mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-09-18 21:51:05 +00:00
security: Set seclabels for pstore device
The acpi-erst backend for pstore device exposes a path in the host accessible to the guest and as such we must set seclabels on it to grant QEMU RW access. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Kristina Hanicova <khanicov@redhat.com>
This commit is contained in:
parent
3cfe4caa0a
commit
9faa615384
@ -1995,6 +1995,10 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr,
|
|||||||
virSecurityDACRestoreFileLabel(mgr, def->os.slic_table) < 0)
|
virSecurityDACRestoreFileLabel(mgr, def->os.slic_table) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
|
|
||||||
|
if (def->pstore &&
|
||||||
|
virSecurityDACRestoreFileLabel(mgr, def->pstore->path) < 0)
|
||||||
|
rc = -1;
|
||||||
|
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2240,6 +2244,12 @@ virSecurityDACSetAllLabel(virSecurityManager *mgr,
|
|||||||
user, group, true) < 0)
|
user, group, true) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
|
if (def->pstore &&
|
||||||
|
virSecurityDACSetOwnership(mgr, NULL,
|
||||||
|
def->pstore->path,
|
||||||
|
user, group, true) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2911,6 +2911,10 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManager *mgr,
|
|||||||
virSecuritySELinuxRestoreFileLabel(mgr, def->os.slic_table, true) < 0)
|
virSecuritySELinuxRestoreFileLabel(mgr, def->os.slic_table, true) < 0)
|
||||||
rc = -1;
|
rc = -1;
|
||||||
|
|
||||||
|
if (def->pstore &&
|
||||||
|
virSecuritySELinuxRestoreFileLabel(mgr, def->pstore->path, true) < 0)
|
||||||
|
rc = -1;
|
||||||
|
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3335,6 +3339,11 @@ virSecuritySELinuxSetAllLabel(virSecurityManager *mgr,
|
|||||||
data->content_context, true) < 0)
|
data->content_context, true) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
|
if (def->pstore &&
|
||||||
|
virSecuritySELinuxSetFilecon(mgr, def->pstore->path,
|
||||||
|
data->content_context, true) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1002,6 +1002,10 @@ get_files(vahControl * ctl)
|
|||||||
if (vah_add_file(&buf, ctl->def->os.slic_table, "r") != 0)
|
if (vah_add_file(&buf, ctl->def->os.slic_table, "r") != 0)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
|
if (ctl->def->pstore)
|
||||||
|
if (vah_add_file(&buf, ctl->def->pstore->path, "rw") != 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if (ctl->def->os.loader && ctl->def->os.loader->path) {
|
if (ctl->def->os.loader && ctl->def->os.loader->path) {
|
||||||
bool readonly = false;
|
bool readonly = false;
|
||||||
virTristateBoolToBool(ctl->def->os.loader->readonly, &readonly);
|
virTristateBoolToBool(ctl->def->os.loader->readonly, &readonly);
|
||||||
|
Loading…
Reference in New Issue
Block a user