External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-07 17:28:15 +00:00
Code

Pull code which finds a free MCS label out into its own method

Browse Source 
The code for picking a MCS label is about to get significantly
more complicated, so it deserves to be in a standlone method,
instead of a switch/case body.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2012-08-09 17:43:12 +01:00
parent b77e9814e4
commit b6e66cb6dd
1 changed files with 46 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
src/security/security_selinux.c
View File

@ -98,6 +98,48 @@ virSecuritySELinuxMCSRemove(virSecurityManagerPtr mgr,
virHashRemoveEntry(data->mcs, mcs); virHashRemoveEntry(data->mcs, mcs);
} }
static char *
virSecuritySELinuxMCSFind(virSecurityManagerPtr mgr)
{
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
int c1 = 0;
int c2 = 0;
char *mcs = NULL;
for (;;) {
c1 = virRandomBits(10);
c2 = virRandomBits(10);
if (c1 == c2) {
if (virAsprintf(&mcs, "s0:c%d", c1) < 0) {
virReportOOMError();
return NULL;
}
} else {
if (c1 > c2) {
int t = c1;
c1 = c2;
c2 = t;
}
if (virAsprintf(&mcs, "s0:c%d,c%d", c1, c2) < 0) {
virReportOOMError();
return NULL;
}
}
if (virHashLookup(data->mcs, mcs) == NULL)
goto cleanup;
VIR_FREE(mcs);
}
cleanup:
VIR_DEBUG("Found context '%s'", NULLSTR(mcs));
return mcs;
}
static char * static char *
virSecuritySELinuxGenNewContext(const char *basecontext, const char *mcs) virSecuritySELinuxGenNewContext(const char *basecontext, const char *mcs)
{ {
@ -316,8 +358,6 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
int rc = -1; int rc = -1;
char *mcs = NULL; char *mcs = NULL;
char *scontext = NULL; char *scontext = NULL;
int c1 = 0;
int c2 = 0;
context_t ctx = NULL; context_t ctx = NULL;
const char *range; const char *range;
virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr); virSecuritySELinuxDataPtr data = virSecurityManagerGetPrivateData(mgr);
@ -372,32 +412,11 @@ virSecuritySELinuxGenSecurityLabel(virSecurityManagerPtr mgr,
break; break;
case VIR_DOMAIN_SECLABEL_DYNAMIC: case VIR_DOMAIN_SECLABEL_DYNAMIC:
for (;;) { if (!(mcs = virSecuritySELinuxMCSFind(mgr)))
int rv; goto cleanup;
c1 = virRandomBits(10);
c2 = virRandomBits(10);
if ( c1 == c2 ) { if (virSecuritySELinuxMCSAdd(mgr, mcs) < 0)
if (virAsprintf(&mcs, "s0:c%d", c1) < 0) {
virReportOOMError();
goto cleanup; goto cleanup;
}
} else {
if (c1 > c2) {
c1 ^= c2;
c2 ^= c1;
c1 ^= c2;
}
if (virAsprintf(&mcs, "s0:c%d,c%d", c1, c2) < 0) {
virReportOOMError();
goto cleanup;
}
}
if ((rv = virSecuritySELinuxMCSAdd(mgr, mcs)) < 0)
goto cleanup;
if (rv == 0)
break;
}
if (!(def->seclabel.label = if (!(def->seclabel.label =
virSecuritySELinuxGenNewContext(def->seclabel.baselabel ? virSecuritySELinuxGenNewContext(def->seclabel.baselabel ?