External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-22 19:32:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

security_util: verify xattrs only if ref is present

Browse Source 
After 7cfb7aab573 commit starting a domain pullutes logs with
warnings like [1]. The reason is resource files do not
have timestamp before starting a domain and after destroying
domain the timestamp is cleared. Let's check the timestamp
only if attribute with refcounter is found.

[1] warning : virSecurityValidateTimestamp:198 : Invalid XATTR timestamp detected on \
    /some/path secdriver=dac

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
Nikolay Shirokovskiy 2019-08-28 13:21:02 +03:00 committed by Michal Privoznik
parent fc178215f9
commit 7c40211a5a
1 changed files with 28 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
src/security/security_util.c
View File

@ -269,13 +269,9 @@ virSecurityGetRememberedLabel(const char *name,
VIR_AUTOFREE(char *) attr_name = NULL; VIR_AUTOFREE(char *) attr_name = NULL;
VIR_AUTOFREE(char *) value = NULL; VIR_AUTOFREE(char *) value = NULL;
unsigned int refcount = 0; unsigned int refcount = 0;
int rc;
*label = NULL; *label = NULL;
if ((rc = virSecurityValidateTimestamp(name, path)) < 0)
return rc;
if (!(ref_name = virSecurityGetRefCountAttrName(name))) if (!(ref_name = virSecurityGetRefCountAttrName(name)))
return -1; return -1;
@ -290,6 +286,20 @@ virSecurityGetRememberedLabel(const char *name,
return -1; return -1;
} }
if (value) {
int rc;
/* Do this after we've tried to get refcounter to ensure underlying FS
* supports XATTRs and @path has refcounter attribute set, because
* validator might throws a warning. */
if ((rc = virSecurityValidateTimestamp(name, path)) < 0)
return rc;
/* Invalid label is like a non-existent one */
if (rc == 1)
return -2;
}
if (virStrToLong_ui(value, NULL, 10, &refcount) < 0) { if (virStrToLong_ui(value, NULL, 10, &refcount) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("malformed refcount %s on %s"), _("malformed refcount %s on %s"),
@ -357,10 +367,6 @@ virSecuritySetRememberedLabel(const char *name,
VIR_AUTOFREE(char *) attr_name = NULL; VIR_AUTOFREE(char *) attr_name = NULL;
VIR_AUTOFREE(char *) value = NULL; VIR_AUTOFREE(char *) value = NULL;
unsigned int refcount = 0; unsigned int refcount = 0;
int rc;
if ((rc = virSecurityValidateTimestamp(name, path)) < 0)
return rc;
if (!(ref_name = virSecurityGetRefCountAttrName(name))) if (!(ref_name = virSecurityGetRefCountAttrName(name)))
return -1; return -1;
@ -377,6 +383,20 @@ virSecuritySetRememberedLabel(const char *name,
} }
} }
if (value) {
int rc;
/* Do this after we've tried to get refcounter to ensure underlying FS
* supports XATTRs and @path has refcounter attribute set, because
* validator might throws a warning. */
if ((rc = virSecurityValidateTimestamp(name, path)) < 0)
return rc;
/* Invalid label is like a non-existent one */
if (rc == 1)
VIR_FREE(value);
}
if (value && if (value &&
virStrToLong_ui(value, NULL, 10, &refcount) < 0) { virStrToLong_ui(value, NULL, 10, &refcount) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,