External/libvirt
1
0
Fork 0
Code

security_dac: Resolve virSecurityDACSetOwnershipInternal const correctness

Browse Source 
The code at the very bottom of the DAC secdriver that calls
chown() should be fine with read-only data. If something needs to
be prepared it should have been done beforehand.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
Michal Privoznik 2016-12-14 15:25:22 +01:00
parent feeaa015c1
commit 39779eb195
10 changed files with 30 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/qemu/qemu_driver.c
View File

@ -329,10 +329,11 @@ qemuAutostartDomains(virQEMUDriverPtr driver)
static int static int
qemuSecurityChownCallback(virStorageSourcePtr src, qemuSecurityChownCallback(const virStorageSource *src,
uid_t uid, uid_t uid,
gid_t gid) gid_t gid)
{ {
virStorageSourcePtr cpy = NULL;
struct stat sb; struct stat sb;
int save_errno = 0; int save_errno = 0;
int ret = -1; int ret = -1;
@ -354,22 +355,28 @@ qemuSecurityChownCallback(virStorageSourcePtr src,
} }
} }
return chown(src->path, uid, gid); if (chown(src->path, uid, gid) < 0)
} goto cleanup;
} else {
if (!(cpy = virStorageSourceCopy(src, false)))
goto cleanup;
/* storage file init reports errors, return -2 on failure */ /* src file init reports errors, return -2 on failure */
if (virStorageFileInit(src) < 0) if (virStorageFileInit(cpy) < 0) {
return -2; ret = -2;
goto cleanup;
}
if (virStorageFileChown(src, uid, gid) < 0) { if (virStorageFileChown(cpy, uid, gid) < 0)
save_errno = errno; goto cleanup;
goto cleanup;
} }
ret = 0; ret = 0;
cleanup: cleanup:
virStorageFileDeinit(src); save_errno = errno;
virStorageFileDeinit(cpy);
virStorageSourceFree(cpy);
errno = save_errno; errno = save_errno;
return ret; return ret;

4
src/security/security_dac.c
View File

@ -279,8 +279,8 @@ virSecurityDACPreFork(virSecurityManagerPtr mgr)
} }
static int static int
virSecurityDACSetOwnershipInternal(virSecurityDACDataPtr priv, virSecurityDACSetOwnershipInternal(const virSecurityDACData *priv,
virStorageSourcePtr src, const virStorageSource *src,
const char *path, const char *path,
uid_t uid, uid_t uid,
gid_t gid) gid_t gid)

2
src/security/security_manager.h
View File

@ -62,7 +62,7 @@ int virSecurityManagerStackAddNested(virSecurityManagerPtr stack,
* @src. The callback shall return 0 on success, -1 on error and errno set (no * @src. The callback shall return 0 on success, -1 on error and errno set (no
* libvirt error reported) OR -2 and a libvirt error reported. */ * libvirt error reported) OR -2 and a libvirt error reported. */
typedef int typedef int
(*virSecurityManagerDACChownCallback)(virStorageSourcePtr src, (*virSecurityManagerDACChownCallback)(const virStorageSource *src,
uid_t uid, uid_t uid,
gid_t gid); gid_t gid);

2
src/storage/storage_backend.h
View File

@ -285,7 +285,7 @@ typedef int
int mode); int mode);
typedef int typedef int
(*virStorageFileBackendChown)(virStorageSourcePtr src, (*virStorageFileBackendChown)(const virStorageSource *src,
uid_t uid, uid_t uid,
gid_t gid); gid_t gid);

2
src/storage/storage_backend_fs.c
View File

@ -1600,7 +1600,7 @@ virStorageFileBackendFileAccess(virStorageSourcePtr src,
static int static int
virStorageFileBackendFileChown(virStorageSourcePtr src, virStorageFileBackendFileChown(const virStorageSource *src,
uid_t uid, uid_t uid,
gid_t gid) gid_t gid)
{ {

2
src/storage/storage_backend_gluster.c
View File

@ -809,7 +809,7 @@ virStorageFileBackendGlusterGetUniqueIdentifier(virStorageSourcePtr src)
static int static int
virStorageFileBackendGlusterChown(virStorageSourcePtr src, virStorageFileBackendGlusterChown(const virStorageSource *src,
uid_t uid, uid_t uid,
gid_t gid) gid_t gid)
{ {

6
src/storage/storage_driver.c
View File

@ -2848,7 +2848,7 @@ int storageRegister(void)
/* ----------- file handlers cooperating with storage driver --------------- */ /* ----------- file handlers cooperating with storage driver --------------- */
static bool static bool
virStorageFileIsInitialized(virStorageSourcePtr src) virStorageFileIsInitialized(const virStorageSource *src)
{ {
return src && src->drv; return src && src->drv;
} }
@ -2888,7 +2888,7 @@ virStorageFileSupportsBackingChainTraversal(virStorageSourcePtr src)
* driver to perform labelling * driver to perform labelling
*/ */
bool bool
virStorageFileSupportsSecurityDriver(virStorageSourcePtr src) virStorageFileSupportsSecurityDriver(const virStorageSource *src)
{ {
int actualType; int actualType;
virStorageFileBackendPtr backend; virStorageFileBackendPtr backend;
@ -3179,7 +3179,7 @@ virStorageFileAccess(virStorageSourcePtr src,
* by libvirt storage backend. * by libvirt storage backend.
*/ */
int int
virStorageFileChown(virStorageSourcePtr src, virStorageFileChown(const virStorageSource *src,
uid_t uid, uid_t uid,
gid_t gid) gid_t gid)
{ {

4
src/storage/storage_driver.h
View File

@ -44,9 +44,9 @@ ssize_t virStorageFileReadHeader(virStorageSourcePtr src,
char **buf); char **buf);
const char *virStorageFileGetUniqueIdentifier(virStorageSourcePtr src); const char *virStorageFileGetUniqueIdentifier(virStorageSourcePtr src);
int virStorageFileAccess(virStorageSourcePtr src, int mode); int virStorageFileAccess(virStorageSourcePtr src, int mode);
int virStorageFileChown(virStorageSourcePtr src, uid_t uid, gid_t gid); int virStorageFileChown(const virStorageSource *src, uid_t uid, gid_t gid);
bool virStorageFileSupportsSecurityDriver(virStorageSourcePtr src); bool virStorageFileSupportsSecurityDriver(const virStorageSource *src);
int virStorageFileGetMetadata(virStorageSourcePtr src, int virStorageFileGetMetadata(virStorageSourcePtr src,
uid_t uid, gid_t gid, uid_t uid, gid_t gid,

2
src/util/virstoragefile.c
View File

@ -2082,7 +2082,7 @@ virStorageSourceGetActualType(const virStorageSource *def)
bool bool
virStorageSourceIsLocalStorage(virStorageSourcePtr src) virStorageSourceIsLocalStorage(const virStorageSource *src)
{ {
virStorageType type = virStorageSourceGetActualType(src); virStorageType type = virStorageSourceGetActualType(src);

2
src/util/virstoragefile.h
View File

@ -349,7 +349,7 @@ int virStorageSourceInitChainElement(virStorageSourcePtr newelem,
void virStorageSourcePoolDefFree(virStorageSourcePoolDefPtr def); void virStorageSourcePoolDefFree(virStorageSourcePoolDefPtr def);
void virStorageSourceClear(virStorageSourcePtr def); void virStorageSourceClear(virStorageSourcePtr def);
int virStorageSourceGetActualType(const virStorageSource *def); int virStorageSourceGetActualType(const virStorageSource *def);
bool virStorageSourceIsLocalStorage(virStorageSourcePtr src); bool virStorageSourceIsLocalStorage(const virStorageSource *src);
bool virStorageSourceIsEmpty(virStorageSourcePtr src); bool virStorageSourceIsEmpty(virStorageSourcePtr src);
bool virStorageSourceIsBlockLocal(const virStorageSource *src); bool virStorageSourceIsBlockLocal(const virStorageSource *src);
void virStorageSourceFree(virStorageSourcePtr def); void virStorageSourceFree(virStorageSourcePtr def);