security_dac: Label non-listening sockets

SELinux security driver already does that, but DAC driver somehow missed the memo. Let's fix it so it works the same way. Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2024-12-22 13:45:38 +00:00 · 2015-08-13 07:36:30 +02:00 · 2015-08-13 07:36:30 +02:00 · 7b6953bc22
commit 7b6953bc22
parent 4ac6ce38d3
1 changed files with 9 additions and 1 deletions
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@ -789,6 +789,15 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
        ret = 0;
        break;

+    case VIR_DOMAIN_CHR_TYPE_UNIX:
+        if (!dev_source->data.nix.listen) {
+            if (virSecurityDACSetOwnership(dev_source->data.nix.path,
+                                           user, group) < 0)
+                goto done;
+        }
+        ret = 0;
+        break;
+
    case VIR_DOMAIN_CHR_TYPE_SPICEPORT:
    case VIR_DOMAIN_CHR_TYPE_NULL:
    case VIR_DOMAIN_CHR_TYPE_VC:
@ -796,7 +805,6 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
    case VIR_DOMAIN_CHR_TYPE_STDIO:
    case VIR_DOMAIN_CHR_TYPE_UDP:
    case VIR_DOMAIN_CHR_TYPE_TCP:
-    case VIR_DOMAIN_CHR_TYPE_UNIX:
    case VIR_DOMAIN_CHR_TYPE_SPICEVMC:
    case VIR_DOMAIN_CHR_TYPE_NMDM:
    case VIR_DOMAIN_CHR_TYPE_LAST: