virt-ark / libvirt

Clone
Source Code
GIT

95576b4 security driver: Introduce transaction APIs

Authored and Committed by mprivozn 7 years ago
raw patch tree parent
5 files changed. 134 lines added. 0 lines removed.
src/libvirt_private.syms
file modified
+3 -0
src/security/security_driver.h
file modified
+9 -0
src/security/security_manager.c
file modified
+68 -0
src/security/security_manager.h
file modified
+5 -0
src/security/security_stack.c
file modified
+49 -0 
    security driver: Introduce transaction APIs
    
    With our new qemu namespace code in place, the relabelling of
    devices is done not as good is it could: a child process is
    spawned, it enters the mount namespace of the qemu process and
    then runs desired API of the security driver.
    
    Problem with this approach is that internal state transition of
    the security driver done in the child process is not reflected in
    the parent process. While currently it wouldn't matter that much,
    it is fairly easy to forget about that. We should take the extra
    step now while this limitation is still fresh in our minds.
    
    Three new APIs are introduced here:
      virSecurityManagerTransactionStart()
      virSecurityManagerTransactionCommit()
      virSecurityManagerTransactionAbort()
    
    The Start() is going to be used to let security driver know that
    we are starting a new transaction. During a transaction no
    security labels are actually touched, but rather recorded and
    only at Commit() phase they are actually updated. Should
    something go wrong Abort() aborts the transaction freeing up all
    memory allocated by transaction.
    
    Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
file modified
+3 -0
file modified
+9 -0
file modified
+68 -0
file modified
+5 -0
file modified
+49 -0
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.