mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 21:55:25 +00:00
security: remove unneeded labels
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
This commit is contained in:
parent
5731181fbd
commit
ce56408e5f
@ -1238,7 +1238,7 @@ virSecurityDACSetHostdevLabel(virSecurityManagerPtr mgr,
|
||||
return 0;
|
||||
|
||||
if (!(usb = virUSBDeviceNew(usbsrc->bus, usbsrc->device, vroot)))
|
||||
goto done;
|
||||
return -1;
|
||||
|
||||
ret = virUSBDeviceFileIterate(usb,
|
||||
virSecurityDACSetUSBLabel,
|
||||
@ -1253,14 +1253,14 @@ virSecurityDACSetHostdevLabel(virSecurityManagerPtr mgr,
|
||||
pcisrc->addr.slot, pcisrc->addr.function);
|
||||
|
||||
if (!pci)
|
||||
goto done;
|
||||
return -1;
|
||||
|
||||
if (pcisrc->backend == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
|
||||
char *vfioGroupDev = virPCIDeviceGetIOMMUGroupDev(pci);
|
||||
|
||||
if (!vfioGroupDev) {
|
||||
virPCIDeviceFree(pci);
|
||||
goto done;
|
||||
return -1;
|
||||
}
|
||||
ret = virSecurityDACSetPCILabel(pci, vfioGroupDev, &cbdata);
|
||||
VIR_FREE(vfioGroupDev);
|
||||
@ -1283,7 +1283,7 @@ virSecurityDACSetHostdevLabel(virSecurityManagerPtr mgr,
|
||||
dev->readonly, dev->shareable);
|
||||
|
||||
if (!scsi)
|
||||
goto done;
|
||||
return -1;
|
||||
|
||||
ret = virSCSIDeviceFileIterate(scsi,
|
||||
virSecurityDACSetSCSILabel,
|
||||
@ -1297,7 +1297,7 @@ virSecurityDACSetHostdevLabel(virSecurityManagerPtr mgr,
|
||||
virSCSIVHostDevicePtr host = virSCSIVHostDeviceNew(hostsrc->wwpn);
|
||||
|
||||
if (!host)
|
||||
goto done;
|
||||
return -1;
|
||||
|
||||
ret = virSCSIVHostDeviceFileIterate(host,
|
||||
virSecurityDACSetHostLabel,
|
||||
@ -1310,7 +1310,7 @@ virSecurityDACSetHostdevLabel(virSecurityManagerPtr mgr,
|
||||
char *vfiodev = NULL;
|
||||
|
||||
if (!(vfiodev = virMediatedDeviceGetIOMMUGroupDev(mdevsrc->uuidstr)))
|
||||
goto done;
|
||||
return -1;
|
||||
|
||||
ret = virSecurityDACSetHostdevLabelHelper(vfiodev, &cbdata);
|
||||
|
||||
@ -1323,7 +1323,6 @@ virSecurityDACSetHostdevLabel(virSecurityManagerPtr mgr,
|
||||
break;
|
||||
}
|
||||
|
||||
done:
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -1407,7 +1406,7 @@ virSecurityDACRestoreHostdevLabel(virSecurityManagerPtr mgr,
|
||||
return 0;
|
||||
|
||||
if (!(usb = virUSBDeviceNew(usbsrc->bus, usbsrc->device, vroot)))
|
||||
goto done;
|
||||
return -1;
|
||||
|
||||
ret = virUSBDeviceFileIterate(usb, virSecurityDACRestoreUSBLabel, mgr);
|
||||
virUSBDeviceFree(usb);
|
||||
@ -1421,14 +1420,14 @@ virSecurityDACRestoreHostdevLabel(virSecurityManagerPtr mgr,
|
||||
pcisrc->addr.slot, pcisrc->addr.function);
|
||||
|
||||
if (!pci)
|
||||
goto done;
|
||||
return -1;
|
||||
|
||||
if (pcisrc->backend == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
|
||||
char *vfioGroupDev = virPCIDeviceGetIOMMUGroupDev(pci);
|
||||
|
||||
if (!vfioGroupDev) {
|
||||
virPCIDeviceFree(pci);
|
||||
goto done;
|
||||
return -1;
|
||||
}
|
||||
ret = virSecurityDACRestorePCILabel(pci, vfioGroupDev, mgr);
|
||||
VIR_FREE(vfioGroupDev);
|
||||
@ -1448,7 +1447,7 @@ virSecurityDACRestoreHostdevLabel(virSecurityManagerPtr mgr,
|
||||
dev->readonly, dev->shareable);
|
||||
|
||||
if (!scsi)
|
||||
goto done;
|
||||
return -1;
|
||||
|
||||
ret = virSCSIDeviceFileIterate(scsi, virSecurityDACRestoreSCSILabel, mgr);
|
||||
virSCSIDeviceFree(scsi);
|
||||
@ -1460,7 +1459,7 @@ virSecurityDACRestoreHostdevLabel(virSecurityManagerPtr mgr,
|
||||
virSCSIVHostDevicePtr host = virSCSIVHostDeviceNew(hostsrc->wwpn);
|
||||
|
||||
if (!host)
|
||||
goto done;
|
||||
return -1;
|
||||
|
||||
ret = virSCSIVHostDeviceFileIterate(host,
|
||||
virSecurityDACRestoreHostLabel,
|
||||
@ -1474,7 +1473,7 @@ virSecurityDACRestoreHostdevLabel(virSecurityManagerPtr mgr,
|
||||
char *vfiodev = NULL;
|
||||
|
||||
if (!(vfiodev = virMediatedDeviceGetIOMMUGroupDev(mdevsrc->uuidstr)))
|
||||
goto done;
|
||||
return -1;
|
||||
|
||||
ret = virSecurityDACRestoreFileLabel(mgr, vfiodev);
|
||||
VIR_FREE(vfiodev);
|
||||
@ -1486,7 +1485,6 @@ virSecurityDACRestoreHostdevLabel(virSecurityManagerPtr mgr,
|
||||
break;
|
||||
}
|
||||
|
||||
done:
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
@ -2094,7 +2094,7 @@ virSecuritySELinuxSetHostdevSubsysLabel(virSecurityManagerPtr mgr,
|
||||
usbsrc->device,
|
||||
vroot);
|
||||
if (!usb)
|
||||
goto done;
|
||||
return -1;
|
||||
|
||||
ret = virUSBDeviceFileIterate(usb, virSecuritySELinuxSetUSBLabel, &data);
|
||||
virUSBDeviceFree(usb);
|
||||
@ -2107,14 +2107,14 @@ virSecuritySELinuxSetHostdevSubsysLabel(virSecurityManagerPtr mgr,
|
||||
pcisrc->addr.slot, pcisrc->addr.function);
|
||||
|
||||
if (!pci)
|
||||
goto done;
|
||||
return -1;
|
||||
|
||||
if (pcisrc->backend == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
|
||||
char *vfioGroupDev = virPCIDeviceGetIOMMUGroupDev(pci);
|
||||
|
||||
if (!vfioGroupDev) {
|
||||
virPCIDeviceFree(pci);
|
||||
goto done;
|
||||
return -1;
|
||||
}
|
||||
ret = virSecuritySELinuxSetPCILabel(pci, vfioGroupDev, &data);
|
||||
VIR_FREE(vfioGroupDev);
|
||||
@ -2135,7 +2135,7 @@ virSecuritySELinuxSetHostdevSubsysLabel(virSecurityManagerPtr mgr,
|
||||
dev->readonly, dev->shareable);
|
||||
|
||||
if (!scsi)
|
||||
goto done;
|
||||
return -1;
|
||||
|
||||
ret = virSCSIDeviceFileIterate(scsi,
|
||||
virSecuritySELinuxSetSCSILabel,
|
||||
@ -2149,7 +2149,7 @@ virSecuritySELinuxSetHostdevSubsysLabel(virSecurityManagerPtr mgr,
|
||||
virSCSIVHostDevicePtr host = virSCSIVHostDeviceNew(hostsrc->wwpn);
|
||||
|
||||
if (!host)
|
||||
goto done;
|
||||
return -1;
|
||||
|
||||
ret = virSCSIVHostDeviceFileIterate(host,
|
||||
virSecuritySELinuxSetHostLabel,
|
||||
@ -2162,7 +2162,7 @@ virSecuritySELinuxSetHostdevSubsysLabel(virSecurityManagerPtr mgr,
|
||||
char *vfiodev = NULL;
|
||||
|
||||
if (!(vfiodev = virMediatedDeviceGetIOMMUGroupDev(mdevsrc->uuidstr)))
|
||||
goto done;
|
||||
return ret;
|
||||
|
||||
ret = virSecuritySELinuxSetHostdevLabelHelper(vfiodev, &data);
|
||||
|
||||
@ -2175,7 +2175,6 @@ virSecuritySELinuxSetHostdevSubsysLabel(virSecurityManagerPtr mgr,
|
||||
break;
|
||||
}
|
||||
|
||||
done:
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -2332,7 +2331,7 @@ virSecuritySELinuxRestoreHostdevSubsysLabel(virSecurityManagerPtr mgr,
|
||||
usbsrc->device,
|
||||
vroot);
|
||||
if (!usb)
|
||||
goto done;
|
||||
return -1;
|
||||
|
||||
ret = virUSBDeviceFileIterate(usb, virSecuritySELinuxRestoreUSBLabel, mgr);
|
||||
virUSBDeviceFree(usb);
|
||||
@ -2346,14 +2345,14 @@ virSecuritySELinuxRestoreHostdevSubsysLabel(virSecurityManagerPtr mgr,
|
||||
pcisrc->addr.slot, pcisrc->addr.function);
|
||||
|
||||
if (!pci)
|
||||
goto done;
|
||||
return -1;
|
||||
|
||||
if (pcisrc->backend == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
|
||||
char *vfioGroupDev = virPCIDeviceGetIOMMUGroupDev(pci);
|
||||
|
||||
if (!vfioGroupDev) {
|
||||
virPCIDeviceFree(pci);
|
||||
goto done;
|
||||
return -1;
|
||||
}
|
||||
ret = virSecuritySELinuxRestorePCILabel(pci, vfioGroupDev, mgr);
|
||||
VIR_FREE(vfioGroupDev);
|
||||
@ -2373,7 +2372,7 @@ virSecuritySELinuxRestoreHostdevSubsysLabel(virSecurityManagerPtr mgr,
|
||||
dev->readonly, dev->shareable);
|
||||
|
||||
if (!scsi)
|
||||
goto done;
|
||||
return -1;
|
||||
|
||||
ret = virSCSIDeviceFileIterate(scsi, virSecuritySELinuxRestoreSCSILabel, mgr);
|
||||
virSCSIDeviceFree(scsi);
|
||||
@ -2385,7 +2384,7 @@ virSecuritySELinuxRestoreHostdevSubsysLabel(virSecurityManagerPtr mgr,
|
||||
virSCSIVHostDevicePtr host = virSCSIVHostDeviceNew(hostsrc->wwpn);
|
||||
|
||||
if (!host)
|
||||
goto done;
|
||||
return -1;
|
||||
|
||||
ret = virSCSIVHostDeviceFileIterate(host,
|
||||
virSecuritySELinuxRestoreHostLabel,
|
||||
@ -2399,7 +2398,7 @@ virSecuritySELinuxRestoreHostdevSubsysLabel(virSecurityManagerPtr mgr,
|
||||
char *vfiodev = NULL;
|
||||
|
||||
if (!(vfiodev = virMediatedDeviceGetIOMMUGroupDev(mdevsrc->uuidstr)))
|
||||
goto done;
|
||||
return -1;
|
||||
|
||||
ret = virSecuritySELinuxRestoreFileLabel(mgr, vfiodev, true);
|
||||
|
||||
@ -2412,7 +2411,6 @@ virSecuritySELinuxRestoreHostdevSubsysLabel(virSecurityManagerPtr mgr,
|
||||
break;
|
||||
}
|
||||
|
||||
done:
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
@ -546,27 +546,24 @@ verify_xpath_context(xmlXPathContextPtr ctxt)
|
||||
|
||||
if (!ctxt) {
|
||||
vah_warning(_("Invalid context"));
|
||||
goto error;
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* check if have <name> */
|
||||
if (!(tmp = virXPathString("string(./name[1])", ctxt))) {
|
||||
vah_warning(_("Could not find <name>"));
|
||||
goto error;
|
||||
return -1;
|
||||
}
|
||||
VIR_FREE(tmp);
|
||||
|
||||
/* check if have <uuid> */
|
||||
if (!(tmp = virXPathString("string(./uuid[1])", ctxt))) {
|
||||
vah_warning(_("Could not find <uuid>"));
|
||||
goto error;
|
||||
return -1;
|
||||
}
|
||||
VIR_FREE(tmp);
|
||||
|
||||
rc = 0;
|
||||
|
||||
error:
|
||||
return rc;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -636,7 +633,7 @@ virDomainDefParserConfig virAAHelperDomainDefParserConfig = {
|
||||
static int
|
||||
get_definition(vahControl * ctl, const char *xmlStr)
|
||||
{
|
||||
int rc = -1, ostype, virtType;
|
||||
int ostype, virtType;
|
||||
virCapsGuestPtr guest; /* this is freed when caps is freed */
|
||||
|
||||
/*
|
||||
@ -644,22 +641,22 @@ get_definition(vahControl * ctl, const char *xmlStr)
|
||||
* but need them for virDomainDefParseString().
|
||||
*/
|
||||
if (caps_mockup(ctl, xmlStr) != 0)
|
||||
goto exit;
|
||||
return -1;
|
||||
|
||||
if ((ctl->caps = virCapabilitiesNew(ctl->arch, true, true)) == NULL) {
|
||||
vah_error(ctl, 0, _("could not allocate memory"));
|
||||
goto exit;
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (!(ctl->xmlopt = virDomainXMLOptionNew(&virAAHelperDomainDefParserConfig,
|
||||
NULL, NULL, NULL, NULL))) {
|
||||
vah_error(ctl, 0, _("Failed to create XML config object"));
|
||||
goto exit;
|
||||
return -1;
|
||||
}
|
||||
|
||||
if ((ostype = virDomainOSTypeFromString(ctl->os)) < 0) {
|
||||
vah_error(ctl, 0, _("unknown OS type"));
|
||||
goto exit;
|
||||
return -1;
|
||||
}
|
||||
|
||||
if ((guest = virCapabilitiesAddGuest(ctl->caps,
|
||||
@ -670,12 +667,12 @@ get_definition(vahControl * ctl, const char *xmlStr)
|
||||
0,
|
||||
NULL)) == NULL) {
|
||||
vah_error(ctl, 0, _("could not allocate memory"));
|
||||
goto exit;
|
||||
return -1;
|
||||
}
|
||||
|
||||
if ((virtType = virDomainVirtTypeFromString(ctl->virtType)) < 0) {
|
||||
vah_error(ctl, 0, _("unknown virtualization type"));
|
||||
goto exit;
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (virCapabilitiesAddGuestDomain(guest,
|
||||
@ -685,7 +682,7 @@ get_definition(vahControl * ctl, const char *xmlStr)
|
||||
0,
|
||||
NULL) == NULL) {
|
||||
vah_error(ctl, 0, _("could not allocate memory"));
|
||||
goto exit;
|
||||
return -1;
|
||||
}
|
||||
|
||||
ctl->def = virDomainDefParseString(xmlStr,
|
||||
@ -695,23 +692,20 @@ get_definition(vahControl * ctl, const char *xmlStr)
|
||||
|
||||
if (ctl->def == NULL) {
|
||||
vah_error(ctl, 0, _("could not parse XML"));
|
||||
goto exit;
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (!ctl->def->name) {
|
||||
vah_error(ctl, 0, _("could not find name in XML"));
|
||||
goto exit;
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (valid_name(ctl->def->name) != 0) {
|
||||
vah_error(ctl, 0, _("bad name"));
|
||||
goto exit;
|
||||
return -1;
|
||||
}
|
||||
|
||||
rc = 0;
|
||||
|
||||
exit:
|
||||
return rc;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -854,11 +848,10 @@ vah_add_file_chardev(virBufferPtr buf,
|
||||
} else {
|
||||
/* add the file */
|
||||
if (vah_add_file(buf, path, perms) != 0)
|
||||
goto cleanup;
|
||||
return -1;
|
||||
rc = 0;
|
||||
}
|
||||
|
||||
cleanup:
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user