[PATCH 09/19] virSecuritySELinuxSet(Daemon)SocketLabel: Refactor cleanup

Mon, 21 Jul 2025 06:25:06 -0700 

From: Peter Krempa <pkre...@redhat.com>

Automatically free temporary variables and change 'cleanup' label to
'error'.

Signed-off-by: Peter Krempa <pkre...@redhat.com>
---
 src/security/security_selinux.c | 37 +++++++++++++++------------------
 1 file changed, 17 insertions(+), 20 deletions(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 25f0c45955..ad789c611f 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -3147,9 +3147,8 @@ virSecuritySELinuxSetDaemonSocketLabel(virSecurityManager 
*mgr G_GNUC_UNUSED,
 {
     /* TODO: verify DOI */
     virSecurityLabelDef *secdef;
-    char *scon = NULL;
-    char *str = NULL;
-    int rc = -1;
+    g_autofree char *scon = NULL;
+    g_autofree char *str = NULL;

     secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
     if (!secdef || !secdef->label)
@@ -3159,34 +3158,33 @@ 
virSecuritySELinuxSetDaemonSocketLabel(virSecurityManager *mgr G_GNUC_UNUSED,
         virReportError(VIR_ERR_INTERNAL_ERROR,
                        _("security label driver mismatch: '%1$s' model 
configured for domain, but hypervisor driver is '%2$s'."),
                        secdef->model, SECURITY_SELINUX_NAME);
-        goto done;
+        goto error;
     }

     if (getcon_raw(&scon) == -1) {
         virReportSystemError(errno,
                              _("unable to get current process context '%1$s'"),
                              secdef->label);
-        goto done;
+        goto error;
     }

     if (!(str = virSecuritySELinuxContextAddRange(secdef->label, scon)))
-        goto done;
+        goto error;

     VIR_DEBUG("Setting VM %s socket context %s", def->name, str);
     if (setsockcreatecon_raw(str) == -1) {
         virReportSystemError(errno,
                              _("unable to set socket security context 
'%1$s'"), str);
-        goto done;
+        goto error;
     }

-    rc = 0;
- done:
+    return 0;

+ error:
     if (security_getenforce() != 1)
-        rc = 0;
-    freecon(scon);
-    VIR_FREE(str);
-    return rc;
+        return 0;
+
+    return -1;
 }

 static int
@@ -3194,7 +3192,6 @@ virSecuritySELinuxSetSocketLabel(virSecurityManager *mgr 
G_GNUC_UNUSED,
                                  virDomainDef *vm)
 {
     virSecurityLabelDef *secdef;
-    int rc = -1;

     secdef = virDomainDefGetSecurityLabelDef(vm, SECURITY_SELINUX_NAME);
     if (!secdef || !secdef->label)
@@ -3204,7 +3201,7 @@ virSecuritySELinuxSetSocketLabel(virSecurityManager *mgr 
G_GNUC_UNUSED,
         virReportError(VIR_ERR_INTERNAL_ERROR,
                        _("security label driver mismatch: '%1$s' model 
configured for domain, but hypervisor driver is '%2$s'."),
                        secdef->model, SECURITY_SELINUX_NAME);
-        goto done;
+        goto error;
     }

     VIR_DEBUG("Setting VM %s socket context %s",
@@ -3213,16 +3210,16 @@ virSecuritySELinuxSetSocketLabel(virSecurityManager 
*mgr G_GNUC_UNUSED,
         virReportSystemError(errno,
                              _("unable to set socket security context '%1$s'"),
                              secdef->label);
-        goto done;
+        goto error;
     }

-    rc = 0;
+    return 0;

- done:
+ error:
     if (security_getenforce() != 1)
-        rc = 0;
+        return 0;

-    return rc;
+    return -1;
 }

 static int
-- 
2.50.0

Reply via email to