mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-11 15:27:47 +00:00
Avoid segfault in virt-aa-helper when handling read-only filesystems
This patch fixes a segfault in virt-aa-helper caused by attempting to modify a static string literal. It is triggered when a domain has a <filesystem> with type='mount' configured read-only and libvirt is using the AppArmor security driver for sVirt confinement. An "R" is passed into the function and converted to 'r'.
This commit is contained in:
parent
ed8ba91ef2
commit
b3c1bcb9fd
@ -740,6 +740,7 @@ vah_add_path(virBufferPtr buf, const char *path, const char *perms, bool recursi
|
|||||||
bool readonly = true;
|
bool readonly = true;
|
||||||
bool explicit_deny_rule = true;
|
bool explicit_deny_rule = true;
|
||||||
char *sub = NULL;
|
char *sub = NULL;
|
||||||
|
char *perms_new = NULL;
|
||||||
|
|
||||||
if (path == NULL)
|
if (path == NULL)
|
||||||
return rc;
|
return rc;
|
||||||
@ -764,12 +765,15 @@ vah_add_path(virBufferPtr buf, const char *path, const char *perms, bool recursi
|
|||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (strchr(perms, 'w') != NULL) {
|
if (VIR_STRDUP_QUIET(perms_new, perms) < 0)
|
||||||
|
goto clean;
|
||||||
|
|
||||||
|
if (strchr(perms_new, 'w') != NULL) {
|
||||||
readonly = false;
|
readonly = false;
|
||||||
explicit_deny_rule = false;
|
explicit_deny_rule = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((sub = strchr(perms, 'R')) != NULL) {
|
if ((sub = strchr(perms_new, 'R')) != NULL) {
|
||||||
/* Don't write the invalid R permission, replace it with 'r' */
|
/* Don't write the invalid R permission, replace it with 'r' */
|
||||||
sub[0] = 'r';
|
sub[0] = 'r';
|
||||||
explicit_deny_rule = false;
|
explicit_deny_rule = false;
|
||||||
@ -787,7 +791,8 @@ vah_add_path(virBufferPtr buf, const char *path, const char *perms, bool recursi
|
|||||||
if (tmp[strlen(tmp) - 1] == '/')
|
if (tmp[strlen(tmp) - 1] == '/')
|
||||||
tmp[strlen(tmp) - 1] = '\0';
|
tmp[strlen(tmp) - 1] = '\0';
|
||||||
|
|
||||||
virBufferAsprintf(buf, " \"%s%s\" %s,\n", tmp, recursive ? "/**" : "", perms);
|
virBufferAsprintf(buf, " \"%s%s\" %s,\n", tmp, recursive ? "/**" : "",
|
||||||
|
perms_new);
|
||||||
if (explicit_deny_rule) {
|
if (explicit_deny_rule) {
|
||||||
virBufferAddLit(buf, " # don't audit writes to readonly files\n");
|
virBufferAddLit(buf, " # don't audit writes to readonly files\n");
|
||||||
virBufferAsprintf(buf, " deny \"%s%s\" w,\n", tmp, recursive ? "/**" : "");
|
virBufferAsprintf(buf, " deny \"%s%s\" w,\n", tmp, recursive ? "/**" : "");
|
||||||
@ -798,6 +803,7 @@ vah_add_path(virBufferPtr buf, const char *path, const char *perms, bool recursi
|
|||||||
}
|
}
|
||||||
|
|
||||||
cleanup:
|
cleanup:
|
||||||
|
VIR_FREE(perms_new);
|
||||||
VIR_FREE(tmp);
|
VIR_FREE(tmp);
|
||||||
|
|
||||||
return rc;
|
return rc;
|
||||||
|
Loading…
Reference in New Issue
Block a user