Re: [libvirt] [PATCH 0/6] sVirt AppArmor security driver

Jamie Strandboge Fri, 04 Sep 2009 10:26:21 -0700

On Fri, 04 Sep 2009, Jamie Strandboge wrote:

> [PATCH 1*]
> patch_1a_reenable-nonfile-labels.patch:
> patch_1b_optional.patch:


-- 
Jamie Strandboge             | http://www.canonical.com

diff -Nurp ./libvirt.orig/src/qemu_driver.c ./libvirt/src/qemu_driver.c
--- ./libvirt.orig/src/qemu_driver.c	2009-09-03 13:36:00.000000000 -0500
+++ ./libvirt/src/qemu_driver.c	2009-09-03 17:54:31.000000000 -0500
@@ -6143,7 +6143,7 @@ static int qemudDomainDetachDevice(virDo
          dev->data.disk->bus == VIR_DOMAIN_DISK_BUS_VIRTIO)) {
         ret = qemudDomainDetachPciDiskDevice(dom->conn, vm, dev);
         if (driver->securityDriver)
-            driver->securityDriver->domainRestoreSecurityImageLabel(dom->conn, dev->data.disk);
+            driver->securityDriver->domainRestoreSecurityImageLabel(dom->conn, vm, dev->data.disk);
         if (qemuDomainSetDeviceOwnership(dom->conn, driver, dev, 1) < 0)
             VIR_WARN0("Fail to restore disk device ownership");
     } else if (dev->type == VIR_DOMAIN_DEVICE_NET) {
diff -Nurp ./libvirt.orig/src/security.h ./libvirt/src/security.h
--- ./libvirt.orig/src/security.h	2009-08-17 11:00:40.000000000 -0500
+++ ./libvirt/src/security.h	2009-09-03 17:54:31.000000000 -0500
@@ -32,6 +32,7 @@ typedef virSecurityDriverStatus (*virSec
 typedef int (*virSecurityDriverOpen) (virConnectPtr conn,
                                       virSecurityDriverPtr drv);
 typedef int (*virSecurityDomainRestoreImageLabel) (virConnectPtr conn,
+                                                   virDomainObjPtr vm,
                                                    virDomainDiskDefPtr disk);
 typedef int (*virSecurityDomainSetImageLabel) (virConnectPtr conn,
                                                virDomainObjPtr vm,
diff -Nurp ./libvirt.orig/src/security_selinux.c ./libvirt/src/security_selinux.c
--- ./libvirt.orig/src/security_selinux.c	2009-09-02 14:34:08.000000000 -0500
+++ ./libvirt/src/security_selinux.c	2009-09-03 17:54:31.000000000 -0500
@@ -354,6 +354,7 @@ SELinuxSetFilecon(virConnectPtr conn, co
 
 static int
 SELinuxRestoreSecurityImageLabel(virConnectPtr conn,
+                                 virDomainObjPtr vm,
                                  virDomainDiskDefPtr disk)
 {
     struct stat buf;
@@ -423,7 +424,8 @@ SELinuxRestoreSecurityLabel(virConnectPt
     int rc = 0;
     if (secdef->imagelabel) {
         for (i = 0 ; i < vm->def->ndisks ; i++) {
-            if (SELinuxRestoreSecurityImageLabel(conn, vm->def->disks[i]) < 0)
+            if (SELinuxRestoreSecurityImageLabel(conn, vm,
+                                                 vm->def->disks[i]) < 0)
                 rc = -1;
         }
         VIR_FREE(secdef->model);

diff -Nurp ./libvirt.orig/src/security_selinux.c ./libvirt/src/security_selinux.c
--- ./libvirt.orig/src/security_selinux.c	2009-09-03 17:55:17.000000000 -0500
+++ ./libvirt/src/security_selinux.c	2009-09-03 17:55:35.000000000 -0500
@@ -364,6 +364,11 @@ SELinuxRestoreSecurityImageLabel(virConn
     char *newpath = NULL;
     const char *path = disk->src;
 
+    if (&vm->def->seclabel == NULL)  {
+        virSecurityReportError(conn, VIR_ERR_ERROR, _("seclabel is NULL"));
+        return rc;
+    }
+
     /* Don't restore labels on readoly/shared disks, because
      * other VMs may still be accessing these
      * Alternatively we could iterate over all running

signature.asc
Description: Digital signature

--
Libvir-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 0/6] sVirt AppArmor security driver

Reply via email to