External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-11 23:37:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix security driver handling of FIFOs with QEMU

Browse Source 
When setting up a FIFO for QEMU, it allows either a pair
of fifos used unidirectionally, or a single fifo used
bidirectionally. Look for the bidirectional fifo first
when labelling since that is more useful

* src/security/security_dac.c,
  src/security/security_selinux.c: Fix fifo handling
This commit is contained in:
Daniel P. Berrange 2011-03-29 15:46:48 +01:00
parent f79cddad55
commit d37c6a3ae0
2 changed files with 24 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/security/security_dac.c
View File

@ -406,14 +406,19 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
break; break;
case VIR_DOMAIN_CHR_TYPE_PIPE: case VIR_DOMAIN_CHR_TYPE_PIPE:
if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) || if (virFileExists(dev->data.file.path)) {
(virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) { if (virSecurityDACSetOwnership(dev->data.file.path, priv->user, priv->group) < 0)
virReportOOMError(); goto done;
goto done; } else {
if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
(virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) {
virReportOOMError();
goto done;
}
if ((virSecurityDACSetOwnership(in, priv->user, priv->group) < 0) ||
(virSecurityDACSetOwnership(out, priv->user, priv->group) < 0))
goto done;
} }
if ((virSecurityDACSetOwnership(in, priv->user, priv->group) < 0) ||
(virSecurityDACSetOwnership(out, priv->user, priv->group) < 0))
goto done;
ret = 0; ret = 0;
break; break;

19
src/security/security_selinux.c
View File

@ -733,14 +733,19 @@ SELinuxSetSecurityChardevLabel(virDomainObjPtr vm,
break; break;
case VIR_DOMAIN_CHR_TYPE_PIPE: case VIR_DOMAIN_CHR_TYPE_PIPE:
if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) || if (virFileExists(dev->data.file.path)) {
(virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) { if (SELinuxSetFilecon(dev->data.file.path, secdef->imagelabel) < 0)
virReportOOMError(); goto done;
goto done; } else {
if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
(virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) {
virReportOOMError();
goto done;
}
if ((SELinuxSetFilecon(in, secdef->imagelabel) < 0) ||
(SELinuxSetFilecon(out, secdef->imagelabel) < 0))
goto done;
} }
if ((SELinuxSetFilecon(in, secdef->imagelabel) < 0) ||
(SELinuxSetFilecon(out, secdef->imagelabel) < 0))
goto done;
ret = 0; ret = 0;
break; break;