mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-30 09:53:10 +00:00
selinux: Resolve resource leak using the default disk label
Commit id a994ef2d1
changed the mechanism to store/update the default
security label from using disk->seclabels[0] to allocating one on the
fly. That change allocated the label, but never saved it. This patch
will save the label. The new virDomainDiskDefAddSecurityLabelDef() is
a copy of the virDomainDefAddSecurityLabelDef().
This commit is contained in:
parent
e786b57889
commit
05cc035189
@ -16041,26 +16041,51 @@ virDomainDefAddSecurityLabelDef(virDomainDefPtr def, const char *model)
|
||||
{
|
||||
virSecurityLabelDefPtr seclabel = NULL;
|
||||
|
||||
if (VIR_ALLOC(seclabel) < 0) {
|
||||
virReportOOMError();
|
||||
return NULL;
|
||||
}
|
||||
if (VIR_ALLOC(seclabel) < 0)
|
||||
goto no_memory;
|
||||
|
||||
if (model) {
|
||||
seclabel->model = strdup(model);
|
||||
if (seclabel->model == NULL) {
|
||||
virReportOOMError();
|
||||
virSecurityLabelDefFree(seclabel);
|
||||
return NULL;
|
||||
}
|
||||
if (seclabel->model == NULL)
|
||||
goto no_memory;
|
||||
}
|
||||
|
||||
if (VIR_EXPAND_N(def->seclabels, def->nseclabels, 1) < 0) {
|
||||
virReportOOMError();
|
||||
virSecurityLabelDefFree(seclabel);
|
||||
return NULL;
|
||||
}
|
||||
if (VIR_EXPAND_N(def->seclabels, def->nseclabels, 1) < 0)
|
||||
goto no_memory;
|
||||
|
||||
def->seclabels[def->nseclabels - 1] = seclabel;
|
||||
|
||||
return seclabel;
|
||||
|
||||
no_memory:
|
||||
virReportOOMError();
|
||||
virSecurityLabelDefFree(seclabel);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
virSecurityDeviceLabelDefPtr
|
||||
virDomainDiskDefAddSecurityLabelDef(virDomainDiskDefPtr def, const char *model)
|
||||
{
|
||||
virSecurityDeviceLabelDefPtr seclabel = NULL;
|
||||
|
||||
if (VIR_ALLOC(seclabel) < 0)
|
||||
goto no_memory;
|
||||
|
||||
if (model) {
|
||||
seclabel->model = strdup(model);
|
||||
if (seclabel->model == NULL)
|
||||
goto no_memory;
|
||||
}
|
||||
|
||||
if (VIR_EXPAND_N(def->seclabels, def->nseclabels, 1) < 0)
|
||||
goto no_memory;
|
||||
|
||||
def->seclabels[def->nseclabels - 1] = seclabel;
|
||||
|
||||
return seclabel;
|
||||
|
||||
no_memory:
|
||||
virReportOOMError();
|
||||
virSecurityDeviceLabelDefFree(seclabel);
|
||||
return NULL;
|
||||
}
|
||||
|
@ -2222,6 +2222,9 @@ virDomainChrDefGetSecurityLabelDef(virDomainChrDefPtr def, const char *model);
|
||||
virSecurityLabelDefPtr
|
||||
virDomainDefAddSecurityLabelDef(virDomainDefPtr def, const char *model);
|
||||
|
||||
virSecurityDeviceLabelDefPtr
|
||||
virDomainDiskDefAddSecurityLabelDef(virDomainDiskDefPtr def, const char *model);
|
||||
|
||||
typedef const char* (*virEventActionToStringFunc)(int type);
|
||||
typedef int (*virEventActionFromStringFunc)(const char *type);
|
||||
|
||||
|
@ -1095,10 +1095,10 @@ virSecuritySELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
|
||||
if (ret == 1 && !disk_seclabel) {
|
||||
/* If we failed to set a label, but virt_use_nfs let us
|
||||
* proceed anyway, then we don't need to relabel later. */
|
||||
if (VIR_ALLOC(disk_seclabel) < 0) {
|
||||
virReportOOMError();
|
||||
disk_seclabel =
|
||||
virDomainDiskDefAddSecurityLabelDef(disk, SECURITY_SELINUX_NAME);
|
||||
if (!disk_seclabel)
|
||||
return -1;
|
||||
}
|
||||
disk_seclabel->norelabel = true;
|
||||
ret = 0;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user