mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 21:55:25 +00:00
Fix security driver handling of FIFOs with QEMU
When setting up a FIFO for QEMU, it allows either a pair of fifos used unidirectionally, or a single fifo used bidirectionally. Look for the bidirectional fifo first when labelling since that is more useful * src/security/security_dac.c, src/security/security_selinux.c: Fix fifo handling
This commit is contained in:
parent
f79cddad55
commit
d37c6a3ae0
@ -406,14 +406,19 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
|
||||
break;
|
||||
|
||||
case VIR_DOMAIN_CHR_TYPE_PIPE:
|
||||
if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
|
||||
(virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) {
|
||||
virReportOOMError();
|
||||
goto done;
|
||||
if (virFileExists(dev->data.file.path)) {
|
||||
if (virSecurityDACSetOwnership(dev->data.file.path, priv->user, priv->group) < 0)
|
||||
goto done;
|
||||
} else {
|
||||
if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
|
||||
(virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) {
|
||||
virReportOOMError();
|
||||
goto done;
|
||||
}
|
||||
if ((virSecurityDACSetOwnership(in, priv->user, priv->group) < 0) ||
|
||||
(virSecurityDACSetOwnership(out, priv->user, priv->group) < 0))
|
||||
goto done;
|
||||
}
|
||||
if ((virSecurityDACSetOwnership(in, priv->user, priv->group) < 0) ||
|
||||
(virSecurityDACSetOwnership(out, priv->user, priv->group) < 0))
|
||||
goto done;
|
||||
ret = 0;
|
||||
break;
|
||||
|
||||
|
@ -733,14 +733,19 @@ SELinuxSetSecurityChardevLabel(virDomainObjPtr vm,
|
||||
break;
|
||||
|
||||
case VIR_DOMAIN_CHR_TYPE_PIPE:
|
||||
if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
|
||||
(virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) {
|
||||
virReportOOMError();
|
||||
goto done;
|
||||
if (virFileExists(dev->data.file.path)) {
|
||||
if (SELinuxSetFilecon(dev->data.file.path, secdef->imagelabel) < 0)
|
||||
goto done;
|
||||
} else {
|
||||
if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
|
||||
(virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) {
|
||||
virReportOOMError();
|
||||
goto done;
|
||||
}
|
||||
if ((SELinuxSetFilecon(in, secdef->imagelabel) < 0) ||
|
||||
(SELinuxSetFilecon(out, secdef->imagelabel) < 0))
|
||||
goto done;
|
||||
}
|
||||
if ((SELinuxSetFilecon(in, secdef->imagelabel) < 0) ||
|
||||
(SELinuxSetFilecon(out, secdef->imagelabel) < 0))
|
||||
goto done;
|
||||
ret = 0;
|
||||
break;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user