[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] selinux: Fix incorrect file label generation.



On 2012年08月17日 20:53, Viktor Mihajlovski wrote:
This is an ad-hoc fix for the file label generation. It uses the base context
role to determine whether to use the libvirt process context role. If this
is object_r we don't touch it.
It might be better to add a new flag to virSecuritySELinuxGenNewContext that
specifies the context type (process or file) in the future.

Signed-off-by: Viktor Mihajlovski<mihajlov linux vnet ibm com>
---
  src/security/security_selinux.c |    4 +++-
  1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 48fd78b..34b9aad 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -176,7 +176,9 @@ virSecuritySELinuxGenNewContext(const char *basecontext, const char *mcs)
          goto cleanup;
      }

-    if (context_role_set(context,
+    /* don't exchange role context if object_r as this is a file context */
+    if (strcmp("object_r", context_role_get(context))&&

No strcmp directly, it should be STREQ instead. Good to read HACKING
before making patches. :-)

+        context_role_set(context,
                           context_role_get(ourContext)) != 0) {
          virReportSystemError(errno,
                               _("Unable to set SELinux context user '%s'"),


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]