mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-11-03 11:51:11 +00:00
security: Don't skip relabel for all chardevs
Our commit e13e8808f9 was way too generic. Currently, virtlogd is
used only for chardevs type of file and nothing else. True, we
must not relabel the path in this case, but we have to in all
other cases. For instance, if you want to have a physical console
attached to your guest:
<console type='dev'>
<source path='/dev/ttyS0'/>
<target type='virtio' port='1'/>
</console>
Starting such domain fails because qemu doesn't have access to
/dev/ttyS0 because we haven't relabelled the path.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
This commit is contained in:
Michal Privoznik
parent
96a9b9a7f0
commit
e0d1a378dc
@ -1179,7 +1179,9 @@ virSecurityDACSetChardevLabel(virSecurityManagerPtr mgr,
|
|||||||
if (chr_seclabel && !chr_seclabel->relabel)
|
if (chr_seclabel && !chr_seclabel->relabel)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (!chr_seclabel && chardevStdioLogd)
|
if (!chr_seclabel &&
|
||||||
|
dev_source->type == VIR_DOMAIN_CHR_TYPE_FILE &&
|
||||||
|
chardevStdioLogd)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (chr_seclabel && chr_seclabel->label) {
|
if (chr_seclabel && chr_seclabel->label) {
|
||||||
@ -1261,7 +1263,9 @@ virSecurityDACRestoreChardevLabel(virSecurityManagerPtr mgr,
|
|||||||
if (chr_seclabel && !chr_seclabel->relabel)
|
if (chr_seclabel && !chr_seclabel->relabel)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (!chr_seclabel && chardevStdioLogd)
|
if (!chr_seclabel &&
|
||||||
|
dev_source->type == VIR_DOMAIN_CHR_TYPE_FILE &&
|
||||||
|
chardevStdioLogd)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
switch ((virDomainChrType) dev_source->type) {
|
switch ((virDomainChrType) dev_source->type) {
|
||||||
|
|||||||
@ -2199,7 +2199,9 @@ virSecuritySELinuxSetChardevLabel(virSecurityManagerPtr mgr,
|
|||||||
if (chr_seclabel && !chr_seclabel->relabel)
|
if (chr_seclabel && !chr_seclabel->relabel)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (!chr_seclabel && chardevStdioLogd)
|
if (!chr_seclabel &&
|
||||||
|
dev_source->type == VIR_DOMAIN_CHR_TYPE_FILE &&
|
||||||
|
chardevStdioLogd)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (chr_seclabel)
|
if (chr_seclabel)
|
||||||
@ -2274,7 +2276,9 @@ virSecuritySELinuxRestoreChardevLabel(virSecurityManagerPtr mgr,
|
|||||||
if (chr_seclabel && !chr_seclabel->relabel)
|
if (chr_seclabel && !chr_seclabel->relabel)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (!chr_seclabel && chardevStdioLogd)
|
if (!chr_seclabel &&
|
||||||
|
dev_source->type == VIR_DOMAIN_CHR_TYPE_FILE &&
|
||||||
|
chardevStdioLogd)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
switch (dev_source->type) {
|
switch (dev_source->type) {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user