virt-ark / libvirt

Clone
Source Code
GIT

a5486e5 security: full path option for DomainSetPathLabel

9 files Authored by Christian Ehrhardt 6 years ago, Committed by mprivozn 6 years ago,
raw patch tree parent
9 files changed. 46 lines added. 14 lines removed.
src/qemu/qemu_domain.c
file modified
+1 -1
src/qemu/qemu_process.c
file modified
+2 -2
src/security/security_apparmor.c
file modified
+15 -2
src/security/security_dac.c
file modified
+2 -1
src/security/security_driver.h
file modified
+2 -1
src/security/security_manager.c
file modified
+17 -2
src/security/security_manager.h
file modified
+2 -2
src/security/security_selinux.c
file modified
+2 -1
src/security/security_stack.c
file modified
+3 -2 
    security: full path option for DomainSetPathLabel
    
    virSecurityManagerDomainSetPathLabel is used to make a path known
    to the security modules, but today is used interchangably for
     - paths to files/dirs to be accessed directly
     - paths to a dir, but the access will actually be to files therein
    
    Depending on the security module it is important to know which of
    these types it will be.
    
    The argument allowSubtree augments the call to the implementations of
    DomainSetPathLabel that can - per security module - decide if extra
    actions shall be taken.
    
    For now dac/selinux handle this as before, but apparmor will make
    use of it to add a wildcard to the path that was passed.
    
    Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
    Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
file modified
+1 -1
file modified
+2 -2
file modified
+15 -2
file modified
+2 -1
file modified
+2 -1
file modified
+17 -2
file modified
+2 -2
file modified
+2 -1
file modified
+3 -2
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.