qemu: Properly setup the NVRAM virStorageSource

Use the designated helpers for virStorageSource instead using the file-based ones with a check. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Tested-by: Rohit Kumar <rohit.kumar3@nutanix.com>
2022-06-03 13:11:08 +02:00 · 2022-06-03 13:11:08 +02:00 · baf224f1f9
parent 5709b31f35
commit baf224f1f9
5 changed files with 29 additions and 29 deletions
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@ -581,8 +581,7 @@ qemuSetupFirmwareCgroup(virDomainObj *vm)
        return -1;

    if (vm->def->os.loader->nvram &&
-        virStorageSourceIsLocalStorage(vm->def->os.loader->nvram) &&
-        qemuSetupImagePathCgroup(vm, vm->def->os.loader->nvram->path, false) < 0)
+        qemuSetupImageCgroup(vm, vm->def->os.loader->nvram) < 0)
        return -1;

    return 0;
--- a/src/qemu/qemu_namespace.c
+++ b/src/qemu/qemu_namespace.c
@ -573,8 +573,9 @@ qemuDomainSetupLoader(virDomainObj *vm,
            *paths = g_slist_prepend(*paths, g_strdup(loader->path));

            if (loader->nvram &&
-                virStorageSourceIsLocalStorage(loader->nvram))
-                *paths = g_slist_prepend(*paths, g_strdup(loader->nvram->path));
+                qemuDomainSetupDisk(loader->nvram, paths) < 0)
+                return -1;
+
            break;

        case VIR_DOMAIN_LOADER_TYPE_NONE:
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@ -1973,10 +1973,11 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr,
            rc = -1;
    }

-    if (def->os.loader && def->os.loader->nvram &&
-        virStorageSourceIsLocalStorage(def->os.loader->nvram) &&
-        virSecurityDACRestoreFileLabel(mgr, def->os.loader->nvram->path) < 0)
+    if (def->os.loader && def->os.loader->nvram) {
+        if (virSecurityDACRestoreImageLabelInt(mgr, def, def->os.loader->nvram,
+                                               migrated) < 0)
            rc = -1;
+    }

    if (def->os.kernel &&
        virSecurityDACRestoreFileLabel(mgr, def->os.kernel) < 0)
@ -2185,12 +2186,12 @@ virSecurityDACSetAllLabel(virSecurityManager *mgr,
            return -1;
    }

-    if (def->os.loader && def->os.loader->nvram &&
-        virStorageSourceIsLocalStorage(def->os.loader->nvram) &&
-        virSecurityDACSetOwnership(mgr, NULL,
-                                   def->os.loader->nvram->path,
-                                   user, group, true) < 0)
+    if (def->os.loader && def->os.loader->nvram) {
+        if (virSecurityDACSetImageLabel(mgr, def, def->os.loader->nvram,
+                                        VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN |
+                                        VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP) < 0)
            return -1;
+    }

    if (def->os.kernel &&
        virSecurityDACSetOwnership(mgr, NULL,
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@ -2803,10 +2803,11 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager *mgr,
            rc = -1;
    }

-    if (def->os.loader && def->os.loader->nvram &&
-        virStorageSourceIsLocalStorage(def->os.loader->nvram) &&
-        virSecuritySELinuxRestoreFileLabel(mgr, def->os.loader->nvram->path, true) < 0)
+    if (def->os.loader && def->os.loader->nvram) {
+        if (virSecuritySELinuxRestoreImageLabelInt(mgr, def, def->os.loader->nvram,
+                                                   migrated) < 0)
            rc = -1;
+    }

    if (def->os.kernel &&
        virSecuritySELinuxRestoreFileLabel(mgr, def->os.kernel, true) < 0)
@ -3208,14 +3209,12 @@ virSecuritySELinuxSetAllLabel(virSecurityManager *mgr,
            return -1;
    }

-    /* This is different than kernel or initrd. The nvram store
-     * is really a disk, qemu can read and write to it. */
-    if (def->os.loader && def->os.loader->nvram &&
-        virStorageSourceIsLocalStorage(def->os.loader->nvram) &&
-        secdef && secdef->imagelabel &&
-        virSecuritySELinuxSetFilecon(mgr, def->os.loader->nvram->path,
-                                     secdef->imagelabel, true) < 0)
+    if (def->os.loader && def->os.loader->nvram) {
+        if (virSecuritySELinuxSetImageLabel(mgr, def, def->os.loader->nvram,
+                                            VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN |
+                                            VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP) < 0)
            return -1;
+    }

    if (def->os.kernel &&
        virSecuritySELinuxSetFilecon(mgr, def->os.kernel,
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@ -1006,10 +1006,10 @@ get_files(vahControl * ctl)
        if (vah_add_file(&buf, ctl->def->os.loader->path, "rk") != 0)
            goto cleanup;

-    if (ctl->def->os.loader && ctl->def->os.loader->nvram &&
-        virStorageSourceIsLocalStorage(ctl->def->os.loader->nvram))
-        if (vah_add_file(&buf, ctl->def->os.loader->nvram->path, "rwk") != 0)
+    if (ctl->def->os.loader && ctl->def->os.loader->nvram) {
+        if (storage_source_add_files(ctl->def->os.loader->nvram, &buf, 0) < 0)
            goto cleanup;
+    }

    for (i = 0; i < ctl->def->ngraphics; i++) {
        virDomainGraphicsDef *graphics = ctl->def->graphics[i];