mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-11 23:37:42 +00:00
Fix security driver handling of FIFOs with QEMU
When setting up a FIFO for QEMU, it allows either a pair of fifos used unidirectionally, or a single fifo used bidirectionally. Look for the bidirectional fifo first when labelling since that is more useful * src/security/security_dac.c, src/security/security_selinux.c: Fix fifo handling
This commit is contained in:
parent
f79cddad55
commit
d37c6a3ae0
@ -406,6 +406,10 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
|
||||
break;
|
||||
|
||||
case VIR_DOMAIN_CHR_TYPE_PIPE:
|
||||
if (virFileExists(dev->data.file.path)) {
|
||||
if (virSecurityDACSetOwnership(dev->data.file.path, priv->user, priv->group) < 0)
|
||||
goto done;
|
||||
} else {
|
||||
if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
|
||||
(virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) {
|
||||
virReportOOMError();
|
||||
@ -414,6 +418,7 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
|
||||
if ((virSecurityDACSetOwnership(in, priv->user, priv->group) < 0) ||
|
||||
(virSecurityDACSetOwnership(out, priv->user, priv->group) < 0))
|
||||
goto done;
|
||||
}
|
||||
ret = 0;
|
||||
break;
|
||||
|
||||
|
@ -733,6 +733,10 @@ SELinuxSetSecurityChardevLabel(virDomainObjPtr vm,
|
||||
break;
|
||||
|
||||
case VIR_DOMAIN_CHR_TYPE_PIPE:
|
||||
if (virFileExists(dev->data.file.path)) {
|
||||
if (SELinuxSetFilecon(dev->data.file.path, secdef->imagelabel) < 0)
|
||||
goto done;
|
||||
} else {
|
||||
if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
|
||||
(virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) {
|
||||
virReportOOMError();
|
||||
@ -741,6 +745,7 @@ SELinuxSetSecurityChardevLabel(virDomainObjPtr vm,
|
||||
if ((SELinuxSetFilecon(in, secdef->imagelabel) < 0) ||
|
||||
(SELinuxSetFilecon(out, secdef->imagelabel) < 0))
|
||||
goto done;
|
||||
}
|
||||
ret = 0;
|
||||
break;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user