mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-03-07 17:28:15 +00:00
security_dac: Restore label on failed chown() attempt
It's important to keep XATTRs untouched (well, in the same state they were in when entering the function). Otherwise our refcounting would be messed up. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
parent
f9a0019fea
commit
86def3c88c
@ -718,7 +718,25 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr,
|
||||
VIR_INFO("Setting DAC user and group on '%s' to '%ld:%ld'",
|
||||
NULLSTR(src ? src->path : path), (long)uid, (long)gid);
|
||||
|
||||
return virSecurityDACSetOwnershipInternal(priv, src, path, uid, gid);
|
||||
if (virSecurityDACSetOwnershipInternal(priv, src, path, uid, gid) < 0) {
|
||||
virErrorPtr origerr;
|
||||
|
||||
virErrorPreserveLast(&origerr);
|
||||
/* Try to restore the label. This is done so that XATTRs
|
||||
* are left in the same state as when the control entered
|
||||
* this function. However, if our attempt fails, there's
|
||||
* not much we can do. XATTRs refcounting is fubar'ed and
|
||||
* the only option we have is warn users. */
|
||||
if (virSecurityDACRestoreFileLabelInternal(mgr, src, path) < 0)
|
||||
VIR_WARN("Unable to restore label on '%s'. "
|
||||
"XATTRs might have been left in inconsistent state.",
|
||||
NULLSTR(src ? src->path : path));
|
||||
|
||||
virErrorRestore(&origerr);
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user