libvirt_recover_xattrs: Use only the correct xattr prefix

Linux and FreeBSD have different prefix. In the current state we've tried to reset the labels for both systems which resulted in errors like this: Fixing /tmp/bitmaps2.qcow2 setfattr: /tmp/bitmaps2.qcow2: Operation not supported setfattr: /tmp/bitmaps2.qcow2: Operation not supported setfattr: /tmp/bitmaps2.qcow2: Operation not supported setfattr: /tmp/bitmaps2.qcow2: Operation not supported setfattr: /tmp/bitmaps2.qcow2: Operation not supported setfattr: /tmp/bitmaps2.qcow2: Operation not supported The 6 failed 'setfattrs' correspond to the wrong prefix. Select the correct prefix based on the kernel name and modify the code appropriately. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2025-02-01 17:35:17 +00:00 · 2020-12-02 10:24:21 +01:00 · 2020-12-02 10:24:21 +01:00 · 5377177f80
commit 5377177f80
parent 7b6bc11f65
1 changed files with 27 additions and 21 deletions
--- a/tools/libvirt_recover_xattrs.sh
+++ b/tools/libvirt_recover_xattrs.sh
@ -29,11 +29,6 @@ DIR="/"
 URI=("qemu:///system"
     "lxc:///system")

-# On Linux we use 'trusted' namespace, on FreeBSD we use 'system'
-# as there is no 'trusted'.
-LIBVIRT_XATTR_PREFIXES=("trusted.libvirt.security"
-                        "system.libvirt.security")
-
 if [ $(whoami) != "root" ]; then
    die "Must be run as root"
 fi
@ -62,6 +57,21 @@ if [ $# -gt 0 ]; then
    DIR=$1
 fi

+case $(uname -s) in
+    Linux)
+        XATTR_PREFIX="trusted.libvirt.security"
+        ;;
+
+    FreeBSD)
+        XATTR_PREFIX="system.libvirt.security"
+        ;;
+
+    *)
+        die "$0 is not supported on this platform"
+        ;;
+esac
+
+
 if [ ${DRY_RUN} -eq 0 ]; then
    for u in ${URI[*]} ; do
        if [ -n "`virsh -q -c $u list 2>/dev/null`" ]; then
@ -73,24 +83,20 @@ fi

 declare -a XATTRS
 for i in "dac" "selinux"; do
-    for p in ${LIBVIRT_XATTR_PREFIXES[@]}; do
-        XATTRS+=("$p.$i" "$p.ref_$i" "$p.timestamp_$i")
-    done
+    XATTRS+=("$XATTR_PREFIX.$i" "$XATTR_PREFIX.ref_$i" "$XATTR_PREFIX.timestamp_$i")
 done

-for p in ${LIBVIRT_XATTR_PREFIXES[*]}; do
-    for i in $(getfattr -R -d -m ${p} --absolute-names ${DIR} 2>/dev/null | grep "^# file:" | cut -d':' -f 2); do
-        echo $i;
-        if [ ${DRY_RUN} -ne 0 ]; then
-            getfattr -d -m $p --absolute-names $i | grep -v "^# file:"
-            continue
-        fi

-        if [ ${QUIET} -eq 0 ]; then
-            echo "Fixing $i";
-        fi
-        for x in ${XATTRS[*]}; do
-            setfattr -x $x $i
-        done
+for i in $(getfattr -R -d -m ${XATTR_PREFIX} --absolute-names ${DIR} 2>/dev/null | grep "^# file:" | cut -d':' -f 2); do
+    if [ ${DRY_RUN} -ne 0 ]; then
+        getfattr -d -m $p --absolute-names $i | grep -v "^# file:"
+        continue
+    fi
+
+    if [ ${QUIET} -eq 0 ]; then
+        echo "Fixing $i";
+    fi
+    for x in ${XATTRS[*]}; do
+        setfattr -x $x $i
    done
 done