[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [libvirt] [PATCH 3/6] Use private data struct in SELinux driver
- From: "Daniel P. Berrange" <berrange redhat com>
- To: Stefan Berger <stefanb linux vnet ibm com>
- Cc: libvir-list redhat com, Daniel Walsh <dwalsh redhat com>
- Subject: Re: [libvirt] [PATCH 3/6] Use private data struct in SELinux driver
- Date: Mon, 14 May 2012 14:43:28 +0100
On Fri, May 11, 2012 at 10:43:38PM -0400, Stefan Berger wrote:
> On 05/11/2012 06:10 AM, Daniel P. Berrange wrote:
> >From: Daniel Walsh<dwalsh redhat com>
> >
> >Currently the SELinux driver stores its state in a set of global
> >variables. This switches it to use a private data struct instead.
> >This will enable different instances to have their own data.
> >
> >Signed-off-by: Daniel P. Berrange<berrange redhat com>
> >---
> >+SELinuxInitialize(virSecurityManagerPtr mgr)
> > {
> [...]
> >- ptr = strchrnul(default_image_context, '\n');
> >- if (*ptr == '\n') {
> >+ ptr = strchrnul(data->file_context, '\n');
> >+ if (ptr&& *ptr == '\n') {
> > *ptr = '\0';
> >- strcpy(default_content_context, ptr+1);
> >- ptr = strchrnul(default_content_context, '\n');
> >- if (*ptr == '\n')
> >+ data->content_context = strdup(ptr+1);
> >+ if (!data->content_context)
> >+ goto error;
>
> virReportOOMError ?
>
> >@@ -264,13 +277,11 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
> > goto cleanup;
> > }
> >
> >- if (!def->seclabel.norelabel) {
> >- def->seclabel.imagelabel = SELinuxGenNewContext(default_image_context, mcs);
> >- if (!def->seclabel.imagelabel) {
> >- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
> >- _("cannot generate selinux context for %s"), mcs);
> >- goto cleanup;
> >- }
> >+ def->seclabel.imagelabel = SELinuxGenNewContext(data->file_context, mcs);
> >+ if (!def->seclabel.imagelabel) {
> >+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
> >+ _("cannot generate selinux context for %s"), mcs);
> >+ goto cleanup;
> > }
>
>
> There was this check if (!def->seclabel.norelabel) that's now gone.
> Was this removed by accident?
Yes & no. It was intentionally removed, but it should have been done in
a separate patch, rather than this one. I'll remove this behaviour
change & re-submit in a seprate patch.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]