Refactor the security drivers to simplify usage
authorDaniel P. Berrange <berrange@redhat.com>
Wed, 17 Nov 2010 20:26:30 +0000 (20:26 +0000)
committerDaniel P. Berrange <berrange@redhat.com>
Mon, 10 Jan 2011 18:10:52 +0000 (18:10 +0000)
commitd6623003c6551be07d42a72ce976ab8b0986ec15
tree39480a5021f2aef7aa0189ff6a01d402f5ddafbc
parent92d653010606a45a69ea6edd55ba689bffca0b44
Refactor the security drivers to simplify usage

The current security driver usage requires horrible code like

    if (driver->securityDriver &&
        driver->securityDriver->domainSetSecurityHostdevLabel &&
        driver->securityDriver->domainSetSecurityHostdevLabel(driver->securityDriver,
                                                              vm, hostdev) < 0)

This pair of checks for NULL clutters up the code, making the driver
calls 2 lines longer than they really need to be. The goal of the
patchset is to change the calling convention to simply

  if (virSecurityManagerSetHostdevLabel(driver->securityDriver,
                                        vm, hostdev) < 0)

The first check for 'driver->securityDriver' being NULL is removed
by introducing a 'no op' security driver that will always be present
if no real driver is enabled. This guarentees driver->securityDriver
!= NULL.

The second check for 'driver->securityDriver->domainSetSecurityHostdevLabel'
being non-NULL is hidden in a new abstraction called virSecurityManager.
This separates the driver callbacks, from main internal API. The addition
of a virSecurityManager object, that is separate from the virSecurityDriver
struct also allows for security drivers to carry state / configuration
information directly. Thus the DAC/Stack drivers from src/qemu which
used to pull config from 'struct qemud_driver' can now be moved into
the 'src/security' directory and store their config directly.

* src/qemu/qemu_conf.h, src/qemu/qemu_driver.c: Update to
  use new virSecurityManager APIs
* src/qemu/qemu_security_dac.c,  src/qemu/qemu_security_dac.h
  src/qemu/qemu_security_stacked.c, src/qemu/qemu_security_stacked.h:
  Move into src/security directory
* src/security/security_stack.c, src/security/security_stack.h,
  src/security/security_dac.c, src/security/security_dac.h: Generic
  versions of previous QEMU specific drivers
* src/security/security_apparmor.c, src/security/security_apparmor.h,
  src/security/security_driver.c, src/security/security_driver.h,
  src/security/security_selinux.c, src/security/security_selinux.h:
  Update to take virSecurityManagerPtr object as the first param
  in all callbacks
* src/security/security_nop.c, src/security/security_nop.h: Stub
  implementation of all security driver APIs.
* src/security/security_manager.h, src/security/security_manager.c:
  New internal API for invoking security drivers
* src/libvirt.c: Add missing debug for security APIs
26 files changed:
po/POTFILES.in
src/Makefile.am
src/libvirt.c
src/libvirt_private.syms
src/qemu/qemu_conf.h
src/qemu/qemu_driver.c
src/qemu/qemu_hotplug.c
src/qemu/qemu_security_dac.c [deleted file]
src/qemu/qemu_security_dac.h [deleted file]
src/qemu/qemu_security_stacked.c [deleted file]
src/qemu/qemu_security_stacked.h [deleted file]
src/security/security_apparmor.c
src/security/security_apparmor.h
src/security/security_dac.c [new file with mode: 0644]
src/security/security_dac.h [new file with mode: 0644]
src/security/security_driver.c
src/security/security_driver.h
src/security/security_manager.c [new file with mode: 0644]
src/security/security_manager.h [new file with mode: 0644]
src/security/security_nop.c [new file with mode: 0644]
src/security/security_nop.h [new file with mode: 0644]
src/security/security_selinux.c
src/security/security_selinux.h
src/security/security_stack.c [new file with mode: 0644]
src/security/security_stack.h [new file with mode: 0644]
tests/seclabeltest.c