selinux: Resolve resource leak using the default disk label

Commit id a994ef2d1 changed the mechanism to store/update the default
security label from using disk->seclabels[0] to allocating one on the
fly. That change allocated the label, but never saved it.  This patch
will save the label. The new virDomainDiskDefAddSecurityLabelDef() is
a copy of the virDomainDefAddSecurityLabelDef().
This commit is contained in:
John Ferlan 2013-01-18 09:34:13 -05:00 committed by Peter Krempa
parent e786b57889
commit 05cc035189
3 changed files with 45 additions and 17 deletions

View File

@ -16041,26 +16041,51 @@ virDomainDefAddSecurityLabelDef(virDomainDefPtr def, const char *model)
{
virSecurityLabelDefPtr seclabel = NULL;
if (VIR_ALLOC(seclabel) < 0) {
virReportOOMError();
return NULL;
}
if (VIR_ALLOC(seclabel) < 0)
goto no_memory;
if (model) {
seclabel->model = strdup(model);
if (seclabel->model == NULL) {
virReportOOMError();
virSecurityLabelDefFree(seclabel);
return NULL;
}
if (seclabel->model == NULL)
goto no_memory;
}
if (VIR_EXPAND_N(def->seclabels, def->nseclabels, 1) < 0) {
virReportOOMError();
virSecurityLabelDefFree(seclabel);
return NULL;
}
if (VIR_EXPAND_N(def->seclabels, def->nseclabels, 1) < 0)
goto no_memory;
def->seclabels[def->nseclabels - 1] = seclabel;
return seclabel;
no_memory:
virReportOOMError();
virSecurityLabelDefFree(seclabel);
return NULL;
}
virSecurityDeviceLabelDefPtr
virDomainDiskDefAddSecurityLabelDef(virDomainDiskDefPtr def, const char *model)
{
virSecurityDeviceLabelDefPtr seclabel = NULL;
if (VIR_ALLOC(seclabel) < 0)
goto no_memory;
if (model) {
seclabel->model = strdup(model);
if (seclabel->model == NULL)
goto no_memory;
}
if (VIR_EXPAND_N(def->seclabels, def->nseclabels, 1) < 0)
goto no_memory;
def->seclabels[def->nseclabels - 1] = seclabel;
return seclabel;
no_memory:
virReportOOMError();
virSecurityDeviceLabelDefFree(seclabel);
return NULL;
}

View File

@ -2222,6 +2222,9 @@ virDomainChrDefGetSecurityLabelDef(virDomainChrDefPtr def, const char *model);
virSecurityLabelDefPtr
virDomainDefAddSecurityLabelDef(virDomainDefPtr def, const char *model);
virSecurityDeviceLabelDefPtr
virDomainDiskDefAddSecurityLabelDef(virDomainDiskDefPtr def, const char *model);
typedef const char* (*virEventActionToStringFunc)(int type);
typedef int (*virEventActionFromStringFunc)(const char *type);

View File

@ -1095,10 +1095,10 @@ virSecuritySELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
if (ret == 1 && !disk_seclabel) {
/* If we failed to set a label, but virt_use_nfs let us
* proceed anyway, then we don't need to relabel later. */
if (VIR_ALLOC(disk_seclabel) < 0) {
virReportOOMError();
disk_seclabel =
virDomainDiskDefAddSecurityLabelDef(disk, SECURITY_SELINUX_NAME);
if (!disk_seclabel)
return -1;
}
disk_seclabel->norelabel = true;
ret = 0;
}