[libvirt] [PATCH V3 7/7] security_dac: honor relabel='no' in chardev config
Ján Tomko
jtomko at redhat.com
Fri May 16 11:22:24 UTC 2014
On 05/16/2014 06:16 AM, Jim Fehlig wrote:
> The DAC driver ignores the relabel='no' attribute in chardev config
>
> <serial type='file'>
> <source path='/tmp/jim/test.file'>
> <seclabel model='dac' relabel='no'/>
> </source>
> <target port='0'/>
> </serial>
>
> This patch avoids labeling chardevs when relabel='no' is specified.
>
> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
> Signed-off-by: Jim Fehlig <jfehlig at suse.com>
> ---
> src/security/security_dac.c | 65 ++++++++++++++++++++++++++++++++-------------
> 1 file changed, 46 insertions(+), 19 deletions(-)
>
> diff --git a/src/security/security_dac.c b/src/security/security_dac.c
> index 4434cd0..20f349f 100644
> --- a/src/security/security_dac.c
> +++ b/src/security/security_dac.c
> @@ -705,25 +707,35 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
>
> seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
>
> - if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL))
> - return -1;
> + if (dev)
> + chr_seclabel = virDomainChrDefGetSecurityLabelDef(dev,
> + SECURITY_DAC_NAME);
A check for seclabel->norelabel and chr_seclabel->norelabel is missing here.
>
> - switch ((enum virDomainChrType) dev->type) {
> + if (chr_seclabel && chr_seclabel->label) {
> + if (virParseOwnershipIds(chr_seclabel->label, &user, &group) < 0)
> + return -1;
> + } else {
> + if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < 0)
> + return -1;
> + }
> +
> + switch ((enum virDomainChrType) dev_source->type) {
> case VIR_DOMAIN_CHR_TYPE_DEV:
> case VIR_DOMAIN_CHR_TYPE_FILE:
Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20140516/b7a88288/attachment-0001.sig>
More information about the libvir-list
mailing list