[Libguestfs] [PATCH] If using SELinux, mount /selinux in the appliance

Richard W.M. Jones rjones at redhat.com
Wed Aug 12 17:24:05 UTC 2009 

On Wed, Aug 12, 2009 at 07:15:22PM +0200, Jim Meyering wrote:
> Richard W.M. Jones wrote:
> > I think this patch is also uncontroversial.
> >
> > If selinux=1 then we mount /selinux in the appliance.  We also
> > bind-mount it into guests when running commands, just like we do for
> > /proc, /dev etc.
> >
> > If SELinux is disabled, then /selinux doesn't get mounted.
> 
> ...
> > diff --git a/daemon/command.c b/daemon/command.c
> > index 0399255..3261513 100644
> > --- a/daemon/command.c
> > +++ b/daemon/command.c
> > @@ -31,8 +31,9 @@ do_command (char **argv)
> >  {
> >    char *out, *err;
> >    int r;
> > -  char *sysroot_proc, *sysroot_dev, *sysroot_dev_pts, *sysroot_sys;
> > -  int proc_ok, dev_ok, dev_pts_ok, sys_ok;
> > +  char *sysroot_dev, *sysroot_dev_pts, *sysroot_proc,
> > +    *sysroot_selinux, *sysroot_sys;
> > +  int dev_ok, dev_pts_ok, proc_ok, selinux_ok, sys_ok;
> >
> >    /* We need a root filesystem mounted to do this. */
> >    NEED_ROOT (NULL);
> > @@ -57,6 +58,7 @@ do_command (char **argv)
> >    sysroot_dev = sysroot_path ("/dev");
> >    sysroot_dev_pts = sysroot_path ("/dev/pts");
> >    sysroot_proc = sysroot_path ("/proc");
> > +  sysroot_selinux = sysroot_path ("/selinux");
> >    sysroot_sys = sysroot_path ("/sys");
> >
> >    r = command (NULL, NULL, "mount", "--bind", "/dev", sysroot_dev, NULL);
> 
> Shouldn't each of these sysroot_* variables be tested,
> in case sysroot_path's malloc has failed?

Yes, patch attached.

Rich.

-- 
Richard Jones, Emerging Technologies, Red Hat  http://et.redhat.com/~rjones
Read my programming blog: http://rwmj.wordpress.com
Fedora now supports 75 OCaml packages (the OPEN alternative to F#)
http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora
-------------- next part --------------
>From 27566d8323e4a8af59f5649aeeaef97ebd55cbd0 Mon Sep 17 00:00:00 2001
From: Richard Jones <rjones at trick.home.annexia.org>
Date: Wed, 12 Aug 2009 18:23:17 +0100
Subject: [PATCH] Return error if allocations fail.

---
 daemon/command.c |   12 ++++++++++++
 1 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/daemon/command.c b/daemon/command.c
index 3261513..4420cba 100644
--- a/daemon/command.c
+++ b/daemon/command.c
@@ -61,6 +61,18 @@ do_command (char **argv)
   sysroot_selinux = sysroot_path ("/selinux");
   sysroot_sys = sysroot_path ("/sys");
 
+  if (sysroot_dev == NULL || sysroot_dev_pts == NULL ||
+      sysroot_proc == NULL || sysroot_selinux == NULL ||
+      sysroot_sys == NULL) {
+    reply_with_perror ("malloc");
+    free (sysroot_dev);
+    free (sysroot_dev_pts);
+    free (sysroot_proc);
+    free (sysroot_selinux);
+    free (sysroot_sys);
+    return NULL;
+  }
+
   r = command (NULL, NULL, "mount", "--bind", "/dev", sysroot_dev, NULL);
   dev_ok = r != -1;
   r = command (NULL, NULL, "mount", "--bind", "/dev/pts", sysroot_dev_pts, NULL);
-- 
1.6.2.5

More information about the Libguestfs mailing list