External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-06 03:39:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

selinux: Resolve resource leak using the default disk label

Browse Source 
Commit id a994ef2d1 changed the mechanism to store/update the default
security label from using disk->seclabels[0] to allocating one on the
fly. That change allocated the label, but never saved it.  This patch
will save the label. The new virDomainDiskDefAddSecurityLabelDef() is
a copy of the virDomainDefAddSecurityLabelDef().
(cherry picked from commit 05cc03518987fa0f8399930d14c1d635591ca49b)

Conflicts:
	src/conf/domain_conf.h
This commit is contained in:
John Ferlan 2013-01-18 09:34:13 -05:00 committed by Cole Robinson
parent f104a2a6b3
commit 8cdeb0f85e
3 changed files with 45 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
src/conf/domain_conf.c
View File

@ -15389,26 +15389,51 @@ virDomainDefAddSecurityLabelDef(virDomainDefPtr def, const char *model)
{ {
virSecurityLabelDefPtr seclabel = NULL; virSecurityLabelDefPtr seclabel = NULL;
if (VIR_ALLOC(seclabel) < 0) { if (VIR_ALLOC(seclabel) < 0)
virReportOOMError(); goto no_memory;
return NULL;
}
if (model) { if (model) {
seclabel->model = strdup(model); seclabel->model = strdup(model);
if (seclabel->model == NULL) { if (seclabel->model == NULL)
virReportOOMError(); goto no_memory;
virSecurityLabelDefFree(seclabel);
return NULL;
}
} }
if (VIR_EXPAND_N(def->seclabels, def->nseclabels, 1) < 0) { if (VIR_EXPAND_N(def->seclabels, def->nseclabels, 1) < 0)
virReportOOMError(); goto no_memory;
virSecurityLabelDefFree(seclabel);
return NULL;
}
def->seclabels[def->nseclabels - 1] = seclabel; def->seclabels[def->nseclabels - 1] = seclabel;
return seclabel; return seclabel;
no_memory:
virReportOOMError();
virSecurityLabelDefFree(seclabel);
return NULL;
}
virSecurityDeviceLabelDefPtr
virDomainDiskDefAddSecurityLabelDef(virDomainDiskDefPtr def, const char *model)
{
virSecurityDeviceLabelDefPtr seclabel = NULL;
if (VIR_ALLOC(seclabel) < 0)
goto no_memory;
if (model) {
seclabel->model = strdup(model);
if (seclabel->model == NULL)
goto no_memory;
}
if (VIR_EXPAND_N(def->seclabels, def->nseclabels, 1) < 0)
goto no_memory;
def->seclabels[def->nseclabels - 1] = seclabel;
return seclabel;
no_memory:
virReportOOMError();
virSecurityDeviceLabelDefFree(seclabel);
return NULL;
} }

3
src/conf/domain_conf.h
View File

@ -2144,6 +2144,9 @@ virDomainChrDefGetSecurityLabelDef(virDomainChrDefPtr def, const char *model);
virSecurityLabelDefPtr virSecurityLabelDefPtr
virDomainDefAddSecurityLabelDef(virDomainDefPtr def, const char *model); virDomainDefAddSecurityLabelDef(virDomainDefPtr def, const char *model);
virSecurityDeviceLabelDefPtr
virDomainDiskDefAddSecurityLabelDef(virDomainDiskDefPtr def, const char *model);
typedef const char* (*virLifecycleToStringFunc)(int type); typedef const char* (*virLifecycleToStringFunc)(int type);
typedef int (*virLifecycleFromStringFunc)(const char *type); typedef int (*virLifecycleFromStringFunc)(const char *type);

6
src/security/security_selinux.c
View File

@ -1050,10 +1050,10 @@ virSecuritySELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk,
if (ret == 1 && !disk_seclabel) { if (ret == 1 && !disk_seclabel) {
/* If we failed to set a label, but virt_use_nfs let us /* If we failed to set a label, but virt_use_nfs let us
* proceed anyway, then we don't need to relabel later. */ * proceed anyway, then we don't need to relabel later. */
if (VIR_ALLOC(disk_seclabel) < 0) { disk_seclabel =
virReportOOMError(); virDomainDiskDefAddSecurityLabelDef(disk, SECURITY_SELINUX_NAME);
if (!disk_seclabel)
return -1; return -1;
}
disk_seclabel->norelabel = true; disk_seclabel->norelabel = true;
ret = 0; ret = 0;
} }