Fix off-by-1 in default SELinux MCS range

For a while we're have random failures of 'securityselinuxtest'
which were not at all reproducible. Fortunately we finally
caught a failure with VIR_TEST_DEBUG=1 enabled. This revealed

TEST: securityselinuxtest
 1) GenLabel "dynamic unconfined, s0, c0.c1023"                       ... OK
 2) GenLabel "dynamic unconfined, s0, c0.c1023"                       ... OK
 3) GenLabel "dynamic unconfined, s0, c0.c1023"                       ... OK
 4) GenLabel "dynamic virtd, s0, c0.c1023"                            ... OK
 5) GenLabel "dynamic virtd, s0, c0.c10"                              ... OK
 6) GenLabel "dynamic virtd, s2-s3, c0.c1023"                         ... OK
 7) GenLabel "dynamic virtd, missing range"                           ... Category two 1024 is out of range 0-1023
FAILED
FAIL: securityselinuxtest

And sure enough we had an off-by-1 in the MCS range code when
the current process has no range set. The test suite randomly
allocates 2 categories from 0->1024 so the chances of hitting
this in the test suite were slim indeed :-)

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2013-11-19 17:45:59 +00:00
parent caaeb691a3
commit 2b510e4903

View File

@ -218,10 +218,10 @@ virSecuritySELinuxMCSGetProcessRange(char **sens,
*tmp = '\0';
/* sens now just contains the sensitivity lower bound */
/* If there was no category part, just assume c0.c1024 */
/* If there was no category part, just assume c0.c1023 */
if (!cat) {
*catMin = 0;
*catMax = 1024;
*catMax = 1023;
ret = 0;
goto cleanup;
}