External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-07 17:28:15 +00:00
Code

security: selinux: Pass parent storage source into image labeling helper

Browse Source 
virSecuritySELinuxSetImageLabelInternal assigns different labels to
backing chain members than to the parent image. This was done via the
'first' flag. Convert it to passing in pointer to the parent
virStorageSource. This will allow us to use the parent virStorageSource
in further changes.
This commit is contained in:
Peter Krempa 2017-10-17 07:25:51 +02:00
parent b4daf6af9a
commit 023da7ddbd
1 changed files with 4 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/security/security_selinux.c
View File

@ -1592,7 +1592,7 @@ static int
virSecuritySELinuxSetImageLabelInternal(virSecurityManagerPtr mgr, virSecuritySELinuxSetImageLabelInternal(virSecurityManagerPtr mgr,
virDomainDefPtr def, virDomainDefPtr def,
virStorageSourcePtr src, virStorageSourcePtr src,
bool first) virStorageSourcePtr parent)
{ {
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr); virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
virSecurityLabelDefPtr secdef; virSecurityLabelDefPtr secdef;
@ -1614,7 +1614,7 @@ virSecuritySELinuxSetImageLabelInternal(virSecurityManagerPtr mgr,
if (disk_seclabel && disk_seclabel->relabel && disk_seclabel->label) { if (disk_seclabel && disk_seclabel->relabel && disk_seclabel->label) {
ret = virSecuritySELinuxSetFilecon(mgr, src->path, disk_seclabel->label); ret = virSecuritySELinuxSetFilecon(mgr, src->path, disk_seclabel->label);
} else if (first) { } else if (!parent || parent == src) {
if (src->shared) { if (src->shared) {
ret = virSecuritySELinuxSetFileconOptional(mgr, ret = virSecuritySELinuxSetFileconOptional(mgr,
src->path, src->path,
@ -1660,7 +1660,7 @@ virSecuritySELinuxSetImageLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def, virDomainDefPtr def,
virStorageSourcePtr src) virStorageSourcePtr src)
{ {
return virSecuritySELinuxSetImageLabelInternal(mgr, def, src, true); return virSecuritySELinuxSetImageLabelInternal(mgr, def, src, NULL);
} }
@ -1670,14 +1670,11 @@ virSecuritySELinuxSetDiskLabel(virSecurityManagerPtr mgr,
virDomainDiskDefPtr disk) virDomainDiskDefPtr disk)
{ {
bool first = true;
virStorageSourcePtr next; virStorageSourcePtr next;
for (next = disk->src; virStorageSourceIsBacking(next); next = next->backingStore) { for (next = disk->src; virStorageSourceIsBacking(next); next = next->backingStore) {
if (virSecuritySELinuxSetImageLabelInternal(mgr, def, next, first) < 0) if (virSecuritySELinuxSetImageLabelInternal(mgr, def, next, disk->src) < 0)
return -1; return -1;
first = false;
} }
return 0; return 0;