E/BjmvJsH8rYC9oiUmpuJ4nCYU+RoTAsOyQQ=; b=jmxoDbI6LJXxWPu3rDbJloe7URO20Ze5RQWJEBTnBdoP3Vo0WsmFN5/ympYC8ho6E3 sLneCtgoC4VSnlWFj0g1zu1DiXe+gL/kcmIQUrSxpVLD82tM4jgTWfAUk4ZEz0Cd0+Wc SphYP7LJP97XEypiinoRq+EZUyXpavzhfG8Rrj5JV4jxKKioJT7VBL8PuhLlDhLbzCa4 RTM1O2jB16Hia8v/0lfG5AvDy8MYedPD9ru2337bSHafHRNye4Dd7MgKj4xuF63+p9pt NkEOfHcAxkMQi7kCswVJH46HAp4ynWNqYT88R+jfNfZMjaZzNu5hIXkAAJ5V6tOnGm4s o/mw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com. [209.132.183.28]) by mx.google.com with ESMTPS id a15si20105391ila.159.2019.10.08.09.24.57 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 08 Oct 2019 09:24:57 -0700 (PDT) Received-SPF: pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; Authentication-Results: mx.google.com; spf=pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id BD2AA4627A; Tue, 8 Oct 2019 16:24:55 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 62AFB5D9CD; Tue, 8 Oct 2019 16:24:53 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D825218089DC; Tue, 8 Oct 2019 16:24:48 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x98GLxSM008659 for ; Tue, 8 Oct 2019 12:21:59 -0400 Received: by smtp.corp.redhat.com (Postfix) id 3CD5D60606; Tue, 8 Oct 2019 16:21:59 +0000 (UTC) Delivered-To: libvirt-list@redhat.com Received: from worklaptop.bos.redhat.com (dhcp-17-175.bos.redhat.com [10.18.17.175]) by smtp.corp.redhat.com (Postfix) with ESMTP id C90F760605; Tue, 8 Oct 2019 16:21:58 +0000 (UTC) From: Cole Robinson To: libvirt-list@redhat.com Date: Tue, 8 Oct 2019 12:22:21 -0400 Message-Id: <7c867f70bebe5913f18413154e428231150eaf55.1570551720.git.crobinso@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: christian.ehrhardt@canonical.com Subject: [libvirt] [PATCH 1/7] conf: Move -virDomainDiskDefForeachPath to virt-aa-helper X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Tue, 08 Oct 2019 16:24:56 +0000 (UTC) It is the only user. Rename it to match the local style Signed-off-by: Cole Robinson --- src/conf/domain_conf.c | 42 ----------------------------- src/conf/domain_conf.h | 10 ------- src/libvirt_private.syms | 1 - src/security/virt-aa-helper.c | 50 ++++++++++++++++++++++++++++++++++- 4 files changed, 49 insertions(+), 54 deletions(-) -- 2.23.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index a53cd6a725..5fe03ea866 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -29486,48 +29486,6 @@ virDomainUSBDeviceDefForeach(virDomainDefPtr def, } -/* Call iter(disk, name, depth, opaque) for each element of disk and - * its backing chain in the pre-populated disk->src.backingStore. - * ignoreOpenFailure determines whether to warn about a chain that - * mentions a backing file without also having metadata on that - * file. */ -int -virDomainDiskDefForeachPath(virDomainDiskDefPtr disk, - bool ignoreOpenFailure, - virDomainDiskDefPathIterator iter, - void *opaque) -{ - size_t depth = 0; - virStorageSourcePtr tmp; - VIR_AUTOFREE(char *) brokenRaw = NULL; - - if (!ignoreOpenFailure) { - if (virStorageFileChainGetBroken(disk->src, &brokenRaw) < 0) - return -1; - - if (brokenRaw) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("unable to visit backing chain file %s"), - brokenRaw); - return -1; - } - } - - for (tmp = disk->src; virStorageSourceIsBacking(tmp); tmp = tmp->backingStore) { - /* execute the callback only for local storage */ - if (virStorageSourceIsLocalStorage(tmp) && - tmp->path) { - if (iter(disk, tmp->path, depth, opaque) < 0) - return -1; - } - - depth++; - } - - return 0; -} - - /* Copy src into a new definition; with the quality of the copy * depending on the migratable flag (false for transitions between * persistent and active, true for transitions across save files or diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 2884af49d8..653dcaf2bc 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -3327,11 +3327,6 @@ int virDomainChrDefForeach(virDomainDefPtr def, virDomainChrDefIterator iter, void *opaque); -typedef int (*virDomainDiskDefPathIterator)(virDomainDiskDefPtr disk, - const char *path, - size_t depth, - void *opaque); - typedef int (*virDomainUSBDeviceDefIterator)(virDomainDeviceInfoPtr info, void *opaque); int virDomainUSBDeviceDefForeach(virDomainDefPtr def, @@ -3339,11 +3334,6 @@ int virDomainUSBDeviceDefForeach(virDomainDefPtr def, void *opaque, bool skipHubs); -int virDomainDiskDefForeachPath(virDomainDiskDefPtr disk, - bool ignoreOpenFailure, - virDomainDiskDefPathIterator iter, - void *opaque); - void virDomainObjSetState(virDomainObjPtr obj, virDomainState state, int reason) ATTRIBUTE_NONNULL(1); diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index c818bc807a..5949cba08d 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -334,7 +334,6 @@ virDomainDiskCacheTypeFromString; virDomainDiskCacheTypeToString; virDomainDiskDefAssignAddress; virDomainDiskDefCheckDuplicateInfo; -virDomainDiskDefForeachPath; virDomainDiskDefFree; virDomainDiskDefNew; virDomainDiskDefParse; diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 5853ad985f..6e358ff5b6 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -934,6 +934,54 @@ add_file_path(virDomainDiskDefPtr disk, return ret; } + +typedef int (*disk_foreach_iterator)(virDomainDiskDefPtr disk, + const char *path, + size_t depth, + void *opaque); + + +/* Call iter(disk, name, depth, opaque) for each element of disk and + * its backing chain in the pre-populated disk->src.backingStore. + * ignoreOpenFailure determines whether to warn about a chain that + * mentions a backing file without also having metadata on that + * file. */ +static int +disk_foreach_path(virDomainDiskDefPtr disk, + bool ignoreOpenFailure, + disk_foreach_iterator iter, + void *opaque) +{ + size_t depth = 0; + virStorageSourcePtr tmp; + VIR_AUTOFREE(char *) brokenRaw = NULL; + + if (!ignoreOpenFailure) { + if (virStorageFileChainGetBroken(disk->src, &brokenRaw) < 0) + return -1; + + if (brokenRaw) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("unable to visit backing chain file %s"), + brokenRaw); + return -1; + } + } + + for (tmp = disk->src; virStorageSourceIsBacking(tmp); tmp = tmp->backingStore) { + /* execute the callback only for local storage */ + if (virStorageSourceIsLocalStorage(tmp) && + tmp->path) { + if (iter(disk, tmp->path, depth, opaque) < 0) + return -1; + } + + depth++; + } + + return 0; +} + static int get_files(vahControl * ctl) { @@ -977,7 +1025,7 @@ get_files(vahControl * ctl) * be passing ignoreOpenFailure = false and handle open errors more * careful than just ignoring them. */ - if (virDomainDiskDefForeachPath(disk, true, add_file_path, &buf) < 0) + if (disk_foreach_path(disk, true, add_file_path, &buf) < 0) goto cleanup; } From patchwork Tue Oct 8 16:22:22 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cole Robinson X-Patchwork-Id: 175520 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp5921929ill; Tue, 8 Oct 2019 09:26:15 -0700 (PDT) X-Google-Smtp-Source: APXvYqzCBL2uQSEcLwUkkl/zSLLuerXYVSCkbZLDXpmxhn0scMe+mnEj6tn9dr4QcVqSpD+8lu5O X-Received: by 2002:a5d:9587:: with SMTP id a7mr27348933ioo.305.1570551975644; Tue, 08 Oct 2019 09:26:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570551975; cv=none; d=google.com; s=arc-20160816; b=d/hT2QUuj0uZ713InWNlK7X9vyH4RQBj4+o4LHtW2ReLCzjz8uQiUHgH9J5sCNzYCc iY3UZJfAEpxZYkzZARdkBKzI6++jLoOdLgk1Q3naHI62zZDSIYCaSlF5PHZaRTwbTRXg AkX0Ye93Gsw+Oenn6vz7n7mlRZt7UJCeENCKX+6h7fQQHNXVnkkbTkYFEO27mQakJMJ1 1raen05HKrkHm+9PgygLI2LfG4P/rRoEwLQmBL4f0vhZ8bOcP7UhXrmSO3wzyIH0MEJM Ji/W1gMMjucbXMUyefewm9+Y8MyUg6mJS57xtMvRkx7nir4f3uwMbwsN+qT9EUshoEgN ip0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :cc:mime-version:references:in-reply-to:message-id:date:to:from :delivered-to; bh=1Z/nsa5csJ3DooEyk4JUjEvhokJNpwmyXMPTKndP6gg=; b=nOClH3Sl5JS99wiUUqJ/00jM2a5RGmQQF+5PS7wKBZslwRSqkXNDPx9KM/0yenkeq2 YH51vIFaFlD2RxLPTcO3eCF8i62zjvCG3yj2HhHM/44yfDfuOngUBa6TL5Axqy06XuNT cFr3u+EEqsIhNUrU9/LSJEtOR+NWoX8dm7Y9++3bhm7Sw/dZzWUJYGsh8vrt+cxa+0mE 57r5IdloOsSNzrtxNiJzkoHT0E7yEiSiIPnq/a3+K5WxV8KNEN0WwBXyreP/tsIoqk7f gvX53FuK7gYSD61/vjrzUOQ6pnCpwmDaYTGDPa5BfWIiJqJSKI7IHsnacmfsEUumfPs8 aJ5A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com. [209.132.183.28]) by mx.google.com with ESMTPS id s2si20826649iot.1.2019.10.08.09.26.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 08 Oct 2019 09:26:15 -0700 (PDT) Received-SPF: pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; Authentication-Results: mx.google.com; spf=pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5789A116BB21; Tue, 8 Oct 2019 16:26:14 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 32F7B5EE1D; Tue, 8 Oct 2019 16:26:14 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id CFC191803518; Tue, 8 Oct 2019 16:26:12 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x98GLxbw008664 for ; Tue, 8 Oct 2019 12:21:59 -0400 Received: by smtp.corp.redhat.com (Postfix) id CA7CD60606; Tue, 8 Oct 2019 16:21:59 +0000 (UTC) Delivered-To: libvirt-list@redhat.com Received: from worklaptop.bos.redhat.com (dhcp-17-175.bos.redhat.com [10.18.17.175]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6314D60605; Tue, 8 Oct 2019 16:21:59 +0000 (UTC) From: Cole Robinson To: libvirt-list@redhat.com Date: Tue, 8 Oct 2019 12:22:22 -0400 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: christian.ehrhardt@canonical.com Subject: [libvirt] [PATCH 2/7] security: apparmor: Remove unused ignoreOpenFailure X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (mx1.redhat.com [10.5.110.65]); Tue, 08 Oct 2019 16:26:15 +0000 (UTC) true is always passed here, so delete the unused code path and adjust the associated comment Signed-off-by: Cole Robinson --- src/security/virt-aa-helper.c | 25 +++---------------------- 1 file changed, 3 insertions(+), 22 deletions(-) -- 2.23.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 6e358ff5b6..511443dd3e 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -943,30 +943,14 @@ typedef int (*disk_foreach_iterator)(virDomainDiskDefPtr disk, /* Call iter(disk, name, depth, opaque) for each element of disk and * its backing chain in the pre-populated disk->src.backingStore. - * ignoreOpenFailure determines whether to warn about a chain that - * mentions a backing file without also having metadata on that - * file. */ + */ static int disk_foreach_path(virDomainDiskDefPtr disk, - bool ignoreOpenFailure, disk_foreach_iterator iter, void *opaque) { size_t depth = 0; virStorageSourcePtr tmp; - VIR_AUTOFREE(char *) brokenRaw = NULL; - - if (!ignoreOpenFailure) { - if (virStorageFileChainGetBroken(disk->src, &brokenRaw) < 0) - return -1; - - if (brokenRaw) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("unable to visit backing chain file %s"), - brokenRaw); - return -1; - } - } for (tmp = disk->src; virStorageSourceIsBacking(tmp); tmp = tmp->backingStore) { /* execute the callback only for local storage */ @@ -1020,12 +1004,9 @@ get_files(vahControl * ctl) if (!virStorageSourceHasBacking(disk->src)) virStorageFileGetMetadata(disk->src, -1, -1, false); - /* XXX passing ignoreOpenFailure = true to get back to the behavior - * from before using virDomainDiskDefForeachPath. actually we should - * be passing ignoreOpenFailure = false and handle open errors more - * careful than just ignoring them. + /* XXX should handle open errors more careful than just ignoring them. */ - if (disk_foreach_path(disk, true, add_file_path, &buf) < 0) + if (disk_foreach_path(disk, add_file_path, &buf) < 0) goto cleanup; } From patchwork Tue Oct 8 16:22:23 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cole Robinson X-Patchwork-Id: 175521 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp5922008ill; Tue, 8 Oct 2019 09:26:19 -0700 (PDT) X-Google-Smtp-Source: APXvYqxxqzSchXIeAvhMMoXISvCSw4jhkG9uYwQ3IAHiLtPipAg85brXbUUgBIAmJRns+iM9TSbm X-Received: by 2002:a92:874e:: with SMTP id d14mr35765244ilm.143.1570551979425; Tue, 08 Oct 2019 09:26:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570551979; cv=none; d=google.com; s=arc-20160816; b=HEaJ+X9Tf1+s+oaW/eiplPKs9A/lSx32qGZmorE7F+rRo9Z6yu6mK2oVBFOYDhsEjk EfarIhk2egSaa7QFGG4ubTcpmps0+5LeFnBhOR/QrDSisuzJBsHUlIURPIIu5BZ+b3z2 2O5ABA/Q5U238aJ9kJMNra2rv9dHlfAKqvNIbfHqKKXi0xT+VcuoEwlIYAUw4wCaQqG7 G2YelZgdUna+EK7AO7I2kSxI+bHfEvAR8QzSxaQLmE0qjnYz1zxR+whVqRPFKUVR8Agy rtqdpRREvZOwNGn756Say0pDKfxNoHg1znAkUPQ2Q1l9fSFO++9AcOZg+513mGJ1ENhk 1NNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :cc:mime-version:references:in-reply-to:message-id:date:to:from :delivered-to; bh=Dd8jK9a0djnug3cCApq9cS+sKMdt1Qm9VvtLBohWghA=; b=lMdcdYV4G9o/glKVRnea0qtIzYybeOYp5HF/tGOlj7u5rM5ioIAxnN1dp74afd2S5O EAM/0sdJrmrpoamZGIAsYy0a3WDpUZKXfQNjNNVNCvrVdFgjvxGB4Ljnyz+I2chAqsEo CgyvhUiCs9SVpOkNrXINcoP71VlyWt/QXwEk3ck+Rl5Qq0RDta99wwZ7Dl86ve5E+rum /Jf7U1pMFeoof0vRc5EG+O7P5SLeot8qrQ5z/wohBmGiGmx3l89x6p5qw1d194Ylfuxj 5i49HNQdpM7EUqymBXBfiH0YrifZUZTMm4E3DwhepQ4Jatg62CoQgBjA6hLi/4QWdMo4 aB9A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com. [209.132.183.28]) by mx.google.com with ESMTPS id d7si20970538ilq.7.2019.10.08.09.26.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 08 Oct 2019 09:26:19 -0700 (PDT) Received-SPF: pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; Authentication-Results: mx.google.com; spf=pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3A18C300CB26; Tue, 8 Oct 2019 16:26:18 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0E7A660605; Tue, 8 Oct 2019 16:26:18 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id B40AA180B536; Tue, 8 Oct 2019 16:26:17 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x98GM0wB008672 for ; Tue, 8 Oct 2019 12:22:00 -0400 Received: by smtp.corp.redhat.com (Postfix) id 6434360606; Tue, 8 Oct 2019 16:22:00 +0000 (UTC) Delivered-To: libvirt-list@redhat.com Received: from worklaptop.bos.redhat.com (dhcp-17-175.bos.redhat.com [10.18.17.175]) by smtp.corp.redhat.com (Postfix) with ESMTP id F026F60605; Tue, 8 Oct 2019 16:21:59 +0000 (UTC) From: Cole Robinson To: libvirt-list@redhat.com Date: Tue, 8 Oct 2019 12:22:23 -0400 Message-Id: <5089cd02580c6438fce7e6c1d731a2ca65d4221b.1570551720.git.crobinso@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: christian.ehrhardt@canonical.com Subject: [libvirt] [PATCH 3/7] security: apparmor: Drop disk_foreach_iterator X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Tue, 08 Oct 2019 16:26:18 +0000 (UTC) There's only one caller, so open code the file_add_path behavior Signed-off-by: Cole Robinson --- src/security/virt-aa-helper.c | 21 +++++---------------- 1 file changed, 5 insertions(+), 16 deletions(-) -- 2.23.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 511443dd3e..7148e3c760 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -914,9 +914,8 @@ static int add_file_path(virDomainDiskDefPtr disk, const char *path, size_t depth, - void *opaque) + virBufferPtr buf) { - virBufferPtr buf = opaque; int ret; if (depth == 0) { @@ -935,19 +934,9 @@ add_file_path(virDomainDiskDefPtr disk, } -typedef int (*disk_foreach_iterator)(virDomainDiskDefPtr disk, - const char *path, - size_t depth, - void *opaque); - - -/* Call iter(disk, name, depth, opaque) for each element of disk and - * its backing chain in the pre-populated disk->src.backingStore. - */ static int -disk_foreach_path(virDomainDiskDefPtr disk, - disk_foreach_iterator iter, - void *opaque) +disk_add_files(virDomainDiskDefPtr disk, + virBufferPtr buf) { size_t depth = 0; virStorageSourcePtr tmp; @@ -956,7 +945,7 @@ disk_foreach_path(virDomainDiskDefPtr disk, /* execute the callback only for local storage */ if (virStorageSourceIsLocalStorage(tmp) && tmp->path) { - if (iter(disk, tmp->path, depth, opaque) < 0) + if (add_file_path(disk, tmp->path, depth, buf) < 0) return -1; } @@ -1006,7 +995,7 @@ get_files(vahControl * ctl) /* XXX should handle open errors more careful than just ignoring them. */ - if (disk_foreach_path(disk, add_file_path, &buf) < 0) + if (disk_add_files(disk, &buf) < 0) goto cleanup; } From patchwork Tue Oct 8 16:22:24 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cole Robinson X-Patchwork-Id: 175518 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp5920546ill; Tue, 8 Oct 2019 09:25:08 -0700 (PDT) X-Google-Smtp-Source: APXvYqwSWHJZ+kkj0RYkcYaB/M5LMGaBSehcacON8/knh/guxl7MtSHXdys1axVZEst49knoGHJR X-Received: by 2002:a5d:8ad4:: with SMTP id e20mr5227113iot.203.1570551908262; Tue, 08 Oct 2019 09:25:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570551908; cv=none; d=google.com; s=arc-20160816; b=XB1w/h9/7j+TmxwqJrN6CquoiY6PAdHkHVNKfACihcEDbCBySMHbzHpZYL2bHVB4vi ofX+ePErFB989677FaOUCgh8RlJYS1ZbjHT6kuFnyPCWLFccDMv9igR8CNIaxBO0mU3a YW/iWhqmio6IAXSwVhiUQ4Hbd4QCmEHEJ6eOV5OrTWlSCKiYXA5/6E1s62/5z7jbf4bO MBkyFoZUiHsFgOY8GrS84D+Bu31hUqBe7TV5wLM6mL0K/uM0HN9v6++JAzH+OtF1yn4y HCpVzD/OV2BQpxc/G9MF6QLpbwero3iRYt4Tf2NFdwiRBXzkRJmIjXwALdrO78l/zDCL K7NA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :cc:mime-version:references:in-reply-to:message-id:date:to:from :delivered-to; bh=yoPeqN5EdxaZYy7BDk8FhM6ZHpQgRcEE8XUvFqLFzlI=; b=iKba35UtHewxpzjwL1nfEkVj40l8BNAo9h0/DCZVlp7+VGkZ7knmJVa6Fu5Rb49+h/ LbEjWLsFPMLztqQsjqhdjdVoD3c8rDzBC/+Zp8V37MKI/umP74+EN1O7JpgBN0/CTMFi zWVAzeAxwFq28FNA+GNY9/iZWaW0UtR2TGxra8KzE1KaybZLlugjlX/xPlf4lLY7FUs5 kZQIhZYKILO5lD1DaMVQRehgAOtvipNYh1UUO4qjV7ioYsmgjPAJbha4VglLA5HpXRfL hiwGdGKJOsD45ecE+9n+EaarskyVkFWLDJ4LX8chTnNO+eC8Sz28DMpEvEgCV/9OJCQF VcmQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com. [209.132.183.28]) by mx.google.com with ESMTPS id k11si23491299jaa.35.2019.10.08.09.25.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 08 Oct 2019 09:25:08 -0700 (PDT) Received-SPF: pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; Authentication-Results: mx.google.com; spf=pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D05459B286; Tue, 8 Oct 2019 16:25:06 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 863EF6060D; Tue, 8 Oct 2019 16:25:06 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id DA4054EE68; Tue, 8 Oct 2019 16:25:04 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x98GM1MY008683 for ; Tue, 8 Oct 2019 12:22:01 -0400 Received: by smtp.corp.redhat.com (Postfix) id F34B760606; Tue, 8 Oct 2019 16:22:00 +0000 (UTC) Delivered-To: libvirt-list@redhat.com Received: from worklaptop.bos.redhat.com (dhcp-17-175.bos.redhat.com [10.18.17.175]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8AF2460A9F; Tue, 8 Oct 2019 16:22:00 +0000 (UTC) From: Cole Robinson To: libvirt-list@redhat.com Date: Tue, 8 Oct 2019 12:22:24 -0400 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: christian.ehrhardt@canonical.com Subject: [libvirt] [PATCH 4/7] security: apparmor: Pass virStorageSource to add_file_path X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Tue, 08 Oct 2019 16:25:07 +0000 (UTC) The virStorageSource must have everything it needs Signed-off-by: Cole Robinson --- src/security/virt-aa-helper.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) -- 2.23.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 7148e3c760..9f39eb2e2b 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -911,20 +911,19 @@ file_iterate_pci_cb(virPCIDevicePtr dev ATTRIBUTE_UNUSED, } static int -add_file_path(virDomainDiskDefPtr disk, - const char *path, +add_file_path(virStorageSourcePtr src, size_t depth, virBufferPtr buf) { int ret; if (depth == 0) { - if (disk->src->readonly) - ret = vah_add_file(buf, path, "rk"); + if (src->readonly) + ret = vah_add_file(buf, src->path, "rk"); else - ret = vah_add_file(buf, path, "rwk"); + ret = vah_add_file(buf, src->path, "rwk"); } else { - ret = vah_add_file(buf, path, "rk"); + ret = vah_add_file(buf, src->path, "rk"); } if (ret != 0) @@ -945,7 +944,7 @@ disk_add_files(virDomainDiskDefPtr disk, /* execute the callback only for local storage */ if (virStorageSourceIsLocalStorage(tmp) && tmp->path) { - if (add_file_path(disk, tmp->path, depth, buf) < 0) + if (add_file_path(tmp, depth, buf) < 0) return -1; } From patchwork Tue Oct 8 16:22:25 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cole Robinson X-Patchwork-Id: 175522 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp5922043ill; Tue, 8 Oct 2019 09:26:21 -0700 (PDT) X-Google-Smtp-Source: APXvYqynjQ2uJh6SOmxOsdjfKuM4lG436sVmQ7NI5O5iRUC50xQ683vJdsY4jL58VLcLmRxJLw13 X-Received: by 2002:a6b:da1a:: with SMTP id x26mr7362478iob.63.1570551981400; Tue, 08 Oct 2019 09:26:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570551981; cv=none; d=google.com; s=arc-20160816; b=NDsRtOWBaFLbv35s/OJRN5qTbXObjdqBVC6KlpfdRRmMkuWQqSBMs7ydWIMaWhOooj m6k9Mx8N6sS9wE2R2HluMyUHhewgaYGzr3VaBeM5FR1d3odr+o4uQ/alv9Ub7ZRy4jL9 uj/xqiGC3Vu/NUO/FwdQSYc/l/9dFk6nFs3WmnKxCMtLfnrenY3E/R1la4Iz9ymaOoKJ K/2AWGJY/XYtxRdhg6clFwd0vo8pdK4tv1wljNx071aouneA3hFHMgcRiUyxJkzHGw+c nP30TbsQqcwGwPUm4LJOlGk5wrQwUhmyFobja0ui87aoCezlSRMPXVdUYKF4H+QVDrCX w4UQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :cc:mime-version:references:in-reply-to:message-id:date:to:from :delivered-to; bh=YCEIDbDZ9L1RnMvw7Mc08Y1Efd3yfYbSUiyEFsGfnIM=; b=icr9fQx/8UwljMUzdHTTbeQ9hV2QlZwf0rgjKlRat13JpSbuF6d4GtlZl9II7tnDwt +/ABRINoVm6qs76telPMf8m977JK2NN5PquOoI8E4Ncj2DQzvB4GgDdJzurGtroq3JFr BrFZL47IeXO9sSA1Z+G5If/JoyWakxV1Wo3PJuuNGhWKdbYXg7McR/CMgD39EOF9MC8O Ad+NiLNTwA4LGusg/b0AyCTRB6fCQiBFbVY8EHMvC6nxYS5JlDSCmlbnsCbHgj/A5xNd pDF4Av7PndhsK0IVZpAdsImkUL9MnvvajBznc8parBFChB7fFyUj2uTjgws+qnupr/zq uIAA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com. [209.132.183.28]) by mx.google.com with ESMTPS id d62si22622056iog.25.2019.10.08.09.26.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 08 Oct 2019 09:26:21 -0700 (PDT) Received-SPF: pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; Authentication-Results: mx.google.com; spf=pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1CEEF30941C4; Tue, 8 Oct 2019 16:26:20 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E873260166; Tue, 8 Oct 2019 16:26:19 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9C68A4EE6D; Tue, 8 Oct 2019 16:26:19 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x98GM1bt008690 for ; Tue, 8 Oct 2019 12:22:01 -0400 Received: by smtp.corp.redhat.com (Postfix) id 8C7D160606; Tue, 8 Oct 2019 16:22:01 +0000 (UTC) Delivered-To: libvirt-list@redhat.com Received: from worklaptop.bos.redhat.com (dhcp-17-175.bos.redhat.com [10.18.17.175]) by smtp.corp.redhat.com (Postfix) with ESMTP id 23FAF60A9F; Tue, 8 Oct 2019 16:22:01 +0000 (UTC) From: Cole Robinson To: libvirt-list@redhat.com Date: Tue, 8 Oct 2019 12:22:25 -0400 Message-Id: <8392bd203a3b24d7e07a4544c7ddf122abe6a5ec.1570551720.git.crobinso@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: christian.ehrhardt@canonical.com Subject: [libvirt] [PATCH 5/7] security: apparmor: Push virStorageSource checks to add_file_path X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Tue, 08 Oct 2019 16:26:20 +0000 (UTC) This mirrors the code layout in security_selinux.c. It will also make it easier to share the checks for qcow2 external data_file support eventually Signed-off-by: Cole Robinson --- src/security/virt-aa-helper.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) -- 2.23.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 9f39eb2e2b..20281c38b7 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -917,6 +917,10 @@ add_file_path(virStorageSourcePtr src, { int ret; + /* execute the callback only for local storage */ + if (!src->path || !virStorageSourceIsLocalStorage(src)) + return 0; + if (depth == 0) { if (src->readonly) ret = vah_add_file(buf, src->path, "rk"); @@ -941,12 +945,8 @@ disk_add_files(virDomainDiskDefPtr disk, virStorageSourcePtr tmp; for (tmp = disk->src; virStorageSourceIsBacking(tmp); tmp = tmp->backingStore) { - /* execute the callback only for local storage */ - if (virStorageSourceIsLocalStorage(tmp) && - tmp->path) { - if (add_file_path(tmp, depth, buf) < 0) - return -1; - } + if (add_file_path(tmp, depth, buf) < 0) + return -1; depth++; } From patchwork Tue Oct 8 16:22:26 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cole Robinson X-Patchwork-Id: 175523 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp5922105ill; Tue, 8 Oct 2019 09:26:24 -0700 (PDT) X-Google-Smtp-Source: APXvYqwx2sR+Jqopk+3b9L18vJGht9To/X6Es9K4lK+eaHrTCl6/dHQg8qb3w/oP5GC418NHQ/Vg X-Received: by 2002:a5e:d817:: with SMTP id l23mr18464710iok.142.1570551984856; Tue, 08 Oct 2019 09:26:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570551984; cv=none; d=google.com; s=arc-20160816; b=MvJOHhCA0Ho0Uw5WmRh2N+bDr2DUbJ4i2dZNsa/iwVrpL5EWhjIVYRL4o0g342o7sA c7TTfC5LBP1nXEJd2y+qYE34PhmqZePxU2Y281tAFznC/EmBElDuagq25xeDoa5xWYo3 f9KJnRgJVaFy9Y1iz9Bpw7C7kfDlM0MPGRXkcrIRn13TMy5dUAQJ+SFPzf6zdM2wNTMA Rj0H5wiQzJUQCyCvIn5L+lmZEH2fTXHPd8rK8JM+0bOJp719vQfAZp8GbAK6y1qheq6k KgV84jnIeDRPk+VlLNrvQ2gFxviZnwpXf5Do52NGWdqe8zr0+QULTRIDn2viMVbe9nHZ v1Kw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :cc:mime-version:references:in-reply-to:message-id:date:to:from :delivered-to; bh=SPh5kmuPYrLbhMbCpubN+/KX8K/c5iWg8s9PphmwWQk=; b=Q09CXPCFBGof2y9Q9izpZzdIpJm6uzk2prcPp8FpHy08/NdeVrDXfU1CiRMq0aqHeD XNWrlo5kXgc8ySpvKlT9/7cNJM9wH08hAudp3fe5jzvGjUuCUehVaCdVlj4EoWqUCvoo yaLqV6LFa663/eMH3YVG3s9rrq05qANSe5jH8EYBrRMaVU2reCT/d8v2YH1bFT73goEi ty6rcBupfX7DjYUf1WRX6Pch4/4P0mo+PwkPJ4DTznbUxIp2MrxuB54dpNz0BMowW6pi bPCqNSBUG1lk7WFt0nFolS83aEsGt1klKhp1fgeJeUdpADtlHCs8XFHLU3cvB7+KPARm I4TA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com. [209.132.183.28]) by mx.google.com with ESMTPS id t1si20661596iom.89.2019.10.08.09.26.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 08 Oct 2019 09:26:24 -0700 (PDT) Received-SPF: pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; Authentication-Results: mx.google.com; spf=pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A3A4D30609AF; Tue, 8 Oct 2019 16:26:23 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 764BD60606; Tue, 8 Oct 2019 16:26:23 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 324C54EE71; Tue, 8 Oct 2019 16:26:23 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x98GM2Mw008696 for ; Tue, 8 Oct 2019 12:22:02 -0400 Received: by smtp.corp.redhat.com (Postfix) id 26B0160606; Tue, 8 Oct 2019 16:22:02 +0000 (UTC) Delivered-To: libvirt-list@redhat.com Received: from worklaptop.bos.redhat.com (dhcp-17-175.bos.redhat.com [10.18.17.175]) by smtp.corp.redhat.com (Postfix) with ESMTP id B1B9960605; Tue, 8 Oct 2019 16:22:01 +0000 (UTC) From: Cole Robinson To: libvirt-list@redhat.com Date: Tue, 8 Oct 2019 12:22:26 -0400 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: christian.ehrhardt@canonical.com Subject: [libvirt] [PATCH 6/7] security: apparmor: Use only virStorageSource for disk paths X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Tue, 08 Oct 2019 16:26:24 +0000 (UTC) This is closer to what security_selinux.c does, and will help add support for qcow2 external data_files Signed-off-by: Cole Robinson --- src/security/virt-aa-helper.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) -- 2.23.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 20281c38b7..b675572144 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -938,13 +938,13 @@ add_file_path(virStorageSourcePtr src, static int -disk_add_files(virDomainDiskDefPtr disk, - virBufferPtr buf) +storage_source_add_files(virStorageSourcePtr src, + virBufferPtr buf) { size_t depth = 0; virStorageSourcePtr tmp; - for (tmp = disk->src; virStorageSourceIsBacking(tmp); tmp = tmp->backingStore) { + for (tmp = src; virStorageSourceIsBacking(tmp); tmp = tmp->backingStore) { if (add_file_path(tmp, depth, buf) < 0) return -1; @@ -994,7 +994,7 @@ get_files(vahControl * ctl) /* XXX should handle open errors more careful than just ignoring them. */ - if (disk_add_files(disk, &buf) < 0) + if (storage_source_add_files(disk->src, &buf) < 0) goto cleanup; } From patchwork Tue Oct 8 16:22:27 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cole Robinson X-Patchwork-Id: 175524 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp5922193ill; Tue, 8 Oct 2019 09:26:28 -0700 (PDT) X-Google-Smtp-Source: APXvYqyi9UlxVfvxwnFv9xtBc08LADdTmVyWK9JlhciNp352pax8MwSMIzoJggprMqjm4R6uDXju X-Received: by 2002:a6b:6617:: with SMTP id a23mr1243436ioc.10.1570551988334; Tue, 08 Oct 2019 09:26:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570551988; cv=none; d=google.com; s=arc-20160816; b=ArbolOHPA2Ki2DH7sPK6r6Lfy2OCg86k4kXewvCt1Q7o+nNFd+RlIr3FElzj7lJvOm S0SgOFAWArt7284prYCJXYe0qh5UPJLWzzSBVi6NmoQpJZZrgJYPyvxHaxaxoCpbFy7q Xg7sY3qRUO96VLJfNRqmZs8Vugf9C/yNCuSOc6oNFYfNNP37nZamPMo5rNPmX90Jdtjk pj53qM1EBGFZs4tWNBgNML2iKP/gNmJkzR9WR3GhnGK1dIrFx4U1JPsPCal51ix8QU7P o/vZy717Je6NckP6r+yv7uBx+digOOptcCW3631xL5PB35apz9ATGrZokoAj2DHb9aJd 5Xzg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :cc:mime-version:references:in-reply-to:message-id:date:to:from :delivered-to; bh=Ox08Dh1OcdqceiNjxJAOavhzOAi4laWQDO4EeWKqoMI=; b=urnh2YKunq5auJIFs31OsKO0eWNdt5HRXeDUqTGbmCJauMVD2G7rvNahATvWxuRHiD sr12NfxOAJgwHjr3mS4m22HZtiLDF5AIj7YbhXxrC7gESx95osoneNqveVYtS2c4l49t yl5jxAA3NQGI7wrNwinWjma9IRLSVqdmHBzofyWigI709fofCk4tzavClkMyyeIqWGlH 9Kn8tUM+GgLlqMwz6wUztWYVXodk507lobnWZETZ5tIx5QP23dKIvFfbe+iEnpvJbjqy EPv3BVUkEKTwS4JKOKmK7GIDTafjOxnrwFO+mkVuye8JJunqGLqC1VCA5S2Nh1APpHqe fDdg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com. [209.132.183.28]) by mx.google.com with ESMTPS id y25si25710728jad.20.2019.10.08.09.26.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 08 Oct 2019 09:26:28 -0700 (PDT) Received-SPF: pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; Authentication-Results: mx.google.com; spf=pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1802F3082E66; Tue, 8 Oct 2019 16:26:27 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E23845B6A5; Tue, 8 Oct 2019 16:26:26 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 97361180BA9B; Tue, 8 Oct 2019 16:26:26 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x98GM26u008709 for ; Tue, 8 Oct 2019 12:22:02 -0400 Received: by smtp.corp.redhat.com (Postfix) id B457760606; Tue, 8 Oct 2019 16:22:02 +0000 (UTC) Delivered-To: libvirt-list@redhat.com Received: from worklaptop.bos.redhat.com (dhcp-17-175.bos.redhat.com [10.18.17.175]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4B81560605; Tue, 8 Oct 2019 16:22:02 +0000 (UTC) From: Cole Robinson To: libvirt-list@redhat.com Date: Tue, 8 Oct 2019 12:22:27 -0400 Message-Id: <70ec368459c0bdd748dec360de106c0f9423bd8e.1570551720.git.crobinso@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: christian.ehrhardt@canonical.com Subject: [libvirt] [PATCH 7/7] security: apparmor: Make storage_source_add_files recursively callable X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Tue, 08 Oct 2019 16:26:27 +0000 (UTC) This will simplify adding support for qcow2 external data_file Signed-off-by: Cole Robinson --- src/security/virt-aa-helper.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) -- 2.23.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index b675572144..d9f6b5638b 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -939,9 +939,9 @@ add_file_path(virStorageSourcePtr src, static int storage_source_add_files(virStorageSourcePtr src, - virBufferPtr buf) + virBufferPtr buf, + size_t depth) { - size_t depth = 0; virStorageSourcePtr tmp; for (tmp = src; virStorageSourceIsBacking(tmp); tmp = tmp->backingStore) { @@ -994,7 +994,7 @@ get_files(vahControl * ctl) /* XXX should handle open errors more careful than just ignoring them. */ - if (storage_source_add_files(disk->src, &buf) < 0) + if (storage_source_add_files(disk->src, &buf, 0) < 0) goto cleanup; }