security: remove unneeded labels

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
This commit is contained in:
Daniel Henrique Barboza 2020-01-06 18:57:44 -03:00 committed by Erik Skultety
parent 5731181fbd
commit ce56408e5f
3 changed files with 41 additions and 52 deletions

View File

@ -1238,7 +1238,7 @@ virSecurityDACSetHostdevLabel(virSecurityManagerPtr mgr,
return 0; return 0;
if (!(usb = virUSBDeviceNew(usbsrc->bus, usbsrc->device, vroot))) if (!(usb = virUSBDeviceNew(usbsrc->bus, usbsrc->device, vroot)))
goto done; return -1;
ret = virUSBDeviceFileIterate(usb, ret = virUSBDeviceFileIterate(usb,
virSecurityDACSetUSBLabel, virSecurityDACSetUSBLabel,
@ -1253,14 +1253,14 @@ virSecurityDACSetHostdevLabel(virSecurityManagerPtr mgr,
pcisrc->addr.slot, pcisrc->addr.function); pcisrc->addr.slot, pcisrc->addr.function);
if (!pci) if (!pci)
goto done; return -1;
if (pcisrc->backend == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) { if (pcisrc->backend == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
char *vfioGroupDev = virPCIDeviceGetIOMMUGroupDev(pci); char *vfioGroupDev = virPCIDeviceGetIOMMUGroupDev(pci);
if (!vfioGroupDev) { if (!vfioGroupDev) {
virPCIDeviceFree(pci); virPCIDeviceFree(pci);
goto done; return -1;
} }
ret = virSecurityDACSetPCILabel(pci, vfioGroupDev, &cbdata); ret = virSecurityDACSetPCILabel(pci, vfioGroupDev, &cbdata);
VIR_FREE(vfioGroupDev); VIR_FREE(vfioGroupDev);
@ -1283,7 +1283,7 @@ virSecurityDACSetHostdevLabel(virSecurityManagerPtr mgr,
dev->readonly, dev->shareable); dev->readonly, dev->shareable);
if (!scsi) if (!scsi)
goto done; return -1;
ret = virSCSIDeviceFileIterate(scsi, ret = virSCSIDeviceFileIterate(scsi,
virSecurityDACSetSCSILabel, virSecurityDACSetSCSILabel,
@ -1297,7 +1297,7 @@ virSecurityDACSetHostdevLabel(virSecurityManagerPtr mgr,
virSCSIVHostDevicePtr host = virSCSIVHostDeviceNew(hostsrc->wwpn); virSCSIVHostDevicePtr host = virSCSIVHostDeviceNew(hostsrc->wwpn);
if (!host) if (!host)
goto done; return -1;
ret = virSCSIVHostDeviceFileIterate(host, ret = virSCSIVHostDeviceFileIterate(host,
virSecurityDACSetHostLabel, virSecurityDACSetHostLabel,
@ -1310,7 +1310,7 @@ virSecurityDACSetHostdevLabel(virSecurityManagerPtr mgr,
char *vfiodev = NULL; char *vfiodev = NULL;
if (!(vfiodev = virMediatedDeviceGetIOMMUGroupDev(mdevsrc->uuidstr))) if (!(vfiodev = virMediatedDeviceGetIOMMUGroupDev(mdevsrc->uuidstr)))
goto done; return -1;
ret = virSecurityDACSetHostdevLabelHelper(vfiodev, &cbdata); ret = virSecurityDACSetHostdevLabelHelper(vfiodev, &cbdata);
@ -1323,7 +1323,6 @@ virSecurityDACSetHostdevLabel(virSecurityManagerPtr mgr,
break; break;
} }
done:
return ret; return ret;
} }
@ -1407,7 +1406,7 @@ virSecurityDACRestoreHostdevLabel(virSecurityManagerPtr mgr,
return 0; return 0;
if (!(usb = virUSBDeviceNew(usbsrc->bus, usbsrc->device, vroot))) if (!(usb = virUSBDeviceNew(usbsrc->bus, usbsrc->device, vroot)))
goto done; return -1;
ret = virUSBDeviceFileIterate(usb, virSecurityDACRestoreUSBLabel, mgr); ret = virUSBDeviceFileIterate(usb, virSecurityDACRestoreUSBLabel, mgr);
virUSBDeviceFree(usb); virUSBDeviceFree(usb);
@ -1421,14 +1420,14 @@ virSecurityDACRestoreHostdevLabel(virSecurityManagerPtr mgr,
pcisrc->addr.slot, pcisrc->addr.function); pcisrc->addr.slot, pcisrc->addr.function);
if (!pci) if (!pci)
goto done; return -1;
if (pcisrc->backend == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) { if (pcisrc->backend == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
char *vfioGroupDev = virPCIDeviceGetIOMMUGroupDev(pci); char *vfioGroupDev = virPCIDeviceGetIOMMUGroupDev(pci);
if (!vfioGroupDev) { if (!vfioGroupDev) {
virPCIDeviceFree(pci); virPCIDeviceFree(pci);
goto done; return -1;
} }
ret = virSecurityDACRestorePCILabel(pci, vfioGroupDev, mgr); ret = virSecurityDACRestorePCILabel(pci, vfioGroupDev, mgr);
VIR_FREE(vfioGroupDev); VIR_FREE(vfioGroupDev);
@ -1448,7 +1447,7 @@ virSecurityDACRestoreHostdevLabel(virSecurityManagerPtr mgr,
dev->readonly, dev->shareable); dev->readonly, dev->shareable);
if (!scsi) if (!scsi)
goto done; return -1;
ret = virSCSIDeviceFileIterate(scsi, virSecurityDACRestoreSCSILabel, mgr); ret = virSCSIDeviceFileIterate(scsi, virSecurityDACRestoreSCSILabel, mgr);
virSCSIDeviceFree(scsi); virSCSIDeviceFree(scsi);
@ -1460,7 +1459,7 @@ virSecurityDACRestoreHostdevLabel(virSecurityManagerPtr mgr,
virSCSIVHostDevicePtr host = virSCSIVHostDeviceNew(hostsrc->wwpn); virSCSIVHostDevicePtr host = virSCSIVHostDeviceNew(hostsrc->wwpn);
if (!host) if (!host)
goto done; return -1;
ret = virSCSIVHostDeviceFileIterate(host, ret = virSCSIVHostDeviceFileIterate(host,
virSecurityDACRestoreHostLabel, virSecurityDACRestoreHostLabel,
@ -1474,7 +1473,7 @@ virSecurityDACRestoreHostdevLabel(virSecurityManagerPtr mgr,
char *vfiodev = NULL; char *vfiodev = NULL;
if (!(vfiodev = virMediatedDeviceGetIOMMUGroupDev(mdevsrc->uuidstr))) if (!(vfiodev = virMediatedDeviceGetIOMMUGroupDev(mdevsrc->uuidstr)))
goto done; return -1;
ret = virSecurityDACRestoreFileLabel(mgr, vfiodev); ret = virSecurityDACRestoreFileLabel(mgr, vfiodev);
VIR_FREE(vfiodev); VIR_FREE(vfiodev);
@ -1486,7 +1485,6 @@ virSecurityDACRestoreHostdevLabel(virSecurityManagerPtr mgr,
break; break;
} }
done:
return ret; return ret;
} }

View File

@ -2094,7 +2094,7 @@ virSecuritySELinuxSetHostdevSubsysLabel(virSecurityManagerPtr mgr,
usbsrc->device, usbsrc->device,
vroot); vroot);
if (!usb) if (!usb)
goto done; return -1;
ret = virUSBDeviceFileIterate(usb, virSecuritySELinuxSetUSBLabel, &data); ret = virUSBDeviceFileIterate(usb, virSecuritySELinuxSetUSBLabel, &data);
virUSBDeviceFree(usb); virUSBDeviceFree(usb);
@ -2107,14 +2107,14 @@ virSecuritySELinuxSetHostdevSubsysLabel(virSecurityManagerPtr mgr,
pcisrc->addr.slot, pcisrc->addr.function); pcisrc->addr.slot, pcisrc->addr.function);
if (!pci) if (!pci)
goto done; return -1;
if (pcisrc->backend == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) { if (pcisrc->backend == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
char *vfioGroupDev = virPCIDeviceGetIOMMUGroupDev(pci); char *vfioGroupDev = virPCIDeviceGetIOMMUGroupDev(pci);
if (!vfioGroupDev) { if (!vfioGroupDev) {
virPCIDeviceFree(pci); virPCIDeviceFree(pci);
goto done; return -1;
} }
ret = virSecuritySELinuxSetPCILabel(pci, vfioGroupDev, &data); ret = virSecuritySELinuxSetPCILabel(pci, vfioGroupDev, &data);
VIR_FREE(vfioGroupDev); VIR_FREE(vfioGroupDev);
@ -2135,7 +2135,7 @@ virSecuritySELinuxSetHostdevSubsysLabel(virSecurityManagerPtr mgr,
dev->readonly, dev->shareable); dev->readonly, dev->shareable);
if (!scsi) if (!scsi)
goto done; return -1;
ret = virSCSIDeviceFileIterate(scsi, ret = virSCSIDeviceFileIterate(scsi,
virSecuritySELinuxSetSCSILabel, virSecuritySELinuxSetSCSILabel,
@ -2149,7 +2149,7 @@ virSecuritySELinuxSetHostdevSubsysLabel(virSecurityManagerPtr mgr,
virSCSIVHostDevicePtr host = virSCSIVHostDeviceNew(hostsrc->wwpn); virSCSIVHostDevicePtr host = virSCSIVHostDeviceNew(hostsrc->wwpn);
if (!host) if (!host)
goto done; return -1;
ret = virSCSIVHostDeviceFileIterate(host, ret = virSCSIVHostDeviceFileIterate(host,
virSecuritySELinuxSetHostLabel, virSecuritySELinuxSetHostLabel,
@ -2162,7 +2162,7 @@ virSecuritySELinuxSetHostdevSubsysLabel(virSecurityManagerPtr mgr,
char *vfiodev = NULL; char *vfiodev = NULL;
if (!(vfiodev = virMediatedDeviceGetIOMMUGroupDev(mdevsrc->uuidstr))) if (!(vfiodev = virMediatedDeviceGetIOMMUGroupDev(mdevsrc->uuidstr)))
goto done; return ret;
ret = virSecuritySELinuxSetHostdevLabelHelper(vfiodev, &data); ret = virSecuritySELinuxSetHostdevLabelHelper(vfiodev, &data);
@ -2175,7 +2175,6 @@ virSecuritySELinuxSetHostdevSubsysLabel(virSecurityManagerPtr mgr,
break; break;
} }
done:
return ret; return ret;
} }
@ -2332,7 +2331,7 @@ virSecuritySELinuxRestoreHostdevSubsysLabel(virSecurityManagerPtr mgr,
usbsrc->device, usbsrc->device,
vroot); vroot);
if (!usb) if (!usb)
goto done; return -1;
ret = virUSBDeviceFileIterate(usb, virSecuritySELinuxRestoreUSBLabel, mgr); ret = virUSBDeviceFileIterate(usb, virSecuritySELinuxRestoreUSBLabel, mgr);
virUSBDeviceFree(usb); virUSBDeviceFree(usb);
@ -2346,14 +2345,14 @@ virSecuritySELinuxRestoreHostdevSubsysLabel(virSecurityManagerPtr mgr,
pcisrc->addr.slot, pcisrc->addr.function); pcisrc->addr.slot, pcisrc->addr.function);
if (!pci) if (!pci)
goto done; return -1;
if (pcisrc->backend == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) { if (pcisrc->backend == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
char *vfioGroupDev = virPCIDeviceGetIOMMUGroupDev(pci); char *vfioGroupDev = virPCIDeviceGetIOMMUGroupDev(pci);
if (!vfioGroupDev) { if (!vfioGroupDev) {
virPCIDeviceFree(pci); virPCIDeviceFree(pci);
goto done; return -1;
} }
ret = virSecuritySELinuxRestorePCILabel(pci, vfioGroupDev, mgr); ret = virSecuritySELinuxRestorePCILabel(pci, vfioGroupDev, mgr);
VIR_FREE(vfioGroupDev); VIR_FREE(vfioGroupDev);
@ -2373,7 +2372,7 @@ virSecuritySELinuxRestoreHostdevSubsysLabel(virSecurityManagerPtr mgr,
dev->readonly, dev->shareable); dev->readonly, dev->shareable);
if (!scsi) if (!scsi)
goto done; return -1;
ret = virSCSIDeviceFileIterate(scsi, virSecuritySELinuxRestoreSCSILabel, mgr); ret = virSCSIDeviceFileIterate(scsi, virSecuritySELinuxRestoreSCSILabel, mgr);
virSCSIDeviceFree(scsi); virSCSIDeviceFree(scsi);
@ -2385,7 +2384,7 @@ virSecuritySELinuxRestoreHostdevSubsysLabel(virSecurityManagerPtr mgr,
virSCSIVHostDevicePtr host = virSCSIVHostDeviceNew(hostsrc->wwpn); virSCSIVHostDevicePtr host = virSCSIVHostDeviceNew(hostsrc->wwpn);
if (!host) if (!host)
goto done; return -1;
ret = virSCSIVHostDeviceFileIterate(host, ret = virSCSIVHostDeviceFileIterate(host,
virSecuritySELinuxRestoreHostLabel, virSecuritySELinuxRestoreHostLabel,
@ -2399,7 +2398,7 @@ virSecuritySELinuxRestoreHostdevSubsysLabel(virSecurityManagerPtr mgr,
char *vfiodev = NULL; char *vfiodev = NULL;
if (!(vfiodev = virMediatedDeviceGetIOMMUGroupDev(mdevsrc->uuidstr))) if (!(vfiodev = virMediatedDeviceGetIOMMUGroupDev(mdevsrc->uuidstr)))
goto done; return -1;
ret = virSecuritySELinuxRestoreFileLabel(mgr, vfiodev, true); ret = virSecuritySELinuxRestoreFileLabel(mgr, vfiodev, true);
@ -2412,7 +2411,6 @@ virSecuritySELinuxRestoreHostdevSubsysLabel(virSecurityManagerPtr mgr,
break; break;
} }
done:
return ret; return ret;
} }

View File

@ -546,27 +546,24 @@ verify_xpath_context(xmlXPathContextPtr ctxt)
if (!ctxt) { if (!ctxt) {
vah_warning(_("Invalid context")); vah_warning(_("Invalid context"));
goto error; return -1;
} }
/* check if have <name> */ /* check if have <name> */
if (!(tmp = virXPathString("string(./name[1])", ctxt))) { if (!(tmp = virXPathString("string(./name[1])", ctxt))) {
vah_warning(_("Could not find <name>")); vah_warning(_("Could not find <name>"));
goto error; return -1;
} }
VIR_FREE(tmp); VIR_FREE(tmp);
/* check if have <uuid> */ /* check if have <uuid> */
if (!(tmp = virXPathString("string(./uuid[1])", ctxt))) { if (!(tmp = virXPathString("string(./uuid[1])", ctxt))) {
vah_warning(_("Could not find <uuid>")); vah_warning(_("Could not find <uuid>"));
goto error; return -1;
} }
VIR_FREE(tmp); VIR_FREE(tmp);
rc = 0; return 0;
error:
return rc;
} }
/* /*
@ -636,7 +633,7 @@ virDomainDefParserConfig virAAHelperDomainDefParserConfig = {
static int static int
get_definition(vahControl * ctl, const char *xmlStr) get_definition(vahControl * ctl, const char *xmlStr)
{ {
int rc = -1, ostype, virtType; int ostype, virtType;
virCapsGuestPtr guest; /* this is freed when caps is freed */ virCapsGuestPtr guest; /* this is freed when caps is freed */
/* /*
@ -644,22 +641,22 @@ get_definition(vahControl * ctl, const char *xmlStr)
* but need them for virDomainDefParseString(). * but need them for virDomainDefParseString().
*/ */
if (caps_mockup(ctl, xmlStr) != 0) if (caps_mockup(ctl, xmlStr) != 0)
goto exit; return -1;
if ((ctl->caps = virCapabilitiesNew(ctl->arch, true, true)) == NULL) { if ((ctl->caps = virCapabilitiesNew(ctl->arch, true, true)) == NULL) {
vah_error(ctl, 0, _("could not allocate memory")); vah_error(ctl, 0, _("could not allocate memory"));
goto exit; return -1;
} }
if (!(ctl->xmlopt = virDomainXMLOptionNew(&virAAHelperDomainDefParserConfig, if (!(ctl->xmlopt = virDomainXMLOptionNew(&virAAHelperDomainDefParserConfig,
NULL, NULL, NULL, NULL))) { NULL, NULL, NULL, NULL))) {
vah_error(ctl, 0, _("Failed to create XML config object")); vah_error(ctl, 0, _("Failed to create XML config object"));
goto exit; return -1;
} }
if ((ostype = virDomainOSTypeFromString(ctl->os)) < 0) { if ((ostype = virDomainOSTypeFromString(ctl->os)) < 0) {
vah_error(ctl, 0, _("unknown OS type")); vah_error(ctl, 0, _("unknown OS type"));
goto exit; return -1;
} }
if ((guest = virCapabilitiesAddGuest(ctl->caps, if ((guest = virCapabilitiesAddGuest(ctl->caps,
@ -670,12 +667,12 @@ get_definition(vahControl * ctl, const char *xmlStr)
0, 0,
NULL)) == NULL) { NULL)) == NULL) {
vah_error(ctl, 0, _("could not allocate memory")); vah_error(ctl, 0, _("could not allocate memory"));
goto exit; return -1;
} }
if ((virtType = virDomainVirtTypeFromString(ctl->virtType)) < 0) { if ((virtType = virDomainVirtTypeFromString(ctl->virtType)) < 0) {
vah_error(ctl, 0, _("unknown virtualization type")); vah_error(ctl, 0, _("unknown virtualization type"));
goto exit; return -1;
} }
if (virCapabilitiesAddGuestDomain(guest, if (virCapabilitiesAddGuestDomain(guest,
@ -685,7 +682,7 @@ get_definition(vahControl * ctl, const char *xmlStr)
0, 0,
NULL) == NULL) { NULL) == NULL) {
vah_error(ctl, 0, _("could not allocate memory")); vah_error(ctl, 0, _("could not allocate memory"));
goto exit; return -1;
} }
ctl->def = virDomainDefParseString(xmlStr, ctl->def = virDomainDefParseString(xmlStr,
@ -695,23 +692,20 @@ get_definition(vahControl * ctl, const char *xmlStr)
if (ctl->def == NULL) { if (ctl->def == NULL) {
vah_error(ctl, 0, _("could not parse XML")); vah_error(ctl, 0, _("could not parse XML"));
goto exit; return -1;
} }
if (!ctl->def->name) { if (!ctl->def->name) {
vah_error(ctl, 0, _("could not find name in XML")); vah_error(ctl, 0, _("could not find name in XML"));
goto exit; return -1;
} }
if (valid_name(ctl->def->name) != 0) { if (valid_name(ctl->def->name) != 0) {
vah_error(ctl, 0, _("bad name")); vah_error(ctl, 0, _("bad name"));
goto exit; return -1;
} }
rc = 0; return 0;
exit:
return rc;
} }
/** /**
@ -854,11 +848,10 @@ vah_add_file_chardev(virBufferPtr buf,
} else { } else {
/* add the file */ /* add the file */
if (vah_add_file(buf, path, perms) != 0) if (vah_add_file(buf, path, perms) != 0)
goto cleanup; return -1;
rc = 0; rc = 0;
} }
cleanup:
return rc; return rc;
} }