virSecurityDACRestoreAllLabel: Restore more labels

We are setting label on kernel, initrd, dtb and slic_table files. But we never restored it. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-07-31 05:57:16 +00:00 · 2018-09-25 13:34:43 +02:00 · 2018-09-25 13:34:43 +02:00 · a30e6d17c9
commit a30e6d17c9
parent 08e3b1c0dc
1 changed files with 16 additions and 0 deletions
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@ -1719,6 +1719,22 @@ virSecurityDACRestoreAllLabel(virSecurityManagerPtr mgr,
        virSecurityDACRestoreFileLabel(mgr, def->os.loader->nvram) < 0)
        rc = -1;

+    if (def->os.kernel &&
+        virSecurityDACRestoreFileLabel(mgr, def->os.kernel) < 0)
+        rc = -1;
+
+    if (def->os.initrd &&
+        virSecurityDACRestoreFileLabel(mgr, def->os.initrd) < 0)
+        rc = -1;
+
+    if (def->os.dtb &&
+        virSecurityDACRestoreFileLabel(mgr, def->os.dtb) < 0)
+        rc = -1;
+
+    if (def->os.slic_table &&
+        virSecurityDACRestoreFileLabel(mgr, def->os.slic_table) < 0)
+        rc = -1;
+
    return rc;
 }